Skip to content

Pr 3032 fw/v2#3039

Closed
victorjulien wants to merge 4 commits intoOISF:masterfrom
victorjulien:pr-3032-fw/v2
Closed

Pr 3032 fw/v2#3039
victorjulien wants to merge 4 commits intoOISF:masterfrom
victorjulien:pr-3032-fw/v2

Conversation

@victorjulien
Copy link
Copy Markdown
Member

@victorjulien victorjulien commented Apr 21, 2026

More fixes compared to #3035

yashda and others added 4 commits April 17, 2026 18:00
@yashda @jufajardini
test: check for untested keywords in firewall mode
7080f92 
Add suricata-verify tests for keywords that emit 'has not been tes
for firewall rules' warnings. Tests are consolidated into 3 test cases.

- firewall-keyword-icode: tests icode with ICMP echo traffic
- firewall-keyword-http: tests pcre, urilen, dataset with HTTP traff
- firewall-keyword-tls: tests tls.cert_chain_len with TLS cert chain

These tests validate that the keywords function correctly in firewal
mode and can be used to justify adding SIGMATCH_SUPPORT_FIREWALL to
each keyword in the engine.

Related to
Ticket #8387
@jufajardini
test: check for dns keywords in firewall mode
32f3373 
Based on initial work by Yash Datre
- dns.opcode
- dns.query with datarep

Related to
Ticket #8387
@jufajardini
tests: check tls.cert_chain_len in firewall mode
5dc0d93 
Related to
Ticket #8387
@victorjulien
tests: firewall: add missing rules
b948cc7 
Ticket: #8495.
This was referenced Apr 21, 2026
Closed
Closed
@catenacyber catenacyber mentioned this pull request Apr 22, 2026
Closed
@catenacyber catenacyber added the requires suricata pr Depends on a PR in Suricata label Apr 22, 2026
jufajardini
jufajardini approved these changes Apr 22, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@jufajardini jufajardini left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks good to me!

@jufajardini jufajardini added the needs rebase PR looks fine but needs a rebase label Apr 23, 2026
@jufajardini
Copy link
Copy Markdown
Contributor

jufajardini commented Apr 23, 2026

Thinking this will need rebase, as we now have ruletype-firewall-56-ntp added.

@victorjulien victorjulien mentioned this pull request Apr 23, 2026
Open
@victorjulien
Copy link
Copy Markdown
Member Author

victorjulien commented Apr 23, 2026

replaced by #3044

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jufajardini jufajardini jufajardini approved these changes

Assignees

No one assigned

Labels

needs rebase PR looks fine but needs a rebase requires suricata pr Depends on a PR in Suricata

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@victorjulien @jufajardini @catenacyber @yashda