aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--config/snort/snort.inc16
-rw-r--r--config/snort/snort_define_servers.php20
-rw-r--r--config/snort/snort_interfaces_edit.php4
-rw-r--r--pkg_config.8.xml2
-rw-r--r--pkg_config.8.xml.amd642
5 files changed, 42 insertions, 2 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc
index 0e624c7f..36f58760 100644
--- a/config/snort/snort.inc
+++ b/config/snort/snort.inc
@@ -1581,6 +1581,20 @@ function generate_snort_conf($id, $if_real, $snort_uuid)
$def_sip_proxy_ports_type = "5060:5090,16384:32768";
else
$def_sip_proxy_ports_type = "$def_sip_proxy_ports_info_chk";
+
+ /* def SIP_IP */
+ $def_sip_ip_info_chk = $snortcfg['def_sip_ip'];
+ if ($def_sip_ip_info_chk == "")
+ $def_sip_ip_type = "\$HOME_NET";
+ else
+ $def_sip_ip_type = "$def_sip_ip_info_chk";
+
+ /* def SIP_PORTS */
+ $def_sip_ports_info_chk = $snortcfg['def_sip_ports'];
+ if ($def_sip_ports_info_chk == "")
+ $def_sip_ports_type = "5060:5090,16384:32768";
+ else
+ $def_sip_ports_type = "$def_sip_ports_info_chk";
/* def AUTH_PORTS */
$def_auth_ports_info_chk = $snortcfg['def_auth_ports'];
@@ -1964,6 +1978,7 @@ var IMAP_SERVERS [{$def_imap_servers_type}]
var RPC_SERVERS \$HOME_NET
var WWW_SERVERS [{$def_www_servers_type}]
var SIP_PROXY_IP [{$def_sip_proxy_ip_type}]
+var SIP_IP [{$def_sip_ip_type}]
var AIM_SERVERS \
[64.12.24.0/23,64.12.28.0/23,64.12.161.0/24,64.12.163.0/24,64.12.200.0/24,205.188.3.0/24,205.188.5.0/24,205.188.7.0/24,205.188.9.0/24,205.188.153.0/24,205.188.179.0/24,205.188.248.0/24]
@@ -1997,6 +2012,7 @@ portvar TELNET_PORTS [{$def_telnet_ports_type}]
portvar MAIL_PORTS [{$def_mail_ports_type}]
portvar SSL_PORTS [{$def_ssl_ports_type}]
portvar SIP_PROXY_PORTS [{$def_sip_proxy_ports_type}]
+portvar SIP_PORTS [{$def_sip_ports_type}]
# DCERPC NCACN-IP-TCP
portvar DCERPC_NCACN_IP_TCP [139,445]
diff --git a/config/snort/snort_define_servers.php b/config/snort/snort_define_servers.php
index e3238ef7..45264995 100644
--- a/config/snort/snort_define_servers.php
+++ b/config/snort/snort_define_servers.php
@@ -88,6 +88,8 @@ if (isset($id) && $a_nat[$id]) {
$pconfig['def_imap_servers'] = $a_nat[$id]['def_imap_servers'];
$pconfig['def_imap_ports'] = $a_nat[$id]['def_imap_ports'];
$pconfig['def_sip_proxy_ip'] = $a_nat[$id]['def_sip_proxy_ip'];
+ $pconfig['def_sip_servers_ip'] = $a_nat[$id]['def_sip_servers_ip'];
+ $pconfig['def_sip_ports'] = $a_nat[$id]['def_sip_ports'];
$pconfig['def_sip_proxy_ports'] = $a_nat[$id]['def_sip_proxy_ports'];
$pconfig['def_auth_ports'] = $a_nat[$id]['def_auth_ports'];
$pconfig['def_finger_ports'] = $a_nat[$id]['def_finger_ports'];
@@ -139,6 +141,8 @@ if ($_POST) {
if ($_POST['def_imap_ports'] != "") { $natent['def_imap_ports'] = $_POST['def_imap_ports']; }else{ $natent['def_imap_ports'] = ""; }
if ($_POST['def_sip_proxy_ip'] != "") { $natent['def_sip_proxy_ip'] = $_POST['def_sip_proxy_ip']; }else{ $natent['def_sip_proxy_ip'] = ""; }
if ($_POST['def_sip_proxy_ports'] != "") { $natent['def_sip_proxy_ports'] = $_POST['def_sip_proxy_ports']; }else{ $natent['def_sip_proxy_ports'] = ""; }
+ if ($_POST['def_sip_ip'] != "") { $natent['def_sip_ip'] = $_POST['def_sip_ip']; }else{ $natent['def_sip_ip'] = ""; }
+ if ($_POST['def_sip_ports'] != "") { $natent['def_sip_ports'] = $_POST['def_sip_ports']; }else{ $natent['def_sip_ports'] = ""; }
if ($_POST['def_auth_ports'] != "") { $natent['def_auth_ports'] = $_POST['def_auth_ports']; }else{ $natent['def_auth_ports'] = ""; }
if ($_POST['def_finger_ports'] != "") { $natent['def_finger_ports'] = $_POST['def_finger_ports']; }else{ $natent['def_finger_ports'] = ""; }
if ($_POST['def_irc_ports'] != "") { $natent['def_irc_ports'] = $_POST['def_irc_ports']; }else{ $natent['def_irc_ports'] = ""; }
@@ -442,8 +446,24 @@ echo "{$snort_general_css}\n";
value="<?=htmlspecialchars($pconfig['def_sip_proxy_ports']);?>"> <br>
<span class="vexpl">Example: Specific ports "25,443" or All ports
betwen "5060:5090 . Default is 5060:5090,16384:32768.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define SIP_SERVERS</td>
+ <td width="78%" class="vtable"><input name="def_sip_ip"
+ type="text" class="formfld" id="def_sip_ip" size="40"
