aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorbmeeks8 <bmeeks8@bellsouth.net>2013-09-25 16:54:28 -0400
committerbmeeks8 <bmeeks8@bellsouth.net>2013-09-25 22:35:59 -0400
commit5ea85d169560b26d19b074f85f4cc7976a46f8a7 (patch)
tree95b7cf74c775d94b0988e87f645ed6f1260d0f62
parent1d6ca5d09eb1db9c0347ffda6712c66cb6edf3f5 (diff)
downloadpfsense-packages-5ea85d169560b26d19b074f85f4cc7976a46f8a7.tar.gz
pfsense-packages-5ea85d169560b26d19b074f85f4cc7976a46f8a7.tar.bz2
pfsense-packages-5ea85d169560b26d19b074f85f4cc7976a46f8a7.zip
Add check so flowbits logic does not re-enable manually disabled rules
-rwxr-xr-xconfig/snort/snort.inc4
1 files changed, 4 insertions, 0 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc
index 9781f5b6..6e3b29fd 100755
--- a/config/snort/snort.inc
+++ b/config/snort/snort.inc
@@ -2364,6 +2364,10 @@ function snort_prepare_rule_files($snortcfg, $snortcfgdir) {
log_error('[Snort] Enabling any flowbit-required rules for: ' . snort_get_friendly_interface($snortcfg['interface']) . '...');
$fbits = snort_resolve_flowbits($all_rules, $enabled_rules);
+ /* Check for and disable any flowbit-required rules the user has */
+ /* manually forced to a disabled state. */
+ snort_modify_sids($fbits, $snortcfg);
+
/* Check for and disable any flowbit-required rules dependent upon */
/* disabled preprocessors if this option is enabled for the interface. */
if ($snortcfg['preproc_auto_rule_disable'] == "on") {