lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-16 09:34:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

(IDS) add ips mode to rc scripts, depends on latest port package and netmap kernel support

Browse Source
This commit is contained in:
Ad Schellevis 2015-11-18 19:50:31 +00:00
parent 2c8f136b69
commit 626bbd88ec
1 changed files with 17 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
src/opnsense/service/templates/OPNsense/IDS/rc.conf.d
View File

@ -1,6 +1,19 @@
{% set addFlags=[] %}
{% if helpers.exists('OPNsense.IDS.general') and OPNsense.IDS.general.enabled|default("0") == "1" %}
suricata_enable="YES"
{% if OPNsense.IDS.general.ips|default("0") == "1" %}
# IPS mode, switch to netmap
{% for intfName in OPNsense.IDS.general.interfaces.split(',') %}
{% if loop.index == 1 %}
suricata_startup_flags="--netmap --pidfile /var/run/suricata_{{helpers.getNodeByTag('interfaces.'+intfName).if}}.pid"
{% endif %}
{% endfor %}
{% else %}
# IDS mode, pcap live mode
{% set addFlags=[] %}
{% for intfName in OPNsense.IDS.general.interfaces.split(',') %}
{% if loop.index == 1 %}
{# enable first interface #}
@ -15,6 +28,9 @@ suricata_flags="-D {%
for intf in addFlags
%} -i {{ intf }} {% endfor
%} "
{% endif %}
{% else %}
suricata_enable="NO"
{% endif %}