Project

General

Profile

Actions
Copy link

Support #3224

closed

What happens to packets

Added by Dan Collins over 4 years ago. Updated about 2 years ago.

Status:
Closed
Priority:
Low
Assignee:
Dan Collins
Affected Versions:
4.1.4
Label:
Beginner

Description

In Inline mode, what happens to a packet when there are no matching rules?

Actions
Copy link
 #1

Updated by Andreas Herz over 4 years ago

  • Status changed from New to Feedback
  • Assignee set to Dan Collins
  • Target version set to Support

What inline mode do you run?
But in general if no rule matches the packet won't be dropped and accepted/forwarded.

Actions
Copy link
 #2

Updated by Dan Collins over 4 years ago

IPS. Thanks

Actions
Copy link
 #3

Updated by Dan Collins over 4 years ago

As a follow up to that. For the purpose of memory and performance, if I want all UDP traffic to pass, is it better to use a pass rule, bypass rule, or no rule.

Actions
Copy link
 #4

Updated by Dan Collins over 4 years ago

Oh, that right, bypass doesn't work with UDP, correct?

Actions
Copy link
 #5

Updated by Andreas Herz about 2 years ago

  • Status changed from Feedback to Closed

Hi, we're closing this issue since there have been no further responses.
If you think this issue is still relevant, try to test it again with the
most recent version of suricata and reopen the issue. If you want to
improve the bug report please take a look at
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Reporting_Bugs

Actions
Copy link

Also available in: Atom PDF