The ultimate Network PDF Server Appliance

Welcome Guest


Remember me

[ ]
[ ]
[ ]

Link to us
click here to generate
a link for your website.

Tell a Friend
Your Name
Your Email
Name of your friend
Friends Email
Subject/Interest of this page ?
Copy of the email

Addons für Ipcop 1.4.3 - 1.4.6/Addons for Ipcop 1.4.3 - 1.4.6
Guardian for Ipcop 1.4.6 v1.1
Description Known bugs:
none at this time
Fixed bugs:
Seems to have sometimes problems with portforwarding
Sorry, there was a little bug in the installscript. fixed now.

fixed in v1.1
exit-status 2 when running the cronjob, guardian
did not recognize the ipchange
problems with graphs
Dieser Mod liest das Snort-Alert-File aus und blockt z.B. Portscans automatisch.

Eine weitere Funktion ist, das man auch manuell Ipadressen blocken kann.

Entweder im Webinterface auf der Guardian-Seite eingeben oder auf der Verbindungs-Seite die Who-Is-Abfrage starten und am Ende der Who-is-Seite die Ip blocken.


Die Datei auf dem Cop kopieren, mit

tar xfz guardian_ipcop_1.4.6_v1.1.tar.gz

entpacken, ins guardian-Verzeichniss wechseln,



Dann im Webinterface unter Dienste ==> Guardian das rote Interface und die Blockzeit eintragen.
Alle anderen Einstellungen sollten nicht verndert werden.

Danach im Webinterface unter Einbruchdetektierung den Guardian einschalten.

Unter Logs ==> guardianlog kann man nachschauen, welche Ips geblockt/freigegeben werden.

Die Mglichkeit, Ip's manuell zu blocken, besteht auch, wenn Guardian deaktiviert ist.





Deutsche AnleitungThis mod reads the snort-alert-logfile and blocks e.g. portsscan automaticlly.

Another function of this mod is, that you could enter an ip in the webinterface and this ip will be blocked.

There is also a function in the connection-page of the webinterface to block ip's.
Just click the ip to show the who-is and at the end of the who-is-page there is a link to block the ip.

The manuall ip-blocking is working also if guardian is disabled.


Copy the file to your ipcop, extract it with

tar xfz guardian_ipcop_1.4.6_v1.1.tar.gz

Go into the guardian-directory and run


After this, you have to go into the webinterface under services ==> guardian and set your red interface and the time, guardian should block ip's.
All other settings could be left in default state.

Now go to services ==> intrusion detection and enable guardian.

Under Logs ==> guardianlog you could see which ip is blocked/unblocked.


Just run


English docsLicense/Lizenz: GPL
Image no image available
Filesize 33.5 kB
Date Saturday 16 July 2005 - 09:43:58
Downloads 2772
 10.0 - 1 vote 
Report broken download

kassie |17 May 2005 : 13:57
Comments: 10
Registered: 12 May 2005 : 14:00
After removing version 1.4.4 and installing version 1.4.6 of guardian everything is double in cron tasks


MarkusHoffmann |17 May 2005 : 15:00

Comments: 245
Location: Helmbrechts, Germany
That's a little bug in the uninstaller, thanks for the hint, will fix this.

Have you manually removed the entries or do you need help ?

If you like my addons, feel free to donate some money.
Even little amounts help to keep things going.

kassie |17 May 2005 : 18:36
Comments: 10
Registered: 12 May 2005 : 14:00
I have removed them with crontab -e, thanks anyway.

kassie |17 May 2005 : 18:38
Comments: 10
Registered: 12 May 2005 : 14:00
Sorry I meant fcrontab -e

maximus |26 May 2005 : 14:51
Comments: 1
Registered: 26 May 2005 : 14:07
How I can set to ignore a subnet?

PhuPhyt |11 Jun 2005 : 15:08
Comments: 38
Registered: 11 Jun 2005 : 14:55
Does anyone here have a good idea how to take lists from [link] and make iptables just drop access ?

Id like to be able to enter either xx.xx.xx.xx/16 or xx.xx.xx.xx-xx.xx.255.255. Because not all ips when right clicked are revealed with a proper CIDR. And im not the sharpest when it comes to calculate a proper CIDR for say range - All ears if anyone got a nice calculator for that

I know Guardian was mainly build to catch snort alerts, but many snort alerts would be avoided if many countries was just blocked right away.

um02122 |24 Aug 2005 : 04:05
Comments: 4
Registered: 24 Aug 2005 : 03:56
there is some tool named IP Browser, has a slider calculator for subnetmask, would it help?
eg:\1\2\3\4 etc etc\32

Image: C:\Documents and Settings\Matrix\Desktop\ip browser.JPG

PhuPhyt |25 Aug 2005 : 09:09
Comments: 38
Registered: 11 Jun 2005 : 14:55
i searched for that tool, but never found, however i found a site with a calulator that do exactly what i need -> [link]
change Mask Notation: to CIDR notation, enter start range and end range and it does the CIDR notation as i wanted. Many ips when looked up in IPCOP only reveal a range, and i needed something to calculate the CIDR out of the range, wich that site does nicely for me

You must be logged in to make comments on this site - please log in, or if you are not registered click here to signup

support mhaddons !

Make a donation!

Donat-o-Meter Stats

2010´s Donations
 Name for Front Page  Jan 21  €100
    14  €0
   Oct 3  €0
   Nov 11  €0
   Dec 21  €0
   Dec 27  €0
   Dec 30  €0
 *not to be listed*  Feb 21  €25
   Mar 13  €0
   Jun 14  €0
   Sep 15  €0
   Sep 25  €0
   Sep 29  €0
   Nov 1  €0
   Dec 12  €0
   May 31  €0
   Jun 20  €0
   Jul 2  €0
   Jul 6  €0
   Sep 18  €0
   Jan 14  €0

I would like to thank pcengines
for the generous donation of a complete WRAP-machine.

Here is a list of people who have
donated to mhaddons so far.

Here you could read about the
advantage of being a donator.

Your Ip

Sign by Danasoft - For Backgrounds and Layouts

IT!works Systemhaus GmbH

Unser Name ist Programm!

  • SAP-Entwicklung
  • SAP-Beratung
  • EDV-Dienstleistungen
  • Softwareentwicklung
  • Netzwerk-Installation
  • PCs und Software