Aegis Aegis 1.7.0 beta

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

HELLO_wORLD

Very Senior Member
Aegis 1.7.0 is available as a beta version.

1.7.0b: initial beta release
1.7.0b2: fixed "blocking 0 IP addresses" problem
1.7.0b3: added very basic privacy friendly metrics
1.7.0b4: added internal or external info to metrics
1.7.0b5: corrected some bugs, some in core, mostly in the web ui
1.7.0b6 to 1.7.0b8: bug fixes


To test it, you need first to upgrade to 1.6.11

The procedure to install it is as follow (from a terminal):
Code:
aegis unset
aegis upgrade -repo=beta
aegis up

The procedure to revert to 1.6.11 is as follow (from a terminal):
Code:
aegis unset
aegis upgrade
aegis up

Changes are:
  • Since iprange is now inside the @Voxel firmware, I removed the portions of code used to work without it, and made aegis relying more on it, making aegis lighter.
  • aegis has now the ability to have custom blacklists and whitelists specific to WAN or VPN.
  • the upraising, logging and status portions of the code have been heavily changed to adapt for that change.
  • optimizations, bug fixes.
  • web companion has been updated to work with new status and log code, and the lists editor has been changed to allow to view/create or edit default lists (sources, custom global blacklist, custom global whitelist, custom WAN black and white lists, VPN custom black and white lists).

More details about these lists on the readme:
I tested it at home, and it works for me. However, I don’t use VPN on the router, and I only have a R7800 to test... It should be fine, but in I prefer to go through this beta stage first.

What to look for?
Well, hard to give a list. Just make sure all is working as expected. You can experiment with lists and the test -ip= argument to check all is fine.
When from a terminal you run (yes repetition is intentional):
Code:
aegis up
aegis up -v
Make sure that in the uprear information section, it says:
- iptables: rules were already set with: ...
And not:
- iptables: rules were (re)set with: ...

That’s it. Enjoy :)
 
Last edited:

sppmaster

Regular Contributor
Thanks for the beta but I cannot get it running.
Screenshot 2021-02-22 202218.png

Reverted to 1.6.11.
 
Last edited:

foo man

Occasional Visitor
Upgrade to 1.6.11 went ok, but after running the first 2 commands to upgrade to 1.7.0, I get the following when running "aegis up" (or aegis up -v):

Code:
[email protected]:/$ aegis up -v
aegis 1.7.0b - Verbose mode [level 1]
- No directives were found! Refresh will be made.
Generating directives file from sources and custom lists...
- downloading global blocking lists defined in /opt/bolemo/etc/aegis.sources
1) https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level1.netset
-                   100%[===================>]  42.69K  --.-KB/s    in 0.01s   

2) https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level2.netset
-                   100%[===================>] 271.52K  --.-KB/s    in 0.09s   

3) https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level3.netset
-                   100%[===================>] 302.31K  --.-KB/s    in 0.09s   

4) https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/iblocklist_ciarmy_malicious.netset
-                   100%[===================>] 198.30K  --.-KB/s    in 0.06s   

5) https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/malwaredomainlist.ipset
-                   100%[===================>]  14.49K  --.-KB/s    in 0.001s 

- creating offline cache for global blocking directives from sources...
Initializing...
- configuration file is set.
- firewall-start.sh was edited and is now ok.
- aegis is installed on internal drive.
Uprearing aegis shield...
!  not readable!

Then this for status:

Code:
[email protected]:/$ aegis status
Status:
- shield is up for: .
- blocking a total of 0 IP addresses (global: ).
- bypassing 0 IP addresses (global: ).
- logging is disabled.

