Differences

This shows you the differences between two versions of the page.

--- squid:alerts:suricata_udpv4_invalid_checksum [2020/07/15 09:30] – external edit 127.0.0.1
+++ squid:alerts:suricata_udpv4_invalid_checksum [2021/01/04 20:26] (current) – peter
@@ Line 1: / Line 1: @@
 ====== Squid - Alerts - SURICATA UDPv4 invalid checksum ======
-Disable Hardware Checksum Offloading under **SYSTEM > ADVANCED >> NETWORKING**.
+Disable Hardware Checksum Offloading under **System -> Advanced -> Networking**.
+{{:squid:alerts:pfsense_-_system_-_advanced_-_networking_-_network_interfaces.png?800|}}
 ----
-Try toggling the Hardware Checksum Offloading feature under **SYSTEM > ADVANCED >> NETWORKING**.
+===== Suppress Rules =====
+<code bash>
+# Messes up with DNS resolution on LAN.
+:2200073 # SURICATA IPv4 invalid checksum
+# Bittorrent noise, DNS.
+:2200075 # SURICATA UDPv4 invalid checksum
+:2200078 # SURICATA UDPv6 invalid checksum
+# Lots of useless noise.
+:2200076 # SURICATA ICMPv4 invalid checksum
+:2200079 # SURICATA ICMPv6 invalid checksum
+</code>
+----
+<WRAP info>
+**NOTE:**  Try toggling the **Hardware Checksum Offloading**.
 If that does not do it, you can simply disable that particular rule by either clicking the red X icon on the **Alerts** tab in the GID/SID column, or you can find and selectively disable that rule on the **Rules** tab for the interface.
-See this thread from the official Suricata documentation Wiki for details:  http://suricata.readthedocs.io/en/latest/performance/packet-capture.html, but the short answer is you want hardware checksum offloading disabled as well as LRO (it is already off by default in pfSense).
+See this thread from the official Suricata documentation Wiki for details:
+  * http://suricata.readthedocs.io/en/latest/performance/packet-capture.html.
 Suricata uses PCAP for packet capture during Legacy Blocking Mode operation, and Netmap for Inline IPS Mode operation.
 In both cases, hardware checksum offloading needs to be disabled.
+</WRAP>