Suricata block all traffic https

v7
ips
suricata

(Juan Carlos Ortiz L.) #1

NethServer Version: 7.4
Module: Suricata
Good afternoon, after updating Nethserver 7.4 (3.10.0-693.11.6.el7.x86_64 # 1 SMP), Suricata blocks all https traffic. meerkat-4.0.3-1.el7.x86_64,
nethserver-suricata-1.1.1-1.ns7.noarch, squid-migration-script-.5.20-999.ns7.x86_64
nethserver-squidclamav-3.0.0-1.ns7.noarch, squid-3.5.20-999.ns7.x86_64, nethserver-lightsquid-1.1.2-1.ns7.noarch, lightsquid-1.8-18.el7.lux. noarch, lightsquid-apache-1.8-18.el7.lux.noarch, nethserver-squidguard-1.7.4-1.ns7.noarch, squidclamav-6.16-1.ns7.x86_64, nethserver-squid-1.7.0-1. ns7.noarch.

log Suricata: 1/16/20 - 10:08:36 - - This is Suricata version 4.0.3 RELEASE
16/1/2018 - 10:08:51 - - all 3 packet processing threads, 2 management
initialized, engine started
16/1/2018 - 10:08:51 - - Signal Received. Stopping engine.
16/1/2018 - 10:08:51 - - (RX-Q0) Treated: Pkts 0, Bytes 0, Errors 0
16/1/2018 - 10:08:51 - - (RX-Q0) Verdict: Accepted 0, Dropped 0, Repla
ced 0
16/1/2018 - 10:08:51 - - This is Suricata version 4.0.3 RELEASE
1/16/2018 - 10:09:15 - - all 3 packet processing threads, 2 management
initialized, engine started
16/1/2018 - 10:09:38 - - rule reload starting
3/16/20 - 10:09:49 - - rule reload complete
16/1/2018 - 10:09:49 - - rule reload starting
3/16/20 - 10:09:59 - - rule reload complete
16/1/2018 - 10:11:06 - - Signal Received. Stopping engine.
16/1/2018 - 10:11:06 - - (RX-Q0) Treated: Pkts 110593, Bytes 74284130,
Errors 0
16/1/2018 - 10:11:06 - - (RX-Q0) Verdict: Accepted 103190, Dropped 740
3, Replaced 0

I touch shut down the intruder arrest service. What I can do?

Thank you


(Markus Neuberger) #2

Only way for now is changing affected categories from “Block” to “Alert”: