Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Warning for Suricata Users -- upstream bug can be triggered if you alter the new Mid-Stream Policy default

    Scheduled Pinned Locked Moved
    IDS/IPS
    1
    1
    165
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • bmeeksB
      bmeeks
      last edited by bmeeks

      Suricata users on pfSense -- there is a newly identified bug reported from upstream with the Stream Mid-Stream Policy setting on the FLOW/STREAM tab in the Suricata package. This bug impacts 7.x Suricata binary versions.

      If you alter this policy setting from its default of Ignore to one of the other available choices while using Inline IPS Mode, it is likely to cause the interface Suricata is running on to stall TCP traffic. That means TCP packets will cease flowing on the interface and will instead be dropped. ICMP and UDP should still work, but since the vast majority of interface traffic is normally TCP, altering this setting and triggering the stall bug will make it appear as if the interface has lost connectivity.

      Until this bug is addressed upstream in Suricata, and we get the updated binary into pfSense, I recommend that you do not alter the default settings for the new Stream Policy parameters on the FLOW/STREAM tab.

      1 Reply Last reply Reply Quote 1
      • fireodoF fireodo referenced this topic on
      • First post
        Last post