[Oisf-users] reject-rules don't drop packages

Eric Leblond eric at regit.org
Tue Jan 10 10:43:15 UTC 2012


Le mardi 10 janvier 2012 à 10:56 +0100, Thorsten Wagener - Travanto
Travel a écrit :
> Hi,
> my suricata Version 1.1.1 does not drop packages from reject rules. 
> I know that there was a Bug, which was fixed in v1.1beta2 but it is
> still there. Can anyone confirm this Problem? 
> Drop-rule works and bad traffic is dropped. with reject the traffic is
> not dropped, but a tcp/rst package is sent. Sometimes the rst-package
> is incoming before the answer and the connection is cancled, but the
> bad traffic is still not dropped. 
> stream inline is set to yes. 

Are you using the new 'worker' mode ?

There is an issue in it we found after reading your mail. I've got a
patch for it but it is functionnaly untested. I can send it to you if
you want.


> _______________________________________________
> Oisf-users mailing list
> Oisf-users at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20120110/7f218436/attachment.sig>

More information about the Oisf-users mailing list