Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Suricatas "INDICATOR-SHELLCODE x86 setgid 0" Killing my VPN connection

    Scheduled Pinned Locked Moved Firewalling
    2 Posts 2 Posters 425 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • U
      unique_username
      last edited by unique_username

      Hay guys, so after a long time trying to work out why my VPN was dying whenever it was loaded up:

      https://forum.netgate.com/topic/188436/potential-issues-with-hardware

      I have found these to be blocking the VPNs IP:
      "INDICATOR-SHELLCODE x86 setgid 0" and "INDICATOR-SHELLCODE x86 setuid 0"

      Would it be safe to just kill that rule. I don't really want to but it is on my WAN side and all my network goes through the VPN, so don't think its too bad is it?

      S 1 Reply Last reply Reply Quote 1
      • S
        SteveITS Galactic Empire @unique_username
        last edited by

        @unique_username Presumably you enabled those rules for a reason…?

        I would just say, try moving Suricata to LAN which will also avoid scanning all the packets that would normally be dropped by the firewall.

        Also if it’s just one IP being blocked you can suppress that alert for that IP.

        Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
        Upvote 👍 helpful posts!

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.