+ value="<?=htmlspecialchars($pconfig['def_sip_ip']);?>"> <br>
+ <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave
+ blank to scan all networks.</span></td>
</tr>
<tr>
+ <td width="22%" valign="top" class="vncell2">Define SIP_PORTS</td>
+ <td width="78%" class="vtable"><input name="def_sip_ports"
+ type="text" class="formfld" id="def_sip_ports" size="40"
+ value="<?=htmlspecialchars($pconfig['def_sip_ports']);?>"> <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports
+ betwen "5060:5090 . Default is 5060:5090,16384:32768.</span></td>
+ </tr>
+ <tr>
<td width="22%" valign="top" class="vncell2">Define AUTH_PORTS</td>
<td width="78%" class="vtable"><input name="def_auth_ports"
type="text" class="formfld" id="def_auth_ports" size="40"
diff --git a/config/snort/snort_interfaces_edit.php b/config/snort/snort_interfaces_edit.php
index b1a091e7..a0e912cd 100644
--- a/config/snort/snort_interfaces_edit.php
+++ b/config/snort/snort_interfaces_edit.php
@@ -111,6 +111,8 @@ if (isset($id) && $a_nat[$id]) {
$pconfig['def_imap_servers'] = $a_nat[$id]['def_imap_servers'];
$pconfig['def_imap_ports'] = $a_nat[$id]['def_imap_ports'];
$pconfig['def_sip_proxy_ip'] = $a_nat[$id]['def_sip_proxy_ip'];
+ $pconfig['def_sip_servers_ip'] = $a_nat[$id]['def_sip_servers_ip'];
+ $pconfig['def_sip_ports'] = $a_nat[$id]['def_sip_ports'];
$pconfig['def_sip_proxy_ports'] = $a_nat[$id]['def_sip_proxy_ports'];
$pconfig['def_auth_ports'] = $a_nat[$id]['def_auth_ports'];
$pconfig['def_finger_ports'] = $a_nat[$id]['def_finger_ports'];
@@ -253,6 +255,8 @@ if (isset($_GET['dup']))
if ($pconfig['def_imap_servers'] != "") { $natent['def_imap_servers'] = $pconfig['def_imap_servers']; }
if ($pconfig['def_imap_ports'] != "") { $natent['def_imap_ports'] = $pconfig['def_imap_ports']; }
if ($pconfig['def_sip_proxy_ip'] != "") { $natent['def_sip_proxy_ip'] = $pconfig['def_sip_proxy_ip']; }
+ if ($pconfig['def_sip_ip'] != "") { $natent['def_sip_ip'] = $pconfig['def_sip_ip']; }else{ $natent['def_sip_ip'] = ""; }
+ if ($pconfig['def_sip_ports'] != "") { $natent['def_sip_ports'] = $pconfig['def_sip_ports']; }else{ $natent['def_sip_ports'] = ""; }
if ($pconfig['def_sip_proxy_ports'] != "") { $natent['def_sip_proxy_ports'] = $pconfig['def_sip_proxy_ports']; }
if ($pconfig['def_auth_ports'] != "") { $natent['def_auth_ports'] = $pconfig['def_auth_ports']; }
if ($pconfig['def_finger_ports'] != "") { $natent['def_finger_ports'] = $pconfig['def_finger_ports']; }
diff --git a/pkg_config.8.xml b/pkg_config.8.xml
index a52d1f6a..eaace036 100644
--- a/pkg_config.8.xml
+++ b/pkg_config.8.xml
@@ -317,7 +317,7 @@
<build_port_path>/usr/ports/security/snort</build_port_path>
<build_options>WITH_THREADS=yes WITH_IPV6=true WITH_MPLS=true WITH_GRE=true WITHOUT_TARGETBASED=true WITH_DECODERPRE=true WITH_ZLIB=true WITH_NORMALIZER=true WITH_REACT=true WITH_PERFPROFILE=true WITH_FLEXRESP3=true WITHOUT_MYSQL=true WITHOUT_ODBC=true WITHOUT_POSTGRESQL=true WITHOUT_PRELUDE=true WITH_SNORTSAM=true WITHOUT_PFSENSE=true</build_options>
<config_file>http://www.pfsense.com/packages/config/snort/snort.xml</config_file>
- <version>2.9.1 pkg v. 2.0</version>
+ <version>2.9.1 pkg v. 2.0.1</version>
<required_version>2.0</required_version>
<status>Stable</status>
<configurationfile>/snort.xml</configurationfile>
diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64
index cdfaf618..b556fcf6 100644
--- a/pkg_config.8.xml.amd64
+++ b/pkg_config.8.xml.amd64
@@ -392,7 +392,7 @@
<build_port_path>/usr/ports/security/snort</build_port_path>
<build_options>WITH_THREADS=yes WITH_IPV6=true WITH_MPLS=true WITH_GRE=true WITHOUT_TARGETBASED=true WITH_DECODERPRE=true WITH_ZLIB=true WITH_NORMALIZER=true WITH_REACT=true WITH_PERFPROFILE=true WITH_FLEXRESP3=true WITHOUT_MYSQL=true WITHOUT_ODBC=true WITHOUT_POSTGRESQL=true WITHOUT_PRELUDE=true WITH_SNORTSAM=true WITHOUT_PFSENSE=true</build_options>
<config_file>http://www.pfsense.com/packages/config/snort/snort.xml</config_file>
- <version>2.9.1 pkg v. 2.0</version>
+ <version>2.9.1 pkg v. 2.0.1</version>
<required_version>2.0</required_version>
<status>Stable</status>
<configurationfile>/snort.xml</configurationfile>