This simply will skip processing a packet that caused an exception and will allow Suricata to process all following packets of a flow.
Reference: #13638
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org --- config/suricata/suricata.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/config/suricata/suricata.yaml b/config/suricata/suricata.yaml index e81c468cc..fae01fbf5 100644 --- a/config/suricata/suricata.yaml +++ b/config/suricata/suricata.yaml @@ -889,7 +889,7 @@ legacy: # extra option: auto - which means drop-flow or drop-packet (as explained above) # in IPS mode, and ignore in IDS mode. Exception policy values are: drop-packet, # drop-flow, reject, bypass, pass-packet, pass-flow, ignore (disable). -exception-policy: auto +exception-policy: pass-packet
# When run with the option --engine-analysis, the engine will read each of # the parameters below, and print reports for each of the enabled sections