Project

General

Profile

Actions
Copy link

Feature #8281

closed
AP

Add reject as a default action for firewall mode

Feature #8281: Add reject as a default action for firewall mode

Added by Aneesh Patel 2 months ago. Updated 2 months ago.

Status:
Rejected
Priority:
Normal
Assignee:
-
Target version:
-
Effort:
Difficulty:
Label:
Needs Suricata-Verify test, Needs backport to 8.0

Description

Currently firewall mode has a built-in behavior where it will drop by default on no rule-matches - https://docs.suricata.io/en/latest/firewall/firewall-design.html. There are many users that would prefer to have a default fail-close behavior that results in a reject action being applied rather than a drop, which would mean Suricata would send a TCP reset, similarly to how matches on reject rules for IPS/IDS rules work in non-firewall mode. The ask here is to add a yaml-level configuration for setting the default action for firewall mode and being able to specify that to be either DROP or REJECT.

Related issues 1 (1 open0 closed)

Is duplicate of Suricata - Feature #7701: firewall: configurable default policiesFeedbackVictor JulienActions

VJ Updated by Victor Julien 2 months ago Actions
Copy link
 #1

I think this is a duplicate of #7701

VJ Updated by Victor Julien 2 months ago Actions
Copy link
 #2

  • Is duplicate of Feature #7701: firewall: configurable default policies added

VJ Updated by Victor Julien 2 months ago Actions
Copy link
 #3

  • Status changed from New to Rejected
  • Target version deleted (TBD)

Closing as duplicate of #7701

Actions
Copy link

Also available in: PDF Atom