From 4cb145db47410834ddd2c8d018aa35ae0f2cb21a Mon Sep 17 00:00:00 2001
From: Ermal <eri@pfsense.org>
Date: Thu, 12 Jul 2012 19:53:18 +0000
Subject: Enable only selected dynamic rules

---
 config/snort/snort.inc | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'config')

diff --git a/config/snort/snort.inc b/config/snort/snort.inc
index d51518af..6cacbc49 100644
--- a/config/snort/snort.inc
+++ b/config/snort/snort.inc
@@ -1284,9 +1284,15 @@ EOD;
 
 	/* generate rule sections to load */
 	$selected_rules_sections = "";
+	$dynamic_rules_sections = "";
 	if (!empty($snortcfg['rulesets'])) {
 		$enabled_rulesets_array = explode("||", $snortcfg['rulesets']);
 		foreach($enabled_rulesets_array as $enabled_item) {
+			if (substr($enabled_item, 0, 5) == "snort" && substr($enabled_item, -9) == ".so.rules") {
+				$slib = substr($enabled_item, 6, -6);
+				if (file_exists("{$snort_dirs['dynamicrules']}/{$slib}"))
+					$dynamic_rules_sections	.= "dynamicdetection file {$snort_dirs['dynamicrules']}/{$slib}\n";
+			}
 			if (file_exists("{$snortcfgdir}/rules/{$enabled_item}"))
 				$selected_rules_sections  .= "include \$RULE_PATH/{$enabled_item}\n";
 		}
@@ -1333,7 +1339,7 @@ config event_queue: max_queue 8 log 3 order_events content_length
 #Configure dynamic loaded libraries
 dynamicpreprocessor directory {$snort_dirs['dynamicpreprocessor']}
 dynamicengine directory {$snort_dirs['dynamicengine']}
-dynamicdetection directory {$snort_dirs['dynamicrules']}
+{$dynamic_rules_sections}
 
 # Flow and stream #
 preprocessor frag3_global: max_frags 8192
-- 
cgit v1.2.3