suricata: Disable fail-open on NFQUEUE

This change causes that if suricata crashes, the NFQUEUE will no longer fall into a mode where ALL packets are being accepted. This used the be the case before which opened the entire firewall. If suricata randomly crashes, we will fall back to the "bypass" mode where packets will bypass suricata, but nothing else. Fixes: #13642 Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2026-04-12 20:16:49 +02:00 · 2024-04-03 21:42:13 +01:00
parent bb46f3bef8
commit 69031f7674
1 changed files with 1 additions and 1 deletions
--- a/config/suricata/suricata.yaml
+++ b/config/suricata/suricata.yaml
@@ -351,7 +351,7 @@ nfq:
   bypass-mask: 1073741824
 #  route-queue: 2
 #  batchcount: 20
-   fail-open: yes
+   fail-open: no

 ##
 ## Step 5: App Layer Protocol Configuration