Snort mailing list archives
Re: freebsd users: need help testing a patch
From: Michael Scheidell <michael.scheidell () secnap com>
Date: Mon, 22 Aug 2011 15:07:51 -0400
On 8/22/11 2:46 PM, Michael Scheidell wrote:
I have a patch to /usr/local/etc/rc.d/snort that SHOULD allow for complex, multi interface configurations.(so, you can have a bge0, bge1, fxp0, fxp1, etc), mostly, unlimited.
fix if you use an arbitrary name other than in interface:-- diff -bBru /tmp/snort_old snort --- /tmp/snort_old 2011-06-06 10:53:49.000000000 -0400 +++ snort 2011-08-22 14:53:08.000000000 -0400 @@ -22,6 +22,9 @@ # restart! # Default: "" # +# to enable multi interface, use: +# snort_rules="eth0 eth1" +# defaults will follow, snort.conf becomes 'snort_eth0.conf', etc . /etc/rc.subr @@ -42,4 +45,22 @@ [ -n "$snort_conf" ] && snort_flags="$snort_flags -c $snort_conf" [ -n "$snort_expression" ] && snort_flags="$snort_flags $snort_expression" -run_rc_command "$1" +if [ -n "$snort_rules" ]; then + snort_conf="" + snort_flags="" + for i in ${snort_rules}; do + eval _conf=\$snort_${i}_conf + eval _flags=\$snort_${i}_flags + [ -z "$_flags" ] && _flags="-D -q" + eval _intf=\$snort_${i}_interface + eval _expr=\$snort_${i}_expression + if [ -n "$_intf" ] ;then + _conf="$_conf -i $_intf" + eval pidfile="/var/run/snort_$_intf.pid" + fi + command_args="$_flags -c $_conf $_expr" + run_rc_command "$1" + done +else + run_rc_command "$1" +fi -- Michael Scheidell, CTO o: 561-999-5000 d: 561-948-2259 >*| *SECNAP Network Security Corporation * Best Mobile Solutions Product of 2011 * Best Intrusion Prevention Product * Hot Company Finalist 2011 * Best Email Security Product * Certified SNORT Integrator ______________________________________________________________________This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.secnap.com/products/spammertrap/
______________________________________________________________________
------------------------------------------------------------------------------ uberSVN's rich system and user administration capabilities and model configuration take the hassle out of deploying and managing Subversion and the tools developers use with it. Learn more about uberSVN and get a free download at: http://p.sf.net/sfu/wandisco-dev2dev
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- freebsd users: need help testing a patch Michael Scheidell (Aug 22)
- Re: freebsd users: need help testing a patch Michael Scheidell (Aug 22)