Open Information Security Foundation

05/09/2025

10:22 AM Suricata Feature #7702 (In Review): commandline: add --list-app-layer-hooks option

https://redmine.openinfosecfoundation.org/issues/7702 Victor Julien

10:16 AM Suricata Feature #7702 (In Review): commandline: add --list-app-layer-hooks option

Add --list-app-layer-hooks option so rule writers can discover the available hooks. Victor Julien

09:16 AM Suricata Feature #7701 (Feedback): firewall: configurable default policies

For discussion. There are 2 ideas here:
1. allow different actions than plain drop: e.g. reject.
2. allow default a... Victor Julien

08:55 AM Suricata Support #7692: dpdk: Interface: No such device on Netronome SmartNIC

I think this will be tricky for us to analyze w/o help from the folks over at Netronome. We have no access to this ha... Victor Julien

08:51 AM Suricata Bug #7698 (In Review): firewall: eve verdict field should state "accept" instead of alert

https://github.com/OISF/suricata/pull/13196 Victor Julien

07:50 AM Suricata Bug #7698 (In Review): firewall: eve verdict field should state "accept" instead of alert

An accept rule should lead to a @accept@ verdict log, not @alert@. Victor Julien

08:23 AM Suricata Bug #7700 (Feedback): firewall: make verdict fields in alert and drop mandatory

Enable them by default if in firewall mode. To keep things simple it should probably not even be configurable for fir... Victor Julien

08:16 AM Suricata Feature #7699 (Feedback): firewall: separate stats for ips and firewall

> Similar to logs, the eve stats are also reported combined (for example with firewall blocked counts reporting under... Victor Julien

07:40 AM Suricata Feature #7697 (Assigned): firewall: allow request/response action scopes

The idea is to allow @accept:request@ which would allow the rest of the request. So like @accept:tx@ but only for one... Victor Julien

05/08/2025

02:09 PM Suricata Feature #7047 (Assigned): eve: add ip version field

Victor Julien