Open Information Security Foundation

Today

VJ 04:04 PM Suricata Task #8478: firewall: reconsider built-in hooks for UDP protocols

Yeah, needs more review. Perhaps for the protocols that have the simplest state machines, we just set the @<proto>:request_started@ hook to a default @accep:hook@ action. Victor Julien

VJ 02:52 PM Suricata Task #8397: firewall: enable content inspect keywords for firewall mode

https://github.com/OISF/suricata-verify/pull/3029 adds SV tests using pcre, content and bsize. Victor Julien

VJ 02:50 PM Suricata Feature #8395 (Resolved): firewall: support SNMP hook states for firewall rule evaluation

https://github.com/OISF/suricata/pull/15217 Victor Julien

04/15/2026

VJ 01:21 PM Suricata Feature #8486 (New): snmp: add snmp.trap_address keyword

This should be a sticky buffer. Victor Julien

VJ 01:20 PM Suricata Feature #8485 (New): snmp: add snmp.trap_oid keyword

This should be a sticky buffer. Victor Julien

VJ 01:18 PM Suricata Task #8482 (In Review): snmp: add snmp.trap_type keyword

https://github.com/OISF/suricata/pull/15208 Victor Julien

VJ 08:31 AM Suricata Task #8482 (In Review): snmp: add snmp.trap_type keyword

Add field to match on @trap_type@. Victor Julien

VJ 01:05 PM Suricata Feature #8408: firewall: support FTP-data hook states for firewall rule evaluation

The FTP data state machine is very simple. There are 2 states: in progress and finished. There is no protocol data to parse, just data. I'm not sure how to distinguish between transfer complete and aborted, and what would be different be... Victor Julien

VJ 09:27 AM Suricata Feature #8480: firewall: allow specifying multiple actions

This could turn the ideas of @accept:pass_flow@ into a bit cleaner solution, I think. @accept,pass:flow@ would apply @accept@ and @pass@ to the flow. This would keep actions and scope more cleanly defined. Victor Julien

VJ 08:28 AM Suricata Task #8481 (Assigned): snmp: add keywords to match output

Tracking ticket. Subtickets will track individual keywords. Victor Julien