- Suricata-8.x will only accept include statements in array format and not in multiple single lines. Suricata-7.x still accepts the multiple single lines but flags up that the format is deprecated and will be removed in suricata-8.x - This patch adjusts the address-groups include into the array format. - This change has been tested out on my vm and the IPS started up and from the logs you can see that all the include files were taken on board and the derprecation message is no longer shown. - This change can be implemented with Suricata-7.x and will make sure that IPFire has the include syntax that Suricata-8.x will require.
Fixes: Bug13646 Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org --- config/suricata/suricata.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/config/suricata/suricata.yaml b/config/suricata/suricata.yaml index faa1aa71d..443b8e19e 100644 --- a/config/suricata/suricata.yaml +++ b/config/suricata/suricata.yaml @@ -8,11 +8,11 @@
vars: address-groups: - # Include HOME_NET declaration from external file. - include: /var/ipfire/suricata/suricata-homenet.yaml - - # Include DNS_SERVERS declaration from external file. - include: /var/ipfire/suricata/suricata-dns-servers.yaml + include: + # Include HOME_NET declaration from external file. + - /var/ipfire/suricata/suricata-homenet.yaml + # Include DNS_SERVERS declaration from external file. + - /var/ipfire/suricata/suricata-dns-servers.yaml
EXTERNAL_NET: "any"
Reviewed-by: Michael Tremer michael.tremer@ipfire.org
Looks good for me. Thank you for taking care of this!
On 10 Dec 2024, at 13:23, Adolf Belka adolf.belka@ipfire.org wrote:
- Suricata-8.x will only accept include statements in array format and not in multiple single lines. Suricata-7.x still accepts the multiple single lines but flags up that the format is deprecated and will be removed in suricata-8.x
- This patch adjusts the address-groups include into the array format.
- This change has been tested out on my vm and the IPS started up and from the logs you can see that all the include files were taken on board and the derprecation message is no longer shown.
- This change can be implemented with Suricata-7.x and will make sure that IPFire has the include syntax that Suricata-8.x will require.
Fixes: Bug13646 Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org
config/suricata/suricata.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/config/suricata/suricata.yaml b/config/suricata/suricata.yaml index faa1aa71d..443b8e19e 100644 --- a/config/suricata/suricata.yaml +++ b/config/suricata/suricata.yaml @@ -8,11 +8,11 @@
vars: address-groups:
- # Include HOME_NET declaration from external file.
- include: /var/ipfire/suricata/suricata-homenet.yaml
- # Include DNS_SERVERS declaration from external file.
- include: /var/ipfire/suricata/suricata-dns-servers.yaml
include:
# Include HOME_NET declaration from external file.- /var/ipfire/suricata/suricata-homenet.yaml# Include DNS_SERVERS declaration from external file.- /var/ipfire/suricata/suricata-dns-servers.yamlEXTERNAL_NET: "any"
-- 2.47.1
-
Adolf Belka -
Michael Tremer