From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: [PATCH] suricata: Do not load rules for dnp3 and modbus. Date: Fri, 17 Dec 2021 11:17:15 +0100 Message-ID: <6B07A840-92A0-4382-9D05-C983B261C1FE@ipfire.org> In-Reply-To: <20211216192336.2595-1-stefan.schantl@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============7474571670857138855==" List-Id: --===============7474571670857138855== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Reviewed-by: Michael Tremer This makes a lot of sense. Thank you. > On 16 Dec 2021, at 20:23, Stefan Schantl wrot= e: >=20 > The parsers for those are disabled in the suricata config so > the rules are not needed, on the contrary they massively will spam > warnings when launching suricate because of the disabled parsers. >=20 > Signed-off-by: Stefan Schantl > --- > config/suricata/suricata-default-rules.yaml | 2 -- > 1 file changed, 2 deletions(-) >=20 > diff --git a/config/suricata/suricata-default-rules.yaml b/config/suricata/= suricata-default-rules.yaml > index 64493e462..d6c358add 100644 > --- a/config/suricata/suricata-default-rules.yaml > +++ b/config/suricata/suricata-default-rules.yaml > @@ -5,13 +5,11 @@ > - /usr/share/suricata/rules/app-layer-events.rules > - /usr/share/suricata/rules/decoder-events.rules > - /usr/share/suricata/rules/dhcp-events.rules > - - /usr/share/suricata/rules/dnp3-events.rules > - /usr/share/suricata/rules/dns-events.rules > - /usr/share/suricata/rules/files.rules > - /usr/share/suricata/rules/http-events.rules > - /usr/share/suricata/rules/ipsec-events.rules > - /usr/share/suricata/rules/kerberos-events.rules > - - /usr/share/suricata/rules/modbus-events.rules > - /usr/share/suricata/rules/nfs-events.rules > - /usr/share/suricata/rules/ntp-events.rules > - /usr/share/suricata/rules/smb-events.rules > --=20 > 2.30.2 >=20 --===============7474571670857138855==--