aboutsummaryrefslogtreecommitdiffstats
path: root/config/snort
diff options
context:
space:
mode:
authorbmeeks8 <bmeeks8@bellsouth.net>2015-02-03 12:36:03 -0500
committerRenato Botelho <garga@FreeBSD.org>2015-02-03 19:42:43 -0200
commit181808599fa16b7c2ff359142554267b75d632e6 (patch)
treef3ab17fe3cd79ac6065692e0c4d7c13b5e9a095c /config/snort
parent2c0b17ad21c3cd71d85e8ee3bdbc16b4fe2cdb62 (diff)
downloadpfsense-packages-181808599fa16b7c2ff359142554267b75d632e6.tar.gz
pfsense-packages-181808599fa16b7c2ff359142554267b75d632e6.tar.bz2
pfsense-packages-181808599fa16b7c2ff359142554267b75d632e6.zip
Add checks so empty IP or subnet is not saved to HOME_NET or PASS LIST.
Diffstat (limited to 'config/snort')
-rwxr-xr-xconfig/snort/snort.inc36
1 files changed, 20 insertions, 16 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc
index 16574e77..b9a022fd 100755
--- a/config/snort/snort.inc
+++ b/config/snort/snort.inc
@@ -324,10 +324,11 @@ function snort_build_list($snortcfg, $listname = "", $whitelist = false, $extern
if (($externallist && $localnet == 'yes') || (!$externallist && (!$whitelist || $localnet == 'yes' || empty($localnet)))) {
if (is_ipaddr($snortip)) {
if ($snortcfg['interface'] <> "wan") {
- $sn = get_interface_subnet($snortcfg['interface']);
- $ip = gen_subnet($snortip, $sn) . "/{$sn}";
- if (!in_array($ip, $home_net))
- $home_net[] = $ip;
+ if ($sn = get_interface_subnet($snortcfg['interface'])) {
+ $ip = gen_subnet($snortip, $sn) . "/{$sn}";
+ if (!in_array($ip, $home_net))
+ $home_net[] = $ip;
+ }
}
}
}
@@ -346,10 +347,11 @@ function snort_build_list($snortcfg, $listname = "", $whitelist = false, $extern
if (($externallist && $localnet == 'yes') || (!$externallist && (!$whitelist || $localnet == 'yes' || empty($localnet)))) {
if (is_ipaddrv6($snortip)) {
if ($snortcfg['interface'] <> "wan") {
- $sn = get_interface_subnetv6($snortcfg['interface']);
- $ip = gen_subnetv6($snortip, $sn). "/{$sn}";
- if (!in_array($ip, $home_net))
- $home_net[] = $ip;
+ if ($sn = get_interface_subnetv6($snortcfg['interface'])) {
+ $ip = gen_subnetv6($snortip, $sn). "/{$sn}";
+ if (!in_array($ip, $home_net))
+ $home_net[] = $ip;
+ }
}
}
}
@@ -383,10 +385,11 @@ function snort_build_list($snortcfg, $listname = "", $whitelist = false, $extern
continue;
$subnet = get_interface_ip($int);
if (is_ipaddrv4($subnet)) {
- $sn = get_interface_subnet($int);
- $ip = gen_subnet($subnet, $sn) . "/{$sn}";
- if (!in_array($ip, $home_net))
- $home_net[] = $ip;
+ if ($sn = get_interface_subnet($int)) {
+ $ip = gen_subnet($subnet, $sn) . "/{$sn}";
+ if (!in_array($ip, $home_net))
+ $home_net[] = $ip;
+ }
}
$subnet = get_interface_ipv6($int);
@@ -394,10 +397,11 @@ function snort_build_list($snortcfg, $listname = "", $whitelist = false, $extern
if (strpos($subnet, "%") !== FALSE)
$subnet = substr($subnet, 0, strpos($subnet, "%"));
if (is_ipaddrv6($subnet)) {
- $sn = get_interface_subnetv6($int);
- $ip = gen_subnetv6($subnet, $sn). "/{$sn}";
- if (!in_array($ip, $home_net))
- $home_net[] = $ip;
+ if ($sn = get_interface_subnetv6($int)) {
+ $ip = gen_subnetv6($subnet, $sn). "/{$sn}";
+ if (!in_array($ip, $home_net))
+ $home_net[] = $ip;
+ }
}
// Add link-local address