Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Suricata-4.0.0 Update #392

Closed
wants to merge 2 commits into from
Closed

Suricata-4.0.0 Update #392

wants to merge 2 commits into from

Conversation

bmeeks8
Copy link
Contributor

@bmeeks8 bmeeks8 commented Aug 16, 2017

This updates the Suricata binary to version 4.0.0 to match the latest upstream version.

New Features
A new configurable parameter has been added to the alert-pf plugin used to insert offending IP addresses into the "snort2c" table in the packet filter of pfSense. The new parameter is named "block-drops-only" and can be set to 'yes' or 'no' (with 'no' being the default when no setting is specified). When set to 'yes', this new setting causes the plugin to only insert offending IP addresses into the "snort2c" table when the firing rule signature has a rule action of DROP. Rules with action ALERT will only cause alerts with no blocks if this new option is set to 'yes'.

The alert-pf plugin's suricata.yaml configuration settings are shown below

    # alert-pf blocking plugin
    - alert-pf:
        enabled: yes/no            # "yes" to enable blocking plugin
        kill-state: yes/no         # "yes" to kill open state table entries associated with blocked IP addresses (default is "yes")
        pass-list: <filename>      # complete path and filename for txt file of single IP addresses or CIDR networks that should never be blocked
        block-ip: src/dst/both     # which IP in packet to block (default is BOTH)
        pf-table: <pf table name>  # name of packet filter firewall table where block IP addresses should be added.  This table must exist!
        block-drops-only: yes/no   # only insert blocks in packet filter firewall table for rules having DROP action keyword (default is "no")

@bmeeks8
Copy link
Contributor Author

bmeeks8 commented Aug 16, 2017

There will be a matching update for the Suricata GUI package coming soon, but until then there are no compatibility issues with this update and the current GUI package. The only side effect of using the 4.0.0 binary with the 3.2.3 GUI package is that upon startup an error message will be logged about the missing "block-drops-only" configuration for that new parameter, but the plugin will default to "no" for the setting which is the legacy behavior anyway. Thus there will be no impact to Suricata's operation.

@rbgarga
Copy link
Member

rbgarga commented Aug 16, 2017

@bmeeks8 I've imported it manually to devel and RELENG_2_3 because I did a cherry-pick of original commit + a manual commit adding patch-alert-pf.diff. New binary will be available soon. Thanks!!

@rbgarga rbgarga closed this Aug 16, 2017
@bmeeks8 bmeeks8 deleted the suricata-4.0.0 branch August 16, 2017 17:29
netgate-git-updates pushed a commit that referenced this pull request Apr 23, 2021
@rosorio
audio/ncspot: upgrade to v0.6.0 from v0.3.0
84ec73e 
    v0.6.0  https://github.com/hrkfdn/ncspot/releases/tag/v0.6.0
            Refactorings + dependency updates
            Sort artist albums by year
            Store user state in binary CBOR format
            Improve synchronization of playback times
            Implement track preloading
            Don't save tracks AND album when saving an album (#488)
            (Re)store currently playing track + shuffle state from previous session (#448)
            Show display name owning the current library (#470)
            Add logout command (#470)
            Pagination for artist albums (#477)
            Split artist albums/singles into separate panel
            Play top tracks by artist instead of all tracks by artist
            Pagination for Podcast episodes
            Show tracks + duration of album, playlist, queue in the title bar (#475)

    v0.5.0  https://github.com/hrkfdn/ncspot/releases/tag/v0.5.0
            Fix: correct positioning of search match highlight
            Improve album loading in artist view (#446)
            Fix display of PlayNext command (#445)
            More resilient playlist track deletion (f2bcfca)
            Remove plain-text credential store (#447)
            Clear search term when ESC is pressed (#384)
            Loop mode is now editable via MPRIS (#437)
            Persist sorting orders for playlists (#436)
            Persist volume and shuffle/repeat state across app restarts (#438)
            Persist track queue across app restarts (#438)
            Add config values to override shuffle/repeat state
            Implement cover drawing as optional feature (#451)

    v0.4.0 https://github.com/hrkfdn/ncspot/releases/tag/v0.4.0
            Fix multiple tracks in queue being shown as playing (#396)
            Return to search when viewing search results (#397)
            Add support for open.spotify.com links (#392)
            Restart queue if pressing play when stopped (#399)
            Fix not handling changed event (#402)
            Don't handle FinishedTrack as Stopped (#403)
            Fix removing listview item even if not succesfully deleted (#404)
            Open search results in search screen (#413)
            CI: Publish binary artifacts on release (#393)
            Add simple debian-packaging with cargo-deb (#405)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@bmeeks8 @rbgarga @netgate-git-updates