]> git.ipfire.org Git - dbl.git/commitdiff
projects / dbl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 2608a8d)
exporters: Generate unique SIDs for all Suricata rules
authorMichael Tremer <michael.tremer@ipfire.org>
Wed, 7 Jan 2026 11:10:39 +0000 (11:10 +0000)
committerMichael Tremer <michael.tremer@ipfire.org>
Wed, 7 Jan 2026 11:10:39 +0000 (11:10 +0000)
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
src/dnsbl/exporters.py patch | blob | blame | history

diff --git a/src/dnsbl/exporters.py b/src/dnsbl/exporters.py
index e154c143005c00f5f5980a565b4ab7b0d02eef45..4970dcfebd2ace3feed5d7298b51acfd11a7cfcc 100644 (file)
--- a/src/dnsbl/exporters.py
+++ b/src/dnsbl/exporters.py
@@ -427,6 +427,9 @@ class SuricataRulesExporter(TextExporter):
                # For example, blocking some advertising has a lower priority than accessing
                # a malware/phishing domain.
 
+               # Shift the ID of the list to the higher 16 bits and append the offset
+               sid = self.list.id << 16
+
                rules = {
                        # DNS
                        "dns" : {
@@ -441,7 +444,7 @@ class SuricataRulesExporter(TextExporter):
                                ),
                                "classtype" : "policy-violation",
                                "priority"  : "3",
-                               "sid"       : "1",
+                               "sid"       : sid | 1,
                                "rev"       : "1",
                                "reference" : (
                                        "url",
@@ -465,7 +468,7 @@ class SuricataRulesExporter(TextExporter):
                                ),
                                "classtype" : "policy-violation",
                                "priority"  : "3",
-                               "sid"       : "1",
+                               "sid"       : sid | 2,
                                "rev"       : "1",
                                "reference" : (
                                        "url",
@@ -489,7 +492,7 @@ class SuricataRulesExporter(TextExporter):
                                ),
                                "classtype" : "policy-violation",
                                "priority"  : "3",
-                               "sid"       : "1",
+                               "sid"       : sid | 3,
                                "rev"       : "1",
                                "reference" : (
                                        "url",
@@ -513,7 +516,7 @@ class SuricataRulesExporter(TextExporter):
                                ),
                                "classtype" : "policy-violation",
                                "priority"  : "3",
-                               "sid"       : "1",
+                               "sid"       : sid | 4,
                                "rev"       : "1",
                                "reference" : (
                                        "url",
A DNS Blocklist Compositor For IPFire