Support #2998
closedRules Reload doesn't work properly
Description
I need to drop icmp traffic from 8.8.8.8 (for example). I have created my own rule file (this rules file name is added to the main config file) with 1 rule: drop icmp 8.8.8.8 any -> $HOME_NET any (msg:"Our Blocking Rule"; priority:1; sid:777;). When I use "kill -USR2 $(pidof suricata)", in suricata.log everything is ok. But ICMP with 8.8.8.8 seems not to be dropped. Why?
Updated by Peter Manev over 5 years ago
Seems related to the set up here - https://github.com/StamusNetworks/SELKS/issues/188
Updated by Andreas Herz over 5 years ago
- Status changed from New to Feedback
- Assignee set to Leonid Inodin
- Target version set to TBD
It looks like exactly the same, it might be better to either move the conversation here or keep it at github?
We would also need more details about the setup.
Updated by Peter Manev over 5 years ago
It is the same. Was reported on github first i think. If not mistaken setting "defrag:no" fixes the issue - https://redmine.openinfosecfoundation.org/issues/2997#change-12370
Updated by Andreas Herz over 5 years ago
- Status changed from Feedback to Closed
was also closed at github