Hi @tikok974
The lines in your logs that mention JA3 and JA3_DISABLED are failing because IPFire does not have JA3 support enabled. This is mentioned in the following thread
https://community.ipfire.org/t/suricata-service-fails-errcode-sc-warn-ja3-disabled-309/3470
There is also a bug on this.
https://bugzilla.ipfire.org/show_bug.cgi?id=12507
You need to uncheck the emerging-ja3.rules rule from your Emerging Threats set.
The lines with this look to be having a problem with specific signatures. Either these were corrupted during download or there is a problem with those signatures from Emerging Threats.
If you change completely to a different ruleset, such as Snort VRT Community Rules, and activate it and then go back to Emerging Threats do you still get the same messages in the logs.
You might need to clear the rules from the directory they are in and then reload them but I can’t remember now how to do that.I am sure there will be others who can help on that.
This is just a warning and not an error. I believe it is saying that the flowbit has been checked but in that signature it is not set. The following suricata info might help.
https://suricata.readthedocs.io/en/latest/rules/flow-keywords.html