aboutsummaryrefslogtreecommitdiffstats
path: root/config/snort
diff options
context:
space:
mode:
authorErmal <eri@pfsense.org>2013-01-29 17:19:26 +0100
committerErmal <eri@pfsense.org>2013-01-29 17:19:26 +0100
commit6eb7ddf66bf8f40a8981a25353bc8a99558eefcd (patch)
tree7fc5b0e06d0a6c457120c1dade5e5f3ec5c1cd9f /config/snort
parent6684741c9cdd0891bfddec85aaccf535124c59cd (diff)
downloadpfsense-packages-6eb7ddf66bf8f40a8981a25353bc8a99558eefcd.tar.gz
pfsense-packages-6eb7ddf66bf8f40a8981a25353bc8a99558eefcd.tar.bz2
pfsense-packages-6eb7ddf66bf8f40a8981a25353bc8a99558eefcd.zip
Use subnet of interface here to have HOME_NET set properly
Diffstat (limited to 'config/snort')
-rwxr-xr-xconfig/snort/snort.inc9
1 files changed, 7 insertions, 2 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc
index ace1c89c..dede1f1d 100755
--- a/config/snort/snort.inc
+++ b/config/snort/snort.inc
@@ -147,8 +147,13 @@ function snort_build_list($snortcfg, $listname = "", $whitelist = false) {
$home_net .= "{$snortip} ";
if (function_exists('get_interface_ipv6')) {
$snortip = get_interface_ipv6($snortcfg['interface']);
- if (is_ipaddrv6($snortip))
- $home_net .= "{$snortip} ";
+ if (is_ipaddrv6($snortip)) {
+ if ($whitelist === false) {
+ $sn = get_interface_subnet($int);
+ $home_net .= "{$subnet}/{$sn} ";
+ } else
+ $home_net .= "{$subnet} ";
+ }
}
/* iterate through interface list and write out whitelist items