upstream/suricata
1
0
Fork 0
mirror of https://github.com/OISF/suricata.git synced 2026-05-28 04:32:12 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

docs/configuration: add firewall mode settings

Browse source 
Partly related to
Ticket #7699
This commit is contained in:
Juliana Fajardini 2026-03-31 11:35:37 -03:00
parent 54322f38f8
commit 916ed58adb
1 changed files with 23 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
doc/userguide/configuration/suricata-yaml.rst
View file

@ -2805,6 +2805,29 @@ use of.
vista: []
windows2k3: []
Suricata as a Firewall options (experimental)
---------------------------------------------
It is possible to run Suricata as a firewall.
Please read :ref:`Firewall Mode Design <firewall mode design>` before using this.
The existing yaml configuration options are listed below. If the engine is run
in firewall mode, dedicated stats counters will be added to the stats logs.
To see the stats counters reported for the firewall, refer to :ref:`firewall mode stats`.
firewall:
# toggle to enable firewall mode
#enabled: no
# Firewall rule file are in their own path and are not managed
# by Suricata-Update.
#rule-path: /etc/suricata/firewall/
# List of files with firewall rules. Order matters, files are loaded
# in order and rules are applied in that order (per state, see docs)
#rule-files:
# - firewall.rules
Engine analysis and profiling
-----------------------------