Feature #8480: firewall: allow specifying multiple actions - Suricata - Open Information Security Foundation

Actions

Copy link

Feature #8480

closed

VJ VJ

firewall: allow specifying multiple actions

Feature #8480: firewall: allow specifying multiple actions

Added by Victor Julien 2 months ago. Updated 4 days ago.

Status:

Closed

Priority:

Normal

Assignee:

Victor Julien

Target version:

9.0.0-beta1

Effort:

Difficulty:

Label:

Description

Currently a rule that should accept and log, should do something like

accept:packet ... (alert; ...)

It would be clearer if the actions are grouped together in the "action" field.

E.g. something like

accept,log:packet

Some other options:

{accept,log}:packet
accept:flow,log:packet
(accept|alert):packet

Not sure which syntax makes most sense. One thing to consider is if an action like accept is applied to the flow, should alert (or log) also be applied to the flow? Or just trigger once?

Subtasks 1 (0 open — 1 closed)

Related issues 3 (1 open — 2 closed)

History
Notes
Property changes

Actions

Copy link

Also available in: PDF Atom

Project

General

Profile

Suricata

Custom queries

Feature #8480

firewall: allow specifying multiple actions

VJ Updated by Victor Julien 2 months ago Actions
Copy link
#1

VJ Updated by Victor Julien 2 months ago Actions
Copy link
#2

JI Updated by Jason Ish 2 months ago Actions
Copy link
#3

VJ Updated by Victor Julien about 2 months ago Actions
Copy link
#4

VJ Updated by Victor Julien about 2 months ago Actions
Copy link
#5

VJ Updated by Victor Julien about 1 month ago Actions
Copy link
#6

VJ Updated by Victor Julien about 1 month ago Actions
Copy link
#7

OT Updated by OISF Ticketbot about 1 month ago Actions
Copy link
#8

OT Updated by OISF Ticketbot about 1 month ago Actions
Copy link
#9

JL Updated by Jamie Lavigne 16 days ago Actions
Copy link
#10

VJ Updated by Victor Julien 4 days ago Actions
Copy link
#11

VJ Updated by Victor Julien 4 days ago Actions
Copy link
#12

Related to Suricata - Feature #8479: eve/firewall: dedicated log record type	Feedback	OISF Dev	Actions
Related to Suricata - Feature #7701: firewall: configurable default policies	Closed	Victor Julien	Actions
Related to Suricata - Bug #8444: firewall: accept:flow at app-layer hook bypasses app:td (IDS/IPS) evaluation	Closed	Victor Julien	Actions

Project

General

Profile

Suricata

Custom queries

Feature #8480

firewall: allow specifying multiple actions

VJ Updated by Victor Julien 2 months ago ActionsCopy link #1

VJ Updated by Victor Julien 2 months ago ActionsCopy link #2

JI Updated by Jason Ish 2 months ago ActionsCopy link #3

VJ Updated by Victor Julien about 2 months ago ActionsCopy link #4

VJ Updated by Victor Julien about 2 months ago ActionsCopy link #5

VJ Updated by Victor Julien about 1 month ago ActionsCopy link #6

VJ Updated by Victor Julien about 1 month ago ActionsCopy link #7

OT Updated by OISF Ticketbot about 1 month ago ActionsCopy link #8

OT Updated by OISF Ticketbot about 1 month ago ActionsCopy link #9

JL Updated by Jamie Lavigne 16 days ago ActionsCopy link #10

VJ Updated by Victor Julien 4 days ago ActionsCopy link #11

VJ Updated by Victor Julien 4 days ago ActionsCopy link #12

VJ Updated by Victor Julien 2 months ago Actions
Copy link
#1

VJ Updated by Victor Julien 2 months ago Actions
Copy link
#2

JI Updated by Jason Ish 2 months ago Actions
Copy link
#3

VJ Updated by Victor Julien about 2 months ago Actions
Copy link
#4

VJ Updated by Victor Julien about 2 months ago Actions
Copy link
#5

VJ Updated by Victor Julien about 1 month ago Actions
Copy link
#6

VJ Updated by Victor Julien about 1 month ago Actions
Copy link
#7

OT Updated by OISF Ticketbot about 1 month ago Actions
Copy link
#8

OT Updated by OISF Ticketbot about 1 month ago Actions
Copy link
#9

JL Updated by Jamie Lavigne 16 days ago Actions
Copy link
#10

VJ Updated by Victor Julien 4 days ago Actions
Copy link
#11

VJ Updated by Victor Julien 4 days ago Actions
Copy link
#12