Project

General

Profile

Actions
Copy link

Feature #8204

open

firewall: support for hot reload of firewall mode rules

Added by Olu Adeleke 1 day ago. Updated about 20 hours ago.

Status:
New
Priority:
Normal
Assignee:
-
Target version:
TBD
Effort:
Difficulty:
Label:
Needs backport to 8.0

Description

Rule reloading without restarts is not yet supported for firewall mode rules.

This implies that users need to restart Suricata whenever there is a need for to update firewall mode rules, and this can cause interruptions to packet processing, packet losses and cause flows to be re-categorized as midstream.

It would be useful to have some in built support to hot-reload firewall mode rules (similar to what exists for the existing IPS/IDS rules) without need for restarts.

Actions
Copy link
 #1

Updated by Olu Adeleke 1 day ago

  • Description updated (diff)
Actions
Copy link
 #2

Updated by Victor Julien about 21 hours ago

  • Subject changed from Firewall mode: Support for hot reload of firewall mode rules to firewall: support for hot reload of firewall mode rules

It appears to be working for me. How are you concluding it is not supported?

Actions
Copy link
 #3

Updated by Victor Julien about 20 hours ago

Actually, it only works when not specifying the firewall rule file on the commandline. This is similar to using the -S option in regular rules. However it turns out the regular file loading didn't properly work, see #8206.

Actions
Copy link

Also available in: Atom PDF