This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via fabe150953b5cacf1a1879c7d92bd47bb06a2869 (commit)
via a1cd844f71649aea07346a590df1eedf3d253f1c (commit)
via 25d424387e5897515ab78da902bf18d50701326a (commit)
via 6088176639c8f11012e55ae2430a113d6936652e (commit)
via 372975ed0c9f1a32d673d6f34217af530375354f (commit)
via 50612920913946b77505459af671d572332a5137 (commit)
from f27bac491a8012b8dc014dfcf1bc5e11248692c2 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit fabe150953b5cacf1a1879c7d92bd47bb06a2869
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Apr 23 20:56:07 2019 +0100
core132: Ship updated suricata initscript
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit a1cd844f71649aea07346a590df1eedf3d253f1c
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Apr 23 20:55:22 2019 +0100
core132: Ship updated convert-snort script
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 25d424387e5897515ab78da902bf18d50701326a
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Tue Apr 23 20:33:02 2019 +0200
convert-snort: Fix ownership of the generated homenet file.
Fixes #12059.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 6088176639c8f11012e55ae2430a113d6936652e
Author: Alexander Koch <ipfire(a)starkstromkonsument.de>
Date: Tue Apr 23 20:46:11 2019 +0200
core132: Bugfix for typo in filelist
Signed-off-by: Alexander Koch <ipfire(a)starkstromkonsument.de>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 372975ed0c9f1a32d673d6f34217af530375354f
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Tue Apr 23 21:27:53 2019 +0200
suricata: Use device ppp0 if PPPoE dialin is used.
Fixes #12058.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 50612920913946b77505459af671d572332a5137
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Apr 23 20:45:42 2019 +0100
suricata: EXTERNAL_NET should equal any
This enables that we scan servers in ORANGE for clients in
GREEN which absolutely makes sense.
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
-----------------------------------------------------------------------
Summary of changes:
config/rootfiles/core/132/filelists/files | 4 +++-
config/suricata/convert-snort | 3 +++
config/suricata/suricata.yaml | 3 +--
src/initscripts/system/suricata | 16 +++++++++++++---
4 files changed, 20 insertions(+), 6 deletions(-)
Difference in files:
diff --git a/config/rootfiles/core/132/filelists/files b/config/rootfiles/core/132/filelists/files
index 402ced7ca..346b79c91 100644
--- a/config/rootfiles/core/132/filelists/files
+++ b/config/rootfiles/core/132/filelists/files
@@ -1,8 +1,10 @@
etc/system-release
etc/issue
etc/mime.types
+etc/rc.d/init.d/suricata
etc/suricata/suricata.yaml
srv/web/ipfire/cgi-bin/credits.cgi
srv/web/ipfire/cgi-bin/proxy.cgi
+usr/sbin/convert-snort
var/ipfire/ids-functions.pl
-var/ipfire/lang
+var/ipfire/langs
diff --git a/config/suricata/convert-snort b/config/suricata/convert-snort
index 0ad2942b1..83931fa5b 100644
--- a/config/suricata/convert-snort
+++ b/config/suricata/convert-snort
@@ -259,6 +259,9 @@ if (-f $IDS::rulestarball) {
# Call subfunction to generate the file.
&IDS::generate_home_net_file();
+# Set correct ownership for the homenet file.
+&IDS::set_ownership("$IDS::homenet_file");
+
#
## Step 9: Setup automatic ruleset updates.
#
diff --git a/config/suricata/suricata.yaml b/config/suricata/suricata.yaml
index cb4f33865..e921781cf 100644
--- a/config/suricata/suricata.yaml
+++ b/config/suricata/suricata.yaml
@@ -11,8 +11,7 @@ vars:
# Include HOME_NET declaration from external file.
include: /var/ipfire/suricata/suricata-homenet.yaml
- EXTERNAL_NET: "!$HOME_NET"
- #EXTERNAL_NET: "any"
+ EXTERNAL_NET: "any"
HTTP_SERVERS: "$HOME_NET"
SMTP_SERVERS: "$HOME_NET"
diff --git a/src/initscripts/system/suricata b/src/initscripts/system/suricata
index 16548753e..ecd693054 100644
--- a/src/initscripts/system/suricata
+++ b/src/initscripts/system/suricata
@@ -18,6 +18,7 @@
PATH=/usr/local/sbin:/usr/local/bin:/bin:/usr/bin:/sbin:/usr/sbin; export PATH
eval $(/usr/local/bin/readhash /var/ipfire/suricata/settings)
+eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
# Name of the firewall chain.
FW_CHAIN="IPS"
@@ -65,9 +66,18 @@ function generate_fw_rules {
# Check if the IDS is enabled for this network zone.
if [ "${!enable_ids_zone}" == "on" ]; then
- # Generate name of the network interface.
- network_device=$zone
- network_device+="0"
+ # Check if the current processed zone is "red" and the configured type is PPPoE dialin.
+ if [ "$zone" == "red" ] && [ "$RED_TYPE" == "PPPOE" ]; then
+ # Set device name to ppp0.
+ network_device="ppp0"
+ else
+ # Generate variable name which contains the device name.
+ zone_name="$zone_upper"
+ zone_name+="_DEV"
+
+ # Grab device name.
+ network_device=${!zone_name}
+ fi
# Assign NFQ_OPTS
NFQ_OPTIONS=$NFQ_OPTS
hooks/post-receive
--
IPFire 2.x development tree