suricata: Do not always convert rules to be bi-directional
authorMichael Tremer <michael.tremer@ipfire.org>
Sun, 21 Apr 2019 00:32:07 +0000 (01:32 +0100)
committerArne Fitzenreiter <arne_f@ipfire.org>
Tue, 23 Apr 2019 20:03:33 +0000 (22:03 +0200)
This creates some overhead that we do not need and rules need to
be adjusted to match any direction they are supposed to match.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
config/cfgroot/ids-functions.pl

index 5496df1..deb287b 100644 (file)
@@ -742,9 +742,6 @@ sub write_modify_sids_file($) {
        # Write file header.
        print FILE "#Autogenerated file. Any custom changes will be overwritten!\n";
 
-       # Tune rules to monitor in both directions.
-       print FILE "modifysid \* \"\-\>\" \| \"\<\>\"\n";
-
        # Check if the traffic only should be monitored.
        unless($ruleaction eq "alert") {
                # Tell oinkmaster to switch all rules from alert to drop.