From c4bbef09530d2e3d5745e770025f308ee7dc83b1 Mon Sep 17 00:00:00 2001 From: Ad Schellevis Date: Tue, 29 Aug 2017 21:10:35 +0200 Subject: [PATCH] IDS, selectable home nets as advanced option, for https://github.com/opnsense/core/issues/1793 --- .../controllers/OPNsense/IDS/forms/generalSettings.xml | 9 +++++++++ src/opnsense/mvc/app/models/OPNsense/IDS/IDS.xml | 8 +++++++- .../service/templates/OPNsense/IDS/suricata.yaml | 2 +- 3 files changed, 17 insertions(+), 2 deletions(-) diff --git a/src/opnsense/mvc/app/controllers/OPNsense/IDS/forms/generalSettings.xml b/src/opnsense/mvc/app/controllers/OPNsense/IDS/forms/generalSettings.xml index e82ea994a..fa7450b45 100644 --- a/src/opnsense/mvc/app/controllers/OPNsense/IDS/forms/generalSettings.xml +++ b/src/opnsense/mvc/app/controllers/OPNsense/IDS/forms/generalSettings.xml @@ -37,6 +37,15 @@ Type or select interface. + + ids.general.homenet + + select_multiple + + true + Networks to interpret as local + true + ids.general.defaultPacketSize diff --git a/src/opnsense/mvc/app/models/OPNsense/IDS/IDS.xml b/src/opnsense/mvc/app/models/OPNsense/IDS/IDS.xml index b7d88769d..6d62c3940 100644 --- a/src/opnsense/mvc/app/models/OPNsense/IDS/IDS.xml +++ b/src/opnsense/mvc/app/models/OPNsense/IDS/IDS.xml @@ -1,6 +1,6 @@ //OPNsense/IDS - 1.0.0 + 1.0.1 OPNsense IDS @@ -118,6 +118,12 @@ /^(?!0).*$/ + + N + , + 192.168.0.0/16,10.0.0.0/8,172.16.0.0/12 + Y + N 82 diff --git a/src/opnsense/service/templates/OPNsense/IDS/suricata.yaml b/src/opnsense/service/templates/OPNsense/IDS/suricata.yaml index 9189ec298..226164978 100644 --- a/src/opnsense/service/templates/OPNsense/IDS/suricata.yaml +++ b/src/opnsense/service/templates/OPNsense/IDS/suricata.yaml @@ -799,7 +799,7 @@ vars: # These would be retrieved during the Signature address parsing stage. address-groups: - HOME_NET: "[192.168.0.0/16,10.0.0.0/8,172.16.0.0/12]" + HOME_NET: "[{{OPNsense.IDS.general.homenet|default('192.168.0.0/16,10.0.0.0/8,172.16.0.0/12')}}]" EXTERNAL_NET: "!$HOME_NET"