The YAML syntax of /var/ipfire/suricata/suricata-dns-servers.yaml was
invalid and caused Suricata to crash after upgrading to Core Update 139.
Due to strange NFQUEUE behaviour, this caused IPsec traffic to be
emitted to the internet directly. While this patch represents a quick
solution for Core Update 139, another one is needed for changing the
IPtables chain order to avoid similar information leaks in future.
Thanks to Michael for his debugging effort.
Cc: Michael Tremer <email@example.com>
Cc: Stefan Schantl <firstname.lastname@example.org>
Signed-off-by: Peter Müller <email@example.com>
Reviewed-by: Stefan Schantl <firstname.lastname@example.org>
Signed-off-by: Arne Fitzenreiter <email@example.com>