Project

General

Profile

Actions
Copy link

Feature #7706

open
VJ VJ

firewall: default settings; locked settings

Feature #7706: firewall: default settings; locked settings

Added by Victor Julien about 1 year ago. Updated 19 days ago.

Status:
Feedback
Priority:
Normal
Assignee:
Victor Julien
Target version:
TBD
Effort:
Difficulty:
Label:

Description

When enabling firewall mode, a number of settings should have reasonable default and perhaps even be locked to specific settings.

E.g. stream.inline=true should be enabled, and no other setting should be allowed.

stream.inline=true
http-body-inline=true

Related issues 1 (1 open0 closed)

Blocks Suricata - Story #7583: 9.0.0: usecase: improve firewall usecaseAssignedVictor JulienActions

VJ Updated by Victor Julien 10 months ago Actions
Copy link
 #1

  • Blocks Story #7583: 9.0.0: usecase: improve firewall usecase added

VJ Updated by Victor Julien about 1 month ago Actions
Copy link
 #2

Implied --init-errors-fatal is another so we don't have to worry about partially loaded policies/rulesets.

JF Updated by Juliana Fajardini Reichow 19 days ago Actions
Copy link
 #3

Firewall mode shouldn't allow settings that are not tested and probably unsafe.

Examples: async (when existing) and midstream enabling (should be banned).

Thus, eg, exception policy for midstream is drop.

Actions
Copy link

Also available in: PDF Atom