Suricata passlist unassigned
-
Hi
I created a passlist (adding 2 external IP's I don't want scanned).
Why does the passlist show "unassigned", when it is assigned to the scanned WAN?
Or am I just misreading the "unassigned"?
Running the latest Suricata on pfsense 23.01
-
That is likely a bug. On that page, "Assigned" indicates the list is in use by an interface. It may be looking for it as a Pass List and forgetting to look for it in the other two list possibilities.
-
@bmeeks OK. Another one to squash then ;) Should be easy.
Netgate 8200max
-
@manilx said in Suricata passlist unassigned:
@bmeeks OK. Another one to squash then ;) Should be easy.
Yes, but it's only a cosmetic bug. I will add it to my TODO list.
-
@bmeeks P.S. and BTW: Has been running fine now on my 8200 with "workers"! WAN interface (checked) has been hammered with 2TB yesterday.
Netgate 8200max
-
@manilx said in Suricata passlist unassigned:
@bmeeks P.S. and BTW: Has been running fine now on my 8200 with "workers"! WAN interface (checked) has been hammered with 2TB yesterday.
Great news! So that would indicate the netmap stall issue seems to be put to bed.
The OPNsense team is submitting other netmap changes upstream into FreeBSD, so over time netmap operation should get better in terms of both reliability and performance. The big changes they are introducing are support for LAGG interfaces and fixing stability issues when using the generic netmap adaptor. The generic adaptor gets used for devices that do not support native mode netmap. Right now on pfSense we avoid the use of the generic adapter and its attendant issues by filtering the physical NIC drivers and only allowing the user to choose netmap operation on devices that support native mode operation. But that does limit the field somewhat.
-
@manilx said in Suricata passlist unassigned:
@bmeeks OK. Another one to squash then ;) Should be easy.
I went ahead and also created a Redmine Issue to track this here: https://redmine.pfsense.org/issues/14042.
-
@manilx:
The fix for the missing "Assigned" flag for Pass Lists used for other purposes such as HOME_NET and EXTERNAL_NET has been posted in a pull request here: https://github.com/pfsense/FreeBSD-ports/pull/1241.Once this request is merged and a new package built, you will see a new Suricata 6.0.10_4 version under SYSTEM > PACKAGE MANAGER.
-
@bmeeks That's great! Thx.
