From: Stefan Schantl <stefan.schantl@ipfire.org>
Date: Tue, 23 Apr 2019 19:27:53 +0000 (+0200)
Subject: suricata: Use device ppp0 if PPPoE dialin is used.
X-Git-Tag: v2.23-core133~191
X-Git-Url: http://git.ipfire.org/?p=ipfire-2.x.git;a=commitdiff_plain;h=372975ed0c9f1a32d673d6f34217af530375354f

suricata: Use device ppp0 if PPPoE dialin is used.

Fixes #12058.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/src/initscripts/system/suricata b/src/initscripts/system/suricata
index 16548753e9..ecd6930541 100644
--- a/src/initscripts/system/suricata
+++ b/src/initscripts/system/suricata
@@ -18,6 +18,7 @@
 PATH=/usr/local/sbin:/usr/local/bin:/bin:/usr/bin:/sbin:/usr/sbin; export PATH
 
 eval $(/usr/local/bin/readhash /var/ipfire/suricata/settings)
+eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
 
 # Name of the firewall chain.
 FW_CHAIN="IPS"
@@ -65,9 +66,18 @@ function generate_fw_rules {
 
 		# Check if the IDS is enabled for this network zone.
 		if [ "${!enable_ids_zone}" == "on" ]; then
-			# Generate name of the network interface.
-			network_device=$zone
-			network_device+="0"
+			# Check if the current processed zone is "red" and the configured type is PPPoE dialin.
+			if [ "$zone" == "red" ] && [ "$RED_TYPE" == "PPPOE" ]; then
+				# Set device name to ppp0.
+				network_device="ppp0"
+			else
+				# Generate variable name which contains the device name.
+				zone_name="$zone_upper"
+				zone_name+="_DEV"
+
+				# Grab device name.
+				network_device=${!zone_name}
+			fi
 
 			# Assign NFQ_OPTS
 			NFQ_OPTIONS=$NFQ_OPTS