yeah, but what have you done? One thing I noticed now, again I had 10 messages concerning Tor, this time it was →
SURICATA STREAM 3way handshake wrong seq wrong ack
BUT
that i read in the file ipfire-tor.rules →
msg: “LOCAL No alerts for 3way handshake with ack in wrong dir”
so it is in there but not effective, what do i have to change to make it work for this message?
I will have a look thank you!
Edit: Ok, I found the list and commented out the 9 IPs that just seemed to be cluttering up my log. I also saved the 9 affected IPs in a file in the same directory.
Now the question to the people who know, I need a script that every 24h after the XDv4.ipset file is updated, compares the two files and comments out or deletes every IP that is in my Tor node list from the new list.
If someone could take pity on me that would be cool.
Eternities ago I did something similar with the hosts file once, unfortunately I have this script what I have searched for it together no longer, since different lists were downloaded and put together and at the end still duplicate entries deleted.
Now that my log is clearer, I have a question about DROP_CTINVALID, what does it mean? Because here also from time to time Tor is present.
The two entries are new since this location blocklist update, but because I had tens of thousands of entries, I have first run so.
For an explanation I would be very grateful.
Thank you very much so far!