The useful logs are in /var/log/snort/syslog. This app is not the most intuitive and GPL rules are enabled in Webconfig > Gateway > Intrusion Prevention > Intrusion Detection System and the IDS updates in Webconfig > Cloud > Updates > IDS Signatures. Note the IDS is quite processor intensive and it is best to only enable rules where you have services which are exposed to the internet.

I don't get any response from your test sites but I have a limited number of rules enabled. I do get responses to other rules.

What is the output of "ifconfig"?

Have a look at the last line of your output. In Windows Networking, what is your domain. AFAIK it can have a maximum length of 15 alphanumeric characters with no special characters, so no ".". It is the old NetBIOS "Workgroup" and necessarily has the identical limitations. The Windows Domain is different from your LAN domain.

I used a slightly different approach here with my Samba DC, but it does not mean it is right. I have not understood what a macvlan interface is and, if you can explain, I'd love to know.

Docker, when it starts, normally self-assigns a subnet to the docker0 interface, and app-docker sets up some basic firewall rules. I then set up more for the docker/samba based on what docker was trying to do when it was allowed to create its own firewall rules.

I wonder if your route is the better way to go if it allows the container to run on a different exposed subnet. because it will sidestep the issues I had with port bindings with samba/winbind.

You could, perhaps try adding a firewall rule to allow all traffic from 192.168.100.0/24 through the FORWARD chain, but I think it is already allowed (because it is from docker0). What do your filter and nat tables look like:

It sort of happens because of the expiry time (static leases are "never"), but perhaps could be clearer. A bit trickier when you convert a dynamic to a static lease as it would jump around the screen.

I am not sure why I have clearos-centos-extras enabled. It does not seem to be on the default installation. I'll ping the devs on this one as there are lots of later packages in clearos-centos-extras and centos-extras-unverified.

App-docker does not have a webconfig, but has some underlying stuff like firewall integration and the systemd unit file (to start and stop docker). It also has a couple of settings such as disabling docker apps from creating their own firewall rules. In my opinion it is also missing DNS settings so it uses the default GoogleDNS and not your server's DNS. To use the server's DNS, in /etc/docker/daemon.json, add lines:In my case, 172.18.0.1 id the IP of the docker0 interface and 172.17.2.1 is my ClearOS LAN IP. You can specify any DNS severs here.

The private repo's generally contain the same as the public (community) ones. It it just that the release into the private repo's is more controlled and, in the normal run of things, is about 2 weeks in arrears of the community repos. This gives the developers a chance to fix any un-caught bugs that were shipped to the community before they are shipped to the paying customers. One of the features for the paying customers is that should get more stable packages that have already been tested in the community, just as where we are in the 7.6 update cycle at the moment. This is why the Home/Business customers would also need to do an "--enablerepo=clearos-updates,clearos-centos-clearos-centos-extras" if they wanted to pre-test 7.6. Those are community repos which are normally disabled to the Home/Business customers.

Can you link me to some of the sites you've used for testing? The basic IDS only comes with GPL rules and they are old. You either need to integrate something like the Emerging Threats rules or purchase the IDS updates to get a more current set of rules. There is a script in the forum somewhere which allows you to integrate the ET rules.

The GPL rules have no "drop" rules, only detection rules, so even if it finds something it will only report on it and not stop it. The Clearcenter IDS Updates and ET rules both have blocking rules.

If one of your test packages was the EICAR virus test, if you download through ClearOS with https, using the content filter in transparent mode, then ClearOS cannot block them as it cannot intercept https traffic.

Hi Marcel,
I just use the docker from clearos-centos-extras repo which is 1.13.1-75.git8633870, so not DockerCE or the paid for version.
As previously discussed, one of the issues is firewalling where you'd need to create your own firewall rules which will work with the ClearOS firewall.