diff options
-rw-r--r-- | config/snort/snort.inc | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc index 839faf23..da6b8873 100644 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -2198,6 +2198,11 @@ EOD; else $def_max_queued_segs_type = ' max_queued_segs ' . $snortcfg['max_queued_segs'] . ','; + $snort_preprocessor_decoder_rules = ""; + if (file_exists("/usr/local/etc/snort/preproc_rules/preprocessor.rules")) + $snort_preprocessor_decoder_rules .= "include \$PREPROC_RULE_PATH/preprocessor.rules\n"; + if (file_exists("/usr/local/etc/snort/preproc_rules/decoder.rules")) + $snort_preprocessor_decoder_rules .= "include \$PREPROC_RULE_PATH/decoder.rules\n"; /* build snort configuration file */ /* TODO; feed back from pfsense users to reduce false positives */ @@ -2408,8 +2413,8 @@ preprocessor ssl: ports { {$def_ssl_ports_ignore_type} }, trustservers, noinspec include /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/reference.config include /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/classification.config -include \$PREPROC_RULE_PATH/preprocessor.rules -include \$PREPROC_RULE_PATH/decoder.rules +{$snort_preprocessor_decoder_rules} + $threshold_file_name # Snort user pass through configuration |