From patchwork Sun Aug 18 09:15:31 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Stefan Schantl <stefan.schantl@ipfire.org>
X-Patchwork-Id: 8014
Return-Path: <development-bounces@lists.ipfire.org>
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK))
	by web04.haj.ipfire.org (Postfix) with ESMTPS id 4WmqpF6HCzz3wyN
	for <patchwork@web04.haj.ipfire.org>; Sun, 18 Aug 2024 09:15:49 +0000 (UTC)
Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits)
	 client-signature ECDSA (secp384r1))
	(Client CN "mail02.haj.ipfire.org", Issuer "E5" (verified OK))
	by mail01.ipfire.org (Postfix) with ESMTPS id 4Wmqp71qw2z3j3;
	Sun, 18 Aug 2024 09:15:43 +0000 (UTC)
Received: from mail02.haj.ipfire.org (localhost [127.0.0.1])
	by mail02.haj.ipfire.org (Postfix) with ESMTP id 4Wmqp665Xmz33t4;
	Sun, 18 Aug 2024 09:15:42 +0000 (UTC)
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK))
	by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4Wmqp42Cnvz2yx3
	for <development@lists.ipfire.org>; Sun, 18 Aug 2024 09:15:40 +0000 (UTC)
Received: from [127.0.0.1] (localhost [127.0.0.1])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
 SHA256)
	(No client certificate requested)
	by mail01.ipfire.org (Postfix) with ESMTPSA id 4Wmqp26Fqrz29n;
	Sun, 18 Aug 2024 09:15:38 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org;
 s=202003rsa;
	t=1723972539;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:
	 content-transfer-encoding:content-transfer-encoding;
	bh=Cd7CNu6ZQo53kwjcbc5/Th+Dv0cm3/zvHaFAfq1EpaE=;
	b=ay4REmx11qBcqn00iSdk0zUR7dBkaG4syQDgXJwf2yhnSkVib3eR9eT6v5yxc5UilaM8P0
	7qOmv2iNsMZfEQPqEVGZhJYtX00uU0wkoKQjYgp449j4B4+KLnEtejy994IUVtH+7P4yEx
	20rVmLWf+BzMX61COC6cBsbjRgieBIecP12RGE7m4JFixteWpm6ZapC48Df5cjpVLjCEvk
	mkjSq9xV3AKufcJSVoo5t9Czyo6aWDi9fvHaX73JBEpeu8WBEvPQcTlsFRUWqriLuOxc3E
	jnGmNNECl+Eygq1NsqpNPYVBtmycq+SAsytKZENwQ5N9UZHiT9003bQbmrHJFw==
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org;
	s=202003ed25519; t=1723972539;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:
	 content-transfer-encoding:content-transfer-encoding;
	bh=Cd7CNu6ZQo53kwjcbc5/Th+Dv0cm3/zvHaFAfq1EpaE=;
	b=GahYgfDqoPcozcLpCBV1iIc8nvJOxz7cN54G6LSjHUPtwNJ7FN/5501Jqd6HB5lxONHJQ5
	XaQFIyU/yksDXuBg==
From: Stefan Schantl <stefan.schantl@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH] suricata: Use correct red device when using QMI
Date: Sun, 18 Aug 2024 11:15:31 +0200
Message-Id: <20240818091531.2614-1-stefan.schantl@ipfire.org>
MIME-Version: 1.0
Message-ID-Hash: AGEUIXDP3SEGGSYPWTV7NPR255UTMMDL
X-Message-ID-Hash: AGEUIXDP3SEGGSYPWTV7NPR255UTMMDL
X-MailFrom: stefan.schantl@ipfire.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 digests; suspicious-header
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: IPFire development talk <development.lists.ipfire.org>
Archived-At: 
 <https://lists.ipfire.org/hyperkitty/list/development@lists.ipfire.org/message/AGEUIXDP3SEGGSYPWTV7NPR255UTMMDL/>
List-Archive: 
 <https://lists.ipfire.org/hyperkitty/list/development@lists.ipfire.org/>
List-Help: <mailto:development-request@lists.ipfire.org?subject=help>
List-Owner: <mailto:development-owner@lists.ipfire.org>
List-Post: <mailto:development@lists.ipfire.org>
List-Subscribe: <mailto:development-join@lists.ipfire.org>
List-Unsubscribe: <mailto:development-leave@lists.ipfire.org>

When using QMI the dial-in option has to be set to "ppp" during setup.

In this case the initscript of suricata will create all related firewall
rules for the ppp0 interface which is not correct when using QMI where
the RED device is called red0.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
---
 src/initscripts/system/suricata | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/initscripts/system/suricata b/src/initscripts/system/suricata
index 938ea66de..79f9478c3 100644
--- a/src/initscripts/system/suricata
+++ b/src/initscripts/system/suricata
@@ -86,7 +86,7 @@ function generate_fw_rules {
 		# Check if the IDS is enabled for this network zone.
 		if [ "${!enable_ids_zone}" == "on" ]; then
 			# Check if the current processed zone is "red" and the configured type is PPPoE dialin.
-			if [ "$zone" == "red" ] && [ "$RED_TYPE" == "PPPOE" ]; then
+			if [ "$zone" == "red" ] && [ "$RED_TYPE" == "PPPOE" ] && [ "$RED_DRIVER" != "qmi_wwan" ]; then
 				# Set device name to ppp0.
 				network_device="ppp0"
 			elif [ "$zone" == "ovpn" ]; then