Suricata
1. What is Suricata
2. Quickstart guide
3. Installation
4. Upgrading
5. Security Considerations
6. Support Status
7. Command Line Options
8. Suricata Rules
9. Rule Management
10. Making sense out of Alerts
11. Performance
12. Configuration
13. Reputation
14. Init Scripts
15. Output
16. Lua support
17. File Extraction
18. Public Datasets (PCAPs)
19. Using Capture Hardware
20. Interacting via Unix Socket
21. Plugins
22. IPS Mode
23. Firewall Mode
23.1. Firewall Mode Design
23.2. Firewall Ruleset Examples
24. 3rd Party Integration
25. Man Pages
26. Acknowledgements
27. Licenses
28. Suricata Developer Guide
29. Verifying Suricata Source Distribution Files
30. Appendix
31. Known Issues
Suricata
23.
Firewall Mode
View page source
23.
Firewall Mode
23.1. Firewall Mode Design
23.1.1. Concepts
23.1.1.1. Tables
23.1.1.1.1. Packet layer tables
23.1.1.1.2. Application layer tables
23.1.1.2. Actions and Action Scopes
23.1.1.2.1. accept
23.1.1.2.2. drop
23.1.1.3. Explicit rule hook (states)
23.1.1.3.1. Packet layer hooks
23.1.1.3.2. Application layer hooks
23.1.1.3.2.1. general
23.1.1.3.2.2. http
23.1.1.3.2.3. tls
23.1.1.3.2.4. ssh
23.1.1.4. Firewall pipeline
23.1.1.5. Pass rules with Firewall mode
23.1.2. Firewall rules
23.2. Firewall Ruleset Examples
23.2.1. HTTP
23.2.2. TLS SNI with complex TCP rules