diff options
author | Ermal <eri@pfsense.org> | 2011-09-05 20:59:13 +0000 |
---|---|---|
committer | Ermal <eri@pfsense.org> | 2011-09-05 20:59:30 +0000 |
commit | fe149a089d2cfa20b3c848971cee7adac0125c0d (patch) | |
tree | ba28e4d1e15f2f60205edbc3ff58500428a0e983 /config/snort/snort.inc | |
parent | 9e99a5d79014531bb03437d5bb4747abf88344be (diff) | |
download | pfsense-packages-fe149a089d2cfa20b3c848971cee7adac0125c0d.tar.gz pfsense-packages-fe149a089d2cfa20b3c848971cee7adac0125c0d.tar.bz2 pfsense-packages-fe149a089d2cfa20b3c848971cee7adac0125c0d.zip |
Include default preprocessor rules which should fix portscan and other preprocessor detections
Diffstat (limited to 'config/snort/snort.inc')
-rw-r--r-- | config/snort/snort.inc | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc index e2917590..839faf23 100644 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -1927,8 +1927,8 @@ function generate_snort_conf($id, $if_real, $snort_uuid) /* generate rule sections to load */ $enabled_rulesets = $snortcfg['rulesets']; + $selected_rules_sections = ""; if (!empty($enabled_rulesets)) { - $selected_rules_sections = ""; $enabled_rulesets_array = split("\|\|", $enabled_rulesets); foreach($enabled_rulesets_array as $enabled_item) $selected_rules_sections .= "include \$RULE_PATH/{$enabled_item}\n"; @@ -2314,7 +2314,7 @@ portvar DCERPC_BRIGHTSTORE [6503,6504] ##################### var RULE_PATH /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/rules -# var PREPROC_RULE_PATH ./preproc_rules +var PREPROC_RULE_PATH /usr/local/etc/snort/preproc_rules ################################ # @@ -2408,10 +2408,12 @@ preprocessor ssl: ports { {$def_ssl_ports_ignore_type} }, trustservers, noinspec include /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/reference.config include /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/classification.config - $threshold_file_name +include \$PREPROC_RULE_PATH/preprocessor.rules +include \$PREPROC_RULE_PATH/decoder.rules +$threshold_file_name # Snort user pass through configuration - {$snort_config_pass_thru} +{$snort_config_pass_thru} ################### # |