<?php // This is the template used to generate the snort.conf // configuration file for the interface. The contents of // this file are written to the snort.conf file for // the interface. Key parameters are provided by the // included string variables which are populated by the // snort_generate_conf.php file. $snort_conf_text = <<<EOD # snort configuration file # generated automatically by the pfSense subsystems do not modify manually # Define Local Network # ipvar HOME_NET [{$home_net}] ipvar EXTERNAL_NET [{$external_net}] # Define Rule Path # var RULE_PATH {$snortcfgdir}/rules # Define Servers # {$ipvardef} # Define Server Ports # {$portvardef} # Configure the snort decoder # config checksum_mode: {$cksumcheck} config disable_decode_alerts config disable_tcpopt_experimental_alerts config disable_tcpopt_obsolete_alerts config disable_ttcp_alerts config disable_tcpopt_alerts config disable_ipopt_alerts config disable_decode_drops # Enable the GTP decoder # config enable_gtp # Configure PCRE match limitations config pcre_match_limit: 3500 config pcre_match_limit_recursion: 1500 # Configure the detection engine # config detection: {$cfg_detect_settings} config event_queue: max_queue 8 log 5 order_events content_length # Configure to show year in timestamps config show_year # Configure protocol aware flushing # # For more information see README.stream5 # {$paf_max_pdu_config} # Configure dynamically loaded libraries dynamicpreprocessor directory {$snort_dirs['dynamicpreprocessor']} dynamicengine directory {$snort_dirs['dynamicengine']} dynamicdetection directory {$snort_dirs['dynamicrules']} # Inline packet normalization. For more information, see README.normalize # Disabled since we do not use "inline" mode with pfSense # preprocessor normalize_ip4 # preprocessor normalize_tcp: ips ecn stream # preprocessor normalize_icmp4 # preprocessor normalize_ip6 # preprocessor normalize_icmp6 # Flow and stream # {$frag3_global} {$frag3_engine} {$stream5_global} {$stream5_tcp_engine} {$stream5_udp_engine} {$stream5_icmp_engine} # HTTP Inspect # {$http_inspect_global} {$http_inspect_servers} {$snort_preprocessors} {$host_attrib_config} # Snort Output Logs # output alert_csv: alert timestamp,sig_generator,sig_id,sig_rev,msg,proto,src,srcport,dst,dstport,id,classification,priority {$alert_log_limit_size} {$alertsystemlog_type} {$snortunifiedlog_type} {$spoink_type} # Misc Includes # {$snort_misc_include_rules} {$suppress_file_name} # Snort user pass through configuration {$snort_config_pass_thru} # Rules Selection # {$selected_rules_sections} EOD; // End of snort.conf template code ?>