]> git.ipfire.org Git - ipfire-2.x.git/commitdiff
projects / ipfire-2.x.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: b8fcb49)
suricata: disable dns flood protection
authorArne Fitzenreiter <arne_f@ipfire.org>
Wed, 8 Apr 2020 15:48:20 +0000 (15:48 +0000)
committerArne Fitzenreiter <arne_f@ipfire.org>
Wed, 8 Apr 2020 15:48:20 +0000 (15:48 +0000)
this causes errors in unbound and also other linux clients if
a dns rule triggers.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
config/suricata/suricata.yaml patch | blob | blame | history

diff --git a/config/suricata/suricata.yaml b/config/suricata/suricata.yaml
index 1f33ea0f34a81281758db8fafcc05421bb18799d..43f10c89d9dc70f60caae52add6e01c5dbc3ac23 100644 (file)
--- a/config/suricata/suricata.yaml
+++ b/config/suricata/suricata.yaml
@@ -435,7 +435,7 @@ app-layer:
 
       # How many unreplied DNS requests are considered a flood.
       # If the limit is reached, app-layer-event:dns.flooded; will match.
-      request-flood: 2048
+      #request-flood: 512
 
       tcp:
         enabled: yes
IPFire 2.x development tree