Documentation on host-os-policy

Hi there, I’ve read various docs in various places on the host-os-policy config option, but it’s not entirely clear what the recommended values are.

The defaults in suricata.yaml are:

  # Make the default policy windows.
  windows: []
  bsd: []
  bsd-right: []
  old-linux: []
  linux: []
  old-solaris: []
  solaris: []
  hpux10: []
  hpux11: []

The suggestions I’ve seen (for a linux server) include:

  • linux: [,, "8762:2352:6241:7245:E000:0000:0000:0000"]
  • linux: []
  • the public IP address of the server, eg: linux: [<my-public-ip>]
  • some combination of the above, with both internal addresses and the public-facing address

So what would the recommended setting be for a linux server? And is it maybe worth updating the relevant docs with a clearer explanation/examples?