Core 170: Customizing of IDS rulesets broken?

I only get an empty box here with “Snort/VRT GPLv2 Community Rules” - Is that already a known bug?

No one else has raised this so far with CU170 and there is no bug entry in IPFire Bugzilla about it.

I just tried adding Snort community to my system, which already had Emerging Threats Community and

Snort Community was added to the list of providers. I then pressed Customize ruleset and the table I got only had entries from Emerging Threats and, no rule entries from Snort Community at all.

So looks like there is some sort of problem.


In Italy 17 is a bad luck number, as bad as 13. :grin: :grin:

@bonnietwin Did I get you right, there is no bug report for this yet? Shall I create a new one?

That is correct, there is no bug raised for this yet. Just checked again now and no new bug with this topic since Sunday 2nd Oct.

Yes, you flagged it up and it makes sense for you to raise a bug for this.

1 Like

Same problem with core 169

SOLVED: ruleset was wrong, it is working. And below messages are normal according to Generic Protocol Command Decode - Help - Suricata

I am on 170 and IPS is probably not working. I enabled on RED and in the log I have only:

|Date:|10/09 20:03:52 |Name:|SURICATA TCPv4 invalid checksum|
|Priority:|3 |Type:|Generic Protocol Command Decode|

After enabling also ORANGE I have only:

|Date:|10/09 20:20:05 |Name:|SURICATA Applayer Detect protocol only one direction|
|Priority:|3 |Type:|Generic Protocol Command Decode|

Otherwise IPFire works fine virtualized on Proxmox with VirtIO interfaces. Suricata runs in monitor only
suricata 24578 0.4 3.5 353460 72256 ? Ssl 20:16 0:04 /usr/bin/suricata -c /etc/suricata/suricata.yaml -D -q 0:1

No, the issue described here is NOT solved. This issue is not about IDS not working at all, but about an empty list: The rules are no longer customizable since they are not visible.

What are you refering to? Seems like you are talking about a quite different issue.
If so, please don’t hi-jack this thread here.