Suricata: detect TLS traffic on port 444, too

[ipfire-2.x.git] / config / suricata / suricata.yaml

diff --git a/config/suricata/suricata.yaml b/config/suricata/suricata.yaml
index 48035a67ebef0c1d3ac17e88372f508878c76a77..0ff06f4aeb4f05af231915e1620f0681bc3b799f 100644 (file)
--- a/config/suricata/suricata.yaml
+++ b/config/suricata/suricata.yaml
@@ -117,8 +117,8 @@ logging:
 
 nfq:
    mode: repeat
-   repeat-mark: 2
-   repeat-mask: 2
+   repeat-mark: 16
+   repeat-mask: 16
 #   bypass-mark: 1
 #   bypass-mask: 1
 #  route-queue: 2
@@ -140,7 +140,7 @@ app-layer:
     tls:
       enabled: yes
       detection-ports:
-        dp: 443
+        dp: "[443,444,465,993,995]"
 
       # Completely stop processing TLS/SSL session after the handshake
       # completed. If bypass is enabled this will also trigger flow
@@ -182,9 +182,9 @@ app-layer:
         content-inspect-min-size: 32768
         content-inspect-window: 4096
     imap:
-      enabled: detection-only
+      enabled: yes
     msn:
-      enabled: detection-only
+      enabled: yes
     smb:
       enabled: yes
       detection-ports:
@@ -208,11 +208,11 @@ app-layer:
       tcp:
         enabled: yes
         detection-ports:
-          dp: 53
+          dp: "[53,853]"
       udp:
         enabled: yes
         detection-ports:
-          dp: 53
+          dp: "[53,853]"
     http:
       enabled: yes
       # memcap: 64mb