diff options
| author | Ermal <eri@pfsense.org> | 2012-07-12 07:53:33 +0000 |
|---|---|---|
| committer | Ermal <eri@pfsense.org> | 2012-07-12 07:53:33 +0000 |
| commit | 1efdf15caddd3a8fa26fd4ea0a9634e04a1a2e8a (patch) | |
| tree | c6caf776be70f1ff2dcf7b31e533897120c035fa | |
| parent | 06e36f418ba5e4f449d9fb6f213cadb9b4b91bbe (diff) | |
| download | pfsense-packages-1efdf15caddd3a8fa26fd4ea0a9634e04a1a2e8a.tar.gz pfsense-packages-1efdf15caddd3a8fa26fd4ea0a9634e04a1a2e8a.tar.bz2 pfsense-packages-1efdf15caddd3a8fa26fd4ea0a9634e04a1a2e8a.zip | |
Allow to disable cksum checking pf(4) does this already
| -rw-r--r-- | config/snort/snort.inc | 6 | ||||
| -rw-r--r-- | config/snort/snort_interfaces_edit.php | 10 |
2 files changed, 14 insertions, 2 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc index cf05be67..d9dec153 100644 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -1292,6 +1292,10 @@ EOD; } } + $cksumcheck = "all"; + if ($snortcfg['cksumcheck'] == 'on') + $cksumcheck = "none"; + /* build snort configuration file */ $snort_conf_text = <<<EOD @@ -1313,7 +1317,7 @@ var PREPROC_RULE_PATH {$snortdir}/preproc_rules {$portvardef} # Configure the snort decoder # -config checksum_mode: all +config checksum_mode: {$cksumcheck} config disable_decode_alerts config disable_tcpopt_experimental_alerts config disable_tcpopt_obsolete_alerts diff --git a/config/snort/snort_interfaces_edit.php b/config/snort/snort_interfaces_edit.php index 4e453fc7..06a1d6f4 100644 --- a/config/snort/snort_interfaces_edit.php +++ b/config/snort/snort_interfaces_edit.php @@ -106,6 +106,7 @@ if ($_POST["Submit"]) { if ($_POST['tcpdumplog'] == "on") { $natent['tcpdumplog'] = 'on'; } else{ $natent['tcpdumplog'] = 'off'; } if ($_POST['snortunifiedlog'] == "on") { $natent['snortunifiedlog'] = 'on'; }else{ $natent['snortunifiedlog'] = 'off'; } if ($_POST['configpassthru']) $natent['configpassthru'] = base64_encode($_POST['configpassthru']); else unset($natent['configpassthru']); + if ($_POST['cksumcheck']) $natent['cksumcheck'] = 'on'; else $natent['cksumcheck'] = 'off'; $if_real = snort_get_real_interface($natent['interface']); if (isset($id) && $a_rule[$id]) { @@ -394,7 +395,14 @@ function enable_change(enable_change) { will like this rule to use. </span><br/> <br/><span class="red">Note:</span><br/> Default option disables suppression and filtering.</td> </tr> - + <tr> + <td width="22%" valign="top" class="vncell">Checksum checking</td> + <td width="78%" class="vtable"> + <input name="cksumcheck" id="cksumcheck" type="checkbox" value="on" <?php if ($pconfig['cksumcheck'] == "on") echo "checked"; ?>> + <br/>If ticked checksum checking on snort will be disabled to improve performance. + <br/>Most of this is already done on the firewall/filter level + </td> + </tr> <tr> <td colspan="2" valign="top" class="listtopic">Choose the types of logs snort should create.</td> |