Stephan de Wit
Stephan de Wit
Which interface is running Suricata (IPS)? As is indicated in the GUI and the docs, IPS shouldn't be run directly on VLAN interfaces, only on it's parent interface. And yes,...
I've been able to reproduce the errors on my end with IPS on the parent interface. It seems Netmap is the culprit here somewhere since I've built a custom kernel...
Hi, This issue is still very much on my to-do list and I hope I can get back to you by the end of the week.
Hi @fabricemrchl, Apologies for the later-than-expected reply, but it took some time to configure a working tracing setup due to regressions in the FreeBSD13-STABLE kernel. In any case, here is...
@fabricemrchl Update: Since Suricata in it's current state only uses one thread to pass packets up to the host stack, it's easy to imagine buffers being exhausted, as Suricata is...
Unfortunately no, the easiest way to switch is to switch to the OPNsense-devel package entirely. This replaces the core package as well. The only other way to isolate it is...
Is it the errors dropping your connection or is there any other form of flapping going on (which in turn would cause outbound errors to accumulate )? Maybe check the...
Done in https://github.com/opnsense/docs/commit/a67e130d238b89f863ab2f7ef83e7253d0ad1412. @fichtner Parking it here until the mentioned items are in release: - DNSSEC + rebinding update: https://github.com/opnsense/core/commit/f3efe39f7b7e182bb77a7dd3a371fe4c5c054585 - A/AAAA/PTR records: https://github.com/opnsense/core/commit/92a5a224dd3d08df822cbe722ba5657db1ac7991
This was completed with https://github.com/opnsense/docs/commit/1b888f7233bfde1b96411abbc470196a09fde21f
While at it, let's move https://github.com/opnsense/core/issues/5256 to this page as well. Include `log-reply` conf option as well.