Greetings,
I am running a Netgate pfSense device. Latest version. Good stuff. Works well. I have Suricata setup and running on it as well. Suricata has been pretty fine tuned and works well most of the time. I have the snort rules turned completely off in Suricata.
Lately however, the firewall will occasionally start blocking nearly all traffic to the WAN with rule "Block snort2c hosts". Most of these requests are going to 8.8.4.4 for DNS which is actually fine. It only does it occasionally and there doesn't seem to be a pattern to it. I can see the clear as day in the firewall log as well. Clearing the blocks in Suricata fixes it and I clear the table in Diagnostics but it'll still happen randomly after a couple weeks.
Short of completely blowing away Suricata, does anyone have a suggestion as to why this Block snort2c hosts rules...