Bug 12825

Summary: IPs whitelist in IPS ignored in CU 164 + CU165
Product: IPFire Reporter: Nicolas Pöhlmann <business>
Component: ---Assignee: Stefan Schantl <stefan.schantl>
Status: CLOSED FIXED QA Contact:
Severity: Major Usability    
Priority: Will affect most users CC: michael.tremer, peter.mueller
Version: 2   
Hardware: unspecified   
OS: Unspecified   

Description Nicolas Pöhlmann 2022-03-30 22:44:15 UTC 
This problem exists since uprading from CU 163 to CU 164 and later to CU 165. The IPs whitelisted in IPS GUI are ignored and blocked by suricata. Only when stopping and starting suricata via console (GUI not tested), there is a short timeframe (~1m) where whitelisted IPs are ignored correctly until /var/log/messages reports this:

...
suricata: cleaning up signature grouping structure... complete
suricata: rule reload complete
...

After that message, the IPs will be handled like not whitelisted and blocked by suricata rules.
Comment 1 Peter Müller 2022-06-28 14:24:32 UTC 
This issue has been fixed in Core Update 168.

https://blog.ipfire.org/post/ipfire-2-27-core-update-168-released

Closing this bug - please feel free to reopen it, if necessary.