ids-functions.pl: Introduce file for local rules.

[people/pmueller/ipfire-2.x.git] / config / cfgroot / ids-functions.pl

diff --git a/config/cfgroot/ids-functions.pl b/config/cfgroot/ids-functions.pl
index 3fa19fab7b2fe2b3887051606b9f3ee0956b7fda..3cfe837dbc0c1441a41fc1499dcdc3158547cf8c 100644 (file)
--- a/config/cfgroot/ids-functions.pl
+++ b/config/cfgroot/ids-functions.pl
@@ -67,6 +67,9 @@ our $ids_page_lock_file = "/tmp/ids_page_locked";
 # Location where the rulefiles are stored.
 our $rulespath = "/var/lib/suricata";
 
+# Location to store local rules. This file will not be touched.
+our $local_rules_file = "$rulespath/local.rules";
+
 # File which contains the rules to whitelist addresses on suricata.
 our $whitelist_file = "$rulespath/whitelist.rules";
 
@@ -581,6 +584,9 @@ sub _cleanup_rulesdir() {
                # Skip rules file for whitelisted hosts.
                next if ("$rulespath/$file" eq $whitelist_file);
 
+               # Skip rules file with local rules.
+               next if ("$rulespath/$file" eq $local_rules_file);
+
                # Delete the current processed file, if not, exit this function
                # and return an error message.
                unlink("$rulespath/$file") or return "Could not delete $rulespath/$file. $!\n";