OPNsense Forum

English Forums => Intrusion Detection and Prevention => Topic started by: J. Lambrecht on November 09, 2018, 05:53:45 pm

Title: Flowbit rules and no alert
Post by: J. Lambrecht on November 09, 2018, 05:53:45 pm
Dear,

Confronted with Zberp being reported as originating from my SmartTV reaching in relation to Netflix traffic (yes, port 80) I came to look at Suricata SID 2021831 which is a flowbits:noalert rule

It took me a while and had to ask but someone pointed out this rule is not supposed to trigger since it is a flowbits rule for which no alert is configured. Hence i wondered if this (most likely) is my mistake of enabling such rule or if this is a known error in the suricata configuration with OPNSense.

Thank you