From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: [PATCH 5/5] suricata: Use DNS_SERVERS declaration from external file. Date: Tue, 05 Nov 2019 10:22:56 +0000 Message-ID: In-Reply-To: <20191105093202.4488-5-stefan.schantl@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============8175574302506441459==" List-Id: --===============8175574302506441459== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hi, Shouldn=E2=80=99t HOME_NET still be in DNS_SERVERS for users who are running = a DNS server behind their firewall? > On 5 Nov 2019, at 09:32, Stefan Schantl wrote: >=20 > These settings now will be read from > /var/ipfire/suricata/suricata-dns-servers.yaml, which will be > generated by the generate_dns_servers_file() function, located in > ids-functions.pl and called by various scripts. >=20 > Fixes #12166. >=20 > Signed-off-by: Stefan Schantl > --- > config/suricata/suricata.yaml | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) >=20 > diff --git a/config/suricata/suricata.yaml b/config/suricata/suricata.yaml > index e921781cf..af9cb75a9 100644 > --- a/config/suricata/suricata.yaml > +++ b/config/suricata/suricata.yaml > @@ -11,12 +11,14 @@ vars: > # Include HOME_NET declaration from external file. > include: /var/ipfire/suricata/suricata-homenet.yaml >=20 > + # Include DNS_SERVERS declaration from external file. > + include: /var/ipfire/suricata/suricata-dns-servers.yaml > + > EXTERNAL_NET: "any" >=20 > HTTP_SERVERS: "$HOME_NET" > SMTP_SERVERS: "$HOME_NET" > SQL_SERVERS: "$HOME_NET" > - DNS_SERVERS: "$HOME_NET" > TELNET_SERVERS: "$HOME_NET" > AIM_SERVERS: "$EXTERNAL_NET" > DC_SERVERS: "$HOME_NET" > --=20 > 2.20.1 >=20 --===============8175574302506441459==--