Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>

> On 22 Jan 2020, at 13:40, Stefan Schantl <stefan.schantl(a)ipfire.org> wrote:
> 
> This file is to be used, to store customized IDS rules.
> 
> Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
> ---
> config/cfgroot/ids-functions.pl | 6 ++++++
> 1 file changed, 6 insertions(+)
> 
> diff --git a/config/cfgroot/ids-functions.pl b/config/cfgroot/ids-functions.pl
> index 3fa19fab7..3cfe837db 100644
> --- a/config/cfgroot/ids-functions.pl
> +++ b/config/cfgroot/ids-functions.pl
> @@ -67,6 +67,9 @@ our $ids_page_lock_file = "/tmp/ids_page_locked";
> # Location where the rulefiles are stored.
> our $rulespath = "/var/lib/suricata";
> 
> +# Location to store local rules. This file will not be touched.
> +our $local_rules_file = "$rulespath/local.rules";
> +
> # File which contains the rules to whitelist addresses on suricata.
> our $whitelist_file = "$rulespath/whitelist.rules";
> 
> @@ -581,6 +584,9 @@ sub _cleanup_rulesdir() {
> 		# Skip rules file for whitelisted hosts.
> 		next if ("$rulespath/$file" eq $whitelist_file);
> 
> +		# Skip rules file with local rules.
> +		next if ("$rulespath/$file" eq $local_rules_file);
> +
> 		# Delete the current processed file, if not, exit this function
> 		# and return an error message.
> 		unlink("$rulespath/$file") or return "Could not delete $rulespath/$file. $!\n";
> -- 
> 2.25.0.rc0
>