Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Suricata on pfSense 2.3 Bug Fix Status

    Scheduled Pinned Locked Moved IDS/IPS
    12 Posts 5 Posters 3.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • bmeeksB
      bmeeks
      last edited by

      Just wanted to let everyone know I am working on a bug fix update to address the issues reported here with the newest Suricata package on pfSense 2.3.  I have all the bugs fixed save one remaining issue with the rules update GUI.  I'm trying to make that process a lot better, but it is taking some time as I am plowing new ground here, so to speak.  The same method used on the older pfSense releases will not work under Bootstrap, so I am having to research something else.

      Issues that will be fixed in the upcoming release are:

      1. Rule disable and alert suppression not working correctly on ALERTS tab.
      2. Editing/saving of custom rules not working.
      3. PASS LISTS not showing up as available on INTERFACE SETTINGS tab.
      4. Dashboard ALERTS widget can sort alerts incorrectly depending on system log setting.
      5. The GUI allows you to delete an assigned SUPPRESS LIST when it should not and instead show a warning.
      6. Rule updates not showing progress and/or failing with no indication as to why.

      Bill

      1 Reply Last reply Reply Quote 0
      • N
        nikkon
        last edited by

        thx for the update.
        just one more question: does it work on pppoe? it was supposed to do this on this version right?
        thank you

        pfsense 2.3.4 on Supermicro A1SRi-2758F + 8GB ECC + SSD

        Happy PfSense user :)

        1 Reply Last reply Reply Quote 0
        • G
          gsiemon
          last edited by

          @nikkon:

          thx for the update.
          just one more question: does it work on pppoe? it was supposed to do this on this version right?
          thank you

          Yes. It's been working for a while. I'm running it on a PPPoE link with no issues.

          1 Reply Last reply Reply Quote 0
          • N
            nikkon
            last edited by

            tried last night…after a few minutes it stops working.will upload logs.

            pfsense 2.3.4 on Supermicro A1SRi-2758F + 8GB ECC + SSD

            Happy PfSense user :)

            1 Reply Last reply Reply Quote 0
            • H
              Hegemon
              last edited by

              Minor issue; but once the block table exceeds the number of entries you have configured to display, the only way to see the other entries is to increase the number. Should probably have a option to go to the next page so you can scroll through the block table.

              1 Reply Last reply Reply Quote 0
              • bmeeksB
                bmeeks
                last edited by

                @Hegemon:

                Minor issue; but once the block table exceeds the number of entries you have configured to display, the only way to see the other entries is to increase the number. Should probably have a option to go to the next page so you can scroll through the block table.

                There are a few other pages in the GUI that can benefit from using a pagination scheme.  Bootstrap offers such as helper class for the HTML part, but there is some PHP coding required to support it on that end as well.  I have this on my radar as a future enhancement.

                Bill

                1 Reply Last reply Reply Quote 0
                • bmeeksB
                  bmeeks
                  last edited by

                  I am still working on one last piece of the Suricata bug fix – the UPDATES tab.  That one is giving me some trouble to get right.  It has made me miss my Thursday deadline ...  :(.

                  You can follow the progress here:  https://github.com/bmeeks8/FreeBSD-ports/commits/pfSense-pkg-suricata-3.0_6.

                  Bill

                  1 Reply Last reply Reply Quote 0
                  • bmeeksB
                    bmeeks
                    last edited by

                    Whew!  Finally got the bug fix posted for review.  Here is the link to the pull request if anyone is curious what will be fixed: https://github.com/pfsense/FreeBSD-ports/pull/108.  As soon as the pfSense developers review it and merge it, the update will appear on the INSTALLED PACKAGES tab for pfSense 2.3 users.

                    For now the UPDATES tab pops up a Bootstrap Modal dialog while downloading and updating the rules.  The dialog just contains a little spinner icon for now to show something is happening.  It will auto-close when the update is complete.  The actual rules update job is happening in the background and the modal is just monitoring whether the update job is still running or not.  So you can close the modal if you want to, but the values on the UPDATES page won't change until the update is all done in the background.  DO NOT just refresh the page in your browser because that will resubmit the update request.  Just navigate away from the page and come back to it later (or just wait for the modal to auto-close in the first place).  I will improve on this in the next update and put the progress bar back (thanks to Steve Beaver for coming up with a neat Bootstrap progress bar module.. :D).

                    Bill

                    1 Reply Last reply Reply Quote 0
                    • P
                      pfsenseboonie
                      last edited by

                      Bugfix is out thanks bmeeks.

                      I think there may be some mislabeling here?
                      where it says saved or removed host.  See attachment.

                      suricata_block_page.png
                      suricata_block_page.png_thumb

                      1 Reply Last reply Reply Quote 0
                      • bmeeksB
                        bmeeks
                        last edited by

                        @pfsenseboonie:

                        Bugfix is out thanks bmeeks.

                        I think there may be some mislabeling here?
                        where it says saved or removed host.  See attachment.

                        Yeah, that second column label where the SAVE button is located needs some work.  There were three of us guys working in the Suricata GUI code at one time or another during the Bootstrap conversion.  Two pfSense paid developer and me as volunteer.  While having 3 of us working sped up the conversion, it did create an opportunity for a few bugs to creep in.  Since this is merely cosmetic, I will put in it on my list for fixing next time.

                        Bill

                        1 Reply Last reply Reply Quote 0
                        • P
                          pfsenseboonie
                          last edited by

                          Hi bmeeks, another one.

                          When operating in legacy mode, blocks are shown on the blocks tab (https://<url>/suricata/suricata_blocked.php).
                          Say I have list of blocks on this tab #1 - #7, If i want to delete block #3 and do so then blocks #3 - #7 are deleted instead of only #3</url>

                          1 Reply Last reply Reply Quote 0
                          • bmeeksB
                            bmeeks
                            last edited by

                            @pfsenseboonie:

                            Hi bmeeks, another one.

                            When operating in legacy mode, blocks are shown on the blocks tab (https://<url>/suricata/suricata_blocked.php).
                            Say I have list of blocks on this tab #1 - #7, If i want to delete block #3 and do so then blocks #3 - #7 are deleted instead of only #3</url>

                            I will check this out.  I have some other fixes to put into the Suricata package as well.

                            Bill

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.