[2/4] suricata: Set exception-policy to pass-packet

Message ID 20240405192640.5215-2-stefan.schantl@ipfire.org
State Accepted
Commit 4d24d99461e3aa79ab8565ba2d96ced1ec3f6b83
Series [1/4] suricata: Update suricata.yaml |

Commit Message

Stefan Schantl April 5, 2024, 7:26 p.m. UTC
  This simply will skip processing a packet that caused an exception and will
allow Suricata to process all following packets of a flow.

Reference: #13638

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 config/suricata/suricata.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)


diff --git a/config/suricata/suricata.yaml b/config/suricata/suricata.yaml
index e81c468cc..fae01fbf5 100644
--- a/config/suricata/suricata.yaml
+++ b/config/suricata/suricata.yaml
@@ -889,7 +889,7 @@  legacy:
 # extra option: auto - which means drop-flow or drop-packet (as explained above)
 # in IPS mode, and ignore in IDS mode. Exception policy values are: drop-packet,
 # drop-flow, reject, bypass, pass-packet, pass-flow, ignore (disable).
-exception-policy: auto
+exception-policy: pass-packet
 # When run with the option --engine-analysis, the engine will read each of
 # the parameters below, and print reports for each of the enabled sections