Suricata blocks IP in friendly List
-
Hello,
Suricata blocks an IP though it is defined in the friendly list.
Any hints?Regards,
Gunther -
-
Did you actually assign the custom Pass List to the interface? You must select it in the Pass List drop-down selector on the INTERFACE SETTINGS tab.
-
Is the IP a static one? Suricata does not support a FQDN in a Pass List.
-
Did you add the IP to the list after Suricata was started? If so, you must restart Suricata in order for it to re-populate the internal Pass List. The Pass List IP addresses are read once at startup and then stored in memory.
Really need some more details about the steps you went through. I am assuming by "friendly list" you actually mean a formal Pass List that you created on the PASS LISTS tab.
-
-
Hi, thanks for your reply. I has to manually restart suricata, the reload after saving the settings did not do the job. Now it works fine :)
-
@hebein said in Suricata blocks IP in friendly List:
Hi, thanks for your reply. I has to manually restart suricata, the reload after saving the settings did not do the job. Now it works fine :)
When you make changes to a Pass List, you must completely restart the Suricata service as the Pass List contents are only read during startup. When you add a rule SID or an IP to a Suppress List, then the live reload should be sufficient (no need to physically restart the Suricata instance).
