From f57cdb06ad1461dd313560bef691f554e0e395e7 Mon Sep 17 00:00:00 2001
From: Ermal <eri@pfsense.org>
Date: Wed, 11 Jul 2012 23:43:41 +0000
Subject: Correct the way ssl preprocessor expect port list

---
 config/snort/snort.inc | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'config')

diff --git a/config/snort/snort.inc b/config/snort/snort.inc
index 363f2b71..003e551a 100644
--- a/config/snort/snort.inc
+++ b/config/snort/snort.inc
@@ -1240,6 +1240,7 @@ EOD;
 			$ports[$alias] = $snortcfg["def_{$alias}"];
 		$portvardef .= "portvar " . strtoupper($alias) . " [" . $ports[$alias] . "]\n";
 	}
+	$def_ssl_ports_ignore = str_replace(",", " ", $ports['ssl_ports_ignore']);
 
 	$snort_preproc = array (
 		"perform_stat", "http_inspect", "other_preprocs", "ftp_preprocessor", "smtp_preprocessor", 
@@ -1325,7 +1326,7 @@ preprocessor stream5_icmp:
 {$snort_preprocessors}
 
 # Ignore SSL and Encryption  #
-preprocessor ssl: ports { {$ports['ssl_ports_ignore']} }, trustservers, noinspect_encrypted
+preprocessor ssl: ports { {$def_ssl_ports_ignore} }, trustservers, noinspect_encrypted
 
 # Snort Output Logs #
 {$snortunifiedlogbasic_type}
-- 
cgit v1.2.3