Suricata 6.0.10_1 Update for pfSense Plus 23.01 - Release Notes
-
@lawrencesystems said in Suricata 6.0.10_1 Update for pfSense Plus 23.01 - Release Notes:
Regarding using Suricata on WAN, correct me if I am wrong but one reason to do so is if you want it to inspect traffic when using a public facing instance of HAProxy.
Yes, there are certainly instances where running Suricata or Snort on the WAN may make sense for a particular network configuration. But this is more likely to be the case for pfSense used in a business network as opposed to a home network.
I would venture it to be very rare to need a Suricata or Snort instance running on the WAN in the typical home network. I won't say "never", but I would say "very rare" .
-
@bmeeks Thanks. That would seem not worth it then. Looking forward to CE 2.7...
-
Hi @bmeeks ,
I am afraid the Pass List improvements broke things here. I am using legacy mode. I have long had the trouble that /24 networks did not work in the pass list so on top of the /24 I put specific /32 IPs in the pass list for important machines.
While conducting tests I can reproducibly block my laptop even though it is part of the /24 network and the pass list has this specific IP in it as well. At least the latter worked up until this upgrade.
The correct pass list is enabled in the settings. And via "View" I can confirm that both the home network /24 and my laptops /32 is in it.
Running 23.01.
-
@j-koopmann:
Will you please share that Pass List? I would like to reproduce the conditions in my test virtual environment as best I can.I have never been able, for some reason, to reproduce this issue of Pass List entries not working. They always work in my testing .
-
@bmeeks Can we retest the issue for doubled interfaces with 6.0.10_3 version, or you're stil working on another fix?
-
@nrgia said in Suricata 6.0.10_1 Update for pfSense Plus 23.01 - Release Notes:
@bmeeks Can we retest the issue for doubled interfaces with 6.0.10_3 version, or you're stil working on another fix?
Yes, you can retest if you want to. Be sure you have an easy recovery ready in the event the patch was not successful. I was not able to reproduce the actual duplication, so I had to theorize a potential cause and craft a fix from that angle. So, I cannot say with 100% certainty I fixed it because I could not reproduce the failure and then verify my "fix" prevented the failure.
I am working on fixing the PHP error mentioned in a different thread, so I will be submitting another package update soon. It would be nice to know if my interface duplication fix worked, so if you test, post back here. If the fix is not successful, I can revisit my theory.
-
@bmeeks
Issue with the doubled interfaces is fixed.
I performed 2 tests:- Upgrade in place from 6.0.10_1 to 6.0.10_3
- I've removed 6.0.10_1 and installed 6.0.10_3
In both cases I found no issues.
Thank you for the fix. -
@nrgia said in Suricata 6.0.10_1 Update for pfSense Plus 23.01 - Release Notes:
@bmeeks
Issue with the doubled interfaces is fixed.
I performed 2 tests:- Upgrade in place from 6.0.10_1 to 6.0.10_3
- I've removed 6.0.10_1 and installed 6.0.10_3
In both cases I found no issues.
Thank you for the fix.Thank you for testing! Glad to know that serious bug is fixed.
-
@bmeeks In my case the doubled interfaces bug was also fixed with 6.0.10_3
Thanks a lot for your work! -
@greenflash said in Suricata 6.0.10_1 Update for pfSense Plus 23.01 - Release Notes:
@bmeeks In my case the doubled interfaces bug was also fixed with 6.0.10_3
Thanks a lot for your work!Glad you are all set. Thank you for the feedback.