"bypass" keyword in suricata user defined rules (#6752)

2026-03-20 03:16:12 +00:00 · 2023-08-16 21:38:02 +02:00 · 2023-08-16 21:38:02 +02:00 · 119537dfc4
commit 119537dfc4
parent 6095400258
3 changed files with 12 additions and 2 deletions
--- a/src/opnsense/mvc/app/controllers/OPNsense/IDS/forms/dialogUserDefined.xml
+++ b/src/opnsense/mvc/app/controllers/OPNsense/IDS/forms/dialogUserDefined.xml
@ -29,6 +29,12 @@
        <type>dropdown</type>
        <help>Set action to perform here, only used when in IPS mode.</help>
    </field>
+    <field>
+        <id>rule.bypass</id>
+        <label>Bypass</label>
+        <type>checkbox</type>
+        <help>Set bypass keyword. Increases traffic throughput. Suricata reads a packet, decodes it, checks it in the flow table. If the corresponding flow is local bypassed then it simply skips all streaming, detection and output and the packet goes directly out in IDS mode and to verdict in IPS mode.</help>
+    </field>
    <field>
        <id>rule.description</id>
        <label>Description</label>
--- a/src/opnsense/mvc/app/models/OPNsense/IDS/IDS.xml
+++ b/src/opnsense/mvc/app/models/OPNsense/IDS/IDS.xml
@ -1,6 +1,6 @@
 <model>
    <mount>//OPNsense/IDS</mount>
-    <version>1.0.7</version>
+    <version>1.0.8</version>
    <description>
        OPNsense IDS
    </description>
@ -113,6 +113,10 @@
                        <pass>Pass</pass>
                    </OptionValues>
                </action>
+                <bypass type="BooleanField">
+                        <default>0</default>
+                        <Required>Y</Required>
+                </bypass>
            </rule>
        </userDefinedRules>
        <files>
--- a/src/opnsense/service/templates/OPNsense/IDS/OPNsense.rules
+++ b/src/opnsense/service/templates/OPNsense/IDS/OPNsense.rules
@ -9,7 +9,7 @@
 {%      for rule in helpers.toList('OPNsense.IDS.userDefinedRules.rule') %}
 {%          if rule.enabled|default('0') == '1' %}
 {{rule.action}}{% if rule.fingerprint|default('') != ""
-      %} tls {% else %} ip {% endif %} {% if rule.source|default('') != "" %} {{ rule.source }} {% else %} any {% endif %} any -> {% if rule.destination|default('') != "" %} {{ rule.destination }} {% else %} any {% endif %} any (msg:"{{rule.description.replace('"','\"')}}"; {%
+      %} tls {% else %} ip {% endif %} {% if rule.source|default('') != "" %} {{ rule.source }} {% else %} any {% endif %} any -> {% if rule.destination|default('') != "" %} {{ rule.destination }} {% else %} any {% endif %} any (msg:"{{rule.description.replace('"','\"')}}"; {% if rule.bypass|default('0') == '1' %}bypass;{% endif %}{%
      if rule.fingerprint|default('') != "" %} tls.fingerprint:"{{rule.fingerprint.lower()}}";{% endif
      %} sid:{{
      4294967295 - loop.index