From 119537dfc4ae39ef542314d09f1940daff7905e7 Mon Sep 17 00:00:00 2001
From: Monviech <79600909+Monviech@users.noreply.github.com>
Date: Wed, 16 Aug 2023 21:38:02 +0200
Subject: [PATCH] "bypass" keyword in suricata user defined rules (#6752)

---
 .../controllers/OPNsense/IDS/forms/dialogUserDefined.xml    | 6 ++++++
 src/opnsense/mvc/app/models/OPNsense/IDS/IDS.xml            | 6 +++++-
 src/opnsense/service/templates/OPNsense/IDS/OPNsense.rules  | 2 +-
 3 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/src/opnsense/mvc/app/controllers/OPNsense/IDS/forms/dialogUserDefined.xml b/src/opnsense/mvc/app/controllers/OPNsense/IDS/forms/dialogUserDefined.xml
index e8b25311d..4f9796658 100644
--- a/src/opnsense/mvc/app/controllers/OPNsense/IDS/forms/dialogUserDefined.xml
+++ b/src/opnsense/mvc/app/controllers/OPNsense/IDS/forms/dialogUserDefined.xml
@@ -29,6 +29,12 @@
         <type>dropdown</type>
         <help>Set action to perform here, only used when in IPS mode.</help>
     </field>
+    <field>
+        <id>rule.bypass</id>
+        <label>Bypass</label>
+        <type>checkbox</type>
+        <help>Set bypass keyword. Increases traffic throughput. Suricata reads a packet, decodes it, checks it in the flow table. If the corresponding flow is local bypassed then it simply skips all streaming, detection and output and the packet goes directly out in IDS mode and to verdict in IPS mode.</help>
+    </field>
     <field>
         <id>rule.description</id>
         <label>Description</label>
diff --git a/src/opnsense/mvc/app/models/OPNsense/IDS/IDS.xml b/src/opnsense/mvc/app/models/OPNsense/IDS/IDS.xml
index 9c5943f6b..2607b6f8f 100644
--- a/src/opnsense/mvc/app/models/OPNsense/IDS/IDS.xml
+++ b/src/opnsense/mvc/app/models/OPNsense/IDS/IDS.xml
@@ -1,6 +1,6 @@
 <model>
     <mount>//OPNsense/IDS</mount>
-    <version>1.0.7</version>
+    <version>1.0.8</version>
     <description>
         OPNsense IDS
     </description>
@@ -113,6 +113,10 @@
                         <pass>Pass</pass>
                     </OptionValues>
                 </action>
+                <bypass type="BooleanField">
+                        <default>0</default>
+                        <Required>Y</Required>
+                </bypass>
             </rule>
         </userDefinedRules>
         <files>
diff --git a/src/opnsense/service/templates/OPNsense/IDS/OPNsense.rules b/src/opnsense/service/templates/OPNsense/IDS/OPNsense.rules
index 747600000..f35d97698 100644
--- a/src/opnsense/service/templates/OPNsense/IDS/OPNsense.rules
+++ b/src/opnsense/service/templates/OPNsense/IDS/OPNsense.rules
@@ -9,7 +9,7 @@
 {%      for rule in helpers.toList('OPNsense.IDS.userDefinedRules.rule') %}
 {%          if rule.enabled|default('0') == '1' %}
 {{rule.action}}{% if rule.fingerprint|default('') != ""
-      %} tls {% else %} ip {% endif %} {% if rule.source|default('') != "" %} {{ rule.source }} {% else %} any {% endif %} any -> {% if rule.destination|default('') != "" %} {{ rule.destination }} {% else %} any {% endif %} any (msg:"{{rule.description.replace('"','\"')}}"; {%
+      %} tls {% else %} ip {% endif %} {% if rule.source|default('') != "" %} {{ rule.source }} {% else %} any {% endif %} any -> {% if rule.destination|default('') != "" %} {{ rule.destination }} {% else %} any {% endif %} any (msg:"{{rule.description.replace('"','\"')}}"; {% if rule.bypass|default('0') == '1' %}bypass;{% endif %}{%
       if rule.fingerprint|default('') != "" %} tls.fingerprint:"{{rule.fingerprint.lower()}}";{% endif
       %} sid:{{
       4294967295 - loop.index