aboutsummaryrefslogtreecommitdiffstats
path: root/config/snort
diff options
context:
space:
mode:
authorbmeeks8 <bmeeks8@bellsouth.net>2015-02-03 12:36:03 -0500
committerbmeeks8 <bmeeks8@bellsouth.net>2015-02-03 12:36:03 -0500
commit388792a6710deade660a860eb2685e4340bbf274 (patch)
tree01fa04f818d1fccaa3b043028920a7da97876054 /config/snort
parentaf0639664b41212ebf02574196525ea0326580cd (diff)
downloadpfsense-packages-388792a6710deade660a860eb2685e4340bbf274.tar.gz
pfsense-packages-388792a6710deade660a860eb2685e4340bbf274.tar.bz2
pfsense-packages-388792a6710deade660a860eb2685e4340bbf274.zip
Add checks so empty IP or subnet is not saved to HOME_NET or PASS LIST.
Diffstat (limited to 'config/snort')
-rwxr-xr-xconfig/snort/snort.inc36
1 files changed, 20 insertions, 16 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc
index 16574e77..b9a022fd 100755
--- a/config/snort/snort.inc
+++ b/config/snort/snort.inc
@@ -324,10 +324,11 @@ function snort_build_list($snortcfg, $listname = "", $whitelist = false, $extern
if (($externallist && $localnet == 'yes') || (!$externallist && (!$whitelist || $localnet == 'yes' || empty($localnet)))) {
if (is_ipaddr($snortip)) {
if ($snortcfg['interface'] <> "wan") {
- $sn = get_interface_subnet($snortcfg['interface']);
- $ip = gen_subnet($snortip, $sn) . "/{$sn}";
- if (!in_array($ip, $home_net))
- $home_net[] = $ip;
+ if ($sn = get_interface_subnet($snortcfg['interface'])) {
+ $ip = gen_subnet($snortip, $sn) . "/{$sn}";
+ if (!in_array($ip, $home_net))
+ $home_net[] = $ip;
+ }
}
}
}
@@ -346,10 +347,11 @@ function snort_build_list($snortcfg, $listname = "", $whitelist = false, $extern
if (($externallist && $localnet == 'yes') || (!$externallist && (!$whitelist || $localnet == 'yes' || empty($localnet)))) {
if (is_ipaddrv6($snortip)) {
if ($snortcfg['interface'] <> "wan") {
- $sn = get_interface_subnetv6($snortcfg['interface']);
- $ip = gen_subnetv6($snortip, $sn). "/{$sn}";
- if (!in_array($ip, $home_net))
- $home_net[] = $ip;
+ if ($sn = get_interface_subnetv6($snortcfg['interface'])) {
+ $ip = gen_subnetv6($snortip, $sn). "/{$sn}";
+ if (!in_array($ip, $home_net))
+ $home_net[] = $ip;
+ }
}
}
}
@@ -383,10 +385,11 @@ function snort_build_list($snortcfg, $listname = "", $whitelist = false, $extern
continue;
$subnet = get_interface_ip($int);
if (is_ipaddrv4($subnet)) {
- $sn = get_interface_subnet($int);
- $ip = gen_subnet($subnet, $sn) . "/{$sn}";
- if (!in_array($ip, $home_net))
- $home_net[] = $ip;
+ if ($sn = get_interface_subnet($int)) {
+ $ip = gen_subnet($subnet, $sn) . "/{$sn}";
+ if (!in_array($ip, $home_net))
+ $home_net[] = $ip;
+ }
}
$subnet = get_interface_ipv6($int);
@@ -394,10 +397,11 @@ function snort_build_list($snortcfg, $listname = "", $whitelist = false, $extern
if (strpos($subnet, "%") !== FALSE)
$subnet = substr($subnet, 0, strpos($subnet, "%"));
if (is_ipaddrv6($subnet)) {
- $sn = get_interface_subnetv6($int);
- $ip = gen_subnetv6($subnet, $sn). "/{$sn}";
- if (!in_array($ip, $home_net))
- $home_net[] = $ip;
+ if ($sn = get_interface_subnetv6($int)) {
+ $ip = gen_subnetv6($subnet, $sn). "/{$sn}";
+ if (!in_array($ip, $home_net))
+ $home_net[] = $ip;
+ }
}
// Add link-local address