snort3: add missing action-override option

Allow use of rules as-defined, and don't override their actions.  This
is generally the best way to use the ruleset, and overriding their
actions should only be undertaken when you fully understand how it
affects their use.

Signed-off-by: Eric Fahlgren <ericfahlgren@gmail.com>

diff --git a/net/snort3/Makefile b/net/snort3/Makefile
index 06f543e8b03fcea436f4dfd3e89d9920aa853c22..d8fd43972ced1f0dc9aeca234a09c75844287c47 100644 (file)
--- a/net/snort3/Makefile
+++ b/net/snort3/Makefile
@@ -7,7 +7,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=snort3
 PKG_VERSION:=3.1.77.0
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE:=$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://github.com/snort3/snort3/archive/refs/tags/

diff --git a/net/snort3/files/main.uc b/net/snort3/files/main.uc
index c8e039417b292a0a7a994f20bf8a0a006ff8fdd5..3a15f73c69e03d19f9e8df45677e530f52d55504 100644 (file)
--- a/net/snort3/files/main.uc
+++ b/net/snort3/files/main.uc
@@ -90,7 +90,7 @@ const snort_config = {
 
        mode:            config_item("enum",  [ "ids", "ips" ]),
        method:          config_item("enum",  [ "pcap", "afpacket", "nfq" ]),
-       action:          config_item("enum",  [ "alert", "block", "drop", "reject" ]),
+       action:          config_item("enum",  [ "default", "alert", "block", "drop", "reject" ]),
        interface:       config_item("str",   [ uci.get("network", "wan", "device") ]),
        snaplen:         config_item("range", [ 1518, 65535 ]),     // int daq.snaplen = 1518: set snap length (same as -s) { 0:65535 }
 
@@ -137,7 +137,9 @@ snort
                       PID file (why?).  Default /var/log
     openappid       - Enabled inspection using the 'openappid' package
                       See 'opkg info openappid'
-    action          - 'alert', 'block', 'reject' or 'drop'
+    action          - Override the specified action of your rules.  One of 'default',
+                      'alert', 'block', 'reject' or 'drop', where 'default' means use
+                      the rule as defined and don't override.
     method          - 'pcap', 'afpacket' or 'nfq'
     snaplen         - int daq.snaplen = 1518: set snap length (same as -s) { 0:65535 }
     include         - User-defined snort configuration, applied at end of generated snort.lua

diff --git a/net/snort3/files/snort.config b/net/snort3/files/snort.config
index b7d37901047ffb881f2c85ec48fa8565c5c088f4..e6b5164513a86b4e7acb32004e4361b7a2d74d76 100644 (file)
--- a/net/snort3/files/snort.config
+++ b/net/snort3/files/snort.config
@@ -25,7 +25,9 @@
 #                       PID file (why?).  Default /var/log
 #     openappid       - Enabled inspection using the 'openappid' package
 #                       See 'opkg info openappid'
-#     action          - 'alert', 'block', 'reject' or 'drop'
+#     action          - Override the specified action of your rules.  One of 'default',
+#                       'alert', 'block', 'reject' or 'drop', where 'default' means use
+#                       the rule as defined and don't override.
 #     method          - 'pcap', 'afpacket' or 'nfq'
 #     snaplen         - int daq.snaplen = 1518: set snap length (same as -s) { 0:65535 }
 #     include         - User-defined snort configuration, applied at end of generated snort.lua
@@ -59,7 +61,7 @@ config snort 'snort'
        option openappid       '0'              # one of [0, 1]
        option mode            'ids'            # one of [ids, ips]
        option method          'pcap'           # one of [pcap, afpacket, nfq]
-       option action          'alert'          # one of [alert, block, drop, reject]
+       option action          'default'        # one of [default, alert, block, drop, reject]
        option interface       'eth0'           # a string
        option snaplen         '1518'           # 1518 <= x <= 65535
        option include         ''               # a path string

diff --git a/net/snort3/files/snort.uc b/net/snort3/files/snort.uc
index dc36e898d2c9955929b0754fc111a9e0e35575a9..62dae71ca0c4190a60756502a3b196beb84ee218 100644 (file)
--- a/net/snort3/files/snort.uc
+++ b/net/snort3/files/snort.uc
@@ -52,7 +52,9 @@ snort  = {
 ips = {
   mode            = '{{ line_mode }}',
   variables       = default_variables,
+{% if (snort.action != 'default'): %}
   action_override = '{{ snort.action }}',
+{% endif %}
 {% if (getenv("_SNORT_WITHOUT_RULES") == "1"): %}
   -- WARNING: THIS IS A TEST-ONLY CONFIGURATION WITHOUT ANY RULES.
 {% else %}