diff options
author | bmeeks8 <bmeeks8@bellsouth.net> | 2015-02-03 12:36:03 -0500 |
---|---|---|
committer | bmeeks8 <bmeeks8@bellsouth.net> | 2015-02-03 12:36:03 -0500 |
commit | 388792a6710deade660a860eb2685e4340bbf274 (patch) | |
tree | 01fa04f818d1fccaa3b043028920a7da97876054 /config/snort | |
parent | af0639664b41212ebf02574196525ea0326580cd (diff) | |
download | pfsense-packages-388792a6710deade660a860eb2685e4340bbf274.tar.gz pfsense-packages-388792a6710deade660a860eb2685e4340bbf274.tar.bz2 pfsense-packages-388792a6710deade660a860eb2685e4340bbf274.zip |
Add checks so empty IP or subnet is not saved to HOME_NET or PASS LIST.
Diffstat (limited to 'config/snort')
-rwxr-xr-x | config/snort/snort.inc | 36 |
1 files changed, 20 insertions, 16 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc index 16574e77..b9a022fd 100755 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -324,10 +324,11 @@ function snort_build_list($snortcfg, $listname = "", $whitelist = false, $extern if (($externallist && $localnet == 'yes') || (!$externallist && (!$whitelist || $localnet == 'yes' || empty($localnet)))) { if (is_ipaddr($snortip)) { if ($snortcfg['interface'] <> "wan") { - $sn = get_interface_subnet($snortcfg['interface']); - $ip = gen_subnet($snortip, $sn) . "/{$sn}"; - if (!in_array($ip, $home_net)) - $home_net[] = $ip; + if ($sn = get_interface_subnet($snortcfg['interface'])) { + $ip = gen_subnet($snortip, $sn) . "/{$sn}"; + if (!in_array($ip, $home_net)) + $home_net[] = $ip; + } } } } @@ -346,10 +347,11 @@ function snort_build_list($snortcfg, $listname = "", $whitelist = false, $extern if (($externallist && $localnet == 'yes') || (!$externallist && (!$whitelist || $localnet == 'yes' || empty($localnet)))) { if (is_ipaddrv6($snortip)) { if ($snortcfg['interface'] <> "wan") { - $sn = get_interface_subnetv6($snortcfg['interface']); - $ip = gen_subnetv6($snortip, $sn). "/{$sn}"; - if (!in_array($ip, $home_net)) - $home_net[] = $ip; + if ($sn = get_interface_subnetv6($snortcfg['interface'])) { + $ip = gen_subnetv6($snortip, $sn). "/{$sn}"; + if (!in_array($ip, $home_net)) + $home_net[] = $ip; + } } } } @@ -383,10 +385,11 @@ function snort_build_list($snortcfg, $listname = "", $whitelist = false, $extern continue; $subnet = get_interface_ip($int); if (is_ipaddrv4($subnet)) { - $sn = get_interface_subnet($int); - $ip = gen_subnet($subnet, $sn) . "/{$sn}"; - if (!in_array($ip, $home_net)) - $home_net[] = $ip; + if ($sn = get_interface_subnet($int)) { + $ip = gen_subnet($subnet, $sn) . "/{$sn}"; + if (!in_array($ip, $home_net)) + $home_net[] = $ip; + } } $subnet = get_interface_ipv6($int); @@ -394,10 +397,11 @@ function snort_build_list($snortcfg, $listname = "", $whitelist = false, $extern if (strpos($subnet, "%") !== FALSE) $subnet = substr($subnet, 0, strpos($subnet, "%")); if (is_ipaddrv6($subnet)) { - $sn = get_interface_subnetv6($int); - $ip = gen_subnetv6($subnet, $sn). "/{$sn}"; - if (!in_array($ip, $home_net)) - $home_net[] = $ip; + if ($sn = get_interface_subnetv6($int)) { + $ip = gen_subnetv6($subnet, $sn). "/{$sn}"; + if (!in_array($ip, $home_net)) + $home_net[] = $ip; + } } // Add link-local address |