Suricata
1. What is Suricata
2. Quickstart guide
3. Installation
4. Upgrading
5. Security Considerations
6. Support Status
7. Command Line Options
8. Suricata Rules
9. Rule Management
10. Making sense out of Alerts
11. Performance
12. Configuration
13. Reputation
14. Init Scripts
15. Output
16. Lua support
17. File Extraction
18. Protocols
19. Public Datasets (PCAPs)
20. Using Capture Hardware
21. Interacting via Unix Socket
22. Plugins
23. IPS Mode
24. Firewall Mode
24.1. Firewall Mode Design
24.2. Firewall Ruleset Examples
24.3. Firewall Mode Stats
25. 3rd Party Integration
26. Man Pages
27. Acknowledgements
28. Licenses
29. Suricata Developer Guide
30. Verifying Suricata Source Distribution Files
31. Appendix
Suricata
24.
Firewall Mode
View page source
24.
Firewall Mode
24.1. Firewall Mode Design
24.1.1. Concepts
24.1.1.1. Firewall vs Threat Detection (TD)
24.1.1.2. Tables
24.1.1.2.1. Packet layer tables
24.1.1.2.2. Application layer tables
24.1.1.3. Actions and Action Scopes
24.1.1.3.1. accept
24.1.1.3.2. drop
24.1.1.3.3. pass
24.1.1.3.4. alert
24.1.1.3.5. Multi action rules
24.1.1.4. Explicit rule hook (states)
24.1.1.4.1. Packet layer hooks
24.1.1.4.2. Application layer hooks
24.1.1.4.2.1. general
24.1.1.4.2.2. http
24.1.1.4.2.3. tls
24.1.1.4.2.4. ssh
24.1.1.4.2.5. Auto-accept prior states
24.1.1.5. Firewall pipeline
24.1.1.6. Pass rules with Firewall mode
24.1.2. Firewall rules
24.1.3. Bridge vs router
24.1.4. Default policies
24.2. Firewall Ruleset Examples
24.2.1. HTTP
24.2.1.1. HTTP example with partially using default policies
24.2.2. TLS SNI with complex TCP rules
24.2.2.1. TLS SNI with auto-accept logic
24.2.2.2. TLS SNI with auto-accept logic, plus disabling TD matching
24.3. Firewall Mode Stats
24.3.1. Drop reasons
24.3.2. Discarded alerts