diff options
| author | bmeeks8 <bmeeks8@bellsouth.net> | 2014-08-30 12:22:42 -0400 |
|---|---|---|
| committer | bmeeks8 <bmeeks8@bellsouth.net> | 2014-08-30 12:22:42 -0400 |
| commit | 93b31c59eaa2dbde1720fa85ee42c53b46db2cab (patch) | |
| tree | 6c1f3f633b66b80a31baa8b2d3b736acec8fa7ad /config/suricata/suricata_generate_yaml.php | |
| parent | a23e600747047c0b94e0680141562f51d1f13f1f (diff) | |
| download | pfsense-packages-93b31c59eaa2dbde1720fa85ee42c53b46db2cab.tar.gz pfsense-packages-93b31c59eaa2dbde1720fa85ee42c53b46db2cab.tar.bz2 pfsense-packages-93b31c59eaa2dbde1720fa85ee42c53b46db2cab.zip | |
Suricata prefers CIDR masks on HOME_NET and EXTERNAL_NET addresses.
Diffstat (limited to 'config/suricata/suricata_generate_yaml.php')
| -rw-r--r-- | config/suricata/suricata_generate_yaml.php | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/config/suricata/suricata_generate_yaml.php b/config/suricata/suricata_generate_yaml.php index 7c0a7bdd..0715471d 100644 --- a/config/suricata/suricata_generate_yaml.php +++ b/config/suricata/suricata_generate_yaml.php @@ -68,11 +68,17 @@ foreach ($suricata_files as $file) { $home_net_list = suricata_build_list($suricatacfg, $suricatacfg['homelistname']); $home_net = implode(",", $home_net_list); $home_net = trim($home_net); -$external_net = '!$HOME_NET'; +$external_net = ""; if (!empty($suricatacfg['externallistname']) && $suricatacfg['externallistname'] != 'default') { $external_net_list = suricata_build_list($suricatacfg, $suricatacfg['externallistname'], false, true); $external_net = implode(",", $external_net_list); - $external_net = '[' . trim($external_net) . ']'; + $external_net = "[" . trim($external_net) . "]"; +} +else { + $external_net = "["; + foreach ($home_net_list as $ip) + $external_net .= "!{$ip},"; + $external_net = trim($external_net, ', ') . "]"; } // Set the PASS LIST and write its contents to disk |