Skip to content

Commit

Permalink
intrusion detection: behaviour change in suricata 7 [3]
Browse files Browse the repository at this point in the history
Along with midstream-policy causing issues,
livedev.use-for-tracking=true breaks IPS so disable it here.
ref: https://redmine.openinfosecfoundation.org/issues/6726
  • Loading branch information
swhite2 committed Feb 2, 2024
1 parent c965e8d commit ce87c2f
Showing 1 changed file with 6 additions and 0 deletions.
6 changes: 6 additions & 0 deletions src/opnsense/service/templates/OPNsense/IDS/suricata.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -1216,6 +1216,12 @@ flow:
vlan:
use-for-tracking: true
# This option controls the use of livedev ids in the flow (and defrag)
# hashing. This is enabled by default and should be disabled if
# multiple live devices are used to capture traffic from the same network
livedev:
use-for-tracking: false
# Specific timeouts for flows. Here you can specify the timeouts that the
# active flows will wait to transit from the current state to another, on each
# protocol. The value of "new" determine the seconds to wait after a handshake or
Expand Down

0 comments on commit ce87c2f

Please sign in to comment.