diff options
| author | bmeeks8 <bmeeks8@bellsouth.net> | 2015-02-03 12:36:03 -0500 |
|---|---|---|
| committer | Renato Botelho <garga@FreeBSD.org> | 2015-02-03 19:42:43 -0200 |
| commit | 181808599fa16b7c2ff359142554267b75d632e6 (patch) | |
| tree | f3ab17fe3cd79ac6065692e0c4d7c13b5e9a095c /config/snort | |
| parent | 2c0b17ad21c3cd71d85e8ee3bdbc16b4fe2cdb62 (diff) | |
| download | pfsense-packages-181808599fa16b7c2ff359142554267b75d632e6.tar.gz pfsense-packages-181808599fa16b7c2ff359142554267b75d632e6.tar.bz2 pfsense-packages-181808599fa16b7c2ff359142554267b75d632e6.zip | |
Add checks so empty IP or subnet is not saved to HOME_NET or PASS LIST.
Diffstat (limited to 'config/snort')
| -rwxr-xr-x | config/snort/snort.inc | 36 |
1 files changed, 20 insertions, 16 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc index 16574e77..b9a022fd 100755 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -324,10 +324,11 @@ function snort_build_list($snortcfg, $listname = "", $whitelist = false, $extern if (($externallist && $localnet == 'yes') || (!$externallist && (!$whitelist || $localnet == 'yes' || empty($localnet)))) { if (is_ipaddr($snortip)) { if ($snortcfg['interface'] <> "wan") { - $sn = get_interface_subnet($snortcfg['interface']); - $ip = gen_subnet($snortip, $sn) . "/{$sn}"; - if (!in_array($ip, $home_net)) - $home_net[] = $ip; + if ($sn = get_interface_subnet($snortcfg['interface'])) { + $ip = gen_subnet($snortip, $sn) . "/{$sn}"; + if (!in_array($ip, $home_net)) + $home_net[] = $ip; + } } } } @@ -346,10 +347,11 @@ function snort_build_list($snortcfg, $listname = "", $whitelist = false, $extern if (($externallist && $localnet == 'yes') || (!$externallist && (!$whitelist || $localnet == 'yes' || empty($localnet)))) { if (is_ipaddrv6($snortip)) { if ($snortcfg['interface'] <> "wan") { - $sn = get_interface_subnetv6($snortcfg['interface']); - $ip = gen_subnetv6($snortip, $sn). "/{$sn}"; - if (!in_array($ip, $home_net)) - $home_net[] = $ip; + if ($sn = get_interface_subnetv6($snortcfg['interface'])) { + $ip = gen_subnetv6($snortip, $sn). "/{$sn}"; + if (!in_array($ip, $home_net)) + $home_net[] = $ip; + } } } } @@ -383,10 +385,11 @@ function snort_build_list($snortcfg, $listname = "", $whitelist = false, $extern continue; $subnet = get_interface_ip($int); if (is_ipaddrv4($subnet)) { - $sn = get_interface_subnet($int); - $ip = gen_subnet($subnet, $sn) . "/{$sn}"; - if (!in_array($ip, $home_net)) - $home_net[] = $ip; + if ($sn = get_interface_subnet($int)) { + $ip = gen_subnet($subnet, $sn) . "/{$sn}"; + if (!in_array($ip, $home_net)) + $home_net[] = $ip; + } } $subnet = get_interface_ipv6($int); @@ -394,10 +397,11 @@ function snort_build_list($snortcfg, $listname = "", $whitelist = false, $extern if (strpos($subnet, "%") !== FALSE) $subnet = substr($subnet, 0, strpos($subnet, "%")); if (is_ipaddrv6($subnet)) { - $sn = get_interface_subnetv6($int); - $ip = gen_subnetv6($subnet, $sn). "/{$sn}"; - if (!in_array($ip, $home_net)) - $home_net[] = $ip; + if ($sn = get_interface_subnetv6($int)) { + $ip = gen_subnetv6($subnet, $sn). "/{$sn}"; + if (!in_array($ip, $home_net)) + $home_net[] = $ip; + } } // Add link-local address |