Suricata Not Blocking legacy mode
-
@everfree said in Suricata Not Blocking legacy mode:
where is the code about the custom output plugin??
I don't think it is a loading issue, because I can use it before.
But there have also been quite a number of changes within other parts of the Suricata binary over the last few years upstream that are not directly part of the custom blocking plugin used on pfSense. This makes it hard to nail down what might be the culprit; especially when the problem is not reproducible in a test environment.
-
This post is deleted! -
This post is deleted! -
Hi bmeeks:
Do you know how to confirm that the custom blocking plugin may lose alerts? -
I have submitted a Pull Request with the custom blocking module changes that should hopefully address the "no blocks" issue identified in this thread. I've asked that the pull request be merged this Monday, September 30th. So a new Suricata package (version 4.1.5) should show up for the pfSense-2.4.4_p3 RELEASE branch sometime Monday.
-
Yes, it works, it's back back back.
thanks. bmeeks. -
@everfree said in Suricata Not Blocking legacy mode:
Yes, it works, it's back back back.
thanks. bmeeks.You're welcome. I'm still puzzled why that variable was not always getting set to NULL in the SCRadixFindKeyBestMatchIPv4() function when the IP was not in a Pass List. I need to study that function carefully to see what's going on. Might be a bug within that code that needs reporting upstream.
-
Dear bmeeks:
We appreciate your effort to solve this issue,
Thanks for your significant contribution to this community.
Thank you! -
still have some loss, sad >.<
-
Still waiting, hope it will be fixed.
