Bug 13691 - IPS: Never send whitelisted traffic to the IPS
Summary: IPS: Never send whitelisted traffic to the IPS
Status: MODIFIED
Alias: None
Product: IPFire
Classification: Unclassified
Component: --- (show other bugs)
Version: 2
Hardware: unspecified Unspecified
: - Unknown - Balancing
Assignee: Michael Tremer
QA Contact:
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2024-05-17 09:06 UTC by Michael Tremer
Modified: 2024-09-24 14:12 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Tremer 2024-05-17 09:06:28 UTC
We have the option to whitelist traffic in the IPS, but wouldn't it be a good idea to insert RETURN rules into the IPS chains so that packets will never even hit the IPS when whitelisted?

There are usually two reasons to whitelist something: a) it triggers some error in the IPS which is why we totally want to circumvent Suricata, or b) performance because Suricata does not need to scan everything. In both cases a RETURN rule would make sense to me.
Comment 1 Michael Tremer 2024-09-10 16:51:29 UTC
> https://patchwork.ipfire.org/project/ipfire/patch/20240910143748.3469271-6-michael.tremer@ipfire.org/

I have implemented this myself.