webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-28 11:43:25 +02:00
Code Issues Packages Projects Releases Wiki Activity

suricata: correct rule actions in IPS mode

Browse Source 
In IPS mode rule actions need to be have the action 'drop' for the
protection to work, however this is not appropriate for all rules.
Modify the generator for oinkmaster-modify-sids.conf to leave
rules with the action 'alert' here this is appropriate.  Also add
a script to be run on update to correct existing downloaded rules.

Fixes #12086

Signed-off-by: Tim FitzGeorge <ipfr@tfitzgeorge.me.uk>
Tested-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This commit is contained in:
Tim FitzGeorge
2019-06-05 20:56:32 +02:00
committed by Michael Tremer
parent 9734a58faf
commit a5ba473c15
6 changed files with 148 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
config/rootfiles/core/133/update.sh
View File

@@ -62,6 +62,9 @@ telinit u
# Regenerate /etc/ipsec.conf
sudo -u nobody /srv/web/ipfire/cgi-bin/vpnmain.cgi
# Modify suricata modify-sids file
/usr/sbin/convert-ids-modifysids-file
# Start services
/usr/local/bin/ipsecctrl S
/etc/init.d/suricata restart