From 30ffe00bae57e84fe86a6e763dbc23066d78d2e3 Mon Sep 17 00:00:00 2001
From: alinse-pltzr <last-linse@proton.me>
Date: Wed, 15 Apr 2026 21:28:35 +0200
Subject: [PATCH 1/2] ftp: add rule for too many transactions

---
 rules/ftp-events.rules | 1 +
 1 file changed, 1 insertion(+)

diff --git a/rules/ftp-events.rules b/rules/ftp-events.rules
index d32c93f32759..501fe1016555 100644
--- a/rules/ftp-events.rules
+++ b/rules/ftp-events.rules
@@ -4,3 +4,4 @@
 
 alert ftp any any -> any any (msg:"SURICATA FTP Request command too long"; flow:to_server; app-layer-event:ftp.request_command_too_long; classtype:protocol-command-decode; sid:2232000; rev:1;)
 alert ftp any any -> any any (msg:"SURICATA FTP Response command too long"; flow:to_client; app-layer-event:ftp.response_command_too_long; classtype:protocol-command-decode; sid:2232001; rev:1;)
+alert ftp any any -> any any (msg:"SURICATA FTP too many transactions"; app-layer-event:ftp.too_many_transactions; classtype:protocol-command-decode; sid:2232002; rev:1;)

From 48fce40a4ac926d3a33990c80bfeb117f2974614 Mon Sep 17 00:00:00 2001
From: alinse-pltzr <last-linse@proton.me>
Date: Wed, 15 Apr 2026 21:30:20 +0200
Subject: [PATCH 2/2] suricata.yaml: add comment for ftp.max-tx

---
 suricata.yaml.in | 1 +
 1 file changed, 1 insertion(+)

diff --git a/suricata.yaml.in b/suricata.yaml.in
index 87a49fa13fd3..b4c46d0c8468 100644
--- a/suricata.yaml.in
+++ b/suricata.yaml.in
@@ -998,6 +998,7 @@ app-layer:
     ftp:
       enabled: yes
       # memcap: 64 MiB
+      # max-tx: 1024
     websocket:
       #enabled: yes
       # Maximum used payload size, the rest is skipped