snort3 - flushing active states

[Özkan KIRIK via Snort-devel <snort-devel () lists snort org>]

Hello,

Is it possible flush all state table in snort3?
I need this feature for ruleset changes.

Think that I have a rule with action pass. Start a traffic that matches
with this rule. And then I change the action with block and reload ruleset
using killall -HUP snort.
Flow is still being passed event rule action reloaded with block action.
If I stop & start snort3 everything works fine. I think, we need to flush
the states.
And also is it possible to flush states that belongs to single source
address or single destionation address? (E.g. flush states for a client IP)

Regards

_______________________________________________
Snort-devel mailing list
Snort-devel () lists snort org
https://lists.snort.org/mailman/listinfo/snort-devel

Please visit http://blog.snort.org for the latest news about Snort!