Reviewed-by: Timo Eissler Am 16.10.2015 um 11:41 schrieb Stefan Schantl: > These changes will allow snort to also inspect the traffic for > one or more configured alias addresses, which has not been done in the past. > > To do this we will now check if, the RED interface has been set to STATIC (which > is required to use the aliases function) and any aliases have been configured. In > case of this, the modified code will add all enabled alias addresses to the HOMENET > variable in which snort is storing all the monitored addresses. > > Fixes #10619. > > Signed-off-by: Stefan Schantl > --- > src/initscripts/init.d/snort | 15 +++++++++++++++ > 1 file changed, 15 insertions(+) > > diff --git a/src/initscripts/init.d/snort b/src/initscripts/init.d/snort > index e03c80f..47e7998 100644 > --- a/src/initscripts/init.d/snort > +++ b/src/initscripts/init.d/snort > @@ -20,6 +20,8 @@ PATH=/usr/local/sbin:/usr/local/bin:/bin:/usr/bin:/sbin:/usr/sbin; export PATH > eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings) > eval $(/usr/local/bin/readhash /var/ipfire/snort/settings) > > +ALIASFILE="/var/ipfire/ethernet/aliases" > + > case "$1" in > start) > if [ "$BLUE_NETADDRESS" ]; then > @@ -59,6 +61,19 @@ case "$1" in > if [ "$LOCAL_IP" ]; then > HOMENET+="$LOCAL_IP," > fi > + > + # Check if the red device is set to static and > + # any aliases have been configured. > + if [ "$RED_TYPE" == "STATIC" ] && [ -s "${ALIASFILE}" ]; then > + # Read in aliases file. > + while IFS="," read -r address mode remark; do > + # Check if the alias is enabled. > + [ "${mode}" = "on" ] || continue > + > + # Add alias to the list of HOMENET addresses. > + HOMENET+="${address}," > + done < "${ALIASFILE}" > + fi > fi > HOMENET+="127.0.0.1" > echo "ipvar HOME_NET [$HOMENET]" > /etc/snort/vars -- Timo Eissler Senior Project Engineer / Consultant Am Zuckerberg 54 D-71640 Ludwigsburg Tel.: +49 7141 4094003 Mobil.: +49 151 20650311 Email: timo(a)teissler.de