diff options
author | Ermal <eri@pfsense.org> | 2012-07-16 14:01:43 +0000 |
---|---|---|
committer | Ermal <eri@pfsense.org> | 2012-07-16 14:01:43 +0000 |
commit | b0057564e155afd9bbf8a10a7c7167f1782943ca (patch) | |
tree | ffed87f2eac289d15d18b9cf4d61f649c7bfcabc /config/snort | |
parent | 43765a4dc39e27ae3e6e3bfaf074e6cc4e91b387 (diff) | |
download | pfsense-packages-b0057564e155afd9bbf8a10a7c7167f1782943ca.tar.gz pfsense-packages-b0057564e155afd9bbf8a10a7c7167f1782943ca.tar.bz2 pfsense-packages-b0057564e155afd9bbf8a10a7c7167f1782943ca.zip |
Bring back the subnet definitions for home net since HOME_NET defines what to be looked after. Maybe use any as default snort.conf?
Diffstat (limited to 'config/snort')
-rw-r--r-- | config/snort/snort.inc | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc index a2787408..eb1b57c5 100644 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -155,12 +155,16 @@ function snort_build_list($snortcfg, $listname = "") { /* calculate interface subnet information */ if (function_exists('get_interface_ip')) { $subnet = get_interface_ip($int); - if (is_ipaddr($subnet)) - $home_net .= "{$subnet} "; + if (is_ipaddr($subnet)) { + $sn = get_interface_subnet($int); + $home_net .= "{$subnet}/{$sn} "; + } if (function_exists("get_interface_ipv6")) { $subnet = get_interface_ipv6($int); - if (is_ipaddrv6($subnet)) - $home_net .= "{$subnet} "; + if (is_ipaddrv6($subnet)) { + $sn = get_interface_subnetv6($int); + $home_net .= "{$subnet}/{$sn} "; + } } } else { $ifcfg = $config['interfaces'][$int]; @@ -215,7 +219,7 @@ function snort_build_list($snortcfg, $listname = "") { if (is_array($config['virtualip']) && is_array($config['virtualip']['vip'])) { foreach($config['virtualip']['vip'] as $vip) if ($vip['subnet'] && $vip['mode'] != 'proxyarp') - $home_net .= "{$vip['subnet']} "; + $home_net .= "{$vip['subnet']}/{$vip['subnet_bits']} "; } } |