13691 – IPS: Never send whitelisted traffic to the IPS

Bug 13691 - IPS: Never send whitelisted traffic to the IPS

Summary: IPS: Never send whitelisted traffic to the IPS

Status:	MODIFIED

Alias:	None

Product:	IPFire
Classification:	Unclassified
Component:	--- (show other bugs)
Version:	2
Hardware:	unspecified Unspecified

Importance:	- Unknown - Balancing
Assignee:	Michael Tremer
QA Contact:

URL:
Keywords:

Depends on:
Blocks:

Reported:	2024-05-17 09:06 UTC by Michael Tremer
Modified:	2024-09-24 14:12 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Michael Tremer 2024-05-17 09:06:28 UTC

We have the option to whitelist traffic in the IPS, but wouldn't it be a good idea to insert RETURN rules into the IPS chains so that packets will never even hit the IPS when whitelisted?

There are usually two reasons to whitelist something: a) it triggers some error in the IPS which is why we totally want to circumvent Suricata, or b) performance because Suricata does not need to scan everything. In both cases a RETURN rule would make sense to me.

Comment 1 Michael Tremer 2024-09-10 16:51:29 UTC

> https://patchwork.ipfire.org/project/ipfire/patch/20240910143748.3469271-6-michael.tremer@ipfire.org/

I have implemented this myself.

Comment 2 Michael Tremer 2024-09-24 14:12:08 UTC

> https://www.ipfire.org/blog/ipfire-2-29-core-update-189-is-available-for-testing