# Copyright (c) 2025 Marc Rivero López
# Licensed under GPLv3.
# Simple IDS rules for testing basic parser functionality

# Basic HTTP rule
alert tcp any any -> any 80 (msg:"HTTP Traffic"; sid:1000001; rev:1;)

# Basic HTTPS rule
alert tcp any any -> any 443 (msg:"HTTPS Traffic"; sid:1000002; rev:1;)

# DNS query
alert udp any any -> any 53 (msg:"DNS Query"; sid:1000003; rev:1;)

# ICMP ping
alert icmp any any -> any any (msg:"ICMP Ping"; sid:1000004; rev:1;)

# SSH connection
alert tcp any any -> any 22 (msg:"SSH Connection"; sid:1000005; rev:1;)

# With variables
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"External HTTP"; sid:1000006; rev:1;)

# With classtype
alert tcp any any -> any 80 (msg:"HTTP Attack"; classtype:web-application-attack; sid:1000007; rev:1;)

# With priority
alert tcp any any -> any 80 (msg:"High Priority"; priority:1; sid:1000008; rev:1;)

# With reference
alert tcp any any -> any 80 (msg:"CVE Reference"; reference:cve,2021-12345; sid:1000009; rev:1;)

# Bidirectional rule
alert tcp any any <> any 80 (msg:"Bidirectional HTTP"; sid:1000010; rev:1;)
