Project

General

Profile

Actions
Copy link

Feature #8204

open

firewall: support for hot reload of firewall mode rules

Added by Olu Adeleke 23 days ago. Updated 22 days ago.

Status:
New
Priority:
Normal
Assignee:
-
Target version:
TBD
Effort:
Difficulty:
Label:
Needs backport to 8.0

Description

Rule reloading without restarts is not yet supported for firewall mode rules.

This implies that users need to restart Suricata whenever there is a need for to update firewall mode rules, and this can cause interruptions to packet processing, packet losses and cause flows to be re-categorized as midstream.

It would be useful to have some in built support to hot-reload firewall mode rules (similar to what exists for the existing IPS/IDS rules) without need for restarts.

Related issues 1 (0 open1 closed)

Blocked by Suricata - Bug #8206: firewall: loading rules only through yaml failsClosedVictor JulienActions
Actions
Copy link
 #1

Updated by Olu Adeleke 23 days ago

  • Description updated (diff)
Actions
Copy link
 #2

Updated by Victor Julien 22 days ago

  • Subject changed from Firewall mode: Support for hot reload of firewall mode rules to firewall: support for hot reload of firewall mode rules

It appears to be working for me. How are you concluding it is not supported?

Actions
Copy link
 #3

Updated by Victor Julien 22 days ago

Actually, it only works when not specifying the firewall rule file on the commandline. This is similar to using the -S option in regular rules. However it turns out the regular file loading didn't properly work, see #8206.

Actions
Copy link
 #4

Updated by Victor Julien 10 days ago

  • Blocked by Bug #8206: firewall: loading rules only through yaml fails added
Actions
Copy link

Also available in: Atom PDF