From: Stefan Schantl <stefan.schantl@ipfire.org>
Date: Fri, 5 Apr 2024 19:26:38 +0000 (+0200)
Subject: suricata: Set exception-policy to pass-packet
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=4d24d99461e3aa79ab8565ba2d96ced1ec3f6b83;p=people%2Fstevee%2Fipfire-2.x.git

suricata: Set exception-policy to pass-packet

This simply will skip processing a packet that caused an exception and will
allow Suricata to process all following packets of a flow.

Reference: #13638

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/config/suricata/suricata.yaml b/config/suricata/suricata.yaml
index 6aa921dad..165a2442d 100644
--- a/config/suricata/suricata.yaml
+++ b/config/suricata/suricata.yaml
@@ -889,7 +889,7 @@ legacy:
 # extra option: auto - which means drop-flow or drop-packet (as explained above)
 # in IPS mode, and ignore in IDS mode. Exception policy values are: drop-packet,
 # drop-flow, reject, bypass, pass-packet, pass-flow, ignore (disable).
-exception-policy: auto
+exception-policy: pass-packet
 
 # When run with the option --engine-analysis, the engine will read each of
 # the parameters below, and print reports for each of the enabled sections