suricata: Do not always convert rules to be bi-directional

This creates some overhead that we do not need and rules need to
be adjusted to match any direction they are supposed to match.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/config/cfgroot/ids-functions.pl b/config/cfgroot/ids-functions.pl
index 5496df1a9843c26b9f12a0d7ed6d08475ed30357..deb287bb76885f6b2b6c66a1906385e473bc2504 100644 (file)
--- a/config/cfgroot/ids-functions.pl
+++ b/config/cfgroot/ids-functions.pl
@@ -742,9 +742,6 @@ sub write_modify_sids_file($) {
        # Write file header.
        print FILE "#Autogenerated file. Any custom changes will be overwritten!\n";
 
-       # Tune rules to monitor in both directions.
-       print FILE "modifysid \* \"\-\>\" \| \"\<\>\"\n";
-
        # Check if the traffic only should be monitored.
        unless($ruleaction eq "alert") {
                # Tell oinkmaster to switch all rules from alert to drop.

diff --git a/config/rootfiles/core/132/filelists/files b/config/rootfiles/core/132/filelists/files
index 52e26c375484035b48926e23ec2457d80509310a..518885217329a803a50493249bf7cbf477ccb584 100644 (file)
--- a/config/rootfiles/core/132/filelists/files
+++ b/config/rootfiles/core/132/filelists/files
@@ -3,4 +3,5 @@ etc/issue
 etc/suricata/suricata.yaml
 srv/web/ipfire/cgi-bin/credits.cgi
 srv/web/ipfire/cgi-bin/proxy.cgi
+var/ipfire/ids-functions.pl
 var/ipfire/lang