Have Suricata enabled with default rules on my PFSense Firewall.
I am running a FTP server in a DMZ - and have:
- A FW Rule allowing inbound FTP to the DMZ Server
- A NAT rule forwarding a high port number to port 21 on the DMZ Server
FTP works as designed when using FIleZilla, however, when attempting a FTP connection to the same address from Firefox, Suricate immediately blocks the source IP with the following message:
I disabled the bottom of the two rules (I believe) on the WAN & DMZ interfaces, which prevents blocking.
Testing shows the rule was triggered on the DMZ interface, not WAN.
Any clue on why this happens, how to avoid this - apart from disabling the entire rule ?.