eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
eval $(/usr/local/bin/readhash /var/ipfire/snort/settings)
+ALIASFILE="/var/ipfire/ethernet/aliases"
+
case "$1" in
start)
if [ "$BLUE_NETADDRESS" ]; then
if [ "$LOCAL_IP" ]; then
HOMENET+="$LOCAL_IP,"
fi
+
+ # Check if the red device is set to static and
+ # any aliases have been configured.
+ if [ "${RED_TYPE}" == "STATIC" ] && [ -s "${ALIASFILE}" ]; then
+ # Read in aliases file.
+ while IFS="," read -r address mode remark; do
+ # Check if the alias is enabled.
+ [ "${mode}" = "on" ] || continue
+
+ # Add alias to the list of HOMENET addresses.
+ HOMENET+="${address},"
+ done < "${ALIASFILE}"
+ fi
fi
HOMENET+="127.0.0.1"
- echo "var HOME_NET [$HOMENET]" > /etc/snort/vars
+ echo "ipvar HOME_NET [$HOMENET]" > /etc/snort/vars
DNS1=`cat /var/ipfire/red/dns1 2>/dev/null`
DNS2=`cat /var/ipfire/red/dns2 2>/dev/null`
if [ "$DNS2" ]; then
- echo "var DNS_SERVERS [$DNS1,$DNS2]" >> /etc/snort/vars
+ echo "ipvar DNS_SERVERS [$DNS1,$DNS2]" >> /etc/snort/vars
else
- echo "var DNS_SERVERS $DNS1" >> /etc/snort/vars
+ echo "ipvar DNS_SERVERS $DNS1" >> /etc/snort/vars
fi
for DEVICE in $DEVICES; do
boot_mesg "Starting Intrusion Detection System on $DEVICE..."
- /usr/sbin/snort -c /etc/snort/snort.conf -i $DEVICE -D -l /var/log/snort --create-pidfile --nolock-pidfile --pid-path /var/run/
+ /usr/sbin/snort -c /etc/snort/snort.conf -i $DEVICE -D -l /var/log/snort --create-pidfile --nolock-pidfile --pid-path /var/run
evaluate_retval
sleep 1
chmod 644 /var/run/snort_$DEVICE.pid
rm /var/run/snort_* >/dev/null 2>/dev/null
- if [ -r /var/ipfire/guardian/enable ]; then
+ if ([ -r /var/ipfire/guardian/enable ] || [ ! -z $(pidofproc /usr/local/bin/guardian.pl) ]); then
boot_mesg "Stopping Guardian..."
killproc /usr/local/bin/guardian.pl
fi
projects / people / jschlag / ipfire-2.x.git / blobdiff