From mboxrd@z Thu Jan  1 00:00:00 1970
From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: [PATCHv2] suricata: Use device ppp0 if PPPoE dialin is used.
Date: Wed, 24 Apr 2019 11:53:18 +0100
Message-ID: <5CF6BC59-B5D7-4BEC-8DEC-2B063A77248A@ipfire.org>
In-Reply-To: <20190423192753.5524-1-stefan.schantl@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============3185932127689556998=="
List-Id: <development.lists.ipfire.org>

--===============3185932127689556998==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Thanks. I have merged this yesterday evening and we will rebuild the update f=
or this.

> On 23 Apr 2019, at 20:27, Stefan Schantl <stefan.schantl(a)ipfire.org> wrot=
e:
>=20
> Fixes #12058.
>=20
> Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
> ---
> src/initscripts/system/suricata | 16 +++++++++++++---
> 1 file changed, 13 insertions(+), 3 deletions(-)
>=20
> diff --git a/src/initscripts/system/suricata b/src/initscripts/system/suric=
ata
> index 16548753e..ecd693054 100644
> --- a/src/initscripts/system/suricata
> +++ b/src/initscripts/system/suricata
> @@ -18,6 +18,7 @@
> PATH=3D/usr/local/sbin:/usr/local/bin:/bin:/usr/bin:/sbin:/usr/sbin; export=
 PATH
>=20
> eval $(/usr/local/bin/readhash /var/ipfire/suricata/settings)
> +eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
>=20
> # Name of the firewall chain.
> FW_CHAIN=3D"IPS"
> @@ -65,9 +66,18 @@ function generate_fw_rules {
>=20
> 		# Check if the IDS is enabled for this network zone.
> 		if [ "${!enable_ids_zone}" =3D=3D "on" ]; then
> -			# Generate name of the network interface.
> -			network_device=3D$zone
> -			network_device+=3D"0"
> +			# Check if the current processed zone is "red" and the configured type =
is PPPoE dialin.
> +			if [ "$zone" =3D=3D "red" ] && [ "$RED_TYPE" =3D=3D "PPPOE" ]; then
> +				# Set device name to ppp0.
> +				network_device=3D"ppp0"
> +			else
> +				# Generate variable name which contains the device name.
> +				zone_name=3D"$zone_upper"
> +				zone_name+=3D"_DEV"
> +
> +				# Grab device name.
> +				network_device=3D${!zone_name}
> +			fi
>=20
> 			# Assign NFQ_OPTS
> 			NFQ_OPTIONS=3D$NFQ_OPTS
> --=20
> 2.20.1
>=20


--===============3185932127689556998==--