Skip to content

Pr 3032 fw/v3#3044

Open
victorjulien wants to merge 10 commits intoOISF:masterfrom
victorjulien:pr-3032-fw/v3
Open

Pr 3032 fw/v3#3044
victorjulien wants to merge 10 commits intoOISF:masterfrom
victorjulien:pr-3032-fw/v3

Conversation

@victorjulien
Copy link
Copy Markdown
Member

@victorjulien victorjulien commented Apr 23, 2026

#3039 rebased, renumbered and with more tests added.

This was referenced Apr 23, 2026
Closed
Closed
Closed
@catenacyber catenacyber added the requires suricata pr Depends on a PR in Suricata label Apr 26, 2026
This was referenced May 1, 2026
Closed
Closed
yashda and others added 8 commits May 5, 2026 10:55
@yashda @victorjulien
test: check for untested keywords in firewall mode
34b1796 
Add suricata-verify tests for keywords that emit 'has not been tes
for firewall rules' warnings. Tests are consolidated into 3 test cases.

- firewall-keyword-icode: tests icode with ICMP echo traffic
- firewall-keyword-http: tests pcre, urilen, dataset with HTTP traff
- firewall-keyword-tls: tests tls.cert_chain_len with TLS cert chain

These tests validate that the keywords function correctly in firewal
mode and can be used to justify adding SIGMATCH_SUPPORT_FIREWALL to
each keyword in the engine.

Related to
Ticket #8387
@jufajardini @victorjulien
test: check for dns keywords in firewall mode
4bfdf66 
Based on initial work by Yash Datre
- dns.opcode
- dns.query with datarep

Related to
Ticket #8387
@jufajardini @victorjulien
tests: check tls.cert_chain_len in firewall mode
166d7b5 
Related to
Ticket #8387
@victorjulien
tests: firewall: add missing rules
5c34885 
Ticket: #8495.
@victorjulien
tests: firewall: update for action scope changes
1b3e7b2
@victorjulien
tests: add more firewall rules
89574aa
@victorjulien
tests: firewall: rename to have unique numbers
42525b7
@victorjulien
tests: firewall: add multi-action rule tests
3b436c3
@jasonish jasonish mentioned this pull request May 5, 2026
Open
@victorjulien victorjulien mentioned this pull request May 5, 2026
Draft
jasonish and others added 2 commits May 6, 2026 10:01
@jasonish @victorjulien
tests: show how accept:flow can bypass threat detection
cf6577a 
This test shows how an accept flow on an http request will skip thread
detection on http response data.
@victorjulien
tests: firewall default policy tests
f43e62e
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

requires suricata pr Depends on a PR in Suricata

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@victorjulien @catenacyber @yashda @jufajardini @jasonish