X-Git-Url: http://git.ipfire.org/?p=ipfire-2.x.git;a=blobdiff_plain;f=src%2Finitscripts%2Finit.d%2Fsnort;h=544609434e529425d1305fa7723abf9105d43077;hp=a2db0de0fb4286095caabe0dd2724dc5be843c60;hb=405401cba4cdc65b411474c9f7c628c490aed9db;hpb=0f8a65cbe11e12bcf212a3663541c87d362e7972

diff --git a/src/initscripts/init.d/snort b/src/initscripts/init.d/snort
index a2db0de0fb..544609434e 100644
--- a/src/initscripts/init.d/snort
+++ b/src/initscripts/init.d/snort
@@ -62,10 +62,21 @@ fi
 
 case "$1" in
         start)
+		# Disable incompatible rules
+                boot_mesg "Check/Fix Intrusion Detection rules..."
+		for file in $(ls /etc/snort/rules/*.rules 2>/dev/null); do
+			sed -i 's|^alert.*!\[\$DNS_SERVERS|#&|g' $file
+			sed -i 's|^alert.*!\$SSH_PORTS|#&|g' $file
+			sed -i 's|^alert.*!\$HOME_NET|#&|g' $file
+			sed -i 's|^alert.*!\$SQL_SERVERS|#&|g' $file
+		done
+		echo_ok
+
                 for DEVICE in $DEVICES; do
                         boot_mesg "Starting Intrusion Detection System on $DEVICE..."
                         /usr/sbin/snort -c /etc/snort/snort.conf -i $DEVICE -D -l /var/log/snort --create-pidfile --nolock-pidfile --pid-path /var/run/
                         evaluate_retval
+			sleep 1
                         chmod 644 /var/run/snort_$DEVICE.pid
                 done