Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

pfSense-pkg-suricata-4.1.6_1 - Support Suricata 4.1.6, fix GeoLite2 DB and others. #748

Merged
merged 12 commits into from
Jan 7, 2020
Merged

pfSense-pkg-suricata-4.1.6_1 - Support Suricata 4.1.6, fix GeoLite2 DB and others. #748

merged 12 commits into from
Jan 7, 2020

Conversation

bmeeks8
Copy link
Contributor

@bmeeks8 bmeeks8 commented Jan 7, 2020

pfSense-pkg-suricata-4.1.6_1

This GUI package update provides support for the latest version of the Suricata binary (v4.1.6). It also corrects five bugs and adds four new features.

New Features:

  1. Added column sorting to the RULES tab so it behaves the same as the ALERTS tab.
  2. Make filters on ALERTS tab sticky across other actions such as suppressing alerts or disabling a SID. Currently any applied filter resets. Redmine Issue #9902.
  3. Highlight rules with "noalerts;" option on RULES tab by coloring the text using the Bootstrap class "text-success" and using a different ACTION icon.
  4. Added option to set unique logging directory for file-store configuration section in suricata.yaml.

Bug Fixes:

  1. When creating HOME_NET and EXTERNAL_NET (and other ipvars), make sure there is a comma followed by a space for each IP entry. Failure to do so with intermixed IPv4 and IPv6 addresses results in failure to start with no ERRCODE given. See Suricata Redmine Issue #3222.
  2. Use of explode() function in suricata_interfaces_edit.php generates a warning because the second parameter of the function call is not interpreted as an empty string due to being uninitialized on green-field installs.
  3. When SID MGMT changes rules to DROP or REJECT, it is not skipping rules containing a "flowbits:noalert;" tag. This can result in dropped traffic without any logged alert about the drop or reject action.
  4. The IP Reputation List enable option on the IPREP tab actually defaults to "ON" when it should default to "OFF".
  5. Maxmind GeoLite2 IP DB now requires a license key for GeoIP2 database downloads. Add support for user-supplied license key.

@bmeeks8
Delimit IPVARs and PORTVARs with comma and space. See Upstream issue …
07faa13 
…#3222.
@bmeeks8
Add column sorting to RULES tab (excluding STATE and ACTION columns).
ebf7b17
@bmeeks8
Init EVE HTTP extended headers and SMTP extended fields values in new…
ed28e11 
… installs.
@bmeeks8
When filtering alerts log, persist across other ALERTS tab operations.
03fbe46
@bmeeks8
When using SID MGMT, skip modifying action for rules with "flowbits:n…
c2251c6 
…oalert".
@bmeeks8
Flag rules with "noalert;" option on RULES tab for easy identification.
a970609
@bmeeks8
Add option to specify custom log path for file-store feature in GUI.
6924df5
@bmeeks8
Support new user license key requirement for MaxMind GeoLite2 DB down…
e92c17e 
…loads.
@bmeeks8
Bump GUI package to version 4.1.6_1.
a2ba04a
@bmeeks8
Fix IP Rep default state value. Redmine Issue #9981.
bbad586
@bmeeks8
Fix port name. This is still just pfSense-pkg-suricata.
a04160a
@bmeeks8
Fix typo.
d023d4f
netgate-git-updates pushed a commit that referenced this pull request Jan 7, 2020
@rbgarga
Merge pull request #748 from bmeeks8/pfSense-pkg-suricata-4.1.6_1
4e115c0
@netgate-git-updates netgate-git-updates merged commit d023d4f into pfsense:devel Jan 7, 2020
@bmeeks8 bmeeks8 deleted the pfSense-pkg-suricata-4.1.6_1 branch January 8, 2020 14:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@bmeeks8 @netgate-git-updates