Bug 12108

Summary: Suricata blocks Debian Nagios check_ping ICMP traffic
Product: IPFire Reporter: Peter Müller <peter.mueller>
Component: ---Assignee: Peter Müller <peter.mueller>
Status: CLOSED FIXED QA Contact:
Severity: Minor Usability    
Priority: - Unknown -    
Version: 2   
Hardware: all   
OS: All   
Bug Depends on: 12078    
Bug Blocks:    

Description Peter Müller 2019-06-28 11:10:07 UTC 
If Suricata is enabled (even in monitoring mode only), Debian packaged Nagios check_ping ICMP traffic is dropped. There are no log entries in fast.log, so I guess this is a preprocessor issue and not caused by actual rules.

Disabling Suricata causes check_ping to work correctly, normal ping command works, too. Surprisingly, check_ping on IPFire works correctly:

b3fdb0f302a4d56fcee8bee8642afb1796f903a7b302ed79484ff8d9ec5e1741  /usr/lib/nagios/plugins/check_ping
[root@maverick ~]# /usr/lib/nagios/plugins/check_ping -V
check_ping v2.2.1 (nagios-plugins 2.2.1)

6a80a56044f97b86b54f6ed22d306f4ce0f087041583341289c9933e6d208a72  /usr/lib/nagios/plugins/check_ping
pmu@debian-testing:~$ /usr/lib/nagios/plugins/check_ping -V
check_ping v2.2 (monitoring-plugins 2.2)

I have no idea why this is (bug in monitoring-plugins 2.2?).
Comment 1 Michael Tremer 2019-07-01 11:20:17 UTC 
Did you intentionally assign this to yourself?
Comment 2 Peter Müller 2019-07-04 17:36:13 UTC 
Yes, as I am not sure what the origin of this behaviour exactly is.
Comment 3 Peter Müller 2019-10-13 10:04:34 UTC 
This may or may not be fixed in upcoming Core Update 137. This issue will be kept opened until there are some testing results.
Comment 4 Peter Müller 2019-10-28 15:28:00 UTC 
https://blog.ipfire.org/post/ipfire-2-23-core-update-137-is-available-for-testing

Testing results are still missing...
Comment 5 Peter Müller 2020-01-31 15:40:50 UTC 
This problem is not reproducible anymore and I am pretty sure it was related to the Suricata issue filed in #12078.