diff options
| author | Scott Dale <sdale@pfsense.org> | 2007-02-22 08:39:14 +0000 |
|---|---|---|
| committer | Scott Dale <sdale@pfsense.org> | 2007-02-22 08:39:14 +0000 |
| commit | 2e73aec458a07a26c464687eb765f93eff87c092 (patch) | |
| tree | f2df12cc22a434c46f270749b93907dd61d30630 | |
| parent | dbbdd9c30e5e6e0cbce822a2d0172928d69fce13 (diff) | |
| download | pfsense-packages-2e73aec458a07a26c464687eb765f93eff87c092.tar.gz pfsense-packages-2e73aec458a07a26c464687eb765f93eff87c092.tar.bz2 pfsense-packages-2e73aec458a07a26c464687eb765f93eff87c092.zip | |
Correct portscan preprocessor settings. WAN Gateway, DNS servers, and loopback address are not automatically inserted in $HOME_NET. Removed redundant code that was inserting local IPs twice into $HOME_NET.
| -rw-r--r-- | packages/snort/snort.inc | 29 |
1 files changed, 19 insertions, 10 deletions
diff --git a/packages/snort/snort.inc b/packages/snort/snort.inc index 1023d90f..7910298d 100644 --- a/packages/snort/snort.inc +++ b/packages/snort/snort.inc @@ -27,6 +27,7 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +require_once("pfsense-utils.inc"); /* define oinkid */ if($config['installedpackages']['snort']) @@ -238,16 +239,25 @@ function generate_snort_conf() { } } - /* add all local ips to the whitelist */ + /* add all WAN ips to the whitelist */ $wan_if = get_real_wan_interface(); $ip = find_interface_ip($wan_if); $home_net .= "{$ip} "; - - /* iterate all interfaces and add to whitelist */ - foreach($config['interfaces'] as $interface) - if($interface['ipaddr'] <> "pppoe" and $interface['ipaddr'] <> "dhcp") - $home_net .= "{$interface['ipaddr']} "; - + + /* Add Gateway on WAN interface to whitelist (For RRD graphs) */ + $int = convert_friendly_interface_to_real_interface_name("WAN"); + $gw = get_interface_gateway($int); + $home_net .= "{$gw} "; + + /* Add DNS server for WAN interface to whitelist */ + $dns_servers = get_dns_servers(); + foreach($dns_servers as $dns) { + $home_net .= "{$dns} "; + } + + /* Add loopback to whitelist (ftphelper) */ + $home_net .= "127.0.0.1 "; + /* iterate all vips and add to whitelist */ if($config['virtualip']) foreach($config['virtualip']['vip'] as $vip) @@ -369,9 +379,8 @@ preprocessor telnet_decode preprocessor sfportscan: proto { all } \ scan_type { all } \ sense_level { high } \ - watch_ip { \$HOME_NET } \ - ignore_scanners { \$HOME_NET } \ - ignore_scanned { \$HOME_NET } + ignore_scanners { \$HOME_NET } + #Required files include classification.config |