Suricata 7.0.4
-
Hello,
I have a firewall running pfSense 23.09.1 with Suricata running auto-block and inline mode. It has a single LAN interface with VLANs, so based on various configuration examples I had found, I had only put the LAN interface as the interface to monitor. Everything was working fine until I updated it to 7.0.4 today. Now, when Suricata is enabled, it blocks all traffic from all interfaces on the LAN interface, including VLANs. There are no IPs in the block list, and no errors in the syslog. When I disable Suricata, all traffic starts back again.
Has then been observed by anyone else?
-
@beloc said in Suricata 7.0.4:
There are no IPs in the block list
When you use Inline IPS Mode the BLOCKS tab is always empty as the inline mode does not populate that tab. Instead, dropped (blocked) traffic will be shown on the ALERTS tab highlighted in red text.
Post the contents of the
suricata.logfor the interface. You can select that log for viewing under the LOGS VIEW tab in Suricata. -
You are correct, I apologize. There were no red blocks in the alerts tab. I wrote that late last night.
I will post the log tonight.
