aboutsummaryrefslogtreecommitdiffstats
path: root/config/snort
diff options
context:
space:
mode:
authorErmal <eri@pfsense.org>2012-07-11 23:43:41 +0000
committerErmal <eri@pfsense.org>2012-07-11 23:43:41 +0000
commitf57cdb06ad1461dd313560bef691f554e0e395e7 (patch)
tree5156617c52ef5936c7bd36100ef6d45f28989777 /config/snort
parent25533aba373a0a7eefeeffc75842dc9ae0d2dbe7 (diff)
downloadpfsense-packages-f57cdb06ad1461dd313560bef691f554e0e395e7.tar.gz
pfsense-packages-f57cdb06ad1461dd313560bef691f554e0e395e7.tar.bz2
pfsense-packages-f57cdb06ad1461dd313560bef691f554e0e395e7.zip
Correct the way ssl preprocessor expect port list
Diffstat (limited to 'config/snort')
-rw-r--r--config/snort/snort.inc3
1 files changed, 2 insertions, 1 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc
index 363f2b71..003e551a 100644
--- a/config/snort/snort.inc
+++ b/config/snort/snort.inc
@@ -1240,6 +1240,7 @@ EOD;
$ports[$alias] = $snortcfg["def_{$alias}"];
$portvardef .= "portvar " . strtoupper($alias) . " [" . $ports[$alias] . "]\n";
}
+ $def_ssl_ports_ignore = str_replace(",", " ", $ports['ssl_ports_ignore']);
$snort_preproc = array (
"perform_stat", "http_inspect", "other_preprocs", "ftp_preprocessor", "smtp_preprocessor",
@@ -1325,7 +1326,7 @@ preprocessor stream5_icmp:
{$snort_preprocessors}
# Ignore SSL and Encryption #
-preprocessor ssl: ports { {$ports['ssl_ports_ignore']} }, trustservers, noinspect_encrypted
+preprocessor ssl: ports { {$def_ssl_ports_ignore} }, trustservers, noinspect_encrypted
# Snort Output Logs #
{$snortunifiedlogbasic_type}