Project

General

Profile

Actions
Copy link

Task #8388

open
YD VJ

firewall: support protocol hooks for all app-layer protocols

Task #8388: firewall: support protocol hooks for all app-layer protocols

Added by Yash Datre 27 days ago. Updated 19 days ago.

Status:
New
Priority:
High
Assignee:
Victor Julien
Target version:
TBD
Effort:
Difficulty:
Label:

Description

Firewall mode requires app-layer protocols to have explicit hook states registered so that firewall rules can make accept/drop decisions at the application layer. Without registered hooks, traffic matching an app-layer protocol falls through to the default app policy (drop), even when packet-layer rules accept the TCP/UDP handshake.

Currently, only HTTP1, TLS, and SSH have protocol-specific hook states. DNS works with the generic default hooks ( request_started , request_complete , response_started , response_complete ).

Subtickets will track individual protocols.

Subtasks 10 (10 open0 closed)

Feature #8386: firewall: support HTTP2 hook states for per-frame accept/drop decisionsNewActions
Feature #8392: firewall: support FTP hook states for firewall rule evaluationNewOISF DevActions
Feature #8393: firewall: support SMTP hook states for firewall rule evaluationNewActions
Feature #8394: firewall: support NTP hook states for firewall rule evaluationNewJason IshActions
Feature #8429: rules: add ntp.mode keywordNewJason IshActions
Feature #8430: rules: add ntp.version keywordNewJason IshActions
Feature #8431: rules: add ntp.stratum keywordNewJason IshActions
Feature #8395: firewall: support SNMP hook states for firewall rule evaluationIn ReviewPhilippe AntoineActions
Feature #8432: firewall: support SNMP hook states for firewall rule evaluation (8.0.x backport)AssignedPhilippe AntoineActions
Feature #8408: firewall: support FTP-data hook states for firewall rule evaluationNewOISF DevActions

VJ Updated by Victor Julien 26 days ago Actions
Copy link
 #1

It would be easier to track and discuss things if we split this ticket out per protocol.

YD Updated by Yash Datre 26 days ago ยท Edited Actions
Copy link
 #2

Victor Julien wrote in #note-1:

It would be easier to track and discuss things if we split this ticket out per protocol.

Created following tickets against this one:

VJ Updated by Victor Julien 25 days ago Actions
Copy link
 #3

  • Tracker changed from Bug to Task
  • Subject changed from Firewall mode: Register app-layer hook states for FTP, SMTP, NTP, and SNMP to firewall: support protocol hooks for all app-layer protocols
  • Description updated (diff)
  • Assignee set to Victor Julien
  • Affected Versions deleted (8.0.4)

VJ Updated by Victor Julien 25 days ago Actions
Copy link
 #4

  • Subtask #8392 added

VJ Updated by Victor Julien 25 days ago Actions
Copy link
 #5

  • Subtask #8393 added

VJ Updated by Victor Julien 25 days ago Actions
Copy link
 #6

  • Subtask #8394 added

VJ Updated by Victor Julien 25 days ago Actions
Copy link
 #7

  • Subtask #8395 added

VJ Updated by Victor Julien 25 days ago Actions
Copy link
 #8

  • Subtask #8386 added

VJ Updated by Victor Julien 19 days ago Actions
Copy link
 #9

  • Subtask #8408 added
Actions
Copy link

Also available in: PDF Atom