From: Michael Tremer <michael.tremer@ipfire.org>
Date: Sun, 21 Apr 2019 00:32:07 +0000 (+0100)
Subject: suricata: Do not always convert rules to be bi-directional
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=56f6d107ff152748a0330a99ab39ad66880ff64b;p=people%2Fms%2Fipfire-2.x.git

suricata: Do not always convert rules to be bi-directional

This creates some overhead that we do not need and rules need to
be adjusted to match any direction they are supposed to match.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/config/cfgroot/ids-functions.pl b/config/cfgroot/ids-functions.pl
index 5496df1a98..deb287bb76 100644
--- a/config/cfgroot/ids-functions.pl
+++ b/config/cfgroot/ids-functions.pl
@@ -742,9 +742,6 @@ sub write_modify_sids_file($) {
 	# Write file header.
 	print FILE "#Autogenerated file. Any custom changes will be overwritten!\n";
 
-	# Tune rules to monitor in both directions.
-	print FILE "modifysid \* \"\-\>\" \| \"\<\>\"\n";
-
 	# Check if the traffic only should be monitored.
 	unless($ruleaction eq "alert") {
 		# Tell oinkmaster to switch all rules from alert to drop.