Suricata 4.0.0 update is on the way with a new feature for Legacy Mode operation
-
An update for the Suricata binary to the latest 4.0.0 version has been posted as a pull request for the pfSense developer team to review and approve. This update includes a new feature for Legacy Mode operation. Details can be found in the pull request here: https://github.com/pfsense/FreeBSD-ports/pull/392.
The new feature will allow Legacy Mode blocking users to have the option of blocking traffic only for rules with the DROP action keyword in the rule's signature. Rules with ALERT as the action will just alert and not block. This will be a configurable option within the GUI. The default will be the existing Legacy Mode behavior where any ALERT rule firing will cause a block of the offending IP address (if the offender is not a pass-listed host).
For users capable of using the new inline IPS mode, and that have that mode enabled, this new option is not used. Inline IPS mode already uses only the rule signature's action keyword to determine when to drop packets.
An update to the GUI package will be coming soon as well to enable access to this new option. The updated GUI package will also feature some much needed enhancements to the log rotation code submitted by user @opoplawski over on Github.
Bill
-
The GUI package update to accompany the binary update has been posted for review and approval by the pfSense developer team. Should get merged into the package repository soon. Here is a link to the Pull Request with details on bug fixes and the new feature in this coming update.
https://github.com/pfsense/FreeBSD-ports/pull/393
I will post a full set of release notes after the update is merged into the package repositories and is available for users to install.
Bill
