diff options
| author | bmeeks8 <bmeeks8@bellsouth.net> | 2013-11-27 20:17:04 -0500 |
|---|---|---|
| committer | bmeeks8 <bmeeks8@bellsouth.net> | 2013-11-27 20:17:04 -0500 |
| commit | db7a6af3701beca6e4e23c7679e293f80e0441db (patch) | |
| tree | 9f2978db10d57940f75a0ce1604bf05814283f6e | |
| parent | d1b40c0af9436a8edfcfbc9825aaaf9b94dc2fdc (diff) | |
| download | pfsense-packages-db7a6af3701beca6e4e23c7679e293f80e0441db.tar.gz pfsense-packages-db7a6af3701beca6e4e23c7679e293f80e0441db.tar.bz2 pfsense-packages-db7a6af3701beca6e4e23c7679e293f80e0441db.zip | |
Add logic to prevent writing conf settings with no interfaces defined.
| -rwxr-xr-x | config/snort/snort_check_for_rule_updates.php | 3 | ||||
| -rw-r--r-- | config/snort/snort_interfaces_global.php | 26 |
2 files changed, 16 insertions, 13 deletions
diff --git a/config/snort/snort_check_for_rule_updates.php b/config/snort/snort_check_for_rule_updates.php index 5f687636..28539f1f 100755 --- a/config/snort/snort_check_for_rule_updates.php +++ b/config/snort/snort_check_for_rule_updates.php @@ -695,7 +695,8 @@ if ($snortdownload == 'on' || $emergingthreats == 'on' || $snortcommunityrules = } /* Start the rules rebuild proccess for each configured interface */ - if (is_array($config['installedpackages']['snortglobal']['rule'])) { + if (is_array($config['installedpackages']['snortglobal']['rule']) && + !empty($config['installedpackages']['snortglobal']['rule'])) { /* Set the flag to force rule rebuilds since we downloaded new rules, */ /* except when in post-install mode. Post-install does its own rebuild. */ diff --git a/config/snort/snort_interfaces_global.php b/config/snort/snort_interfaces_global.php index 77cb0e7c..b22a6934 100644 --- a/config/snort/snort_interfaces_global.php +++ b/config/snort/snort_interfaces_global.php @@ -98,19 +98,21 @@ if (!$input_errors) { // Now walk all the configured interface rulesets and remove // any matching the disabled ruleset prefixes. - foreach ($config['installedpackages']['snortglobal']['rule'] as &$iface) { - // Disable Snort IPS policy if VRT rules are disabled - if ($disable_ips_policy) { - $iface['ips_policy_enable'] = 'off'; - unset($iface['ips_policy']); + if (is_array($config['installedpackages']['snortglobal']['rule'])) { + foreach ($config['installedpackages']['snortglobal']['rule'] as &$iface) { + // Disable Snort IPS policy if VRT rules are disabled + if ($disable_ips_policy) { + $iface['ips_policy_enable'] = 'off'; + unset($iface['ips_policy']); + } + $enabled_rules = explode("||", $iface['rulesets']); + foreach ($enabled_rules as $k => $v) { + foreach ($disabled_rules as $d) + if (strpos(trim($v), $d) !== false) + unset($enabled_rules[$k]); + } + $iface['rulesets'] = implode("||", $enabled_rules); } - $enabled_rules = explode("||", $iface['rulesets']); - foreach ($enabled_rules as $k => $v) { - foreach ($disabled_rules as $d) - if (strpos(trim($v), $d) !== false) - unset($enabled_rules[$k]); - } - $iface['rulesets'] = implode("||", $enabled_rules); } $config['installedpackages']['snortglobal']['oinkmastercode'] = $_POST['oinkmastercode']; |