[git.ipfire.org] IPFire 2.x development tree branch, next, updated. fabe150953b5cacf1a1879c7d92bd47bb06a2869

public inbox for ipfire-scm@lists.ipfire.org
 help / color / mirror / Atom feed

From: Michael Tremer <git@ipfire.org>
To: ipfire-scm@lists.ipfire.org
Subject: [git.ipfire.org] IPFire 2.x development tree branch, next, updated. fabe150953b5cacf1a1879c7d92bd47bb06a2869
Date: Tue, 23 Apr 2019 20:58:31 +0100	[thread overview]
Message-ID: <20190423195832.A911984FDDD@people01.i.ipfire.org> (raw)

[-- Attachment #1: Type: text/plain, Size: 6002 bytes --]

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".

The branch, next has been updated
       via  fabe150953b5cacf1a1879c7d92bd47bb06a2869 (commit)
       via  a1cd844f71649aea07346a590df1eedf3d253f1c (commit)
       via  25d424387e5897515ab78da902bf18d50701326a (commit)
       via  6088176639c8f11012e55ae2430a113d6936652e (commit)
       via  372975ed0c9f1a32d673d6f34217af530375354f (commit)
       via  50612920913946b77505459af671d572332a5137 (commit)
      from  f27bac491a8012b8dc014dfcf1bc5e11248692c2 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit fabe150953b5cacf1a1879c7d92bd47bb06a2869
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date:   Tue Apr 23 20:56:07 2019 +0100

    core132: Ship updated suricata initscript
    
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

commit a1cd844f71649aea07346a590df1eedf3d253f1c
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date:   Tue Apr 23 20:55:22 2019 +0100

    core132: Ship updated convert-snort script
    
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

commit 25d424387e5897515ab78da902bf18d50701326a
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date:   Tue Apr 23 20:33:02 2019 +0200

    convert-snort: Fix ownership of the generated homenet file.
    
    Fixes #12059.
    
    Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

commit 6088176639c8f11012e55ae2430a113d6936652e
Author: Alexander Koch <ipfire(a)starkstromkonsument.de>
Date:   Tue Apr 23 20:46:11 2019 +0200

    core132: Bugfix for typo in filelist
    
    Signed-off-by: Alexander Koch <ipfire(a)starkstromkonsument.de>
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

commit 372975ed0c9f1a32d673d6f34217af530375354f
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date:   Tue Apr 23 21:27:53 2019 +0200

    suricata: Use device ppp0 if PPPoE dialin is used.
    
    Fixes #12058.
    
    Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

commit 50612920913946b77505459af671d572332a5137
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date:   Tue Apr 23 20:45:42 2019 +0100

    suricata: EXTERNAL_NET should equal any
    
    This enables that we scan servers in ORANGE for clients in
    GREEN which absolutely makes sense.
    
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

-----------------------------------------------------------------------

Summary of changes:
 config/rootfiles/core/132/filelists/files |  4 +++-
 config/suricata/convert-snort             |  3 +++
 config/suricata/suricata.yaml             |  3 +--
 src/initscripts/system/suricata           | 16 +++++++++++++---
 4 files changed, 20 insertions(+), 6 deletions(-)

Difference in files:
diff --git a/config/rootfiles/core/132/filelists/files b/config/rootfiles/core/132/filelists/files
index 402ced7ca..346b79c91 100644
--- a/config/rootfiles/core/132/filelists/files
+++ b/config/rootfiles/core/132/filelists/files
@@ -1,8 +1,10 @@
 etc/system-release
 etc/issue
 etc/mime.types
+etc/rc.d/init.d/suricata
 etc/suricata/suricata.yaml
 srv/web/ipfire/cgi-bin/credits.cgi
 srv/web/ipfire/cgi-bin/proxy.cgi
+usr/sbin/convert-snort
 var/ipfire/ids-functions.pl
-var/ipfire/lang
+var/ipfire/langs
diff --git a/config/suricata/convert-snort b/config/suricata/convert-snort
index 0ad2942b1..83931fa5b 100644
--- a/config/suricata/convert-snort
+++ b/config/suricata/convert-snort
@@ -259,6 +259,9 @@ if (-f $IDS::rulestarball) {
 # Call subfunction to generate the file.
 &IDS::generate_home_net_file();
 
+# Set correct ownership for the homenet file.
+&IDS::set_ownership("$IDS::homenet_file");
+
 #
 ## Step 9: Setup automatic ruleset updates.
 #
diff --git a/config/suricata/suricata.yaml b/config/suricata/suricata.yaml
index cb4f33865..e921781cf 100644
--- a/config/suricata/suricata.yaml
+++ b/config/suricata/suricata.yaml
@@ -11,8 +11,7 @@ vars:
     # Include HOME_NET declaration from external file.
     include: /var/ipfire/suricata/suricata-homenet.yaml
 
-    EXTERNAL_NET: "!$HOME_NET"
-    #EXTERNAL_NET: "any"
+    EXTERNAL_NET: "any"
 
     HTTP_SERVERS: "$HOME_NET"
     SMTP_SERVERS: "$HOME_NET"
diff --git a/src/initscripts/system/suricata b/src/initscripts/system/suricata
index 16548753e..ecd693054 100644
--- a/src/initscripts/system/suricata
+++ b/src/initscripts/system/suricata
@@ -18,6 +18,7 @@
 PATH=/usr/local/sbin:/usr/local/bin:/bin:/usr/bin:/sbin:/usr/sbin; export PATH
 
 eval $(/usr/local/bin/readhash /var/ipfire/suricata/settings)
+eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
 
 # Name of the firewall chain.
 FW_CHAIN="IPS"
@@ -65,9 +66,18 @@ function generate_fw_rules {
 
 		# Check if the IDS is enabled for this network zone.
 		if [ "${!enable_ids_zone}" == "on" ]; then
-			# Generate name of the network interface.
-			network_device=$zone
-			network_device+="0"
+			# Check if the current processed zone is "red" and the configured type is PPPoE dialin.
+			if [ "$zone" == "red" ] && [ "$RED_TYPE" == "PPPOE" ]; then
+				# Set device name to ppp0.
+				network_device="ppp0"
+			else
+				# Generate variable name which contains the device name.
+				zone_name="$zone_upper"
+				zone_name+="_DEV"
+
+				# Grab device name.
+				network_device=${!zone_name}
+			fi
 
 			# Assign NFQ_OPTS
 			NFQ_OPTIONS=$NFQ_OPTS


hooks/post-receive
--
IPFire 2.x development tree

                 reply	other threads:[~2019-04-23 19:58 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190423195832.A911984FDDD@people01.i.ipfire.org \
    --to=git@ipfire.org \
    --cc=ipfire-scm@lists.ipfire.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox