From: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Thu, 2 Apr 2020 16:31:18 +0000 (+0000)
Subject: suricata: increase dns flood trigger
X-Git-Tag: v2.25-core143~26
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=2f8a33e182f981153a61568261ba4daf3cd7492b;p=ipfire-2.x.git

suricata: increase dns flood trigger

on slow lines unbound trigger the floodprotection at init.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
---

diff --git a/config/suricata/suricata.yaml b/config/suricata/suricata.yaml
index cb7ececb49..54016a8873 100644
--- a/config/suricata/suricata.yaml
+++ b/config/suricata/suricata.yaml
@@ -224,7 +224,7 @@ app-layer:
 
       # How many unreplied DNS requests are considered a flood.
       # If the limit is reached, app-layer-event:dns.flooded; will match.
-      request-flood: 512
+      request-flood: 2048
 
       tcp:
         enabled: yes