Went back to 1.6.11 for now and that seems fine.
 

sppmaster

Regular Contributor
Upgrade to 1.6.11 went ok, but after running the first 2 commands to upgrade to 1.7.0, I get the following when running "aegis up" (or aegis up -v):

Code:
[email protected]:/$ aegis up -v
aegis 1.7.0b - Verbose mode [level 1]
- No directives were found! Refresh will be made.
Generating directives file from sources and custom lists...
- downloading global blocking lists defined in /opt/bolemo/etc/aegis.sources
1) https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level1.netset
-                   100%[===================>]  42.69K  --.-KB/s    in 0.01s 

2) https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level2.netset
-                   100%[===================>] 271.52K  --.-KB/s    in 0.09s 

3) https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level3.netset
-                   100%[===================>] 302.31K  --.-KB/s    in 0.09s 

4) https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/iblocklist_ciarmy_malicious.netset
-                   100%[===================>] 198.30K  --.-KB/s    in 0.06s 

5) https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/malwaredomainlist.ipset
-                   100%[===================>]  14.49K  --.-KB/s    in 0.001s

- creating offline cache for global blocking directives from sources...
Initializing...
- configuration file is set.
- firewall-start.sh was edited and is now ok.
- aegis is installed on internal drive.
Uprearing aegis shield...
!  not readable!

Then this for status:

Code:
[email protected]:/$ aegis status
Status:
- shield is up for: .
- blocking a total of 0 IP addresses (global: ).
- bypassing 0 IP addresses (global: ).
- logging is disabled.

Went back to 1.6.11 for now and that seems fine.
Same here and the router can't connect to Internet.
 

HELLO_wORLD

Very Senior Member
Upgrade to 1.6.11 went ok, but after running the first 2 commands to upgrade to 1.7.0, I get the following when running "aegis up" (or aegis up -v):

Code:
[email protected]:/$ aegis up -v
aegis 1.7.0b - Verbose mode [level 1]
- No directives were found! Refresh will be made.
Generating directives file from sources and custom lists...
- downloading global blocking lists defined in /opt/bolemo/etc/aegis.sources
1) https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level1.netset
-                   100%[===================>]  42.69K  --.-KB/s    in 0.01s 

2) https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level2.netset
-                   100%[===================>] 271.52K  --.-KB/s    in 0.09s 

3) https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level3.netset
-                   100%[===================>] 302.31K  --.-KB/s    in 0.09s 

4) https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/iblocklist_ciarmy_malicious.netset
-                   100%[===================>] 198.30K  --.-KB/s    in 0.06s 

5) https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/malwaredomainlist.ipset
-                   100%[===================>]  14.49K  --.-KB/s    in 0.001s

- creating offline cache for global blocking directives from sources...
Initializing...
- configuration file is set.
- firewall-start.sh was edited and is now ok.
- aegis is installed on internal drive.
Uprearing aegis shield...
!  not readable!

Then this for status:

Code:
[email protected]:/$ aegis status
Status:
- shield is up for: .
- blocking a total of 0 IP addresses (global: ).
- bypassing 0 IP addresses (global: ).
- logging is disabled.

Went back to 1.6.11 for now and that seems fine.
Ok, strange error...

Can you try again and see if it still does the same thing?
Also, if it does, before reverting to 1.6.11, can you give me the output of these 2 commands:
Code:
ls -lta /opt/bolemo/etc/
ls -lta /opt/bolemo/etc/.aegis/

And please, remind me your config (model).


Thank you.
 

HELLO_wORLD

Very Senior Member
Same here and the router can't connect to Internet.

Are you stuck without internet??

If you run: aegis unset
It removes anything aegis from the router firewall and rules.
 

foo man

Occasional Visitor
Mine is the R9000, here's the output:

Code:
[email protected]:/$ aegis up -v
aegis 1.7.0b - Verbose mode [level 1]
- No directives were found! Refresh will be made.
Generating directives file from sources and custom lists...
- downloading global blocking lists defined in /opt/bolemo/etc/aegis.sources
1) https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level1.netset
-                   100%[===================>]  42.69K  --.-KB/s    in 0.01s  

2) https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level2.netset
-                   100%[===================>] 271.52K  --.-KB/s    in 0.08s  

3) https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level3.netset
-                   100%[===================>] 302.31K  1.45MB/s    in 0.2s  

4) https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/iblocklist_ciarmy_malicious.netset
-                   100%[===================>] 198.30K  --.-KB/s    in 0.06s  

5) https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/malwaredomainlist.ipset
-                   100%[===================>]  14.49K  --.-KB/s    in 0.001s

- creating offline cache for global blocking directives from sources...
Initializing...
- configuration file is set.
- firewall-start.sh is in place and ok.
- aegis is installed on internal drive.
Uprearing aegis shield...
! /opt/bolemo/etc/.aegis/all.bl.dir not readable!

