IPS stops working (19.1.2)

[Mks]

Hi,

with update to 19.1.2 my IPS stops working.

A lot of warnings in the log, similar to:

Code Select Expand

<Warning> -- [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit

Also the notice are a bit strange because of 0 packets

suricata: [100234] <Notice> -- Stats for 'pppoe0+': pkts: 0, drop: 0 (nan%), invalid chksum: 0

Code Select Expand

suricata: [100234] <Notice> -- Stats for 'pppoe0': pkts: 0, drop: 0 (nan%), invalid chksum: 0

Any idea?

Thanks

br

[rabievdm]

I'm just checking, but it's a know issue that PPP interfaces don't work with the netmap implementation.
If you are aware and just pointing out the logs then ignore me :)
If you weren't aware, then sadly IPS will not work on a PPP interface and from posts I have seen is likely to never be fixed on BSD.

Either monitor the internal and/or DMZ interface or do you PPPoE upstream or use a different OS (but then you lose the OpnSense goodness :( )

[Mks]

Hi.

I'm using PPPoE for WAN connection, switched to those setup after upgrading to 19.1.2.
So if I understand correct, IPS ist not supportef for WAN Interfaces with PPPoE?

Br

[franco]

IPS on top of PPP in general, sorry. IDS works fine.


Cheers,
Franco

[crt333]

I don't use PPP and ids/ips isn't recording alerts or generally working, even after upgrading to 19.1.2.

I used to see all kinds of alerts, now the only thing I've seen in the last month is "ET INFO Session Traversal Utilities for NAT (STUN Binding Request)". Even the ProofPoint summary window shows no events for days at a time.

[Mks]

Ok, thanks

[ruggerio]

Is this resolved? I still have flowbit-warnings and nearly no log-entries.