Suricata notice Wan Ip Change

  • Hello,
    i noticed that if my provider changed my public ip-adress, suricata didnt notice this and block the new ip-adress. if i restart the suricata service all looks fine. Is that normal or did i miss a setting for that?

  • It is normal.  The auto-pass list values are static entries that are only read one time during Suricata startup.  Once startup is complete, if your WAN IP changes, Suricata won't know until the service is restarted.

    There may be something I can do as part of the restart signal that pfSense sends Packages when an IP changes.  I will look into that.


  • Hello Bill,

    that would be nice ;) many thanks for your dedication.

Log in to reply