Code:
[email protected]:/$ ls -lta /opt/bolemo/etc/.aegis/
-rw-r--r--    1 root     root       849203 Feb 22 17:48 all.src.bl.cache
drwxr-xr-x    2 root     root          240 Feb 22 17:46 .
drwxr-xr-x    4 root     root          360 Feb 22 17:46 ..
[email protected]:/$ ls -lta /opt/bolemo/etc/
drwxr-xr-x    2 root     root          296 Feb 22 17:48 config
drwxr-xr-x    2 root     root          240 Feb 22 17:46 .aegis
drwxr-xr-x    4 root     root          360 Feb 22 17:46 .
-rw-r--r--    1 root     root          455 Feb 11 14:01 aegis.sources
drwxr-xr-x    5 root     root          352 Feb 11 14:01 .

Thanks
 
Last edited:

HELLO_wORLD

Very Senior Member
I think I know what is going on... Working on it :)
 

HELLO_wORLD

Very Senior Member
Ok, that should be ok now. :)

You can try again, same procedure.
 

foo man

Occasional Visitor
All good now, thanks!

Code:
[email protected]:/$ aegis up -v
aegis 1.7.0b - Verbose mode [level 1]
- No directives were found! Refresh will be made.
Generating directives file from sources and custom lists...
- downloading global blocking lists defined in /opt/bolemo/etc/aegis.sources
1) https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level1.netset
-                   100%[===================>]  42.69K  --.-KB/s    in 0.02s  

2) https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level2.netset
-                   100%[===================>] 271.52K  --.-KB/s    in 0.08s  

3) https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level3.netset
-                   100%[===================>] 302.31K  --.-KB/s    in 0.09s  

4) https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/iblocklist_ciarmy_malicious.netset
-                   100%[===================>] 198.30K  --.-KB/s    in 0.05s  

5) https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/malwaredomainlist.ipset
-                   100%[===================>]  14.49K  --.-KB/s    in 0.002s

- creating offline cache for global blocking directives from sources...
- generating global blocking directives...
Initializing...
- configuration file is set.
- firewall-start.sh was edited and is now ok.
- aegis is installed on internal drive.
Uprearing aegis shield...
- directives will be (re)loaded into aegis shield.
- Done.
Setting status:
- firewall-start.sh is set for aegis.
- ignoring post-mount.sh (aegis is on internal memory).
Shield status:
- shield is up for: WAN interface (brwan).
- blocking a total of 619671672 IP addresses (global: 619671672, WAN only: 0).
- bypassing 0 IP addresses (global: 0, WAN only: 0).
- logging is disabled.
Directives generation times:
- actual router time: 2021-02-22 19:18:39
- sources cache list latest update: 2021-02-22 19:18:35
- global block list: 2021-02-22 19:18:35
Uprear information:
- shield was upreared from: aegis script @ 2021-02-22 19:18:38
- ipset: global block list was loaded from file directives.
- iptables: rules were (re)set with: global block.
- log daemon: was already off.

Code:
[email protected]:/$ ls -lta /opt/bolemo/etc/
drwxr-xr-x    2 root     root          296 Feb 22 19:18 config
drwxr-xr-x    2 root     root          312 Feb 22 19:18 .aegis
drwxr-xr-x    4 root     root          360 Feb 22 19:18 .
-rw-r--r--    1 root     root          455 Feb 11 14:01 aegis.sources
drwxr-xr-x    5 root     root          352 Feb 11 14:01 ..
[email protected]:/$ ls -lta /opt/bolemo/etc/.aegis/
drwxr-xr-x    2 root     root          312 Feb 22 19:18 .
-rw-r--r--    1 root     root       705940 Feb 22 19:18 all.bl.dir
-rw-r--r--    1 root     root       636592 Feb 22 19:18 all.src.bl.cache
drwxr-xr-x    4 root     root          360 Feb 22 19:18
 
Last edited:

HELLO_wORLD

Very Senior Member
Ok, for clarity, since I had to do some fixes on the beta version, I changed its version to 1.7.0b2 (that is the one working for @foo man )
Each time I will fix something, if needed, I will increment the beta counter, so you can check if you have the right version.
To upgrade from one beta to the latest beta, just use the same procedure to upgrade to beta.

