Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Suricata 7.0.4

    Scheduled Pinned Locked Moved
    IDS/IPS
    2
    3
    312
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      beloc
      last edited by

      Hello,

      I have a firewall running pfSense 23.09.1 with Suricata running auto-block and inline mode. It has a single LAN interface with VLANs, so based on various configuration examples I had found, I had only put the LAN interface as the interface to monitor. Everything was working fine until I updated it to 7.0.4 today. Now, when Suricata is enabled, it blocks all traffic from all interfaces on the LAN interface, including VLANs. There are no IPs in the block list, and no errors in the syslog. When I disable Suricata, all traffic starts back again.

      Has then been observed by anyone else?

      bmeeksB 1 Reply Last reply Reply Quote 0
      • bmeeksB
        bmeeks @beloc
        last edited by

        @beloc said in Suricata 7.0.4:

        There are no IPs in the block list

        When you use Inline IPS Mode the BLOCKS tab is always empty as the inline mode does not populate that tab. Instead, dropped (blocked) traffic will be shown on the ALERTS tab highlighted in red text.

        Post the contents of the suricata.log for the interface. You can select that log for viewing under the LOGS VIEW tab in Suricata.

        B 1 Reply Last reply Reply Quote 0
        • B
          beloc @bmeeks
          last edited by

          @bmeeks

          You are correct, I apologize. There were no red blocks in the alerts tab. I wrote that late last night.

          I will post the log tonight.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post