From patchwork Wed Apr 24 05:27:53 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stefan Schantl X-Patchwork-Id: 2212 Return-Path: Received: from mail01.ipfire.org (mail01.i.ipfire.org [172.28.1.200]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail01.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by web07.i.ipfire.org (Postfix) with ESMTPS id 336A685BD82 for ; Tue, 23 Apr 2019 20:27:59 +0100 (BST) Received: from mail01.i.ipfire.org (localhost [IPv6:::1]) by mail01.ipfire.org (Postfix) with ESMTP id 44pYPp2Qwgz5H9PM; Tue, 23 Apr 2019 20:27:58 +0100 (BST) Received: from tuxedo.stevee (213162073004.public.t-mobile.at [213.162.73.4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mail01.ipfire.org (Postfix) with ESMTPSA id 44pYPl6PQrz5H9PM; Tue, 23 Apr 2019 20:27:55 +0100 (BST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=201904rsa; t=1556047676; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:references:openpgp:autocrypt; bh=bVBFCHlWwqWGN80kEP5RauNz30c7EZhHzl++rmZFP18=; b=FnoxW1c5YX1OXDvnEzjtfbNw2rQONIy9mIHJ7k0T/ejRgRHlrIrCEWP8HBLEvel32ixe0c JZw3HSUbmFOaxpQbx/nDVluu1Fd64katMjzMaqqOSfzkDgC3vmFxq1q44K8ZtyjjZLOdqJ 0A4rzUmZqPFAalVQZC/Nq1Ae6VMegcZgNfNdBAJMIEzcIGLlFIGa3zJweoD05gsX9k1GWs +kTIWUQJRLEmWDfcfK5RT0cRHyVWkWQorpXnmrKfVGQmI09zry9XlQNU2CvQq7sUhyMKuf cFm5OHeIyLigma8NMYF+miFA+PwhbtTGcHWAA/n3RhT7PD02+KBMTOIpiUVomg== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=201904ed25519; t=1556047676; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:references:openpgp:autocrypt; bh=bVBFCHlWwqWGN80kEP5RauNz30c7EZhHzl++rmZFP18=; b=pl/QqKC9y6QovXQ8zY5M4DWpIInaOJ01Xw2oS1I+erzHxp0R1EzUCY4lS9oZGLdpqpEyg6 ehI6ZiLijetgG0Dw== From: Stefan Schantl To: development@lists.ipfire.org Subject: [PATCHv2] suricata: Use device ppp0 if PPPoE dialin is used. Date: Tue, 23 Apr 2019 21:27:53 +0200 Message-Id: <20190423192753.5524-1-stefan.schantl@ipfire.org> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 Authentication-Results: mail01.ipfire.org; auth=pass smtp.auth=stevee smtp.mailfrom=stefan.schantl@ipfire.org X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" X-Spam: Yes Fixes #12058. Signed-off-by: Stefan Schantl --- src/initscripts/system/suricata | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/src/initscripts/system/suricata b/src/initscripts/system/suricata index 16548753e..ecd693054 100644 --- a/src/initscripts/system/suricata +++ b/src/initscripts/system/suricata @@ -18,6 +18,7 @@ PATH=/usr/local/sbin:/usr/local/bin:/bin:/usr/bin:/sbin:/usr/sbin; export PATH eval $(/usr/local/bin/readhash /var/ipfire/suricata/settings) +eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings) # Name of the firewall chain. FW_CHAIN="IPS" @@ -65,9 +66,18 @@ function generate_fw_rules { # Check if the IDS is enabled for this network zone. if [ "${!enable_ids_zone}" == "on" ]; then - # Generate name of the network interface. - network_device=$zone - network_device+="0" + # Check if the current processed zone is "red" and the configured type is PPPoE dialin. + if [ "$zone" == "red" ] && [ "$RED_TYPE" == "PPPOE" ]; then + # Set device name to ppp0. + network_device="ppp0" + else + # Generate variable name which contains the device name. + zone_name="$zone_upper" + zone_name+="_DEV" + + # Grab device name. + network_device=${!zone_name} + fi # Assign NFQ_OPTS NFQ_OPTIONS=$NFQ_OPTS