Project

General

Profile

Actions
Copy link

Bug #9691

closed

Suricata ips_mode Legacy not blocking

Added by Wesley Peres over 4 years ago. Updated over 4 years ago.

Status:
Rejected
Priority:
Normal
Assignee:
-
Category:
Suricata
Target version:
-
Start date:
08/20/2019
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Affected Version:
2.4.4-p3
Affected Plus Version:
Affected Architecture:

Description

Good Morning.
I running suricata in pfSense 2.4.4 - p3 in "Legacy" mode, but not blocking.
I noticed in suricata logs the below error:

<Warning> -- [ERRCODE: SC_ERR_INVALID_ARGUMENT(13)] - No output module named alert-pf

I need help for resolve this problem.
Thanks very much.

Actions
Copy link
 #1

Updated by Jim Pingle over 4 years ago

  • Status changed from New to Rejected
  • Priority changed from Urgent to Normal

This site is not for support or diagnostic discussion.

For assistance in solving problems, please post on the Netgate Forum or the pfSense Subreddit .

See Reporting Issues with pfSense Software for more information.

Actions
Copy link
 #2

Updated by Bill Meeks over 4 years ago

This issue was resolved via the Netgate Forum. The user had bypassed the pfSense GUI package installation process and instead downloaded a copy of the stock Suricata binary from FreeBSD directly and installed it on his firewall. The stock binary from FreeBSD does not contain the custom alert-pf blocking plugin that is used on the pfSense binary version of Suricata. That custom plugin provides the blocking capability.

Once the user removed the binary he had installed and then used the standard GUI package installation process, Suricata worked as expected.

Actions
Copy link

Also available in: Atom PDF