Ensure conf_mount_rw() and conf_mount_ro() are used where needed.

1 files changed, 8 insertions, 6 deletions

diff --git a/config/snort/snort_preprocessors.php b/config/snort/snort_preprocessors.php
index 289a3941..d1b3e5be 100755
--- a/config/snort/snort_preprocessors.php
+++ b/config/snort/snort_preprocessors.php
@@ -509,25 +509,27 @@ elseif ($_POST['Submit']) {
 		$natent['stream5_track_udp'] = $_POST['stream5_track_udp'] ? 'on' : 'off';
 		$natent['stream5_track_icmp'] = $_POST['stream5_track_icmp'] ? 'on' : 'off';
 
-		/* If 'preproc_auto_rule_disable' is off, then clear log file */
-		if ($natent['preproc_auto_rule_disable'] == 'off')
-			@unlink("{$disabled_rules_log}");
-
 		if (isset($id) && $a_nat[$id]) {
 			$a_nat[$id] = $natent;
 			write_config();
 		}
 
-		/* Set flag to rebuild rules for this interface  */
-		$rebuild_rules = true;
+		conf_mount_rw();
 
 		/*************************************************/
 		/* Update the snort.conf file and rebuild the    */
 		/* rules for this interface.                     */
 		/*************************************************/
+		$rebuild_rules = true;
 		snort_generate_conf($natent);
 		$rebuild_rules = false;
 
+		/* If 'preproc_auto_rule_disable' is off, then clear log file */
+		if ($natent['preproc_auto_rule_disable'] == 'off')
+			@unlink("{$disabled_rules_log}");
+
+		conf_mount_ro();
+
 		/*******************************************************/
 		/* Signal Snort to reload Host Attribute Table if one  */
 		/* is configured and saved.                            */