Bug 13691

Summary:	IPS: Never send whitelisted traffic to the IPS
Product:	IPFire	Reporter:	Michael Tremer <michael.tremer>
Component:	---	Assignee:	Michael Tremer <michael.tremer>
Status:	MODIFIED ---	QA Contact:
Severity:	Balancing
Priority:	- Unknown -
Version:	2
Hardware:	unspecified
OS:	Unspecified

Description Michael Tremer 2024-05-17 09:06:28 UTC

We have the option to whitelist traffic in the IPS, but wouldn't it be a good idea to insert RETURN rules into the IPS chains so that packets will never even hit the IPS when whitelisted?

There are usually two reasons to whitelist something: a) it triggers some error in the IPS which is why we totally want to circumvent Suricata, or b) performance because Suricata does not need to scan everything. In both cases a RETURN rule would make sense to me.

Comment 1 Michael Tremer 2024-09-10 16:51:29 UTC

> https://patchwork.ipfire.org/project/ipfire/patch/20240910143748.3469271-6-michael.tremer@ipfire.org/

I have implemented this myself.

Comment 2 Michael Tremer 2024-09-24 14:12:08 UTC

> https://www.ipfire.org/blog/ipfire-2-29-core-update-189-is-available-for-testing