diff options
author | Ermal <eri@pfsense.org> | 2012-07-12 19:53:18 +0000 |
---|---|---|
committer | Ermal <eri@pfsense.org> | 2012-07-12 19:53:18 +0000 |
commit | 4cb145db47410834ddd2c8d018aa35ae0f2cb21a (patch) | |
tree | a3fabd2d6e719f6ee274fb3f7f051eb3e929b7be /config/snort | |
parent | 8c4b17816850ed39e74afd9c5d1d62a6d16026ea (diff) | |
download | pfsense-packages-4cb145db47410834ddd2c8d018aa35ae0f2cb21a.tar.gz pfsense-packages-4cb145db47410834ddd2c8d018aa35ae0f2cb21a.tar.bz2 pfsense-packages-4cb145db47410834ddd2c8d018aa35ae0f2cb21a.zip |
Enable only selected dynamic rules
Diffstat (limited to 'config/snort')
-rw-r--r-- | config/snort/snort.inc | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc index d51518af..6cacbc49 100644 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -1284,9 +1284,15 @@ EOD; /* generate rule sections to load */ $selected_rules_sections = ""; + $dynamic_rules_sections = ""; if (!empty($snortcfg['rulesets'])) { $enabled_rulesets_array = explode("||", $snortcfg['rulesets']); foreach($enabled_rulesets_array as $enabled_item) { + if (substr($enabled_item, 0, 5) == "snort" && substr($enabled_item, -9) == ".so.rules") { + $slib = substr($enabled_item, 6, -6); + if (file_exists("{$snort_dirs['dynamicrules']}/{$slib}")) + $dynamic_rules_sections .= "dynamicdetection file {$snort_dirs['dynamicrules']}/{$slib}\n"; + } if (file_exists("{$snortcfgdir}/rules/{$enabled_item}")) $selected_rules_sections .= "include \$RULE_PATH/{$enabled_item}\n"; } @@ -1333,7 +1339,7 @@ config event_queue: max_queue 8 log 3 order_events content_length #Configure dynamic loaded libraries dynamicpreprocessor directory {$snort_dirs['dynamicpreprocessor']} dynamicengine directory {$snort_dirs['dynamicengine']} -dynamicdetection directory {$snort_dirs['dynamicrules']} +{$dynamic_rules_sections} # Flow and stream # preprocessor frag3_global: max_frags 8192 |