diff options
| author | bmeeks8 <bmeeks8@bellsouth.net> | 2015-02-04 15:10:04 -0500 |
|---|---|---|
| committer | bmeeks8 <bmeeks8@bellsouth.net> | 2015-02-04 15:10:04 -0500 |
| commit | 63b8709fcd142b2a306b25a1a50f0141aa3daf7c (patch) | |
| tree | b8e07b55b5b34dd0120a98d5180463ae4021bef8 /config/suricata | |
| parent | e434534dad51e6306eb2c3401cd8ce72295618e8 (diff) | |
| download | pfsense-packages-63b8709fcd142b2a306b25a1a50f0141aa3daf7c.tar.gz pfsense-packages-63b8709fcd142b2a306b25a1a50f0141aa3daf7c.tar.bz2 pfsense-packages-63b8709fcd142b2a306b25a1a50f0141aa3daf7c.zip | |
Add checks so empty IP or subnet is not saved to HOME_NET or PASS LIST.
Diffstat (limited to 'config/suricata')
| -rw-r--r-- | config/suricata/suricata.inc | 36 |
1 files changed, 20 insertions, 16 deletions
diff --git a/config/suricata/suricata.inc b/config/suricata/suricata.inc index 66c1e799..3de6a1d6 100644 --- a/config/suricata/suricata.inc +++ b/config/suricata/suricata.inc @@ -327,10 +327,11 @@ function suricata_build_list($suricatacfg, $listname = "", $passlist = false, $e if (($externallist && $localnet == 'yes') || (!$externallist && (!$passlist || $localnet == 'yes' || empty($localnet)))) { if (is_ipaddrv4($suricataip)) { if ($suricatacfg['interface'] <> "wan") { - $sn = get_interface_subnet($suricatacfg['interface']); - $ip = gen_subnet($suricataip, $sn) . "/{$sn}"; - if (!in_array($ip, $home_net)) - $home_net[] = $ip; + if ($sn = get_interface_subnet($suricatacfg['interface'])) { + $ip = gen_subnet($suricataip, $sn) . "/{$sn}"; + if (!in_array($ip, $home_net)) + $home_net[] = $ip; + } } } } @@ -349,10 +350,11 @@ function suricata_build_list($suricatacfg, $listname = "", $passlist = false, $e if (($externallist && $localnet == 'yes') || (!$externallist && (!$passlist || $localnet == 'yes' || empty($localnet)))) { if (is_ipaddrv6($suricataip)) { if ($suricatacfg['interface'] <> "wan") { - $sn = get_interface_subnetv6($suricatacfg['interface']); - $ip = gen_subnetv6($suricataip, $sn). "/{$sn}"; - if (!in_array($ip, $home_net)) - $home_net[] = $ip; + if ($sn = get_interface_subnetv6($suricatacfg['interface'])) { + $ip = gen_subnetv6($suricataip, $sn). "/{$sn}"; + if (!in_array($ip, $home_net)) + $home_net[] = $ip; + } } } } @@ -386,10 +388,11 @@ function suricata_build_list($suricatacfg, $listname = "", $passlist = false, $e continue; $subnet = get_interface_ip($int); if (is_ipaddrv4($subnet)) { - $sn = get_interface_subnet($int); - $ip = gen_subnet($subnet, $sn) . "/{$sn}"; - if (!in_array($ip, $home_net)) - $home_net[] = $ip; + if ($sn = get_interface_subnet($int)) { + $ip = gen_subnet($subnet, $sn) . "/{$sn}"; + if (!in_array($ip, $home_net)) + $home_net[] = $ip; + } } $subnet = get_interface_ipv6($int); @@ -397,10 +400,11 @@ function suricata_build_list($suricatacfg, $listname = "", $passlist = false, $e if (strpos($subnet, "%") !== FALSE) $subnet = substr($subnet, 0, strpos($subnet, "%")); if (is_ipaddrv6($subnet)) { - $sn = get_interface_subnetv6($int); - $ip = gen_subnetv6($subnet, $sn). "/{$sn}"; - if (!in_array($ip, $home_net)) - $home_net[] = $ip; + if ($sn = get_interface_subnetv6($int)) { + $ip = gen_subnetv6($subnet, $sn). "/{$sn}"; + if (!in_array($ip, $home_net)) + $home_net[] = $ip; + } } // Add link-local address |