Suricata 3.1.1 binary is now available for testing in 2.3.3 or 2.4 snapshots
-
The new Suricata 3.1.1 binary package is available for testing for those of you that may have 2.3.3 or 2.4 snapshot installs. The GUI package version is still 3.08, but the underlying binary is the newer 3.1.1 update. Still testing for stability before we release this to the 2.3.2 production base.
If you have a snapshot machine (virtual or real) and want to test out the new Suricata 3.1.1 update, please give it a shot and give me feedback on whether or not the problems with inline mode in the first release have been fixed or made better (or worse).
To make sure you have the updated binary in a snapshot install, just remove the package and reinstall it. You can verify the Suricata binary version on your box by executing this command from a shell prompt –
suricata -VBill
-
Hello,
do you have the link of the package I will test it on 2.3.2?
Thanks,
-
Hello,
do you have the link of the package I will test it on 2.3.2?
Thanks,
It is not yet posted on the package repository for 2.3.2, so there is no link to provide. If you have the URL for pfSense snapshots, you can find it in that repository. You would need to manually download it and then install from the command line, but be ready for a lot of trial and error back and forth getting all the required dependent packages as well. It's not as simple as just downloading one file and installing. If you don't have a 2.3.3 or 2.4 snapshot, then I would suggest waiting for the official 2.3.2 posting to happen.
Bill
-
Bill,
Cloned the vm of pfsense 2.3.2
Enabled developer branch
updated to 2.3.3
rebooted
installed Suricata 3.08 with 3.1.1_1
enabled Suricata for WAN interface.
started Suricata.Immediately started to see bad pkt errors on the console.
Are you able to use inline without this happening? I'm just trying to determine if this is a configuration problem or not.
-
It's the same error when installed with suricata 3.0_2. :(
I guess pfSense 2.3.x version may not have the opportunity to use inline mode now, maybe pfSense 2.4 has, because freebsd 11 have new version of netmap…..
-
2.3.2 run inline very well.
-
2.3.2 run inline very well.
Can you also try to enable inline mode for two interfaces? If I enable inline mode for WAN interface only, all is well, but when I enable for LAN interface also, I cannot connect to pfsense anymore, and any attempt to access any device on the LAN (pfsense included) is unsuccesful. The issue happens after 4-5 minutes.
My workaround is to enable inline mode, for one interface only….maybe it's Netmap related, I'll wait to see if FreeBsd 11 will fix this, or the new version of Suricata.
-
Hello,
work for me…
 -
Hello,
work for me…
That picture doesn't help, because in Legacy mode, it will look the same.
If you are in Inline mode for both Interfaces, I believe you, I'll try to delete the configuration for suricata by hand.
For me it only works for the second interface like bellow
Thanks
