lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-15 17:14:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

intrusion detection: behaviour change in suricata 7 [3]

Browse Source 
Along with midstream-policy causing issues,
livedev.use-for-tracking=true breaks IPS so disable it here.
ref: https://redmine.openinfosecfoundation.org/issues/6726
This commit is contained in:
Stephan de Wit 2024-02-02 15:31:48 +01:00
parent c965e8d3f0
commit ce87c2f68c
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/opnsense/service/templates/OPNsense/IDS/suricata.yaml
View File

@ -1216,6 +1216,12 @@ flow:
vlan:
use-for-tracking: true
# This option controls the use of livedev ids in the flow (and defrag)
# hashing. This is enabled by default and should be disabled if
# multiple live devices are used to capture traffic from the same network
livedev:
use-for-tracking: false
# Specific timeouts for flows. Here you can specify the timeouts that the
# active flows will wait to transit from the current state to another, on each
# protocol. The value of "new" determine the seconds to wait after a handshake or