From: Stefan Schantl <stefan.schantl@ipfire.org>
Date: Sun, 19 Dec 2021 14:41:43 +0000 (+0100)
Subject: ids-functions.pl: Set bypass flag for whitelisted hosts.
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=c1ccae1ce33e1f8ecb05eeaff5dc7299acbbc270;p=people%2Fstevee%2Fipfire-2.x.git

ids-functions.pl: Set bypass flag for whitelisted hosts.

When adding a host to the whitelist set the bypass flag to
immediate take the load from the IDS.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
---

diff --git a/config/cfgroot/ids-functions.pl b/config/cfgroot/ids-functions.pl
index 95082fcacc..484e03ad8f 100644
--- a/config/cfgroot/ids-functions.pl
+++ b/config/cfgroot/ids-functions.pl
@@ -1692,7 +1692,7 @@ sub generate_ignore_file() {
 				# Check if the address/network is valid.
 				if ((&General::validip($address)) || (&General::validipandmask($address))) {
 					# Write rule line to the file to pass any traffic from this IP
-					print FILE "pass ip $address any -> any any (msg:\"pass all traffic from/to $address\"\; sid:$sid\;)\n";
+					print FILE "pass ip $address any -> any any (msg:\"pass all traffic from/to $address\"\; bypass; sid:$sid\;)\n";
 
 					# Increment sid.
 					$sid++;