Hello,
I just see that user defined rules are no more applied ...
I also use squid. And, in order to filter website with its ssl fingerprint, I put the website in the "SSL no bump sites" list in the squid config.
After this, I use the SSL fingerprint of this website in order to create a new "user defined" rule (with a "reject" argument), in the suricata config section.
This one is no longer applied ... I can access to this website.
I use:
OPNsense 18.7.4-amd64
FreeBSD 11.1-RELEASE-p14
OpenSSL 1.0.2p 14 Aug 2018
And Hyperscan for "pattern matcher". But "default" does'nt work anymore.
Did someone notice this ?
Thanks a lot for any idea.
Best regards