Disable Modbus Suricata rules that fail to parse
Modbus protocol detection is disabled in the NixOS build; the 5 Modbus SIDs (2250005-2250009) cause the config test to fail and crash-loop the service. Disable them alongside the existing DNP3 exclusions. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
parent
b91b0ef234
commit
d1ac7c6965
1 changed files with 7 additions and 0 deletions
|
|
@ -5,6 +5,13 @@
|
||||||
services.suricata = {
|
services.suricata = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
||||||
|
# Default disabledRules covers DNP3 (2270000-2270004); add Modbus rules
|
||||||
|
# which also fail to parse because those protocols are disabled in the build
|
||||||
|
disabledRules = [
|
||||||
|
"2270000" "2270001" "2270002" "2270003" "2270004"
|
||||||
|
"2250005" "2250006" "2250007" "2250008" "2250009"
|
||||||
|
];
|
||||||
|
|
||||||
settings = {
|
settings = {
|
||||||
vars.address-groups = {
|
vars.address-groups = {
|
||||||
# Your local networks — Suricata won't alert on traffic within these
|
# Your local networks — Suricata won't alert on traffic within these
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue