https://redmine.openinfosecfoundation.org/https://redmine.openinfosecfoundation.org/favicon.ico?17011170022016-01-05T13:57:58ZOpen Information Security FoundationSuricata - Feature #1662: Disable action / rule ordering optionhttps://redmine.openinfosecfoundation.org/issues/1662?journal_id=60822016-01-05T13:57:58ZAndreas Herzoisf@herzandreas.de
<ul><li><strong>Assignee</strong> set to <i>OISF Dev</i></li><li><strong>Target version</strong> set to <i>TBD</i></li></ul> Suricata - Feature #1662: Disable action / rule ordering optionhttps://redmine.openinfosecfoundation.org/issues/1662?journal_id=81302017-05-02T16:11:09ZAndreas Herzoisf@herzandreas.de
<ul></ul><p>What order do you want to achieve? That's something you might want to solve when setting up the rules so that you have proper pass rules.</p> Suricata - Feature #1662: Disable action / rule ordering optionhttps://redmine.openinfosecfoundation.org/issues/1662?journal_id=81382017-05-02T16:23:53ZÖzkan KIRIK
<ul></ul><p>Andreas Herz wrote:</p>
<blockquote>
<p>What order do you want to achieve? That's something you might want to solve when setting up the rules so that you have proper pass rules.</p>
</blockquote>
<p>The problem occurs when defining a default policy. I think the solution as you explain should be like</p>
<p>drop tls any any -> ! [$userGroup-25, $userGroup-23, $userGroup-24, $userGroup-21, ... ] any (msg:"SSL Cert Denied"; tls.subject:"example1.com"; sid:3230007; rev:1;)<br />pass tcp any any -> ! [$userGroup-25, $userGroup-23, $userGroup-24, $userGroup-21, ... ] any (msg:"Default Pass"; sid:3230011; rev:1;)</p>
<p>If this is ok, we can close this feature request.</p> Suricata - Feature #1662: Disable action / rule ordering optionhttps://redmine.openinfosecfoundation.org/issues/1662?journal_id=110722019-02-18T22:47:21ZAndreas Herzoisf@herzandreas.de
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>Closed</i></li></ul><p>Hi, we're closing this issue since there have been no further responses. <br />If you think this bug is still relevant, try to test it again with the <br />most recent version of suricata and reopen the issue. If you want to <br />improve the bug report please take a look at <br /><a class="external" href="https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Reporting_Bugs">https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Reporting_Bugs</a></p>