From: Juliana Fajardini Date: Mon, 24 Jul 2023 15:45:41 +0000 (-0300) Subject: userguide/upgrade: link to exception policy FAQ X-Git-Tag: suricata-7.0.1~83 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f16d428fd14f1e1c4e5b09e076d88515b2e2e8a1;p=thirdparty%2Fsuricata.git userguide/upgrade: link to exception policy FAQ With the release of 7, people are starting to have issues with traffic being blocked. While we don't add a more expansive documentation for this, add a link to the FAQ covering possible fixes for drops caused by the fail closed default behavior of the exception policies. --- diff --git a/doc/userguide/upgrade.rst b/doc/userguide/upgrade.rst index d3685979c6..991e55ae75 100644 --- a/doc/userguide/upgrade.rst +++ b/doc/userguide/upgrade.rst @@ -42,8 +42,10 @@ Major changes - Upgrade of PCRE1 to PCRE2. See :ref:`pcre-update-v1-to-v2` for more details. - IPS users: by default various new "exception policies" are set to DROP traffic. Please see :ref:`Exception Policies ` for details - on the settings and their scope. -- New protocols enabled by default: bittorrent-dht, quic, http2 + on the settings and their scope. For trouble shooting, please check `My traffic gets + blocked after upgrading to Suricata 7 + `_. +- New protocols enabled by default: bittorrent-dht, quic, http2. - The telnet protocol is also enabled by default, but only for the ``app-layer``. Security changes