Documentation #5465
open
doc/userguide: document terminating behavior of rule actions
Added by Victor Julien over 2 years ago.
Updated 6 months ago.
Description
Various actions have different "terminating behaviors" in different scenarios.
e.g.:
alert will not terminate, but is limited to a max number of alerts per packet in the output
pass will immediately stop logging more alerts for the same packet and future alerts in the flow
drop will currently log all alerts for a packet, then drop the rest of the flow
Related issues
2 (2 open — 0 closed)
Once we have fully documented the current behavior we need to consider if the behavior actually makes sense. If changes are needed we can track that in a new ticket.
- Target version changed from 7.0.0-beta1 to 7.0.0-rc1
- Target version changed from 7.0.0-rc1 to 7.0.0-rc2
- Tracker changed from Task to Documentation
- Target version changed from 7.0.0-rc2 to 8.0.0-beta1
- Assignee changed from Juliana Fajardini Reichow to OISF Dev
- Related to Documentation #5554: userguide: document behavior for actions like PASS, DROP, REJECT, BYPASS... added
Also available in: Atom
PDF