From f5ae0c84482c0f4de6ad5a2fb79ef1ae95bdcb10 Mon Sep 17 00:00:00 2001
From: Franco Fichtner <franco@opnsense.org>
Date: Tue, 30 Jan 2024 21:16:10 +0100
Subject: [PATCH] intrusion detection: behaviour change in suricata 7

---
 src/opnsense/service/templates/OPNsense/IDS/suricata.yaml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/opnsense/service/templates/OPNsense/IDS/suricata.yaml b/src/opnsense/service/templates/OPNsense/IDS/suricata.yaml
index b1bc0efc9..2149e55c0 100644
--- a/src/opnsense/service/templates/OPNsense/IDS/suricata.yaml
+++ b/src/opnsense/service/templates/OPNsense/IDS/suricata.yaml
@@ -1333,6 +1333,8 @@ stream:
   checksum-validation: yes      # reject wrong csums
   inline: {% if OPNsense.IDS.general.ips|default("0") == "1" %}true{% else %}auto{% endif %}
 
+  midstream:
+    midstream-policy: ignore
   reassembly:
     memcap: 256mb
     depth: 1mb                  # reassemble 1mb into a stream