aboutsummaryrefslogtreecommitdiffstats
path: root/config/snort/snort.inc
diff options
context:
space:
mode:
authorErmal <eri@pfsense.org>2011-09-05 20:59:13 +0000
committerErmal <eri@pfsense.org>2011-09-05 20:59:30 +0000
commitfe149a089d2cfa20b3c848971cee7adac0125c0d (patch)
treeba28e4d1e15f2f60205edbc3ff58500428a0e983 /config/snort/snort.inc
parent9e99a5d79014531bb03437d5bb4747abf88344be (diff)
downloadpfsense-packages-fe149a089d2cfa20b3c848971cee7adac0125c0d.tar.gz
pfsense-packages-fe149a089d2cfa20b3c848971cee7adac0125c0d.tar.bz2
pfsense-packages-fe149a089d2cfa20b3c848971cee7adac0125c0d.zip
Include default preprocessor rules which should fix portscan and other preprocessor detections
Diffstat (limited to 'config/snort/snort.inc')
-rw-r--r--config/snort/snort.inc10
1 files changed, 6 insertions, 4 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc
index e2917590..839faf23 100644
--- a/config/snort/snort.inc
+++ b/config/snort/snort.inc
@@ -1927,8 +1927,8 @@ function generate_snort_conf($id, $if_real, $snort_uuid)
/* generate rule sections to load */
$enabled_rulesets = $snortcfg['rulesets'];
+ $selected_rules_sections = "";
if (!empty($enabled_rulesets)) {
- $selected_rules_sections = "";
$enabled_rulesets_array = split("\|\|", $enabled_rulesets);
foreach($enabled_rulesets_array as $enabled_item)
$selected_rules_sections .= "include \$RULE_PATH/{$enabled_item}\n";
@@ -2314,7 +2314,7 @@ portvar DCERPC_BRIGHTSTORE [6503,6504]
#####################
var RULE_PATH /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/rules
-# var PREPROC_RULE_PATH ./preproc_rules
+var PREPROC_RULE_PATH /usr/local/etc/snort/preproc_rules
################################
#
@@ -2408,10 +2408,12 @@ preprocessor ssl: ports { {$def_ssl_ports_ignore_type} }, trustservers, noinspec
include /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/reference.config
include /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/classification.config
- $threshold_file_name
+include \$PREPROC_RULE_PATH/preprocessor.rules
+include \$PREPROC_RULE_PATH/decoder.rules
+$threshold_file_name
# Snort user pass through configuration
- {$snort_config_pass_thru}
+{$snort_config_pass_thru}
###################
#