Adjust Suricata ET-Pro rules URL based on recent changes by Proofpoint. #486
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
netgate-git-updates
pushed a commit
that referenced
this pull request
Dec 5, 2017
netgate-git-updates
pushed a commit
that referenced
this pull request
Aug 16, 2021
Added a new option DEP-RSA1024 to enable --with-deprecate-rsa-1024 Changelog: - Merge PR #317: ZONEMD Zone Verification, with RFC 8976 support. ZONEMD records are checked for zones loaded as auth-zone, with DNSSEC if available. There is an added option zonemd-permissive-mode that makes it log but not fail wrong zones. With zonemd-reject-absence for an auth-zone the presence of a zonemd can be mandated for specific zones. - Fix: Resolve interface names on control-interface too. - Merge #470 from edevil: Allow configuration of persistent TCP connections. - Fix #474: always_null and others inside view. - Add that log-servfail prints an IP address and more information about one of the last failures for that query. - Merge #478: Allow configuration of TCP timeout while waiting for response. - Add ./configure --with-deprecate-rsa-1024 that turns off RSA 1024. - Move the NSEC3 max iterations count in line with the 150 value used by BIND, Knot and PowerDNS. This sets the default value for it in the configuration to 150 for all key sizes. - zonemd-check: yesno option, default no, enables the processing of ZONEMD records for that zone. - Merge #486 by fobster: Make VAL_MAX_RESTART_COUNT configurable. - Merge PR #491: Add SVCB and HTTPS types and handling according to draft-ietf-dnsop-svcb-https. - Introduce 'http-user-agent:' and 'hide-http-user-agent:' options. PR: 257809 Sponsored by: Rubicon Communications, LLC ("Netgate")
netgate-git-updates
pushed a commit
that referenced
this pull request
Aug 16, 2021
Added a new option DEP-RSA1024 to enable --with-deprecate-rsa-1024 Changelog: - Merge PR #317: ZONEMD Zone Verification, with RFC 8976 support. ZONEMD records are checked for zones loaded as auth-zone, with DNSSEC if available. There is an added option zonemd-permissive-mode that makes it log but not fail wrong zones. With zonemd-reject-absence for an auth-zone the presence of a zonemd can be mandated for specific zones. - Fix: Resolve interface names on control-interface too. - Merge #470 from edevil: Allow configuration of persistent TCP connections. - Fix #474: always_null and others inside view. - Add that log-servfail prints an IP address and more information about one of the last failures for that query. - Merge #478: Allow configuration of TCP timeout while waiting for response. - Add ./configure --with-deprecate-rsa-1024 that turns off RSA 1024. - Move the NSEC3 max iterations count in line with the 150 value used by BIND, Knot and PowerDNS. This sets the default value for it in the configuration to 150 for all key sizes. - zonemd-check: yesno option, default no, enables the processing of ZONEMD records for that zone. - Merge #486 by fobster: Make VAL_MAX_RESTART_COUNT configurable. - Merge PR #491: Add SVCB and HTTPS types and handling according to draft-ietf-dnsop-svcb-https. - Introduce 'http-user-agent:' and 'hide-http-user-agent:' options. PR: 257809 Sponsored by: Rubicon Communications, LLC ("Netgate") (cherry picked from commit 42ac7e7)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
pfSense-pkg-Suricata v4.0.1_1
This updates the URLs used for downloading the Proofpoint ET-Pro and ET-Open rules packages. Proofpoint recently changed the folder structure on the download site to include the Suricata engine version as part of the rules download URL.
There are no new features or functionality changes in this update.
Bug Fixes: