From 5ea85d169560b26d19b074f85f4cc7976a46f8a7 Mon Sep 17 00:00:00 2001
From: bmeeks8 <bmeeks8@bellsouth.net>
Date: Wed, 25 Sep 2013 16:54:28 -0400
Subject: Add check so flowbits logic does not re-enable manually disabled
 rules

---
 config/snort/snort.inc | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/config/snort/snort.inc b/config/snort/snort.inc
index 9781f5b6..6e3b29fd 100755
--- a/config/snort/snort.inc
+++ b/config/snort/snort.inc
@@ -2364,6 +2364,10 @@ function snort_prepare_rule_files($snortcfg, $snortcfgdir) {
 			log_error('[Snort] Enabling any flowbit-required rules for: ' . snort_get_friendly_interface($snortcfg['interface']) . '...');
 			$fbits = snort_resolve_flowbits($all_rules, $enabled_rules);
 
+			/* Check for and disable any flowbit-required rules the user has  */
+			/* manually forced to a disabled state.                           */
+			snort_modify_sids($fbits, $snortcfg);
+
 			/* Check for and disable any flowbit-required rules dependent upon     */
 			/* disabled preprocessors if this option is enabled for the interface. */
 			if ($snortcfg['preproc_auto_rule_disable'] == "on") {
-- 
cgit v1.2.3