Project

General

Profile

Actions
Copy link

Feature #8281

closed

Add reject as a default action for firewall mode

Added by Aneesh Patel 18 days ago. Updated 17 days ago.

Status:
Rejected
Priority:
Normal
Assignee:
-
Target version:
-
Effort:
Difficulty:
Label:
Needs Suricata-Verify test, Needs backport to 8.0

Description

Currently firewall mode has a built-in behavior where it will drop by default on no rule-matches - https://docs.suricata.io/en/latest/firewall/firewall-design.html. There are many users that would prefer to have a default fail-close behavior that results in a reject action being applied rather than a drop, which would mean Suricata would send a TCP reset, similarly to how matches on reject rules for IPS/IDS rules work in non-firewall mode. The ask here is to add a yaml-level configuration for setting the default action for firewall mode and being able to specify that to be either DROP or REJECT.

Related issues 1 (1 open0 closed)

Is duplicate of Suricata - Feature #7701: firewall: configurable default policiesFeedbackVictor JulienActions
Actions
Copy link
 #1

Updated by Victor Julien 17 days ago

I think this is a duplicate of #7701

Actions
Copy link
 #2

Updated by Victor Julien 17 days ago

  • Is duplicate of Feature #7701: firewall: configurable default policies added
Actions
Copy link
 #3

Updated by Victor Julien 17 days ago

  • Status changed from New to Rejected
  • Target version deleted (TBD)

Closing as duplicate of #7701

Actions
Copy link

Also available in: Atom PDF