diff options
author | Scott Ullrich <sullrich@pfsense.org> | 2006-10-06 22:30:59 +0000 |
---|---|---|
committer | Scott Ullrich <sullrich@pfsense.org> | 2006-10-06 22:30:59 +0000 |
commit | 1cea649e3183da64201ea9a8dc00b65bbd209a72 (patch) | |
tree | 6289fd56882630d3c5369a404a484f4e57940760 /packages/snort | |
parent | 785bc1f02d8f73694cf100378f2a6da1afc70f8d (diff) | |
download | pfsense-packages-1cea649e3183da64201ea9a8dc00b65bbd209a72.tar.gz pfsense-packages-1cea649e3183da64201ea9a8dc00b65bbd209a72.tar.bz2 pfsense-packages-1cea649e3183da64201ea9a8dc00b65bbd209a72.zip |
Add automatic whitelist feature for VPNs
Diffstat (limited to 'packages/snort')
-rw-r--r-- | packages/snort/snort.inc | 19 | ||||
-rw-r--r-- | packages/snort/snort.xml | 8 |
2 files changed, 23 insertions, 4 deletions
diff --git a/packages/snort/snort.inc b/packages/snort/snort.inc index fa55b735..ba0d53fb 100644 --- a/packages/snort/snort.inc +++ b/packages/snort/snort.inc @@ -121,7 +121,7 @@ function snort_deinstall() { /* remove auto rules update helper */ remove_text_from_file($filenamea, $text_ww); /* remove custom sysctl */ - remove_text_from_file("/etc/sysctl.conf", "sysctl net.bpf.bufsize=20480"); + remove_text_from_file("/etc/sysctl.conf", "sysctl net.bpf.bufsize=20480"); /* decrease bpf buffers back to 4096, from 20480 */ exec("/sbin/sysctl net.bpf.bufsize=4096"); } @@ -133,6 +133,7 @@ function generate_snort_conf() { /* XXX: make multi wan friendly */ $snort_ext_int = $config['installedpackages']['snort']['config'][0]['iface_array'][0]; + /* add auto update scripts to /etc/crontab */ $text_ww = "*/60\t* \t 1\t *\t *\t root\t /usr/bin/nice -n20 /usr/local/pkg/snort_check_for_rule_updates.php"; $filenamea = "/etc/crontab"; remove_text_from_file($filenamea, $text_ww); @@ -221,6 +222,18 @@ function generate_snort_conf() { if(trim($wl)) fwrite($whitelist, trim($wl) . "\n"); + /* should we whitelist vpns? */ + $whitelistvpns = $config['installedpackages']['snort']['config'][0]['whitelistvpns']; + + /* grab a list of vpns and whitelist if user desires */ + if($whitelistvpns) { + $vpns_list = get_vpns_list(); + $whitelist_vpns = split(" ", $vpns_list); + foreach($whitelist_split as $wl) + if(trim($wl)) + fwrite($whitelist, trim($wl) . "\n"); + } + /* close file */ fclose($whitelist); @@ -341,7 +354,7 @@ EOD; } /* check downloaded text from snort.org to make sure that an error did not occur - * for example, if you are not a premium subscriber you can only download rules + * for example, if you are not a premium subscriber you can only download rules * so often, etc. */ function check_for_common_errors($filename) { @@ -393,7 +406,7 @@ function scroll_down_to_bottom_of_page() { function verify_downloaded_file($filename) { global $snort_filename, $snort_filename_md5, $console_mode; ob_flush(); - if(filesize($filename)<99500) { + if(filesize($filename)<9500) { if(!$console_mode) { update_all_status("Checking {$filename}..."); check_for_common_errors($filename); diff --git a/packages/snort/snort.xml b/packages/snort/snort.xml index fe8bdbb7..0248d087 100644 --- a/packages/snort/snort.xml +++ b/packages/snort/snort.xml @@ -155,6 +155,12 @@ <description>Automatically check for and update rules once a week from snort.org.</description> <type>checkbox</type> </field> + <field> + <fielddescr>Whitelist VPNS automatically</fielddescr> + <fieldname>whitelistvpns</fieldname> + <description>Checking this option will install whitelists for all VPNs</description> + <type>checkbox</type> + </field> </fields> <custom_php_install_command> sync_package_snort_reinstall(); @@ -167,5 +173,5 @@ </custom_php_resync_command> <custom_php_deinstall_command> snort_deinstall(); - </custom_php_deinstall_command> + </custom_php_deinstall_command> </packagegui> |