Bug 161286 - security/snort update: multi-interface patch for snort.sh.in
Summary: security/snort update: multi-interface patch for snort.sh.in
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Ryan Steinmetz
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-10-04 20:40 UTC by Michael Scheidell
Modified: 2011-12-08 00:00 UTC (History)
0 users

See Also:

Attachments
file.diff (1.14 KB, patch)
2011-10-04 20:40 UTC, Michael Scheidell 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Scheidell 2011-10-04 20:40:09 UTC 
based on swatch_1.conf multi-conf files, and barnard2_1.conf files. this will allow multiple interfaces to be used with one copy of snort multiple interfaces, multiple conf files, one rc.d file.

(I use it like:
snort_rules="bge0 bge1"
barnyard2_rules="$snort_rules"

note: if you have multiple snort on one interface, you need to use additional rc.conf options to separate out pid's

Fix: this patch:
(can be applied to snort 2.8.x also)
note: I don't think you need to do a ports bump.
if you need this, you add it. if not, no reason to rebuild ports.
note2: upward compatible to only one conf file

note3: you can do one conf/inf at a time with:

service snort restart bge0




Patch attached with submission follows:
How-To-Repeat: use multiple interfaces, and/ or snort instances.
Comment 1 Edwin Groothuis freebsd_committer freebsd_triage 2011-10-04 20:40:20 UTC 
Responsible Changed
From-To: freebsd-ports-bugs->gabor

gabor@ wants his PRs (via the GNATS Auto Assign Tool)
Comment 2 Edwin Groothuis freebsd_committer freebsd_triage 2011-10-04 20:40:23 UTC 
Maintainer of security/snort,

Please note that PR ports/161286 has just been submitted.

If it contains a patch for an upgrade, an enhancement or a bug fix
you agree on, reply to this email stating that you approve the patch
and a committer will take care of it.

The full text of the PR can be found at:
    http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/161286

-- 
Edwin Groothuis via the GNATS Auto Assign Tool
edwin@FreeBSD.org
Comment 3 Edwin Groothuis freebsd_committer freebsd_triage 2011-10-04 20:40:25 UTC 
State Changed
From-To: open->feedback

Awaiting maintainers feedback (via the GNATS Auto Assign Tool)
Comment 4 Michael Scheidell 2011-10-07 20:06:38 UTC 
patch applies fine to snort 2.9.1.1 also.


-- 
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
 >*| *SECNAP Network Security Corporation

    * Best Mobile Solutions Product of 2011
    * Best Intrusion Prevention Product
    * Hot Company Finalist 2011
    * Best Email Security Product
    * Certified SNORT Integrator

______________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r). 
For Information please see http://www.spammertrap.com/
______________________________________________________________________
Comment 5 Mark Linimon freebsd_committer freebsd_triage 2011-11-20 23:42:32 UTC 
Responsible Changed
From-To: gabor->zi

Over to maintainer.
Comment 6 dfilter service freebsd_committer freebsd_triage 2011-12-07 23:54:53 UTC 
zi          2011-12-07 23:54:45 UTC

  FreeBSD ports repository

  Modified files:
    security/snort/files snort.sh.in 
  Log:
  - Introduce multi-interface/instance support in rc script
  
  PR:             ports/161286
  Submitted by:   Michael Scheidell <scheidell@secnap.net>
  Feature safe:   yes
  
  Revision  Changes    Path
  1.7       +31 -4     ports/security/snort/files/snort.sh.in
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Comment 7 Ryan Steinmetz freebsd_committer freebsd_triage 2011-12-07 23:54:57 UTC 
State Changed
From-To: feedback->closed

Committed. Thanks!