Persistence Problems

[Yvtq8K3n]

I tried to explore abit your tool :) and notice, that the publish option most of the time wouldn't work on the active Custom DNS IOC2RPZ. (Had to restart it manually)

[Homas]

What do you mean most of the time doesn't work? Does it work some times? There could be multiple reasons:

1. A year ago I've switched from management over DNS/53 to REST API over HTTPS. You need to configure SSL certificate on ioc2rpz to enable REST API. You still can fallback to management over DNS but I'm going to deprecate this interface in the future.
2. If you run in containers you need to use the same volume for configuration. Right now GUI just save the config file. In a future I'm planning to push it via REST.
3. ACL may not allow the connection. Check the log file.
4. Check that you have minimum one assigned management TSIG.

If 1-4 configured correctly you may try the API calls via cURL.

Thanks for trying! :)

[Yvtq8K3n]

I did the deployment through AWS, following your tutorial. When I tried to create a new TISI key or an RPZ Zone through the GUI, I always had to restart the ioc2rpz task, in order to applied those changes.

I didn't, however, tried the API option.

[Homas]

The tutorial is a bit outdated. It doesn't cover the SSL configuration. For REST you need to provision it. You may edit the config-file or in GUI edit the server settings. After that restart ioc2rpz. In the logs you should see "ioc2rpz rest_tls6_sup started".

[Homas]

was it solved?

[Yvtq8K3n]

Sorry for the long reply, I been quite busy. I will look into this in about 2 weeks, and i should be abel to give u a more in depth response.

[Yvtq8K3n]

Sorry for the late reply.

As you can see in the image I created an RPZ zone on ioc2rp-gui, publish it, and then launched the service. After this, I changed the RPZ zone policy from DROP to PASSTRU, however, the changes didn't apply to the ioc2rpz. I even tried to use the rest API, but I was not successful in making the request.

The only solution I could find in order to be able to apply the ioc2rpz-gui configurations was to kill the task of ioc2rpz and restart it.

[Homas]

Did you configure the ssl certificate in the config? The dev branch has it in UX/UI. I'm going to merge the dev branch to master later this month.

[Yvtq8K3n]

Nope, I didn't only perform this change based on the guide provided on AWS deployment. I'm free to explore this solutions after it is published to master.

[Homas]

Ok. Before the merge I'll:

• fix 2 small bugs I've found yesterday;
• update the default config to include self generated ssl certificates;
• include docker compose file for easy deployment (ECS is a paid service and switching to native docker/docker compose can help to save some money).

[Homas]

The updates were merged to the master branch and published. You can take a look on ioc2rpz.dc project where I've published a docker compose file.