mirror of
https://github.com/vincentmli/bpfire.git
synced 2026-04-10 19:15:54 +02:00
fd2dccaabb
The YAML syntax of /var/ipfire/suricata/suricata-dns-servers.yaml was invalid and caused Suricata to crash after upgrading to Core Update 139. Due to strange NFQUEUE behaviour, this caused IPsec traffic to be emitted to the internet directly. While this patch represents a quick solution for Core Update 139, another one is needed for changing the IPtables chain order to avoid similar information leaks in future. Thanks to Michael for his debugging effort. Fixes #12260 Partially fixes #12257 Cc: Michael Tremer <michael.tremer@ipfire.org> Cc: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>