General

Profile

YD Yash Datre

  • Login: yashda@amazon.com
  • Registered on: 03/18/2026
  • Last sign in: 06/23/2026

Issues

open closed Total
Assigned issues 2 0 2
Reported issues 7 5 12

Projects

Project Roles Registered on
Suricata Developer 07/03/2026
Suricata-Update Developer 07/03/2026

Activity

06/25/2026

YD 02:33 AM Suricata Feature #7705: firewall: allow single rule to accept protocol detection in progress and the final protocol
Created the PR: https://github.com/OISF/suricata/pull/15727 Yash Datre

06/23/2026

YD 05:08 PM Suricata Feature #7704: firewall: allow single packet rule to accept tcp connection
Created a new PR as I accidentally closed the old one: https://github.com/OISF/suricata/pull/15714 Yash Datre

06/04/2026

YD 11:45 PM Suricata Feature #8472: firewall: Auto-Accept Prior States syntax for firewall mode intent rules
Found an edge case: @accept:flow dns:<request_complete@ / @dns:<response_complete@ (the auto-accept-prior-hooks @<@ syntax applied to DNS) corrupts the @packet:filter@ table, causing ALL packets to be dropped by the default packet policy... Yash Datre

06/03/2026

YD 01:01 AM Suricata Feature #7701: firewall: configurable default policies
While validating the "monitor mode" (running a firewall ruleset with default policies flipped from @drop@ to @accept:hook,alert@, so a default-drop ruleset can be trialed in production without disrupting traffic), we found there is no wa... Yash Datre

05/19/2026

YD 12:58 AM Suricata Feature #8472: firewall: Auto-Accept Prior States syntax for firewall mode intent rules
Thanks for sharing PR "#15402":https://github.com/OISF/suricata/pull/15402 — we've reviewed it and the referenced suricata-verify tests. Looks like the lazy-evaluation alternative from this issue: the @<@ operator keeps the rule as a sin... Yash Datre

05/11/2026

YD 06:52 AM Suricata Feature #8472: firewall: Auto-Accept Prior States syntax for firewall mode intent rules
h2. Design Proposal
One author-visible rule. The Rule_Loader auto-synthesises the accept chain from the protocol's registered state machine. Two equivalent syntaxes:
Yash Datre

04/30/2026

YD 06:28 AM Suricata Feature #8393: firewall: support SMTP hook states for firewall rule evaluation
Hi Victor,
Here are the real-world SMTP firewall scenarios we need, with rulesets using your per-command transaction design. Our original _request_command_data_ hook proposal doesn't hold up — SMTP has a sequence of commands (EHLO → M...
Yash Datre
YD 06:08 AM Suricata Feature #8408: firewall: support FTP-data hook states for firewall rule evaluation
Hi Victor,
Here are the ruleset examples. Three scenarios, then thoughts on hook design.
h3. Scenario 1: Read-only FTP (block uploads)
Access control happens on the control channel via _ftp:request_command_complete_. The data ch...
Yash Datre

04/14/2026

YD 03:05 PM Suricata Feature #8472: firewall: Auto-Accept Prior States syntax for firewall mode intent rules
We'd like to propose a syntax addition to Suricata's firewall mode that reduces the rule authoring burden for common firewall use cases while preserving the precision of the state machine.
Currently, writing a firewall rule to allow T...
Yash Datre
YD 03:04 PM Suricata Feature #8472 (Closed): firewall: Auto-Accept Prior States syntax for firewall mode intent rules
We'd like to propose a syntax addition to Suricata's firewall mode that reduces the rule authoring burden for common firewall use cases while preserving the precision of the state machine.
Currently, writing a firewall rule to allow T...
Yash Datre

Also available in: Atom