Project

General

Profile

Actions
Copy link

Documentation #5465

open

doc/userguide: document terminating behavior of rule actions

Added by Victor Julien over 3 years ago. Updated about 2 months ago.

Status:
Assigned
Priority:
Normal
Assignee:
Victor Julien
Target version:
9.0.0-beta1
Affected Versions:
Effort:
Difficulty:
Label:

Description

Various actions have different "terminating behaviors" in different scenarios.

e.g.:
alert will not terminate, but is limited to a max number of alerts per packet in the output
pass will immediately stop logging more alerts for the same packet and future alerts in the flow
drop will currently log all alerts for a packet, then drop the rest of the flow

Subtasks 1 (1 open0 closed)

Documentation #7918: doc/userguide: document terminating behavior of rule actions (8.0.x backport)AssignedVictor JulienActions

Related issues 2 (2 open0 closed)

Related to Suricata - Documentation #5554: userguide: document behavior for actions like PASS, DROP, REJECT, BYPASS...AssignedJuliana Fajardini ReichowActions
Related to Suricata - Documentation #7277: doc/actions: clarify 'pass' scope variationsNewOISF DevActions
Actions
Copy link
 #1

Updated by Victor Julien over 3 years ago

Once we have fully documented the current behavior we need to consider if the behavior actually makes sense. If changes are needed we can track that in a new ticket.

Actions
Copy link
 #2

Updated by Victor Julien about 3 years ago

  • Target version changed from 7.0.0-beta1 to 7.0.0-rc1
Actions
Copy link
 #3

Updated by Victor Julien about 3 years ago

  • Target version changed from 7.0.0-rc1 to 7.0.0-rc2
Actions
Copy link
 #4

Updated by Juliana Fajardini Reichow almost 3 years ago

  • Tracker changed from Task to Documentation
Actions
Copy link
 #5

Updated by Victor Julien over 2 years ago

  • Target version changed from 7.0.0-rc2 to 8.0.0-beta1
Actions
Copy link
 #6

Updated by Victor Julien over 1 year ago

  • Assignee changed from Juliana Fajardini Reichow to OISF Dev
Actions
Copy link
 #7

Updated by Juliana Fajardini Reichow 11 months ago

  • Related to Documentation #5554: userguide: document behavior for actions like PASS, DROP, REJECT, BYPASS... added
Actions
Copy link
 #8

Updated by Juliana Fajardini Reichow 11 months ago

Actions
Copy link
 #9

Updated by Victor Julien 7 months ago

  • Target version changed from 8.0.0-beta1 to 8.0.0-rc1
Actions
Copy link
 #10

Updated by Victor Julien 5 months ago

  • Target version changed from 8.0.0-rc1 to 8.0.0
Actions
Copy link
 #11

Updated by Victor Julien 5 months ago

  • Assignee changed from OISF Dev to Victor Julien
Actions
Copy link
 #12

Updated by Victor Julien 4 months ago

  • Target version changed from 8.0.0 to 8.0.1
Actions
Copy link
 #13

Updated by Victor Julien about 2 months ago

  • Target version changed from 8.0.1 to 8.0.2
Actions
Copy link
 #14

Updated by Victor Julien about 2 months ago

  • Priority changed from Normal to High
  • Target version changed from 8.0.2 to 9.0.0-beta1
  • Label Needs backport to 8.0 added
Actions
Copy link
 #15

Updated by OISF Ticketbot about 2 months ago

  • Subtask #7918 added
Actions
Copy link
 #16

Updated by OISF Ticketbot about 2 months ago

  • Label deleted (Needs backport to 8.0)
Actions
Copy link

Also available in: Atom PDF