    According to the blocks they are set to Alert.. According to the settings title: "block on drop only" description says it also blocks on alert, but I see nothing in Blocks.. If I manually change the rule to drop, it will drop and add to blocks, but I thought that's what the override in settings was supposed to do..


    (screen shots of suricata settings, snort rules, enabled and updated. ETOpen ET rules, Snort Free, Snort GPLv2, and "hide depreciated categories" )

    bce dual nic.. 2.5.0 development version

    bce1 is wan
    bce0 is tagged for vlan 10, 20, 30, 172

    only running suricata on bce1 (wan)

    hardware checksum - disabled
    hardware tso offload - disabled
    hardware lro offload - disabled

    inline does not enable, so sticking with legacy..

    Thanks in advance for any suggestions.

    Checking this option will insert blocks only when rule signatures having the DROP action are triggered. When not checked, any rule action (ALERT or DROP) will generate a block of the offending host. Default is Not Checked.

    checked = only drop
    not checked = alert and drop