I am also thinking of adding a very simple metrics system, like a simple ping to a server when aegis is being downloaded, so I know how many downloads and users I have (so far, I have no clue, as raw files GitHub downloads are not available), and where they are in the world (curiosity).

Please, continue to share your successes here, and problems, so I can plan to release 1.7.0 as stable non beta.

Thank you for your interest in aegis :)
 

HELLO_wORLD

Very Senior Member
1.7.0b3

Just added basic metrics when upgrade is made.
I am using https://www.goatcounter.com/ that is open source and respects privacy.

It gives me the version being downloaded, the model of the router (just model type, no serial number or anything like that) and the country it is downloaded from. IP is not stored.
 

HELLO_wORLD

Very Senior Member
1.7.0b4

Just added internal or external to metrics.
Just sends "int" or "ext" string. No drive name.
 

HELLO_wORLD

Very Senior Member
Same here and the router can't connect to Internet.
Have you been able to try again with latest beta?
Is it working now for you?

More generally, does anyone have problems with the beta? Or is all working fine?
I need some feedback to pull it as stable or not yet.
 

HELLO_wORLD

Very Senior Member
Ok, tomorrow, I will switch 1.7.beta to stable (master), and keep 1.6.12 in a retro repo, if someone has trouble with 1.7.0.

When ready, upgrade from beta will be as usual (from web or CLI: aegis upgrade)

Return to 1.6.12 will be something like aegis upgrade -repo=1.6 or something like that.
 

sppmaster

Regular Contributor
Have you been able to try again with latest beta?
Is it working now for you?

More generally, does anyone have problems with the beta? Or is all working fine?
I need some feedback to pull it as stable or not yet.
Yes, I've installed it yesterday but didn't have time to write here. Working OK. Thanks and keep up the excellent work.
 

R. Gerrits

Senior Member
Code:
[email protected]:~$ aegis unset
[email protected]:~$ aegis upgrade -repo=beta

Upgrading:
- version installed: 1.6.11
- new version available: 1.7.0b4         
? do you want to upgrade from 1.6.11 to 1.7.0b4 (y/n)? y
- Downloading:
/tmp/aegis.dl                                           100%[==============================================================================================================================>]  68.10K  --.-KB/s    in 0.02s   
- Script installed to /opt/bolemo/scripts/aegis
- downloading Web Companion:
/tmp/aegis.dl                                           100%[==============================================================================================================================>]  24.06K  --.-KB/s    in 0.009s  
- Web Companion htm file installed to /opt/bolemo/www/aegis.htm
/tmp/aegis.dl                                           100%[==============================================================================================================================>]  19.45K  --.-KB/s    in 0.002s  
- Web Companion cgi file installed to /opt/bolemo/www/cgi-bin/aegis_web.cgi
[email protected]:~$ aegis up
Status:
- shield is up for: WAN interface (brwan).
- blocking a total of 619647633 IP addresses (global: 619647633, WAN only: 0).
- bypassing 1 IP addresses (global: 1, WAN only: 0).
- logging is enabled.

And then when checking via WebGUI, I see:
  • Problems found!
  • Aegis shield is up for: WAN interface (brwan).
  • Blocking a total of 619647633 IP addresses (global: 619647633, WAN only: 0).
  • Bypassing 1 IP addresses (global: 1, WAN only: 0).
  • Logging is enabled.

