Actions
Task #8491
open
VJ
OD
firewall: support multi hook rules
Task #8491:
firewall: support multi hook rules
Description
Define how multi-hook rules work in firewall mode.
accept:?? http:??? any any -> any any (http.uri; content:"/index.html"; http.user_agent; content:"Mozilla"; sid:1;)
As in the current single hook rules we specify the explicit hook, one question is how to specify the hook or hooks, and what should happen to the hooks in between (if any).
Should also define what actions are supported, like does accept:hook make sense for multi-hook rules.
VJ Updated by Victor Julien about 1 month ago
Following the syntax in #8472, here it could look like
accept:flow http1:request_line..request_headers ... http.uri; ... http.user_agent; ... accept:flow http1:request_line<>request_headers ... http.uri; ... http.user_agent; ...
Every hook would act as accept:hook, expect the final match, that would implement the full accept:flow.
VJ Updated by Victor Julien about 1 month ago
- Related to Feature #8472: firewall: Auto-Accept Prior States syntax for firewall mode intent rules added
JF Updated by Juliana Fajardini Reichow about 1 month ago
- Status changed from New to Triaged
- Assignee set to OISF Dev
Actions