webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-11 03:25:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

suricata: Fix detection of enabled IDS on zone in initscript

Browse Source 
I accidently commited the wrong file in the previous commit.
This is the fixed and working version.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
This commit is contained in:
Stefan Schantl
2018-08-17 08:45:47 +02:00
parent 00a031145e
commit 55658ee381
1 changed files with 7 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
src/initscripts/system/suricata
View File

@@ -51,8 +51,12 @@ case "$1" in
# Convert zone into upper case.
zone_upper=${zone^^}
# Generate variable name for checking if the IDS is
# enabled on the zone.
enable_ids_zone="ENABLE_IDS_$zone_upper"
# Check if the IDS is enabled for this network zone.
if [ "$ENABLE_IDS_$$zone_upper" == "on" ]; then
if [ "${!enable_ids_zone}" == "on" ]; then
# Generate name of the network interface.
network_device=$zone
network_device+="0"
@@ -72,8 +76,8 @@ case "$1" in
# Create firewall rules to queue the traffic and pass to
# the IDS.
iptables -I "$FW_CHAIN" -i "$network_device" -m mark ! --mark "$MARK"/"$MASK" -j NFQUEUE "$NFQ_OPTIONS"
iptables -I "$FW_CHAIN" -o "$network_device" -m mark ! --mark "$MARK"/"$MASK" -j NFQUEUE "$NFQ_OPTIONS"
iptables -I "$FW_CHAIN" -i "$network_device" -m mark ! --mark "$MARK"/"$MASK" -j NFQUEUE $NFQ_OPTIONS
iptables -I "$FW_CHAIN" -o "$network_device" -m mark ! --mark "$MARK"/"$MASK" -j NFQUEUE $NFQ_OPTIONS
fi
done