Project

General

Profile

Actions
Copy link

Feature #7481

open

rules/actions: explicit action scopes

Added by Victor Julien 12 days ago. Updated 12 days ago.

Status:
New
Priority:
Normal
Assignee:
OISF Dev
Target version:
8.0.0-beta1
Effort:
Difficulty:
Label:

Description

Allow setting the scope of the applied action (packet or flow currently) explicitly in the rule.

Suggesting a syntax:

(drop|pass)[:(packet|flow)]

pass:flow tls any any -> any any (tls.sni; content:"suricata.io"; ... )

Related issues 1 (1 open0 closed)

Blocks Suricata - Story #7164: usecase: improve firewall usecaseNewVictor JulienActions
Actions
Copy link

Also available in: Atom PDF