Merge branch 'master' of ssh://git.ipfire.org/pub/git/ipfire-2.x

[people/mfischer/ipfire-2.x.git] / config / cfgroot / ids-functions.pl

diff --git a/config/cfgroot/ids-functions.pl b/config/cfgroot/ids-functions.pl
index 37dd42b03f06d18b95e50c0d77180d9f76b3cd82..94dccc8ae38fb1fbf401efb2e0c9ffad7815265a 100644 (file)
--- a/config/cfgroot/ids-functions.pl
+++ b/config/cfgroot/ids-functions.pl
@@ -280,7 +280,15 @@ sub downloadruleset ($) {
        use LWP::UserAgent;
 
        # Init the download module.
-       my $downloader = LWP::UserAgent->new;
+       #
+       # Request SSL hostname verification and specify path
+       # to the CA file.
+       my $downloader = LWP::UserAgent->new(
+               ssl_opts => {
+                       SSL_ca_file     => '/etc/ssl/cert.pem',
+                       verify_hostname => 1,
+               }
+       );
 
        # Set timeout to 10 seconds.
        $downloader->timeout(10);
@@ -536,6 +544,15 @@ sub extractruleset ($) {
 
                        # Handle rules files.
                        } elsif ($file =~ m/\.rules$/) {
+                               # Skip rule files which are not located in the rules directory or archive root.
+                               next unless(($packed_file =~ /^rules\//) || ($packed_file !~ /\//));
+
+                               # Skip deleted.rules.
+                               #
+                               # Mostly they have been taken out for correctness or performance reasons and therfore
+                               # it is not a great idea to enable any of them.
+                               next if($file =~ m/deleted.rules$/);
+
                                my $rulesfilename;
 
                                # Splitt the filename into chunks.