# smb2 detection is disabled internally inside the engine.
#smb2:
# enabled: yes
- # Note: NFS parser depends on Rust support: pass --enable-rust
- # to configure.
- nfs:
- enabled: no
dns:
# memcaps. Globally and per flow/state.
- #global-memcap: 16mb
- #state-memcap: 512kb
+ global-memcap: 32mb
+ state-memcap: 512kb
# How many unreplied DNS requests are considered a flood.
# If the limit is reached, app-layer-event:dns.flooded; will match.
- #request-flood: 500
+ request-flood: 512
tcp:
enabled: yes
dp: 44818
sp: 44818
- # Note: parser depends on experimental Rust support
- # with --enable-rust-experimental passed to configure
- ntp:
- enabled: no
-
# Limit for the maximum number of asn1 frames to decode (default 256)
asn1-max-frames: 256
# - reject
# - alert
-# IP Reputation
-#reputation-categories-file: /etc/suricata/iprep/categories.txt
-#default-reputation-path: /etc/suricata/iprep
-#reputation-files:
-# - reputation.list
-
# When run with the option --engine-analysis, the engine will read each of
# the parameters below, and print reports for each of the enabled sections
# and exit. The reports are printed to a file in the default log dir