From patchwork Wed Apr 24 04:26:14 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stefan Schantl X-Patchwork-Id: 2209 Return-Path: Received: from mail01.ipfire.org (mail01.i.ipfire.org [172.28.1.200]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail01.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by web07.i.ipfire.org (Postfix) with ESMTPS id 1D4AE85BD81 for ; Tue, 23 Apr 2019 19:26:23 +0100 (BST) Received: from mail01.i.ipfire.org (localhost [IPv6:::1]) by mail01.ipfire.org (Postfix) with ESMTP id 44pX2j5PtPz5H9PP; Tue, 23 Apr 2019 19:26:21 +0100 (BST) Received: from tuxedo.stevee (213162073004.public.t-mobile.at [213.162.73.4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mail01.ipfire.org (Postfix) with ESMTPSA id 44pX2f1RQMz5H9PM; Tue, 23 Apr 2019 19:26:18 +0100 (BST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=201904rsa; t=1556043978; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:references:openpgp:autocrypt; bh=0TSHVwCWjXkWRy5xTtahVjMq+U287TSSU+ywqR4nrRw=; b=lX5tBr4d7tn3HZhn7eyNOgn+45u3H4d1P9tXP0OaX1VNItcYe7RzK30ODil/Yb2nvINGRd pYeSQbYYxw7vYF1JMrPGs1wukqxI0DoIgVQ5svLg++gGm0hb5BD46EBEOx47TMHi66+1MN HLWIPU34jknbgNudg02DAU1M16U9AtOud5RyCVpvnFQfhFC3kkbQF3B9fxrJcux6RZxiY+ upV9DKr6K8V8zl/pH7ND7bQiJRNhleG+xBnaJFlR072WXRwZJfTMouYQyPaUmGrJr8hd7d 0vTXvGsTQW9czY/2T9UEY2e/z07ZiUOBkJ07+gsGk+SjPojQa5y1ntvKM5TlzA== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=201904ed25519; t=1556043978; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:references:openpgp:autocrypt; bh=0TSHVwCWjXkWRy5xTtahVjMq+U287TSSU+ywqR4nrRw=; b=83FQv1/AfhzhLZAkm0kDzBKsLHK3FOkUfceN9x1ym0qSfW0/f+yB8dbujivsIoWeneip/Y 6j/gzA5sAw+Cr9CA== From: Stefan Schantl To: development@lists.ipfire.org Subject: [PATCH] suricata: Use device ppp0 if PPPoE dialin is used. Date: Tue, 23 Apr 2019 20:26:14 +0200 Message-Id: <20190423182614.4198-1-stefan.schantl@ipfire.org> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 Authentication-Results: mail01.ipfire.org; auth=pass smtp.auth=stevee smtp.mailfrom=stefan.schantl@ipfire.org X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" X-Spam: Yes Fixes #12058 Signed-off-by: Stefan Schantl --- src/initscripts/system/suricata | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/src/initscripts/system/suricata b/src/initscripts/system/suricata index 16548753e..b407afa3c 100644 --- a/src/initscripts/system/suricata +++ b/src/initscripts/system/suricata @@ -18,6 +18,7 @@ PATH=/usr/local/sbin:/usr/local/bin:/bin:/usr/bin:/sbin:/usr/sbin; export PATH eval $(/usr/local/bin/readhash /var/ipfire/suricata/settings) +eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings) # Name of the firewall chain. FW_CHAIN="IPS" @@ -65,8 +66,16 @@ function generate_fw_rules { # Check if the IDS is enabled for this network zone. if [ "${!enable_ids_zone}" == "on" ]; then - # Generate name of the network interface. - network_device=$zone + # Check if the current processed zone is "red" and the configured type is PPPoE dialin. + if [ "$zone" == "red" ] && [ "$RED_TYPE" == "PPPOE" ]; then + # Set device name to ppp. + network_device="ppp" + else + # The device name is identical with the zone name. + network_device=$zone + fi + + # Finish generation of the device name. network_device+="0" # Assign NFQ_OPTS