Suricata 4.1.3 block flow
I use Suricata 4.1.3 on Debian 9
I use the followinf iptables command to redirect flow to Suricata
iptables -A FORWARD -d xxx.xxx.xxx.xxx -m state --state RELATED,ESTABLISHED -j NFQUEUE --queue-num 1
iptables -A FORWARD -s xxx.xxx.xxx.xxx -j NFQUEUE --queue-num 1
Sometimes, Suricata seems drop all packet without informations in logs files.
I need to kill Suricata, then I put iptables -I FORWAD -j ACCEPT and then I restart Suricata like this:
/usr/bin/suricata -c /etc/suricata/suricata.yaml -q 1
To finish I remove the iptables rules: iptables -D FORWAD -j ACCEPT
This problems is appeared with release 4.1.3
Before with Suricata 4.1.2 I have no problem.
Is it a bug of Suricata?
Updated by Anthony h over 3 years ago
For more information, I configure Suricata like this:
./configure --enable-nfqueue --with-libnss-libraries=/usr/lib --with-libnss-includes=/usr/include/nss/ --with-libnspr-libraries=/usr/include/nspr --prefix=/usr/ --sysconfdir=/etc/ --localstatedir=/var/ --with-libhtp-libraries=/usr/lib/ --enable-gccprotect --disable-gccmarch-native
Updated by Andreas Herz over 3 years ago
- Assignee set to Community Ticket
- Target version set to TBD
Yes you can run ./configure with --enable-debug as described here: https://blog.inliniac.net/2010/01/04/suricata-debugging/
Updated by Andreas Herz 8 months ago
- Status changed from New to Closed
Hi, we're closing this issue since there have been no further responses.
If you think this issue is still relevant, try to test it again with the
most recent version of suricata and reopen the issue. If you want to
improve the bug report please take a look at