aboutsummaryrefslogtreecommitdiffstats
path: root/config/snort
diff options
context:
space:
mode:
authorErmal <eri@pfsense.org>2012-07-16 14:01:43 +0000
committerErmal <eri@pfsense.org>2012-07-16 14:01:43 +0000
commitb0057564e155afd9bbf8a10a7c7167f1782943ca (patch)
treeffed87f2eac289d15d18b9cf4d61f649c7bfcabc /config/snort
parent43765a4dc39e27ae3e6e3bfaf074e6cc4e91b387 (diff)
downloadpfsense-packages-b0057564e155afd9bbf8a10a7c7167f1782943ca.tar.gz
pfsense-packages-b0057564e155afd9bbf8a10a7c7167f1782943ca.tar.bz2
pfsense-packages-b0057564e155afd9bbf8a10a7c7167f1782943ca.zip
Bring back the subnet definitions for home net since HOME_NET defines what to be looked after. Maybe use any as default snort.conf?
Diffstat (limited to 'config/snort')
-rw-r--r--config/snort/snort.inc14
1 files changed, 9 insertions, 5 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc
index a2787408..eb1b57c5 100644
--- a/config/snort/snort.inc
+++ b/config/snort/snort.inc
@@ -155,12 +155,16 @@ function snort_build_list($snortcfg, $listname = "") {
/* calculate interface subnet information */
if (function_exists('get_interface_ip')) {
$subnet = get_interface_ip($int);
- if (is_ipaddr($subnet))
- $home_net .= "{$subnet} ";
+ if (is_ipaddr($subnet)) {
+ $sn = get_interface_subnet($int);
+ $home_net .= "{$subnet}/{$sn} ";
+ }
if (function_exists("get_interface_ipv6")) {
$subnet = get_interface_ipv6($int);
- if (is_ipaddrv6($subnet))
- $home_net .= "{$subnet} ";
+ if (is_ipaddrv6($subnet)) {
+ $sn = get_interface_subnetv6($int);
+ $home_net .= "{$subnet}/{$sn} ";
+ }
}
} else {
$ifcfg = $config['interfaces'][$int];
@@ -215,7 +219,7 @@ function snort_build_list($snortcfg, $listname = "") {
if (is_array($config['virtualip']) && is_array($config['virtualip']['vip'])) {
foreach($config['virtualip']['vip'] as $vip)
if ($vip['subnet'] && $vip['mode'] != 'proxyarp')
- $home_net .= "{$vip['subnet']} ";
+ $home_net .= "{$vip['subnet']}/{$vip['subnet_bits']} ";
}
}