Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Suricata: Pass List option missing on Edit Interface Settings

    Scheduled Pinned Locked Moved IDS/IPS
    6 Posts 2 Posters 1.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      adam65535
      last edited by

      I am confused why the option is missing on a few systems I have but it is listed on others.  Same version of software except the one that it does show up on is an i386 pfsense 2.3.1.  I doubt that is the reason though.

      What is interesting is that the one it does appear on I created a Pass List in the Pass List tab and the system that I didn't create a Pass List yet on it does show the Pass List on the Edit Interface Settings page.

      Suricata 3.0_7
      pfsense 2.0.1

      The system it does appear on:

      The systems that it doesn't:

      1 Reply Last reply Reply Quote 0
      • bmeeksB
        bmeeks
        last edited by

        When blocking is not enabled, then options that only have meaning for blocking operations are automatically hidden by the GUI code.  I assume the firewalls you have with the Pass List selection missing are not configured to "block offenders".  So if blocking is not in force, there is no reason for a PASS LIST.

        Bill

        1 Reply Last reply Reply Quote 0
        • A
          adam65535
          last edited by

          I see.  Thanks.  I was trying to get the pass list setup before enabling blocking just to make sure something doesnt get blocked before i get a chance to setup the pass list.  I was very confused why it was missing :).

          1 Reply Last reply Reply Quote 0
          • bmeeksB
            bmeeks
            last edited by

            It's an attempt to remove clutter from the GUI config pages when options have no meaning in the current context (meaning with the current set of enabled/disabled configuration options).  The binary completely ignores a Pass List when blocking is not enabled, so having the option showing GUI would not mean anything.

            Bill

            1 Reply Last reply Reply Quote 0
            • A
              adam65535
              last edited by

              I wonder if it should just be greyed out or shunk down to 1 line to somehow say it can not be set until blocking is enable.  Maybe that doesn't fit in the context of de-cluttering though.  Not a big deal for me as I know how it works now.

              1 Reply Last reply Reply Quote 0
              • bmeeksB
                bmeeks
                last edited by

                @adam65535:

                I wonder if it should just be greyed out or shunk down to 1 line to somehow say it can not be set until blocking is enable.  Maybe that doesn't fit in the context of de-cluttering though.  Not a big deal for me as I know how it works now.

                There was some discussion along a similar vein back during the end stage of the Bootstrap GUI beta for pfSense (whether to hide or just gray-out controls that are not used/needed depending on other dependent option settings).  The idea behind hiding them completely is to reduce scrolling distance on the page, but there is the potential confusion factor when they are not there at all.

                Bill

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.