From mboxrd@z Thu Jan  1 00:00:00 1970
From: Stefan Schantl <stefan.schantl@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH 2/4] suricata: Set exception-policy to pass-packet
Date: Fri, 05 Apr 2024 21:26:38 +0200
Message-ID: <20240405192640.5215-2-stefan.schantl@ipfire.org>
In-Reply-To: <20240405192640.5215-1-stefan.schantl@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============5676660904206740561=="
List-Id: <development.lists.ipfire.org>

--===============5676660904206740561==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

This simply will skip processing a packet that caused an exception and will
allow Suricata to process all following packets of a flow.

Reference: #13638

Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
---
 config/suricata/suricata.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/suricata/suricata.yaml b/config/suricata/suricata.yaml
index e81c468cc..fae01fbf5 100644
--- a/config/suricata/suricata.yaml
+++ b/config/suricata/suricata.yaml
@@ -889,7 +889,7 @@ legacy:
 # extra option: auto - which means drop-flow or drop-packet (as explained ab=
ove)
 # in IPS mode, and ignore in IDS mode. Exception policy values are: drop-pac=
ket,
 # drop-flow, reject, bypass, pass-packet, pass-flow, ignore (disable).
-exception-policy: auto
+exception-policy: pass-packet
=20
 # When run with the option --engine-analysis, the engine will read each of
 # the parameters below, and print reports for each of the enabled sections
--=20
2.39.2


--===============5676660904206740561==--