aboutsummaryrefslogtreecommitdiffstats
path: root/security/snort
diff options
context:
space:
mode:
authorzi <zi@FreeBSD.org>2011-12-08 07:54:45 +0800
committerzi <zi@FreeBSD.org>2011-12-08 07:54:45 +0800
commit3f05139d198aa44c72224246bb9094e7c18d8224 (patch)
treebc4e75739bdc88d3c3584dd5b32cc0f340507be8 /security/snort
parent18e58d92b13cf2a1fb407ec076c7b68416e8cce6 (diff)
downloadfreebsd-ports-gnome-3f05139d198aa44c72224246bb9094e7c18d8224.tar.gz
freebsd-ports-gnome-3f05139d198aa44c72224246bb9094e7c18d8224.tar.zst
freebsd-ports-gnome-3f05139d198aa44c72224246bb9094e7c18d8224.zip
- Introduce multi-interface/instance support in rc script
PR: ports/161286 Submitted by: Michael Scheidell <scheidell@secnap.net> Feature safe: yes
Diffstat (limited to 'security/snort')
-rw-r--r--security/snort/files/snort.sh.in33
1 files changed, 30 insertions, 3 deletions
diff --git a/security/snort/files/snort.sh.in b/security/snort/files/snort.sh.in
index aa858001fa5f..6f7aef1045ed 100644
--- a/security/snort/files/snort.sh.in
+++ b/security/snort/files/snort.sh.in
@@ -12,16 +12,19 @@
# snort_flags (str): Extra flags passed to snort
# Default: -D -q
# snort_interface (str): Network interface to sniff
-# Default: ""
+# Default: ""
# snort_conf (str): Snort configuration file
# Default: ${PREFIX}/etc/snort/snort.conf
# snort_expression (str): filter expression
-# If your expression is very long, set
+# If your expression is very long, set
# kern.ps_arg_cache_limit sysctl variable
# to large value. Otherwise, snort won't
# restart!
# Default: ""
#
+# To enable multi interface, use:
+# snort_rules="eth0 eth1"
+# defaults will follow, snort.conf becomes 'snort_eth0.conf', etc.
. /etc/rc.subr
@@ -42,4 +45,28 @@ load_rc_config $name
[ -n "$snort_conf" ] && snort_flags="$snort_flags -c $snort_conf"
[ -n "$snort_expression" ] && snort_flags="$snort_flags $snort_expression"
-run_rc_command "$1"
+if [ -n "$snort_rules" ]; then
+ _1=$1
+ if [ $# -gt 1 ]; then shift; snort_rules=$*; fi
+ snort_conf=""
+ snort_flags=""
+ rc=0
+ for i in ${snort_rules}; do
+ eval _conf=\$snort_${i}_conf
+ eval _flags=\$snort_${i}_flags
+ [ -z "$_flags" ] && _flags="-D -q"
+ eval _intf=\$snort_${i}_interface
+ eval _expr=\$snort_${i}_expression
+ if [ -n "$_intf" ] ;then
+ _conf="$_conf -i $_intf"
+ eval pidfile="/var/run/snort_$_intf.pid"
+ fi
+ command_args="$_flags -c $_conf $_expr"
+ run_rc_command "$_1"
+ if [ $? -ne 0 ]; then rc=1; fi
+ unset _pidcmd _rc_restart_done
+ done
+ exit $rc
+else
+ run_rc_command "$1"
+fi