ids-functions.pl: Tune rules to always monitor in both directions.
authorStefan Schantl <stefan.schantl@ipfire.org>
Mon, 18 Feb 2019 09:55:27 +0000 (10:55 +0100)
committerStefan Schantl <stefan.schantl@ipfire.org>
Mon, 18 Feb 2019 09:55:27 +0000 (10:55 +0100)
This will allow to scan the traffic from an EXTERNAL_NET to the HOME_NET and from
the HOME_NET to the EXTERNAL_NET.

Reference: 10273

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
config/cfgroot/ids-functions.pl

index 042a976..016c0e4 100644 (file)
@@ -742,6 +742,9 @@ sub write_modify_sids_file($) {
        # Write file header.
        print FILE "#Autogenerated file. Any custom changes will be overwritten!\n";
 
+       # Tune rules to monitor in both directions.
+       print FILE "modifysid \* \"\-\>\" \| \"\<\>\"\n";
+
        # Check if the traffic only should be monitored.
        unless($ruleaction eq "alert") {
                # Tell oinkmaster to switch all rules from alert to drop.