11981 – suricata fails to detect traffic from and to firewall

Bug 11981 - suricata fails to detect traffic from and to firewall

Summary: suricata fails to detect traffic from and to firewall

Status:	CLOSED FIXED

Alias:	None

Product:	IPFire
Classification:	Unclassified
Component:	--- (show other bugs)
Version:	2
Hardware:	unspecified Unspecified

Importance:	- Unknown - Security
Assignee:	Stefan Schantl
QA Contact:

URL:
Keywords:

Depends on:
Blocks:	SURICATA 11838
	Show dependency tree / graph

Reported:	2019-01-29 12:19 UTC by Michael Tremer
Modified:	2019-02-05 12:55 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Michael Tremer 2019-01-29 12:19:14 UTC

suricata does not drop any packets from and to the firewall. That is caused by not having the RED IP address space (including aliases) in the HOME_NET variable.

Should any static routes be in here, too?

Please also merge my patch to scan any outgoing packets:

https://patchwork.ipfire.org/patch/2054/

Comment 1 Stefan Schantl 2019-02-05 12:55:08 UTC

Merged:

https://git.ipfire.org/?p=people/stevee/ipfire-2.x.git;a=commit;h=17c2c09bcc50376ef805a194eec8688a3dfcbc29

Fixed:

https://git.ipfire.org/?p=people/stevee/ipfire-2.x.git;a=commit;h=23c0347ac5d386e215c56ae9fa3af97e66f1c23f