Suricata on pfSense 2.3 Bug Fix Status
-
Just wanted to let everyone know I am working on a bug fix update to address the issues reported here with the newest Suricata package on pfSense 2.3. I have all the bugs fixed save one remaining issue with the rules update GUI. I'm trying to make that process a lot better, but it is taking some time as I am plowing new ground here, so to speak. The same method used on the older pfSense releases will not work under Bootstrap, so I am having to research something else.
Issues that will be fixed in the upcoming release are:
1. Rule disable and alert suppression not working correctly on ALERTS tab.
2. Editing/saving of custom rules not working.
3. PASS LISTS not showing up as available on INTERFACE SETTINGS tab.
4. Dashboard ALERTS widget can sort alerts incorrectly depending on system log setting.
5. The GUI allows you to delete an assigned SUPPRESS LIST when it should not and instead show a warning.
6. Rule updates not showing progress and/or failing with no indication as to why.Bill
-
thx for the update.
just one more question: does it work on pppoe? it was supposed to do this on this version right?
thank you -
thx for the update.
just one more question: does it work on pppoe? it was supposed to do this on this version right?
thank youYes. It's been working for a while. I'm running it on a PPPoE link with no issues.
-
tried last night…after a few minutes it stops working.will upload logs.
-
Minor issue; but once the block table exceeds the number of entries you have configured to display, the only way to see the other entries is to increase the number. Should probably have a option to go to the next page so you can scroll through the block table.
-
Minor issue; but once the block table exceeds the number of entries you have configured to display, the only way to see the other entries is to increase the number. Should probably have a option to go to the next page so you can scroll through the block table.
There are a few other pages in the GUI that can benefit from using a pagination scheme. Bootstrap offers such as helper class for the HTML part, but there is some PHP coding required to support it on that end as well. I have this on my radar as a future enhancement.
Bill
-
I am still working on one last piece of the Suricata bug fix – the UPDATES tab. That one is giving me some trouble to get right. It has made me miss my Thursday deadline ... :(.
You can follow the progress here: https://github.com/bmeeks8/FreeBSD-ports/commits/pfSense-pkg-suricata-3.0_6.
Bill
-
Whew! Finally got the bug fix posted for review. Here is the link to the pull request if anyone is curious what will be fixed: https://github.com/pfsense/FreeBSD-ports/pull/108. As soon as the pfSense developers review it and merge it, the update will appear on the INSTALLED PACKAGES tab for pfSense 2.3 users.
For now the UPDATES tab pops up a Bootstrap Modal dialog while downloading and updating the rules. The dialog just contains a little spinner icon for now to show something is happening. It will auto-close when the update is complete. The actual rules update job is happening in the background and the modal is just monitoring whether the update job is still running or not. So you can close the modal if you want to, but the values on the UPDATES page won't change until the update is all done in the background. DO NOT just refresh the page in your browser because that will resubmit the update request. Just navigate away from the page and come back to it later (or just wait for the modal to auto-close in the first place). I will improve on this in the next update and put the progress bar back (thanks to Steve Beaver for coming up with a neat Bootstrap progress bar module.. :D).
Bill
-
Bugfix is out thanks bmeeks.
I think there may be some mislabeling here?
where it says saved or removed host. See attachment.
-
Bugfix is out thanks bmeeks.
I think there may be some mislabeling here?
where it says saved or removed host. See attachment.Yeah, that second column label where the SAVE button is located needs some work. There were three of us guys working in the Suricata GUI code at one time or another during the Bootstrap conversion. Two pfSense paid developer and me as volunteer. While having 3 of us working sped up the conversion, it did create an opportunity for a few bugs to creep in. Since this is merely cosmetic, I will put in it on my list for fixing next time.
Bill
-
Hi bmeeks, another one.
When operating in legacy mode, blocks are shown on the blocks tab (https://<url>/suricata/suricata_blocked.php).
Say I have list of blocks on this tab #1 - #7, If i want to delete block #3 and do so then blocks #3 - #7 are deleted instead of only #3</url> -
Hi bmeeks, another one.
When operating in legacy mode, blocks are shown on the blocks tab (https://<url>/suricata/suricata_blocked.php).
Say I have list of blocks on this tab #1 - #7, If i want to delete block #3 and do so then blocks #3 - #7 are deleted instead of only #3</url>I will check this out. I have some other fixes to put into the Suricata package as well.
Bill
