"LAN"); for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) $iflist['opt' . $i] = "opt{$i}"; $whitelist = fopen("/var/db/whitelist","w"); if(!$whitelist) { log_error("Cannot open whitelist for /var/db/writing."); exit; } foreach($iflist as $if) { /* XXX: write out if subnet */ } fclose($whitelist); foreach($_POST['interface_array'] as $iface) { $if = convert_friendly_interface_to_real_interface_name($iface); if($if) { $ifaces_final .= " -i " . $if; $first = 1; } } $start = "/bin/mkdir -p /var/log/snort;snort -c /usr/local/etc/snort/snort.conf -l /var/log/snort " . $ifaces_final . " -D"; $start .= ";snort2c -s -w /var/db/whitelist -a /var/log/snort/alert"; write_rcfile(array( "file" => "snort.sh", "start" => $start, "stop" => "/usr/bin/killall snort; killall snort2c" ) ); /* write out snort.conf */ $snort_conf = generate_snort_conf(); $conf = fopen("/usr/local/etc/snort/snort.conf","w"); if(!$conf) { log_error("Could not open /usr/local/etc/snort/snort.conf for writing."); exit; } fwrite($conf, $snort_conf); fclose($conf); start_service("snort"); } function generate_snort_conf() { global $config, $g, $config; /* obtain external interface */ $snort_ext_int = $config['installedpackages']['snort']['config'][0]['interface_array'][0]; /* calculate lan subnet information */ $ifcfg = &$config['interfaces']['lan']; $subnet = gen_subnet($ifcfg['ipaddr'], $ifcfg['subnet']); $subnetmask = gen_subnet_mask($ifcfg['subnet']); /* XXX: set SSH port from config variable */ $ssh_port = "22"; $home_net = "{$subnet}/{$ifcfg['subnet']}"; /* XXX: add home net for all interfaces */ /* XXX: generate rule section */ $selected_rules_sections = ""; $snort_conf = <<