Project

General

Profile

Actions
Copy link

Feature #8601

open
VJ VJ

firewall: drop action should not imply alert

Feature #8601: firewall: drop action should not imply alert

Added by Victor Julien 6 days ago. Updated 4 days ago.

Status:
Resolved
Priority:
Normal
Assignee:
Victor Julien
Target version:
9.0.0-beta1
Effort:
Difficulty:
Label:

Description

In IDS/IPS rules, using drop implies also specifying alert. In the parsing code it leads to ACTION_DROP|ACTION_ALERT.

In firewall policies we default to just drop. However when specifying a policy in config or firewall rules, drop would still include alert.

In firewall actions, drop+alert should be specified as drop:flow,alert or drop:packet,alert.

Subtasks 1 (1 open0 closed)

Feature #8602: firewall: drop action should not imply alert (8.0.x backport)In ReviewVictor JulienActions

OT Updated by OISF Ticketbot 6 days ago Actions
Copy link
 #1

  • Subtask #8602 added

OT Updated by OISF Ticketbot 6 days ago Actions
Copy link
 #2

  • Label deleted (Needs backport to 8.0)

VJ Updated by Victor Julien 4 days ago Actions
Copy link
 #3

  • Status changed from In Progress to Resolved
Actions
Copy link

Also available in: PDF Atom