Skip to content

Extending attack-mitigation module options#1438

Merged
brianmcgillion merged 1 commit intotiiuae:mainfrom
enesoztrk:feat/configurable-attack-mitigation
Oct 2, 2025
Merged

Extending attack-mitigation module options#1438
brianmcgillion merged 1 commit intotiiuae:mainfrom
enesoztrk:feat/configurable-attack-mitigation

Conversation

@enesoztrk
Copy link
Copy Markdown
Contributor

@enesoztrk enesoztrk commented Sep 29, 2025
edited
Loading

  • Adds ssh and icmp submodules under ghaf.firewall.attack-mitigation with enable and rule options.
  • Set fail2ban maxretry value to 10 for debug builds based on a request from the test team.

Description of Changes

Type of Change

  • New Feature
  • Bug Fix
  • Improvement / Refactor

Related Issues / Tickets

Checklist

  • Clear summary in PR description
  • Detailed and meaningful commit message(s)
  • Commits are logically organized and squashed if appropriate
  • Contribution guidelines followed
  • Ghaf documentation updated with the commit - https://tiiuae.github.io/ghaf/
  • Author has run make-checks and it passes
  • All automatic GitHub Action checks pass - see actions
  • Author has added reviewers and removed PR draft status

Testing Instructions

Applicable Targets

  • Orin AGX aarch64
  • Orin NX aarch64
  • Lenovo X1 x86_64
  • Dell Latitude x86_64
  • System 76 x86_64

Installation Method

  • Requires full re-installation
  • Can be updated with nixos-rebuild ... switch
  • Other:

Test Steps To Verify:

@enesoztrk enesoztrk force-pushed the feat/configurable-attack-mitigation branch from ece9e35 to c8018c6 Compare September 30, 2025 07:18
@enesoztrk enesoztrk force-pushed the feat/configurable-attack-mitigation branch from c8018c6 to 985ea77 Compare September 30, 2025 07:18
@enesoztrk enesoztrk force-pushed the feat/configurable-attack-mitigation branch from 985ea77 to 52caf4a Compare October 1, 2025 08:31
@enesoztrk enesoztrk force-pushed the feat/configurable-attack-mitigation branch from 52caf4a to 13c4d26 Compare October 1, 2025 08:32
@enesoztrk enesoztrk marked this pull request as ready for review October 1, 2025 08:33
@enesoztrk enesoztrk force-pushed the feat/configurable-attack-mitigation branch from 13c4d26 to 0b53207 Compare October 1, 2025 08:44
@enesoztrk enesoztrk force-pushed the feat/configurable-attack-mitigation branch from 0b53207 to 1d18429 Compare October 1, 2025 08:58
@enesoztrk enesoztrk force-pushed the feat/configurable-attack-mitigation branch from 1d18429 to 96a290d Compare October 1, 2025 09:15
@enesoztrk enesoztrk force-pushed the feat/configurable-attack-mitigation branch from 96a290d to d143bd3 Compare October 1, 2025 10:25
@enesoztrk enesoztrk force-pushed the feat/configurable-attack-mitigation branch from d143bd3 to cef18f6 Compare October 1, 2025 10:27
@enesoztrk enesoztrk requested a review from vunnyso October 1, 2025 10:44
brianmcgillion
brianmcgillion reviewed Oct 1, 2025
View reviewed changes
@brianmcgillion brianmcgillion self-requested a review October 1, 2025 15:12
@enesoztrk enesoztrk force-pushed the feat/configurable-attack-mitigation branch from cef18f6 to 8a98049 Compare October 2, 2025 06:56
@vunnyso
Copy link
Copy Markdown
Collaborator

vunnyso commented Oct 2, 2025

I am not networking expert, probably we can test and merge it?

@enesoztrk enesoztrk force-pushed the feat/configurable-attack-mitigation branch from 8a98049 to 6c3eae0 Compare October 2, 2025 07:03
@enesoztrk
Copy link
Copy Markdown
Contributor Author

enesoztrk commented Oct 2, 2025

I am not networking expert, probably we can test and merge it?

I am currently testing on the FMO test side. In my opinion, there is no need for testing by the test team, but it can still be conducted by them if necessary.

@enesoztrk enesoztrk force-pushed the feat/configurable-attack-mitigation branch from 6c3eae0 to 1cbf486 Compare October 2, 2025 07:10
brianmcgillion
brianmcgillion approved these changes Oct 2, 2025
View reviewed changes
Copy link
Copy Markdown
Collaborator

@brianmcgillion brianmcgillion left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. But proof is in the FMO tests

@enesoztrk enesoztrk force-pushed the feat/configurable-attack-mitigation branch from 1cbf486 to 83871bb Compare October 2, 2025 08:34
@enesoztrk enesoztrk force-pushed the feat/configurable-attack-mitigation branch from 83871bb to 1eaa90b Compare October 2, 2025 08:47
@enesoztrk
Extending attack-mitigation module options
74a14b0 
* Adds `ssh` and `icmp` submodules under `ghaf.firewall.attack-mitigation`
  with `enable` and `rule` options.

Signed-off-by: Enes Öztürk <enes.ozturk@unikie.com>
@enesoztrk enesoztrk force-pushed the feat/configurable-attack-mitigation branch from 1eaa90b to 74a14b0 Compare October 2, 2025 11:25
@brianmcgillion brianmcgillion merged commit bef319f into tiiuae:main Oct 2, 2025
28 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@vunnyso vunnyso vunnyso approved these changes

@brianmcgillion brianmcgillion Awaiting requested review from brianmcgillion

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@enesoztrk @vunnyso @brianmcgillion