firewall: move config into yaml object

author Victor Julien <vjulien@oisf.net>

Wed, 11 Jun 2025 07:25:44 +0000 (09:25 +0200)

committer Victor Julien <victor@inliniac.net>

Wed, 11 Jun 2025 18:49:16 +0000 (20:49 +0200)
author Victor Julien <vjulien@oisf.net>
Wed, 11 Jun 2025 07:25:44 +0000 (09:25 +0200)
committer Victor Julien <victor@inliniac.net>
Wed, 11 Jun 2025 18:49:16 +0000 (20:49 +0200)
diff --git a/src/detect-engine-loader.c b/src/detect-engine-loader.c

index 9384aa541558010b9f7b1fb14f4d731101ac1b3b..e474e5d38af175e6872428e267e179dd69d4ee1f 100644 (file)
--- a/src/detect-engine-loader.c
+++ b/src/detect-engine-loader.c
@@ -323,14 +323,14 @@ static int LoadFirewallRuleFiles(DetectEngineCtx *de_ctx)
          return 0;
      }
  
-    SCConfNode *default_fw_rule_path = SCConfGetNode("firewall-rule-path");
+    SCConfNode *default_fw_rule_path = SCConfGetNode("firewall.rule-path");
      if (default_fw_rule_path == NULL) {
-        SCLogNotice("fw: firewall-rule-path not defined, skip loading firewall rules");
+        SCLogNotice("fw: firewall.rule-path not defined, skip loading firewall rules");
          return 0;
      }
-    SCConfNode *rule_files = SCConfGetNode("firewall-rule-files");
+    SCConfNode *rule_files = SCConfGetNode("firewall.rule-files");
      if (rule_files == NULL) {
-        SCLogNotice("fw: firewall-rule-files not defined, skip loading firewall rules");
+        SCLogNotice("fw: firewall.rule-files not defined, skip loading firewall rules");
          return 0;
      }
  
@@ -340,7 +340,7 @@ static int LoadFirewallRuleFiles(DetectEngineCtx *de_ctx)
          int32_t bad_sigs = 0;
          int32_t skipped_sigs = 0;
  
-        char *sfile = DetectLoadCompleteSigPathWithKey(de_ctx, "firewall-rule-path", file->val);
+        char *sfile = DetectLoadCompleteSigPathWithKey(de_ctx, "firewall.rule-path", file->val);
          SCLogNotice("fw: rule file full path \"%s\"", sfile);
  
          int ret = DetectLoadSigFile(de_ctx, sfile, &good_sigs, &bad_sigs, &skipped_sigs, true);
diff --git a/suricata.yaml.in b/suricata.yaml.in

index 49ee5eb92b7ef1030cac9fd17dcf323c29204e4c..9ff696a99928066f48b18c313b49b1458f34789c 100644 (file)
--- a/suricata.yaml.in
+++ b/suricata.yaml.in
@@ -2301,20 +2301,6 @@ default-rule-path: @e_defaultruledir@
  rule-files:
    - suricata.rules
  
-##
-## Suricata as a Firewall options (experimental)
-##
-
-# Firewall rule file are in their own path and are not managed
-# by Suricata-Update.
-#firewall-rule-path: /etc/suricata/firewall/
-
-# List of files with firewall rules. Order matters, files are loaded
-# in order and rules are applied in that order (per state, see docs)
-#firewall-rule-files:
-#  - firewall.rules
-
-
  ##
  ## Auxiliary configuration files.
  ##
@@ -2323,6 +2309,20 @@ classification-file: @e_sysconfdir@classification.config
  reference-config-file: @e_sysconfdir@reference.config
  # threshold-file: @e_sysconfdir@threshold.config
  
+##
+## Suricata as a Firewall options (experimental)
+##
+firewall:
+  # Firewall rule file are in their own path and are not managed
+  # by Suricata-Update.
+  #rule-path: /etc/suricata/firewall/
+
+  # List of files with firewall rules. Order matters, files are loaded
+  # in order and rules are applied in that order (per state, see docs)
+  #rule-files:
+  #  - firewall.rules
+
+
  ##
  ## Include other configs
  ##
author	Victor Julien <vjulien@oisf.net>
	Wed, 11 Jun 2025 07:25:44 +0000 (09:25 +0200)
committer	Victor Julien <victor@inliniac.net>
	Wed, 11 Jun 2025 18:49:16 +0000 (20:49 +0200)
src/detect-engine-loader.c		patch \| blob \| blame \| history
suricata.yaml.in		patch \| blob \| blame \| history