From a39d18d35f155660bcba150985a330285d6df6cf Mon Sep 17 00:00:00 2001 From: robiscool Date: Tue, 6 Oct 2009 15:13:43 -0700 Subject: snort snort-dev, do not clear snort2c table on filter reloads, add icmp packets --- config/snort-dev/snort.inc | 5 ++--- config/snort-dev/snort.xml | 4 ++-- config/snort-dev/snort_dynamic_ip_reload.php | 6 +++--- config/snort/snort.inc | 5 ++--- config/snort/snort.xml | 4 ++-- config/snort/snort_dynamic_ip_reload.php | 6 +++--- pkg_config.7.xml | 6 +++--- 7 files changed, 17 insertions(+), 19 deletions(-) diff --git a/config/snort-dev/snort.inc b/config/snort-dev/snort.inc index 7320db00..575192b9 100644 --- a/config/snort-dev/snort.inc +++ b/config/snort-dev/snort.inc @@ -1184,15 +1184,14 @@ preprocessor frag3_engine: policy first preprocessor frag3_engine: policy bsd detect_anomalies preprocessor stream5_global: max_tcp 8192, track_tcp yes, \ -track_udp yes -# track_icmp yes +track_udp yes, track_icmp yes preprocessor stream5_tcp: bind_to any, policy windows preprocessor stream5_tcp: bind_to any, policy linux preprocessor stream5_tcp: bind_to any, policy vista preprocessor stream5_tcp: bind_to any, policy macos preprocessor stream5_tcp: policy BSD, ports both all, use_static_footprint_sizes preprocessor stream5_udp -# preprocessor stream5_icmp +preprocessor stream5_icmp ########################## # diff --git a/config/snort-dev/snort.xml b/config/snort-dev/snort.xml index a6f2ffa1..fc32ceb9 100644 --- a/config/snort-dev/snort.xml +++ b/config/snort-dev/snort.xml @@ -46,8 +46,8 @@ Describe your package requirements here Currently there are no FAQ items provided. Snort - 2.8.4.1_3 - Services: Snort 2.8.4.1_3 pkg v. 1.7 alpha + 2.8.4.1_5 + Services: Snort 2.8.4.1_5 pkg v. 1.7 alpha /usr/local/pkg/snort.inc Snort diff --git a/config/snort-dev/snort_dynamic_ip_reload.php b/config/snort-dev/snort_dynamic_ip_reload.php index 7933ba16..0fad085b 100644 --- a/config/snort-dev/snort_dynamic_ip_reload.php +++ b/config/snort-dev/snort_dynamic_ip_reload.php @@ -3,7 +3,7 @@ /* $Id$ */ /* snort_dynamic_ip_reload.php - Copyright (C) 2006 Scott Ullrich + Copyright (C) 2006 Scott Ullrich and Robert Zeleya All rights reserved. Redistribution and use in source and binary forms, with or without @@ -29,6 +29,7 @@ */ /* NOTE: this file gets included from the pfSense filter.inc plugin process */ +/* NOTE: file location /usr/local/pkg/pf, all files in pf dir get exec on filter reloads */ require_once("/usr/local/pkg/snort.inc"); require_once("service-utils.inc"); @@ -38,12 +39,11 @@ require_once("config.inc"); if($config['interfaces']['wan']['ipaddr'] == "pppoe" or $config['interfaces']['wan']['ipaddr'] == "dhcp") { create_snort_conf(); - mwexec("/sbin/pfctl -t snort2c -T flush"); exec("killall -HUP snort"); /* define snortbarnyardlog_chk */ $snortbarnyardlog_info_chk = $config['installedpackages']['snortadvanced']['config'][0]['snortbarnyardlog']; if ($snortbarnyardlog_info_chk == on) - exec("/usr/bin/killall barnyard2; /usr/local/bin/barnyard2 -c /usr/local/etc/barnyard2.conf -d /var/log/snort -f snort.u2 -w /usr/local/etc/snort/barnyard2.waldo -D -q\n"); + exec("killall -HUP barnyard2"); } ?