So i’m trying to whitelist an IP and/or entire subnets.
I’ve created a pass lists and assigned it to the interface. Also, I can see that by default, that subnet or network is already added to what I though would be the pass list when surricata starts as it is one of my interfaces in pfSense.
But, surricata still continues to block my OVPN traffic.
12:44:40 3 TCP Generic Protocol Command Decode 172.16.100.2
SURICATA STREAM Packet with invalid timestamp
I get these protocol command decode errors and they generally appear when I try to access something on the VPN, web based.
I just want to filter all VPN traffic from being blocked by surricata. I also need to entirely whitelist an IP address for another VPN ip address aswell but no matter what I try to do, surricata always catches the traffic and blocks the IP, in this case the private IP of the OVPN client.
Is there a way to just totally WHITELIST this?
172.16.100.16/28 for example.
and also say white list entirely 126.96.36.199/32 (single IP)
Thanks in advance.