Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Suricata blocking IPs that are on the passlist

    Scheduled Pinned Locked Moved IDS/IPS
    1 Posts 1 Posters 532 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jeffhammett
      last edited by

      I have Suricata running in legacy IPS mode.

      My passlist has all the default boxes checked, including "Add VPN Addresses to the list."

      I also have a passlist alias selected which has one or two IPs (that are not otherwise on the passlist)

      I have the passlist applied to my interface in Suricata.

      I just had a situation where two IPs on one of my remote networks, which is connected via a site-to-site VPN on the pfSense were blocked.

      I verified that the network range (in this case 192.168.121.1/24) is listed in the passlist when clicking View List for the pass list on the interface options screen in Suricata.

      Any ideas on what could be going on and why these IPs are getting blocked even though the range they are in is on the pass list?

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.