From 2f8a33e182f981153a61568261ba4daf3cd7492b Mon Sep 17 00:00:00 2001
From: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Thu, 2 Apr 2020 16:31:18 +0000
Subject: [PATCH] suricata: increase dns flood trigger

on slow lines unbound trigger the floodprotection at init.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
---
 config/suricata/suricata.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/suricata/suricata.yaml b/config/suricata/suricata.yaml
index cb7ececb49..54016a8873 100644
--- a/config/suricata/suricata.yaml
+++ b/config/suricata/suricata.yaml
@@ -224,7 +224,7 @@ app-layer:
 
       # How many unreplied DNS requests are considered a flood.
       # If the limit is reached, app-layer-event:dns.flooded; will match.
-      request-flood: 512
+      request-flood: 2048
 
       tcp:
         enabled: yes
-- 
2.39.2