https://redmine.pfsense.org/https://redmine.pfsense.org/favicon.ico?16780521162021-10-19T09:57:09ZpfSense bugtrackerpfSense Packages - Regression #12476: Suricata 6.0.3_3 Pass List ignores all single IPshttps://redmine.pfsense.org/issues/12476?journal_id=568512021-10-19T09:57:09ZSteve Y
<ul></ul><p>Edit: I have a 2100/21.05.1 with the latest Snort 4.1.4_3 and it doesn't have this issue.</p> pfSense Packages - Regression #12476: Suricata 6.0.3_3 Pass List ignores all single IPshttps://redmine.pfsense.org/issues/12476?journal_id=568552021-10-19T13:54:56ZSteve Y
<ul></ul><p>I did not try intermediate versions between 6.0.0_14 and 6.0.3_3, just installed the latest, so I can't say when this started. I know it wasn't an issue on 6.0.0_14 on the 2.5.2 router, or others on 6.0.0_14/21.05.1 I've looked at today. To be more correct, the 3100 had previously had pfSense 2.4.4 and an older version of the Suricata package, which I had uninstalled, and reinstalled the latest version after upgrading.</p> pfSense Packages - Regression #12476: Suricata 6.0.3_3 Pass List ignores all single IPshttps://redmine.pfsense.org/issues/12476?journal_id=568602021-10-20T03:16:13ZViktor Gurov
<ul><li><strong>Tracker</strong> changed from <i>Bug</i> to <i>Regression</i></li></ul><p>fix:<br /><a class="external" href="https://github.com/pfsense/FreeBSD-ports/pull/1117">https://github.com/pfsense/FreeBSD-ports/pull/1117</a></p> pfSense Packages - Regression #12476: Suricata 6.0.3_3 Pass List ignores all single IPshttps://redmine.pfsense.org/issues/12476?journal_id=568622021-10-20T03:17:18ZViktor Gurov
<ul><li><strong>Related to</strong> <i><a class="issue tracker-1 status-3 priority-4 priority-default closed" href="/issues/12322">Bug #12322</a>: Suricata creates invalid HOME_NET entries</i> added</li></ul> pfSense Packages - Regression #12476: Suricata 6.0.3_3 Pass List ignores all single IPshttps://redmine.pfsense.org/issues/12476?journal_id=572752021-11-01T05:24:04ZAren Breur
<ul></ul><p>I am running 2.6.0-DEVELOPMENT (amd64). a network with /15 also does NOT work. I made it to 2 /16 networks that works fine<br />the /15 does show in the tooltip. but hosts still get blocked.</p> pfSense Packages - Regression #12476: Suricata 6.0.3_3 Pass List ignores all single IPshttps://redmine.pfsense.org/issues/12476?journal_id=573022021-11-02T08:40:22ZBill Meeks
<ul></ul><p>Aren Breur wrote in <a href="#note-5">#note-5</a>:</p>
<blockquote>
<p>I am running 2.6.0-DEVELOPMENT (amd64). a network with /15 also does NOT work. I made it to 2 /16 networks that works fine<br />the /15 does show in the tooltip. but hosts still get blocked.</p>
</blockquote>
<p>This might not be the same issue as the one this ticket was created for. If your subnet shows in the Tooltip pop-up dialog, that indicates the GUI code correctly processed it. But if you are still getting blocks, it could be one of these two possibilities:</p>
<ol>
<li>Suricata has not been restarted after making a change to a Pass List assignment;</li>
<li>The Radix Tree code within the Suricata binary, which is used by the Pass List logic to test if a given IP address from an alert falls within a Pass List covered network, is not correctly processing the /15 subnet.</li>
</ol>
<p>Can you share the exact network specification you are using that fails? If it turns out that Possibility <a class="issue tracker-1 status-3 priority-4 priority-default closed parent" title="Bug: Gateway not added when switching from DHCP to static (Resolved)" href="https://redmine.pfsense.org/issues/2">#2</a> is the issue, then please open a separate Redmine Issue for tracking that problem.</p>
<p>Thanks,<br />Bill</p> pfSense Packages - Regression #12476: Suricata 6.0.3_3 Pass List ignores all single IPshttps://redmine.pfsense.org/issues/12476?journal_id=575852021-12-02T02:52:02ZViktor Gurov
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>Feedback</i></li></ul><p>Merged</p> pfSense Packages - Regression #12476: Suricata 6.0.3_3 Pass List ignores all single IPshttps://redmine.pfsense.org/issues/12476?journal_id=576002021-12-02T10:25:08ZSteve Y
<ul></ul><p>As far as feedback from me, I had posted in the forum thread but apparently not here. Manually making the code change worked for me.</p> pfSense Packages - Regression #12476: Suricata 6.0.3_3 Pass List ignores all single IPshttps://redmine.pfsense.org/issues/12476?journal_id=615002022-05-30T10:29:08ZMarcos M
<ul><li><strong>Status</strong> changed from <i>Feedback</i> to <i>Resolved</i></li></ul>