Surricata blocks traffic on local allowed list

steilfirn_8000 · February 08, 2023, 06:29:25 PM

Not sure if this is relevant for this topic but with my new router setup I am also using Suricata as IDS/IPS (from SELKS https://github.com/StamusNetworks/SELKS) with equal settings as on OPNsense.

With this setup it is not having any troubles with my LAN & remote sites.

Fright · February 09, 2023, 06:24:45 AM

QuoteNot sure if this is relevant for this topic

it's hard to say, since so far only false positive alerts (fixable) and possible misconfig are visible imho

Fright · February 15, 2023, 09:47:40 AM

for the ref.
https://forum.suricata.io/t/drop-log-false-positive-records-possible-since-6-0-6/3228/1

Fright · March 28, 2023, 10:14:44 PM

for the ref. false-drop records fixed in https://github.com/OISF/suricata/commit/517132b6ad0347c8402b3aace885d1b734609fec
although I still think it would be great to be able to disable drop-log on the OPN

Surricata blocks traffic on local allowed list

steilfirn_8000

February 08, 2023, 06:29:25 PM #15

Fright

February 09, 2023, 06:24:45 AM #16

Fright

February 15, 2023, 09:47:40 AM #17

Fright

March 28, 2023, 10:14:44 PM #18