aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

firewall: move config into yaml object

Browse Source 
To make it easier to group settings or include them.
pull/13432/head
Victor Julien 5 months ago committed by Victor Julien
parent adcee8d7b5
commit 0e18048ef0
2 changed files with 19 additions and 19 deletions
Show Stats Download Patch File Download Diff File

10
src/detect-engine-loader.c
Unescape Escape View File

@ -323,14 +323,14 @@ static int LoadFirewallRuleFiles(DetectEngineCtx *de_ctx)
return 0;
}
SCConfNode *default_fw_rule_path = SCConfGetNode("firewall-rule-path");
SCConfNode *default_fw_rule_path = SCConfGetNode("firewall.rule-path");
if (default_fw_rule_path == NULL) {
SCLogNotice("fw: firewall-rule-path not defined, skip loading firewall rules");
SCLogNotice("fw: firewall.rule-path not defined, skip loading firewall rules");
return 0;
}
SCConfNode *rule_files = SCConfGetNode("firewall-rule-files");
SCConfNode *rule_files = SCConfGetNode("firewall.rule-files");
if (rule_files == NULL) {
SCLogNotice("fw: firewall-rule-files not defined, skip loading firewall rules");
SCLogNotice("fw: firewall.rule-files not defined, skip loading firewall rules");
return 0;
}
@ -340,7 +340,7 @@ static int LoadFirewallRuleFiles(DetectEngineCtx *de_ctx)
int32_t bad_sigs = 0;
int32_t skipped_sigs = 0;
char *sfile = DetectLoadCompleteSigPathWithKey(de_ctx, "firewall-rule-path", file->val);
char *sfile = DetectLoadCompleteSigPathWithKey(de_ctx, "firewall.rule-path", file->val);
SCLogNotice("fw: rule file full path \"%s\"", sfile);
int ret = DetectLoadSigFile(de_ctx, sfile, &good_sigs, &bad_sigs, &skipped_sigs, true);

22
suricata.yaml.in
Unescape Escape View File

@ -2302,27 +2302,27 @@ rule-files:
- suricata.rules
##
## Suricata as a Firewall options (experimental)
## Auxiliary configuration files.
##
classification-file: @e_sysconfdir@classification.config
reference-config-file: @e_sysconfdir@reference.config
# threshold-file: @e_sysconfdir@threshold.config
##
## Suricata as a Firewall options (experimental)
##
firewall:
# Firewall rule file are in their own path and are not managed
# by Suricata-Update.
#firewall-rule-path: /etc/suricata/firewall/
#rule-path: /etc/suricata/firewall/
# List of files with firewall rules. Order matters, files are loaded
# in order and rules are applied in that order (per state, see docs)
#firewall-rule-files:
#rule-files:
# - firewall.rules
##
## Auxiliary configuration files.
##
classification-file: @e_sysconfdir@classification.config
reference-config-file: @e_sysconfdir@reference.config
# threshold-file: @e_sysconfdir@threshold.config
##
## Include other configs
##

Write Preview
Loading…
Cancel
Save