rc.conf.d 902 Bytes
Newer Older
1
{% if helpers.exists('OPNsense.IDS.general') and OPNsense.IDS.general.enabled|default("0") == "1" %}
2
suricata_enable="YES"
3 4 5

{% if OPNsense.IDS.general.ips|default("0") == "1" %}
# IPS mode, switch to netmap
6
suricata_netmap=YES
7 8 9 10 11

{% else %}

# IDS mode, pcap live mode
{% set addFlags=[] %}
12 13 14 15 16 17 18 19 20 21
{% for intfName in OPNsense.IDS.general.interfaces.split(',') %}
{%   if loop.index == 1 %}
{# enable first interface #}
suricata_interface="{{helpers.getNodeByTag('interfaces.'+intfName).if}}"
{%   else %}
{#   store additional interfaces to addFlags #}
{%      do addFlags.append(helpers.getNodeByTag('interfaces.'+intfName).if) %}
{%   endif %}
{% endfor %}
{#   append additional interfaces #}
22
suricata_flags="-D {%
23
   for intf in addFlags
24
%} -i {{ intf }}  {% endfor
25
%} "
26 27 28

{% endif %}

29 30 31
{% else %}
suricata_enable="NO"
{% endif %}
32 33

suricata_opnsense_bootup_run="/usr/local/opnsense/scripts/suricata/setup.sh"