Suricata GUI Package Version 4.0.0 Release Notes



  • Suricata Package v4.0.0 Release Notes

    This updates the GUI package to version 4.0.0 to sync with the new upstream binary version. There are several bug fixes and one new feature in this update.

    New Features

    • The custom alert-pf plugin utilized for Legacy Mode blocking operation has a new option to cause blocking of host IP addresses only when the offending IP address is detected in a rule with the DROP action keyword. This option is now exposed in the GUI on the INTERACE SETTINGS tab. It is "off" by default, which results in the legacy behavior of blocking for all rules generating alerts. When the new option is enabled in the GUI, only rules having the DROP action will result in blocks being inserted in the packet filter firewall for the offending IP address. IP addresses contained within a Pass List will never be blocked in Legacy Blocking mode.

      Check out this Sticky Topic for more information:  https://forum.pfsense.org/index.php?topic=135329.0

    Bug Fixes

    • Icon on ALERTS tab for removing blocked hosts not working, Bug #7578.

    • Log rotation and cleanup code in suricata_check_dir_size_limit() needs to be improved. Bug #7756. Thank you to user Orion Poplawski for the patch to fix this!

    • Icon for download of alert logs on ALERTS tab actually downloads all log files and not just alerts.

    Bill



  • I didn't expect this update so soon, especially this time of year when everybody is out and about in vacation.

    Thank you @bmeeks :) and also thanks to the maintainer for suricata port at freshports.org



  • Installed last night so far zero issues thanks for getting this out