Problems​

  • VPN: tunnel changed from '' to 'tun21' since aegis was upreared!
  • VPN: tunnel subnet range changed from to since aegis was upreared!
  • logd: log daemon was started but is not running!
Debug info:
Code:
[LIST]
[*]device info: R7800 R7800 V1.0.2.82.1SF
[*]aegis info: aegis 1.7.0b4-ext
[*]status codes: ck:18047|dna:7|dir:224649|ablc:619647633|awlc:1|wblc:0|wwlc:0|tblc:0|twlc:0|wif:brwan|wnt:94.213.x.0/23|tif:|tnt:
[*]info file: tst:1614242487|nfo:2097299|dna:7|wif:brwan|wnt:94.213.x.0/23|tif:|tnt:
[*]conf:
[LIST]
[*]aegis.wan=net-iface
[*]aegis.tun=net-iface
[*]aegis.log=log
[*]aegis.log.enabled='1'
[*]aegis.log.len='5000'
[*]aegis.up=1
[*]aegis_web.log=subsection
[*]aegis_web.log.len='300'
[*]aegis_web.log.basetime='1613773010'
[*]aegis_web.log.pos='313023000'
[/LIST]
[*]iptables engine rules:
[LIST]
[*]-N aegis_wan_dst
[*]-N aegis_wan_src
[*]-A INPUT -i brwan -m comment --comment "jump to aegis WAN src chain" -j aegis_wan_src
[*]-A FORWARD -i brwan -m comment --comment "jump to aegis WAN src chain" -j aegis_wan_src
[*]-A FORWARD -o brwan -m comment --comment "jump to aegis WAN dst chain" -j aegis_wan_dst
[*]-A OUTPUT -o brwan -m comment --comment "jump to aegis WAN dst chain" -j aegis_wan_dst
[*]-A aegis_wan_dst -m set ! --match-set aegis_all_bl dst -m comment --comment "not in aegis blocklists" -j RETURN
[*]-A aegis_wan_dst -m set --match-set aegis_all_wl dst -m comment --comment "in aegis whitelist" -j RETURN
[*]-A aegis_wan_dst -j LOG --log-prefix "[aegis] IF=WAN DIR=OUT "
[*]-A aegis_wan_dst -m comment --comment "aegis reject outgoing" -j REJECT --reject-with icmp-admin-prohibited
[*]-A aegis_wan_src -m set ! --match-set aegis_all_bl src -m comment --comment "not in aegis blocklists" -j RETURN
[*]-A aegis_wan_src -m set --match-set aegis_all_wl src -m comment --comment "in aegis whitelist" -j RETURN
[*]-A aegis_wan_src -j LOG --log-prefix "[aegis] IF=WAN DIR=IN "
[*]-A aegis_wan_src -m comment --comment "aegis drop incoming" -j DROP
[/LIST]
[*]ipset engine sets:
[LIST]
[*]aegis_all_bl:
[LIST]
[*]Name: aegis_all_bl
[*]Type: hash:net
[*]Revision: 7
[*]Header: family inet hashsize 32768 maxelem 51051 bucketsize 12 initval 0x1153066f
[*]Size in memory: 1333744
[*]References: 2
[*]Number of entries: 51051
[/LIST]
[*]aegis_all_wl:
[LIST]
[*]Name: aegis_all_wl
[*]Type: hash:net
[*]Revision: 7
[*]Header: family inet hashsize 1024 maxelem 1 bucketsize 12 initval 0xf23b0a42
[*]Size in memory: 412
[*]References: 2
[*]Number of entries: 1
[/LIST]
[/LIST]
[/LIST]


then I did a "Refresh directives and start" via de WebGUI -> VPN error is now gone, but it still complains:
  • logd: log daemon was started but is not running!
 

HELLO_wORLD

Very Senior Member
Code:
[email protected]:~$ aegis unset
[email protected]:~$ aegis upgrade -repo=beta

Upgrading:
- version installed: 1.6.11
- new version available: 1.7.0b4        
? do you want to upgrade from 1.6.11 to 1.7.0b4 (y/n)? y
- Downloading:
/tmp/aegis.dl                                           100%[==============================================================================================================================>]  68.10K  --.-KB/s    in 0.02s  
- Script installed to /opt/bolemo/scripts/aegis
- downloading Web Companion:
/tmp/aegis.dl                                           100%[==============================================================================================================================>]  24.06K  --.-KB/s    in 0.009s 
- Web Companion htm file installed to /opt/bolemo/www/aegis.htm
/tmp/aegis.dl                                           100%[==============================================================================================================================>]  19.45K  --.-KB/s    in 0.002s 
- Web Companion cgi file installed to /opt/bolemo/www/cgi-bin/aegis_web.cgi
[email protected]:~$ aegis up
Status:
- shield is up for: WAN interface (brwan).
- blocking a total of 619647633 IP addresses (global: 619647633, WAN only: 0).
- bypassing 1 IP addresses (global: 1, WAN only: 0).
- logging is enabled.

