Feature #8601: firewall: drop action should not imply alert - Suricata - Open Information Security Foundation

Actions

Copy link

Feature #8601

open

VJ VJ

firewall: drop action should not imply alert

Feature #8601: firewall: drop action should not imply alert

Added by Victor Julien 6 days ago. Updated 4 days ago.

Status:

Resolved

Priority:

Normal

Assignee:

Victor Julien

Target version:

9.0.0-beta1

Effort:

Difficulty:

Label:

Description

In IDS/IPS rules, using drop implies also specifying alert. In the parsing code it leads to ACTION_DROP|ACTION_ALERT.

In firewall policies we default to just drop. However when specifying a policy in config or firewall rules, drop would still include alert.

In firewall actions, drop+alert should be specified as drop:flow,alert or drop:packet,alert.

Subtasks 1 (1 open — 0 closed)

History
Notes
Property changes

Actions

Copy link

Also available in: PDF Atom

Project

General

Profile

Suricata

Custom queries

Feature #8601

firewall: drop action should not imply alert

OT Updated by OISF Ticketbot 6 days ago Actions
Copy link
#1

OT Updated by OISF Ticketbot 6 days ago Actions
Copy link
#2

VJ Updated by Victor Julien 4 days ago Actions
Copy link
#3

Project

General

Profile

Suricata

Custom queries

Feature #8601

firewall: drop action should not imply alert

OT Updated by OISF Ticketbot 6 days ago ActionsCopy link #1

OT Updated by OISF Ticketbot 6 days ago ActionsCopy link #2

VJ Updated by Victor Julien 4 days ago ActionsCopy link #3

OT Updated by OISF Ticketbot 6 days ago Actions
Copy link
#1

OT Updated by OISF Ticketbot 6 days ago Actions
Copy link
#2

VJ Updated by Victor Julien 4 days ago Actions
Copy link
#3