Task #8388
openfirewall: support protocol hooks for all app-layer protocols
Description
Firewall mode requires app-layer protocols to have explicit hook states registered so that firewall rules can make accept/drop decisions at the application layer. Without registered hooks, traffic matching an app-layer protocol falls through to the default app policy (drop), even when packet-layer rules accept the TCP/UDP handshake.
Currently, only HTTP1, TLS, and SSH have protocol-specific hook states. DNS works with the generic default hooks ( request_started , request_complete , response_started , response_complete ).
Subtickets will track individual protocols.
Updated by Victor Julien 4 days ago
It would be easier to track and discuss things if we split this ticket out per protocol.
Updated by Yash Datre 4 days ago ยท Edited
Victor Julien wrote in #note-1:
Created following tickets against this one:It would be easier to track and discuss things if we split this ticket out per protocol.
Updated by Victor Julien 3 days ago
- Tracker changed from Bug to Task
- Subject changed from Firewall mode: Register app-layer hook states for FTP, SMTP, NTP, and SNMP to firewall: support protocol hooks for all app-layer protocols
- Description updated (diff)
- Assignee set to Victor Julien
- Affected Versions deleted (
8.0.4)