Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Moved verb ACTION_DROP from policy/frameworks/netcontrol/catch-and-release.zeek to base/frameworks/notice/main.zeek.

Browse source 
ACTION_DROP is not only part of catch-n-release subsystem.

Also, historically ACTION_DROP has been bundled with ACTION_LOG, ACTION_ALARM, ACTION_EMAIL... and its helpful that this verb remains in base/frameworks/notice/main.zeek
This commit is contained in:
Aashish Sharma 2020-08-12 10:13:27 -07:00
parent f1ed66d52c
commit 496f6d4935
2 changed files with 4 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

4
scripts/base/frameworks/notice/main.zeek
View file

@ -44,6 +44,10 @@ export {
## ASCII version of the alarm log is emailed in bulk to the ## ASCII version of the alarm log is emailed in bulk to the
## address(es) configured in :zeek:id:`Notice::mail_dest`. ## address(es) configured in :zeek:id:`Notice::mail_dest`.
ACTION_ALARM, ACTION_ALARM,
## Indicates that the notice results in a drop action. A drop
## action can be nullzero, acld drop or a filter as per
## configured in :zeek:see:`NetControl::acld_rule_policy`.
ACTION_DROP,
}; };
## Type that represents a set of actions. ## Type that represents a set of actions.

5
scripts/policy/frameworks/notice/actions/drop.zeek
View file

@ -8,11 +8,6 @@
module Notice; module Notice;
export { export {
redef enum Action += {
## Drops the address via :zeek:see:`NetControl::drop_address_catch_release`.
ACTION_DROP
};
redef record Info += { redef record Info += {
## Indicate if the $src IP address was dropped and denied ## Indicate if the $src IP address was dropped and denied
## network access. ## network access.