[Oisf-users] reject-rules don't drop packages
Thorsten Wagener - Travanto Travel
twagener at travanto.de
Tue Jan 10 11:02:39 UTC 2012
I'am using nfqueue. I'am not using worker mode, or is it default? Worker mode is only available in af-packet and pfring?
thanks
Am 10.01.2012 um 11:43 schrieb Eric Leblond <eric at regit.org>:
> Hello,
>
> Le mardi 10 janvier 2012 à 10:56 +0100, Thorsten Wagener - Travanto
> Travel a écrit :
>> Hi,
>>
>> my suricata Version 1.1.1 does not drop packages from reject rules.
>>
>> I know that there was a Bug, which was fixed in v1.1beta2 but it is
>> still there. Can anyone confirm this Problem?
>>
>> Drop-rule works and bad traffic is dropped. with reject the traffic is
>> not dropped, but a tcp/rst package is sent. Sometimes the rst-package
>> is incoming before the answer and the connection is cancled, but the
>> bad traffic is still not dropped.
>>
>> stream inline is set to yes.
>
> Are you using the new 'worker' mode ?
>
> There is an issue in it we found after reading your mail. I've got a
> patch for it but it is functionnaly untested. I can send it to you if
> you want.
>
> BR,
>
>>
>> _______________________________________________
>> Oisf-users mailing list
>> Oisf-users at openinfosecfoundation.org
>> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
More information about the Oisf-users
mailing list