Unify Snort host bypass: one entry for both directions (source and destination)Β #1381
Description
Currently, Snort bypasses are defined separately for source and destination hosts. To bypass traffic to and from a specific host (e.g. google.com), administrators must create two separate entries. This can be confusing and increases the risk of misconfiguration. The feature request proposes unifying bypasses for source and destination into a single host-centric bypass entry.
Proposed solution
- Modify the UI and backend to allow creation of a single bypass entry per host, which applies to traffic in both directions (to and from the host).
- Store host bypasses with a single UCI key.
- Update
/usr/share/snort/templates/nftables.ucto use the unified key and generate both saddr and daddr rules for each bypassed host. - Rename CLI tooling to include "snort" for clarity (suggestion:
snort-bypass-configinstead ofns-bypass-config). - Migrate existing separate source/destination bypass entries to the new unified format.
Additional context
- Reference implementation:
/usr/share/snort/templates/nftables.uccurrently uses keys to generate saddr/daddr rules. - A single UCI key can be used to generate both rules, simplifying configuration and management.
- CLI tool naming (
ns-bypass-config) is unclear; including "snort" improves discoverability for administrators.
See also