Hi,
Shouldn’t HOME_NET still be in DNS_SERVERS for users who are running a DNS server behind their firewall?
On 5 Nov 2019, at 09:32, Stefan Schantl stefan.schantl@ipfire.org wrote:
These settings now will be read from /var/ipfire/suricata/suricata-dns-servers.yaml, which will be generated by the generate_dns_servers_file() function, located in ids-functions.pl and called by various scripts.
Fixes #12166.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
config/suricata/suricata.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/config/suricata/suricata.yaml b/config/suricata/suricata.yaml index e921781cf..af9cb75a9 100644 --- a/config/suricata/suricata.yaml +++ b/config/suricata/suricata.yaml @@ -11,12 +11,14 @@ vars: # Include HOME_NET declaration from external file. include: /var/ipfire/suricata/suricata-homenet.yaml
# Include DNS_SERVERS declaration from external file.
include: /var/ipfire/suricata/suricata-dns-servers.yaml
EXTERNAL_NET: "any"
HTTP_SERVERS: "$HOME_NET" SMTP_SERVERS: "$HOME_NET" SQL_SERVERS: "$HOME_NET"
- DNS_SERVERS: "$HOME_NET" TELNET_SERVERS: "$HOME_NET" AIM_SERVERS: "$EXTERNAL_NET" DC_SERVERS: "$HOME_NET"
-- 2.20.1