Skip to content

O
OpnSense
Commit 626bbd88 authored by Ad Schellevis's avatar Ad Schellevis
Browse files
Options

(IDS) add ips mode to rc scripts, depends on latest port package and netmap kernel support

parent 2c8f136b
Hide whitespace changes
Inline Side-by-side
Showing with 17 additions and 1 deletion
src/opnsense/service/templates/OPNsense/IDS/rc.conf.d
View file @ 626bbd88
{% set addFlags=[] %}
{% if helpers.exists('OPNsense.IDS.general') and OPNsense.IDS.general.enabled|default("0") == "1" %} {% if helpers.exists('OPNsense.IDS.general') and OPNsense.IDS.general.enabled|default("0") == "1" %}
suricata_enable="YES" suricata_enable="YES"
{% if OPNsense.IDS.general.ips|default("0") == "1" %}
# IPS mode, switch to netmap
{% for intfName in OPNsense.IDS.general.interfaces.split(',') %}
{% if loop.index == 1 %}
suricata_startup_flags="--netmap --pidfile /var/run/suricata_{{helpers.getNodeByTag('interfaces.'+intfName).if}}.pid"
{% endif %}
{% endfor %}
{% else %}
# IDS mode, pcap live mode
{% set addFlags=[] %}
{% for intfName in OPNsense.IDS.general.interfaces.split(',') %} {% for intfName in OPNsense.IDS.general.interfaces.split(',') %}
{% if loop.index == 1 %} {% if loop.index == 1 %}
{# enable first interface #} {# enable first interface #}
...@@ -15,6 +28,9 @@ suricata_flags="-D {% ...@@ -15,6 +28,9 @@ suricata_flags="-D {%
for intf in addFlags for intf in addFlags
%} -i {{ intf }} {% endfor %} -i {{ intf }} {% endfor
%} " %} "
{% endif %}
{% else %} {% else %}
suricata_enable="NO" suricata_enable="NO"
{% endif %} {% endif %}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Technounit-GROUP 2023