Suricata warning: flowbit 'ET.Parallax-12' is checked but not set.

[adk20]

Thanks @all for your replies.

The latest OPNsense updated fixed the unknown classtype errors.

The flowbit errors persist, though. How would I set a flowbit to active and how can I find out which flowbit is required by which rule? Not sure how I can figure that out.

Having said that, I am still a bit surprised that these error messages started popping up without my having changed anything. What might be the cause for this?

Any help is much appreciated.

[Fright]

Having said that, I am still a bit surprised that these error messages started popping up without my having changed anything. What might be the cause for this?

it may not depend on changes made on opnsense. the content of the rules is determined by their maintainers. so if they decide, for example, to change the flowbit in one place and forget to change it in another, then such a warning may appear.

How would I set a flowbit to active and how can I find out which flowbit is required by which rule? Not sure how I can figure that out.

manually only imho. you can find out the rule SID causing the error from the message. then you need to search for the flowbit specified in the message among the other rules (in the rules files) and find out what exactly led to the error (a disabled rule that determines a flowbit, its complete absence, or something else)