diff options
| author | Ermal <eri@pfsense.org> | 2012-01-25 23:12:11 +0000 |
|---|---|---|
| committer | Ermal <eri@pfsense.org> | 2012-01-25 23:12:11 +0000 |
| commit | e4c13a5752c5f7b4947edbc4227b005cd333566d (patch) | |
| tree | b9c732034f918878790751ef9dd0344110101a4e /config/snort/snort.inc | |
| parent | 3284c26553ab086cd8730e37c4f419d1b38acab0 (diff) | |
| download | pfsense-packages-e4c13a5752c5f7b4947edbc4227b005cd333566d.tar.gz pfsense-packages-e4c13a5752c5f7b4947edbc4227b005cd333566d.tar.bz2 pfsense-packages-e4c13a5752c5f7b4947edbc4227b005cd333566d.zip | |
Expose the new options of spoink to the GUI
Improve spoink code a lot:
- Allow to block by src/dst/both on the packet that generated alert. Default to src to keep backward compatibility
- Speedup whitelist search
- Create an option that allows to kill states on pf for blocked hosts. This allows to remove all access to the blocked host.
TODO:
- More fine grained blocking options?
- Make whiwhitelist hparsing less sucky and IPv6 compatible
Diffstat (limited to 'config/snort/snort.inc')
| -rw-r--r-- | config/snort/snort.inc | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc index 98d7ebfa..6aef1eed 100644 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -1383,7 +1383,11 @@ function generate_snort_conf($id, $if_real, $snort_uuid) else if (file_exists("/usr/local/etc/snort/whitelist/{$snortcfg['whitelistname']}")) $spoink_whitelist_name = $snortcfg['whitelistname']; - $spoink_type = "output alert_pf: /usr/local/etc/snort/whitelist/{$spoink_whitelist_name},snort2c"; + $pfkill = ""; + if ($snortcfg['blockoffenderskill'] == "on") + $pfkill = "kill"; + + $spoink_type = "output alert_pf: /usr/local/etc/snort/whitelist/{$spoink_whitelist_name},snort2c,{$snortcfg['blockoffendersip']},{$pfkill}"; } /* define threshold file */ |