diff --git a/tests/bug-5867-fp-drop-01/README.md b/tests/bug-5867-fp-drop-01/README.md
new file mode 100644
index 000000000..257e8a53b
--- /dev/null
+++ b/tests/bug-5867-fp-drop-01/README.md
@@ -0,0 +1,22 @@
+# Test
+
+This test [currently] demonstrates Suricata bug 5867: there are false positive
+drop events in the eve logs, for packets that triggered higher priority PASS
+rules and DROP rules.
+
+In the scenario shown in this test, `PASS` has a higher priority in the action
+order (as it's the default), so the packet should trigger the PASS rule first,
+so the DROP rule should have no effect. Even though the flow continues, the DROP
+events are seeing in the log.
+
+Bug report: https://redmine.openinfosecfoundation.org/issues/5867
+
+# Behavior
+
+This test currently fails, for we should see no DROP events, but we do.
+
+# Pcap
+
+Pcap comes from forum post where bug was reported the first time:
+https://forum.suricata.io/t/drop-log-false-positive-records-possible-since-6-0-6/3228
+
diff --git a/tests/bug-5867-fp-drop-01/input.pcap b/tests/bug-5867-fp-drop-01/input.pcap
new file mode 100644
index 000000000..0a56ee9a7
Binary files /dev/null and b/tests/bug-5867-fp-drop-01/input.pcap differ
diff --git a/tests/bug-5867-fp-drop-01/suricata.yaml b/tests/bug-5867-fp-drop-01/suricata.yaml
new file mode 100644
index 000000000..80a894d28
--- /dev/null
+++ b/tests/bug-5867-fp-drop-01/suricata.yaml
@@ -0,0 +1,25 @@
+%YAML 1.1
+---
+
+outputs:
+  - eve-log:
+      enabled: yes
+      filename: eve.json
+      types:
+        - alert
+        - anomaly
+        - drop:
+            alerts: yes
+            flows: start
+        - flow
+        - smtp
+
+action-order:
+  - drop
+  - pass
+  - reject
+  - alert
+
+exception-policy: ignore
+
+
diff --git a/tests/bug-5867-fp-drop-01/test.rules b/tests/bug-5867-fp-drop-01/test.rules
new file mode 100644
index 000000000..b38b86aa5
--- /dev/null
+++ b/tests/bug-5867-fp-drop-01/test.rules
@@ -0,0 +1,2 @@
+pass tcp 172.17.1.0/24 any -> any 225 (msg:"PASS LOCAL NET Port 225::no flags::flow to_server::no thresholds"; flow:to_server; classtype:misc-activity; sid:1000100; rev:1; metadata:created_at 2023_02_07, updated_at 2023_02_07;)
+drop tcp 172.17.1.0/24 any -> any 225 (msg:"DROP LOCAL NET Port 225::no flags::flow established to_server::no thresholds"; flow:to_server,established; classtype:misc-activity; sid:1000101; rev:1; metadata:created_at 2023_02_07, updated_at 2023_02_07;)
diff --git a/tests/bug-5867-fp-drop-01/test.yaml b/tests/bug-5867-fp-drop-01/test.yaml
new file mode 100644
index 000000000..11bdb3011
--- /dev/null
+++ b/tests/bug-5867-fp-drop-01/test.yaml
@@ -0,0 +1,18 @@
+requires:
+   min-version: 6
+args:
+- -k none
+- --set stream.midstream=true
+- --simulate-ips
+
+checks:
+- filter:
+    count: 1
+    match:
+      dest_ip: 172.17.1.105
+      dest_port: 225
+      event_type: smtp
+- filter:
+    count: 0
+    match:
+      event_type: drop