Suricata v4.0.4 - Release Notes



  • Suricata 4.0.4

    An update for the Suricata binary was posted to the pfSense packages repository.  The version of the GUI was also bumped to "4.0.4" to match the underlying binary.  There are no GUI updates in this version.  The GUI code is the same as that used for v4.0.3_2.  Release notes for the binary update for Suricata can be found here:  https://suricata-ids.org/2018/02/14/suricata-4-0-4-available/.

    There is one update in the 4.0.4 binary release for the custom blocking plugin used on pfSense.  The automatic firewall interface IP whitelist code in the custom plugin had ceased working some time in the recent past.  That code uses a running thread to continuously monitor the pfSense kernel for routing messages (RTM messages) that indicate when a firewall interface IP changes (such as when your WAN gets a new DHCP address, for instance).  The firewall interface IP addresses are maintained in an internal automatic pass list to prevent blocking of those addresses.  That code was fixed in the 4.0.4 binary release of Suricata.  So users of Legacy Mode blocking should no longer experience blocking of their WAN IP address even when the WAN IP changes during a given run period.  With the bug, if the WAN IP changed after initial Suricata startup, the change was not recognized by the automatic pass list code and thus the new firewall WAN IP could get blocked.  This code is not used for Inline IPS Mode operation.

    Bill



  • Although freshports is still pointing to 4.0.3 version, you made this possible.

    Thank you for keeping the Suricata package updated



  • @NRgia:

    Although freshports is still pointing to 4.0.3 version, you made this possible.

    Thank you for keeping the Suricata package updated

    With a little help from Renato on the pfSense team, too.  Thanks!

    Bill