diff options
| author | bmeeks8 <bmeeks8@bellsouth.net> | 2014-07-29 18:26:35 -0400 |
|---|---|---|
| committer | bmeeks8 <bmeeks8@bellsouth.net> | 2014-07-29 18:26:35 -0400 |
| commit | 51b3fc2899bc8d38552d003a8f9a92d991b90d59 (patch) | |
| tree | 24728c5fbd3a79955c91b7d565c60c32a0264907 /config/snort | |
| parent | b352a0d92278a3c94d536cd44b1ec0807a7c4980 (diff) | |
| download | pfsense-packages-51b3fc2899bc8d38552d003a8f9a92d991b90d59.tar.gz pfsense-packages-51b3fc2899bc8d38552d003a8f9a92d991b90d59.tar.bz2 pfsense-packages-51b3fc2899bc8d38552d003a8f9a92d991b90d59.zip | |
Include Link-Local address in HOME_NET and default Pass List
Diffstat (limited to 'config/snort')
| -rwxr-xr-x | config/snort/snort.inc | 83 |
1 files changed, 51 insertions, 32 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc index 44a14c9e..7bf148ca 100755 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -363,27 +363,33 @@ function snort_build_list($snortcfg, $listname = "", $whitelist = false) { } } - /* Handle IPv6 if available (2.1 and higher) */ - if (function_exists('get_interface_ipv6')) { - $snortip = get_interface_ipv6($snortcfg['interface']); - if (!$whitelist || $localnet == 'yes' || empty($localnet)) { - if (is_ipaddrv6($snortip)) { - if ($snortcfg['interface'] <> "wan") { - $sn = get_interface_subnetv6($snortcfg['interface']); - $ip = gen_subnetv6($snortip, $sn). "/{$sn}"; - if (!in_array($ip, $home_net)) - $home_net[] = $ip; - } + $snortip = get_interface_ipv6($snortcfg['interface']); + if (!$whitelist || $localnet == 'yes' || empty($localnet)) { + if (is_ipaddrv6($snortip)) { + if ($snortcfg['interface'] <> "wan") { + $sn = get_interface_subnetv6($snortcfg['interface']); + $ip = gen_subnetv6($snortip, $sn). "/{$sn}"; + if (!in_array($ip, $home_net)) + $home_net[] = $ip; } } - else { - if (is_ipaddrv6($snortip)) { - if (!in_array($snortip, $home_net)) - $home_net[] = $snortip; - } + } + else { + if (is_ipaddrv6($snortip)) { + if (!in_array($snortip, $home_net)) + $home_net[] = $snortip; } } + // Add link-local address + $snortip = get_interface_linklocal($snortcfg['interface']); + if (!empty($snortip)) { + // Trim off the interface designation (e.g., %em1) + $snortip = substr($snortip, 0, strpos($snortip, "%")); + if (!in_array($snortip, $home_net)) + $home_net[] = $snortip; + } + if (!$whitelist || $localnet == 'yes' || empty($localnet)) { /*************************************************************************/ /* Iterate through the interface list and write out whitelist items and */ @@ -402,16 +408,22 @@ function snort_build_list($snortcfg, $listname = "", $whitelist = false) { if (!in_array($ip, $home_net)) $home_net[] = $ip; } - if (function_exists("get_interface_ipv6")) { - if ($int == "wan") - continue; - $subnet = get_interface_ipv6($int); - if (is_ipaddrv6($subnet)) { - $sn = get_interface_subnetv6($int); - $ip = gen_subnetv6($subnet, $sn). "/{$sn}"; - if (!in_array($ip, $home_net)) - $home_net[] = $ip; - } + + $subnet = get_interface_ipv6($int); + if (is_ipaddrv6($subnet)) { + $sn = get_interface_subnetv6($int); + $ip = gen_subnetv6($subnet, $sn). "/{$sn}"; + if (!in_array($ip, $home_net)) + $home_net[] = $ip; + } + + // Add link-local address + $snortip = get_interface_linklocal($int); + if (!empty($snortip)) { + // Trim off the interface designation (e.g., %em1) + $snortip = substr($snortip, 0, strpos($snortip, "%")); + if (!in_array($snortip, $home_net)) + $home_net[] = $snortip; } } } @@ -422,12 +434,19 @@ function snort_build_list($snortcfg, $listname = "", $whitelist = false) { if (!in_array($ip, $home_net)) $home_net[] = $ip; } - if (function_exists("get_interface_ipv6")) { - $ip = get_interface_ipv6("wan"); - if (is_ipaddrv6($ip)) { - if (!in_array($ip, $home_net)) - $home_net[] = $ip; - } + $ip = get_interface_ipv6("wan"); + if (is_ipaddrv6($ip)) { + if (!in_array($ip, $home_net)) + $home_net[] = $ip; + } + + // Add link-local address + $snortip = get_interface_linklocal("wan"); + if (!empty($snortip)) { + // Trim off the interface designation (e.g., %em1) + $snortip = substr($snortip, 0, strpos($snortip, "%")); + if (!in_array($snortip, $home_net)) + $home_net[] = $snortip; } } |