After formatting my mini-pc with the Opnsense 23.7 Release Candidate today I upgraded to the stable version. Once upgraded I decided to try Suricata 7 and I had the same problems as mentioned here:
https://forum.opnsense.org/index.php?topic=34997.0
To solve these problems I have added the command mentioned in this post in Suricata's custom.yaml file and indeed these problems are solved. Suricata 7 brings a lot of changes and among them are the support for http2 and quic but in the suricata.yaml file they don't appear unlike the suricata.yaml file in Github. I don't know if I did it right but to activate this support I added the following commands in the custom.yaml file
stream.midstream-policy: ignore
http2:
enabled: yes
quic:
enabled: yes
This way Suricata 7 works great, in fact it has a much better performance compared to Suricata 6.x.x.
The problem comes when I restart Opnsense, the custom.yaml file appears blank without the modifications added and I have to put it back by accessing Opnsense via ssh. That is, the custom.yaml file does not survive Opnsense restarts.
The custom.yaml file is located in the path usr/local/etc/suricata
I don't know if there is another custom.yaml file elsewhere that survives Opnsense restarts.
I believe you are going to have to use templates to achieve this.
https://docs.opnsense.org/development/backend/templates.html (https://docs.opnsense.org/development/backend/templates.html)
The only time I have done this was with unbound ....when they took away the custom box.
https://docs.opnsense.org/manual/unbound.html (https://docs.opnsense.org/manual/unbound.html) ... Scroll down to advanced configurations.
I think this is how you set it up so your custom additions (outside the UI) survive reboots.
Cheers,
Edit custom.yaml here, its persistent:
/usr/local/opnsense/service/templates/OPNsense/IDS/custom.yaml
I'vent found the code where I could add it to the UI as textfield yet.