From a3c3825be09282dc5a0c310c09ea5a8e40c9e9ce Mon Sep 17 00:00:00 2001
From: Scott Ullrich <sullrich@pfsense.org>
Date: Wed, 27 Sep 2006 21:17:41 +0000
Subject: * Ensure that only one snort2c is running * Ignore items in the
 whitelist from port scanning

---
 packages/snort/snort.inc | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'packages/snort')

diff --git a/packages/snort/snort.inc b/packages/snort/snort.inc
index a206b19f..1733cf82 100644
--- a/packages/snort/snort.inc
+++ b/packages/snort/snort.inc
@@ -71,7 +71,7 @@ function sync_package_snort() {
 
 	/* if block offenders is checked, start snort2c */
 	if($_POST['blockoffenders'])
-		$start .= ";sleep 1;snort2c -w /var/db/whitelist -a /var/log/snort/alert";
+		$start .= "/usr/bin/killall snort2c; sleep 1; snort2c -w /var/db/whitelist -a /var/log/snort/alert";
 
 	write_rcfile(array(
 			"file" => "snort.sh",
@@ -286,6 +286,7 @@ preprocessor flow-portscan: \
         scoreboard-rows-scanner 30000 \
         alert-mode once \
         output-mode msg \
+		portscan-ignorehosts: $HOME_NET \
         tcp-penalties on
 
 
-- 
cgit v1.2.3