On 3/16/07, Ying Wong <[EMAIL PROTECTED]> wrote:
It sure feels weird to reply to myself but I have found a solution to
this problem in case anybody has to go through this again.
The HOME_NET problem I mentioned in one of the other posts causes the
whitelist to be improperly written to /var/db/whitelist. The function
called on line 231 of /usr/local/pkg/snort.inc returns a empty value
therefore it appends a empty forward slash to $home_net variable in the
else statement on like 237.
I executed snort2c in the foreground so I can see it parse the whitelist
and configuration file by appending -d to "snort2c -w /var/db/whitelist
-a /var/log/snort/alert" and it failed shortly after parsing CIDR
notations caused by the generate_snort_conf() function within the
whitelist file itself.
I've created a crude patch that fixes the issue mentioned yesterday and
the whitelist generation. This is the first time I had to dig into
pfsense's sources so it may not be the ideal way to resolve this issue.
The diff has been attached to this email.
Hope this saves some time for somebody else in the future. Thanks for
your help Scott :)
Thanks, commited. Please let me know if it indeed solves the issues.
Sorry for the delay, I have been sick this week.
Scott
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
