12825 – IPs whitelist in IPS ignored in CU 164 + CU165

Bug 12825 - IPs whitelist in IPS ignored in CU 164 + CU165

Summary: IPs whitelist in IPS ignored in CU 164 + CU165

Status:	CLOSED FIXED

Alias:	None

Product:	IPFire
Classification:	Unclassified
Component:	--- (show other bugs)
Version:	2
Hardware:	unspecified Unspecified

Importance:	Will affect most users Major Usability
Assignee:	Stefan Schantl
QA Contact:

URL:
Keywords:

Depends on:
Blocks:

Reported:	2022-03-30 22:44 UTC by Nicolas PÃ¶hlmann
Modified:	2022-06-28 14:24 UTC (History)
CC List:	2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Nicolas PÃ¶hlmann 2022-03-30 22:44:15 UTC

This problem exists since uprading from CU 163 to CU 164 and later to CU 165. The IPs whitelisted in IPS GUI are ignored and blocked by suricata. Only when stopping and starting suricata via console (GUI not tested), there is a short timeframe (~1m) where whitelisted IPs are ignored correctly until /var/log/messages reports this:

...
suricata: cleaning up signature grouping structure... complete
suricata: rule reload complete
...

After that message, the IPs will be handled like not whitelisted and blocked by suricata rules.

Comment 1 Peter MÃ¼ller 2022-06-28 14:24:32 UTC

This issue has been fixed in Core Update 168.

https://blog.ipfire.org/post/ipfire-2-27-core-update-168-released

Closing this bug - please feel free to reopen it, if necessary.