aboutsummaryrefslogtreecommitdiffstats
path: root/config/snort
diff options
context:
space:
mode:
authorErmal <eri@pfsense.org>2012-07-12 19:53:18 +0000
committerErmal <eri@pfsense.org>2012-07-12 19:53:18 +0000
commit4cb145db47410834ddd2c8d018aa35ae0f2cb21a (patch)
treea3fabd2d6e719f6ee274fb3f7f051eb3e929b7be /config/snort
parent8c4b17816850ed39e74afd9c5d1d62a6d16026ea (diff)
downloadpfsense-packages-4cb145db47410834ddd2c8d018aa35ae0f2cb21a.tar.gz
pfsense-packages-4cb145db47410834ddd2c8d018aa35ae0f2cb21a.tar.bz2
pfsense-packages-4cb145db47410834ddd2c8d018aa35ae0f2cb21a.zip
Enable only selected dynamic rules
Diffstat (limited to 'config/snort')
-rw-r--r--config/snort/snort.inc8
1 files changed, 7 insertions, 1 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc
index d51518af..6cacbc49 100644
--- a/config/snort/snort.inc
+++ b/config/snort/snort.inc
@@ -1284,9 +1284,15 @@ EOD;
/* generate rule sections to load */
$selected_rules_sections = "";
+ $dynamic_rules_sections = "";
if (!empty($snortcfg['rulesets'])) {
$enabled_rulesets_array = explode("||", $snortcfg['rulesets']);
foreach($enabled_rulesets_array as $enabled_item) {
+ if (substr($enabled_item, 0, 5) == "snort" && substr($enabled_item, -9) == ".so.rules") {
+ $slib = substr($enabled_item, 6, -6);
+ if (file_exists("{$snort_dirs['dynamicrules']}/{$slib}"))
+ $dynamic_rules_sections .= "dynamicdetection file {$snort_dirs['dynamicrules']}/{$slib}\n";
+ }
if (file_exists("{$snortcfgdir}/rules/{$enabled_item}"))
$selected_rules_sections .= "include \$RULE_PATH/{$enabled_item}\n";
}
@@ -1333,7 +1339,7 @@ config event_queue: max_queue 8 log 3 order_events content_length
#Configure dynamic loaded libraries
dynamicpreprocessor directory {$snort_dirs['dynamicpreprocessor']}
dynamicengine directory {$snort_dirs['dynamicengine']}
-dynamicdetection directory {$snort_dirs['dynamicrules']}
+{$dynamic_rules_sections}
# Flow and stream #
preprocessor frag3_global: max_frags 8192