Actions
Feature #7705
open
VJ
YD
firewall: allow single rule to accept protocol detection in progress and the final protocol
Feature #7705:
firewall: allow single rule to accept protocol detection in progress and the final protocol
Effort:
Difficulty:
Label:
Description
Currently 2 rules are needed to accept packet rules that enforce that a protocol is running on a port.
e.g.
# allow all packets while protocol detection is running accept:hook tcp:all any any <> any 22 (app-layer-protocol:unknown; alert; sid:1000;) # then when detected a protocol, only allow ssh accept:hook tcp:all any any <> any 22 (app-layer-protocol:ssh; alert; sid:1001;)
It would be good to be able to express this in a single rule.
e.g. something like:
accept:hook tcp:all any any <> any 22 (app-layer-protocol:unknown,ssh; alert; sid:1000;)
VJ Updated by Victor Julien about 1 year ago
- Related to Feature #7704: firewall: allow single packet rule to accept tcp connection added
VJ Updated by Victor Julien 11 months ago
- Blocks Story #7583: 9.0.0: usecase: improve firewall usecase added
YD Updated by Yash Datre 9 days ago
Created the PR: https://github.com/OISF/suricata/pull/15727
PA Updated by Philippe Antoine 8 days ago
- Status changed from Feedback to In Review
- Target version changed from TBD to 9.0.0-beta1
LS Updated by Lukas Sismis about 8 hours ago
VJ Updated by Victor Julien about 8 hours ago
- Assignee changed from Victor Julien to Yash Datre
Actions