From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: [PATCH] Suricata: Do not use hard-coded red interface name Date: Wed, 08 Mar 2023 13:54:02 +0000 Message-ID: <38D4FE14-213D-41F7-8570-65660B454590@ipfire.org> In-Reply-To: <20230307192031.14650-1-stefan.schantl@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============0541599200042779767==" List-Id: --===============0541599200042779767== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hello, Is there a chance that the file that you are reading is empty or does not exi= st? What do we do then? -Michael > On 7 Mar 2023, at 19:20, Stefan Schantl wrote: >=20 > Read the correct interface name from the corresponding interface > file. >=20 > Signed-off-by: Stefan Schantl > --- > src/initscripts/system/suricata | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) >=20 > diff --git a/src/initscripts/system/suricata b/src/initscripts/system/suric= ata > index 938ea66de..f2fe21f44 100644 > --- a/src/initscripts/system/suricata > +++ b/src/initscripts/system/suricata > @@ -27,6 +27,8 @@ PATH=3D/usr/local/sbin:/usr/local/bin:/bin:/usr/bin:/sbin= :/usr/sbin; export PATH > eval $(/usr/local/bin/readhash /var/ipfire/suricata/settings) > eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings) >=20 > +IFACE_FILE=3D"/var/ipfire/red/iface" > + > # Name of the firewall chains. > IPS_INPUT_CHAIN=3D"IPS_INPUT" > IPS_FORWARD_CHAIN=3D"IPS_FORWARD" > @@ -87,8 +89,8 @@ function generate_fw_rules { > if [ "${!enable_ids_zone}" =3D=3D "on" ]; then > # Check if the current processed zone is "red" and the configured type is P= PPoE dialin. > if [ "$zone" =3D=3D "red" ] && [ "$RED_TYPE" =3D=3D "PPPOE" ]; then > - # Set device name to ppp0. > - network_device=3D"ppp0" > + # Read the used interface name from the corresponding file. > + network_device=3D"$(head -n 1 $IFACE_FILE)" > elif [ "$zone" =3D=3D "ovpn" ]; then > # Get all virtual net devices because the RW server and each > # N2N connection creates it's own tun device. > --=20 > 2.30.2 >=20 --===============0541599200042779767==--