> \ No newline at end of file diff --git a/config/snort/snort.inc b/config/snort/snort.inc index 7320db00..575192b9 100755 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -1184,15 +1184,14 @@ preprocessor frag3_engine: policy first preprocessor frag3_engine: policy bsd detect_anomalies preprocessor stream5_global: max_tcp 8192, track_tcp yes, \ -track_udp yes -# track_icmp yes +track_udp yes, track_icmp yes preprocessor stream5_tcp: bind_to any, policy windows preprocessor stream5_tcp: bind_to any, policy linux preprocessor stream5_tcp: bind_to any, policy vista preprocessor stream5_tcp: bind_to any, policy macos preprocessor stream5_tcp: policy BSD, ports both all, use_static_footprint_sizes preprocessor stream5_udp -# preprocessor stream5_icmp +preprocessor stream5_icmp ########################## # diff --git a/config/snort/snort.xml b/config/snort/snort.xml index 83ac38f0..763f65eb 100644 --- a/config/snort/snort.xml +++ b/config/snort/snort.xml @@ -46,8 +46,8 @@ Describe your package requirements here Currently there are no FAQ items provided. Snort - 2.8.4.1_3 - Services: Snort 2.8.4.1_3 pkg v. 1.6 + 2.8.4.1_5 + Services: Snort 2.8.4.1_5 pkg v. 1.6 /usr/local/pkg/snort.inc Snort diff --git a/config/snort/snort_dynamic_ip_reload.php b/config/snort/snort_dynamic_ip_reload.php index 7933ba16..0fad085b 100644 --- a/config/snort/snort_dynamic_ip_reload.php +++ b/config/snort/snort_dynamic_ip_reload.php @@ -3,7 +3,7 @@ /* $Id$ */ /* snort_dynamic_ip_reload.php - Copyright (C) 2006 Scott Ullrich + Copyright (C) 2006 Scott Ullrich and Robert Zeleya All rights reserved. Redistribution and use in source and binary forms, with or without @@ -29,6 +29,7 @@ */ /* NOTE: this file gets included from the pfSense filter.inc plugin process */ +/* NOTE: file location /usr/local/pkg/pf, all files in pf dir get exec on filter reloads */ require_once("/usr/local/pkg/snort.inc"); require_once("service-utils.inc"); @@ -38,12 +39,11 @@ require_once("config.inc"); if($config['interfaces']['wan']['ipaddr'] == "pppoe" or $config['interfaces']['wan']['ipaddr'] == "dhcp") { create_snort_conf(); - mwexec("/sbin/pfctl -t snort2c -T flush"); exec("killall -HUP snort"); /* define snortbarnyardlog_chk */ $snortbarnyardlog_info_chk = $config['installedpackages']['snortadvanced']['config'][0]['snortbarnyardlog']; if ($snortbarnyardlog_info_chk == on) - exec("/usr/bin/killall barnyard2; /usr/local/bin/barnyard2 -c /usr/local/etc/barnyard2.conf -d /var/log/snort -f snort.u2 -w /usr/local/etc/snort/barnyard2.waldo -D -q\n"); + exec("killall -HUP barnyard2"); } ?> \ No newline at end of file diff --git a/pkg_config.7.xml b/pkg_config.7.xml index e410d926..e2d2790f 100755 --- a/pkg_config.7.xml +++ b/pkg_config.7.xml @@ -257,7 +257,7 @@ mysql-client-5.1.34.tbz snort-2.8.4.1_1.tbz http://www.pfsense.com/packages/config/snort/snort.xml - 2.8.4.1_2 pkg v.1.6 + 2.8.4.1_5 pkg v.1.6 1.2.2 Stable snort.xml @@ -276,9 +276,9 @@ mysql-client-5.1.34.tbz snort-2.8.4.1_1.tbz http://www.pfsense.com/packages/config/snort-dev/snort.xml - 2.8.4.1_2 RC5 + 2.8.4.1_5 pkg v.1.7 1.2.2 - Stable + alpha snort.xml Please visit the Snort settings tab and enter your oinkid code. Afterwards visit the update rules tab to download the snort rules. -- cgit v1.2.3