And then when checking via WebGUI, I see:
  • Problems found!
  • Aegis shield is up for: WAN interface (brwan).
  • Blocking a total of 619647633 IP addresses (global: 619647633, WAN only: 0).
  • Bypassing 1 IP addresses (global: 1, WAN only: 0).
  • Logging is enabled.

Problems​

  • VPN: tunnel changed from '' to 'tun21' since aegis was upreared!
  • VPN: tunnel subnet range changed from to since aegis was upreared!
  • logd: log daemon was started but is not running!
Debug info:
Code:
[LIST]
[*]device info: R7800 R7800 V1.0.2.82.1SF
[*]aegis info: aegis 1.7.0b4-ext
[*]status codes: ck:18047|dna:7|dir:224649|ablc:619647633|awlc:1|wblc:0|wwlc:0|tblc:0|twlc:0|wif:brwan|wnt:94.213.x.0/23|tif:|tnt:
[*]info file: tst:1614242487|nfo:2097299|dna:7|wif:brwan|wnt:94.213.x.0/23|tif:|tnt:
[*]conf:
[LIST]
[*]aegis.wan=net-iface
[*]aegis.tun=net-iface
[*]aegis.log=log
[*]aegis.log.enabled='1'
[*]aegis.log.len='5000'
[*]aegis.up=1
[*]aegis_web.log=subsection
[*]aegis_web.log.len='300'
[*]aegis_web.log.basetime='1613773010'
[*]aegis_web.log.pos='313023000'
[/LIST]
[*]iptables engine rules:
[LIST]
[*]-N aegis_wan_dst
[*]-N aegis_wan_src
[*]-A INPUT -i brwan -m comment --comment "jump to aegis WAN src chain" -j aegis_wan_src
[*]-A FORWARD -i brwan -m comment --comment "jump to aegis WAN src chain" -j aegis_wan_src
[*]-A FORWARD -o brwan -m comment --comment "jump to aegis WAN dst chain" -j aegis_wan_dst
[*]-A OUTPUT -o brwan -m comment --comment "jump to aegis WAN dst chain" -j aegis_wan_dst
[*]-A aegis_wan_dst -m set ! --match-set aegis_all_bl dst -m comment --comment "not in aegis blocklists" -j RETURN
[*]-A aegis_wan_dst -m set --match-set aegis_all_wl dst -m comment --comment "in aegis whitelist" -j RETURN
[*]-A aegis_wan_dst -j LOG --log-prefix "[aegis] IF=WAN DIR=OUT "
[*]-A aegis_wan_dst -m comment --comment "aegis reject outgoing" -j REJECT --reject-with icmp-admin-prohibited
[*]-A aegis_wan_src -m set ! --match-set aegis_all_bl src -m comment --comment "not in aegis blocklists" -j RETURN
[*]-A aegis_wan_src -m set --match-set aegis_all_wl src -m comment --comment "in aegis whitelist" -j RETURN
[*]-A aegis_wan_src -j LOG --log-prefix "[aegis] IF=WAN DIR=IN "
[*]-A aegis_wan_src -m comment --comment "aegis drop incoming" -j DROP
[/LIST]
[*]ipset engine sets:
[LIST]
[*]aegis_all_bl:
[LIST]
[*]Name: aegis_all_bl
[*]Type: hash:net
[*]Revision: 7
[*]Header: family inet hashsize 32768 maxelem 51051 bucketsize 12 initval 0x1153066f
[*]Size in memory: 1333744
[*]References: 2
[*]Number of entries: 51051
[/LIST]
[*]aegis_all_wl:
[LIST]
[*]Name: aegis_all_wl
[*]Type: hash:net
[*]Revision: 7
[*]Header: family inet hashsize 1024 maxelem 1 bucketsize 12 initval 0xf23b0a42
[*]Size in memory: 412
[*]References: 2
[*]Number of entries: 1
[/LIST]
[/LIST]
[/LIST]


then I did a "Refresh directives and start" via de WebGUI -> VPN error is now gone, but it still complains:
  • logd: log daemon was started but is not running!
Thanks.
It looks like the log daemon is crashing for you.

Also, the first error is like the unset was not taken into account. Do you remember (if you tried) if the aegis CLI gave you the same output for status?

I released 1.7.0b5, I will post about it here.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top