Suricata
1. What is Suricata
2. Quickstart guide
3. Installation
4. Upgrading
5. Security Considerations
6. Support Status
7. Command Line Options
8. Suricata Rules
9. Rule Management
10. Making sense out of Alerts
11. Performance
12. Configuration
13. Reputation
14. Init Scripts
15. Output
16. Lua support
17. File Extraction
18. Public Datasets (PCAPs)
19. Using Capture Hardware
20. Interacting via Unix Socket
21. Plugins
22. IPS Mode
23. Firewall Mode
23.1. Firewall Mode Design
23.2. Firewall Ruleset Examples
23.3. Firewall Mode Stats
24. 3rd Party Integration
25. Man Pages
26. Acknowledgements
27. Licenses
28. Suricata Developer Guide
29. Verifying Suricata Source Distribution Files
30. Appendix
31. Known Issues
Suricata
23.
Firewall Mode
View page source
23.
Firewall Mode
23.1. Firewall Mode Design
23.1.1. Concepts
23.1.1.1. Firewall vs Threat Detection (TD)
23.1.1.2. Tables
23.1.1.2.1. Packet layer tables
23.1.1.2.2. Application layer tables
23.1.1.3. Actions and Action Scopes
23.1.1.3.1. accept
23.1.1.3.2. drop
23.1.1.3.3. pass
23.1.1.3.4. alert
23.1.1.3.5. Multi action rules
23.1.1.4. Explicit rule hook (states)
23.1.1.4.1. Packet layer hooks
23.1.1.4.2. Application layer hooks
23.1.1.4.2.1. general
23.1.1.4.2.2. http
23.1.1.4.2.3. tls
23.1.1.4.2.4. ssh
23.1.1.4.2.5. Auto-accept prior states
23.1.1.5. Firewall pipeline
23.1.1.6. Pass rules with Firewall mode
23.1.2. Firewall rules
23.1.3. Default policies
23.2. Firewall Ruleset Examples
23.2.1. HTTP
23.2.1.1. HTTP example with partially using default policies
23.2.2. TLS SNI with complex TCP rules
23.2.2.1. TLS SNI with auto-accept logic
23.2.2.2. TLS SNI with auto-accept logic, plus disabling TD matching
23.3. Firewall Mode Stats
23.3.1. Drop reasons
23.3.2. Discarded alerts