mirror/openwrt-packages
1
0
Fork 0
mirror of https://git.openwrt.org/feed/packages.git synced 2024-06-16 20:33:58 +02:00
Code Releases Activity
master
openwrt-packages/net/snort3/files/snort.config
Eric Fahlgren e05835deac snort3: add missing action-override option 
Allow use of rules as-defined, and don't override their actions.  This
is generally the best way to use the ruleset, and overriding their
actions should only be undertaken when you fully understand how it
affects their use.

Signed-off-by: Eric Fahlgren <ericfahlgren@gmail.com>
2024-01-02 15:29:50 -08:00

79 lines
4.6 KiB
Plaintext
Raw Permalink Blame History

#
# This is not an exhaustive list of configuration items, just those that
# require more explanation than is given in the tables that define them, below.
#
# https://openwrt.org/docs/guide-user/services/snort
#
# snort
# manual - When set to 1, use manual configuration for legacy behavior.
# When disabled, then use this config.
# interface - Default should usually be 'uci get network.wan.device',
# something like 'eth0'
# home_net - IP range/ranges to protect. May be 'any', but more likely it's
# your lan range, default is '192.168.1.0/24'
# external_net - IP range external to home. Usually 'any', but if you only
# care about true external hosts (trusting all lan devices),
# then '!$HOME_NET' or some specific range
# mode - 'ids' or 'ips', for detection-only or prevention, respectively
# oinkcode - https://www.snort.org/oinkcodes
# config_dir - Location of the base snort configuration files. Default /etc/snort
# temp_dir - Location of all transient snort config, including downloaded rules
# Default /var/snort.d
# logging - Enable external logging of events thus enabling 'snort-mgr report',
# otherwise events only go to system log (i.e., 'logread -e snort:')
# log_dir - Location of the generated logs, and oh-by-the-way the snort
# PID file (why?). Default /var/log
# openappid - Enabled inspection using the 'openappid' package
# See 'opkg info openappid'
# action - Override the specified action of your rules. One of 'default',
# 'alert', 'block', 'reject' or 'drop', where 'default' means use
# the rule as defined and don't override.
# method - 'pcap', 'afpacket' or 'nfq'
# snaplen - int daq.snaplen = 1518: set snap length (same as -s) { 0:65535 }
# include - User-defined snort configuration, applied at end of generated snort.lua
#
# nfq - https://github.com/snort3/libdaq/blob/master/modules/nfq/README.nfq.md
# queue_maxlen - nfq's '--daq-var queue_maxlen=int'
# queue_count - Count of queues to use when method=nfq, usually 2-8
# fanout_type - Sets kernel load balancing algorithm*, one of hash, lb, cpu,
# rollover, rnd, qm.
# thread_count - int snort.-z: <count> maximum number of packet threads
# (same as --max-packet-threads); 0 gets the number of
# CPU cores reported by the system; default is 1 { 0:max32 }
# chain_type - Chain type when generating nft output
# chain_priority - Chain priority when generating nft output
# include - Full path to user-defined extra rules to include inside queue chain
#
# * - for details on fanout_type, see these pages:
# https://github.com/florincoras/daq/blob/master/README
# https://www.kernel.org/doc/Documentation/networking/packet_mmap.txt
#
config snort 'snort'
option enabled '0' # one of [0, 1]
option manual '1' # one of [0, 1]
option oinkcode '' # a string
option home_net '192.168.1.0/24' # a string
option external_net 'any' # a string
option config_dir '/etc/snort' # a path string
option temp_dir '/var/snort.d' # a path string
option log_dir '/var/log' # a path string
option logging '1' # one of [0, 1]
option openappid '0' # one of [0, 1]
option mode 'ids' # one of [ids, ips]
option method 'pcap' # one of [pcap, afpacket, nfq]
option action 'default' # one of [default, alert, block, drop, reject]
option interface 'eth0' # a string
option snaplen '1518' # 1518 <= x <= 65535
option include '' # a path string
config nfq 'nfq'
option queue_count '4' # 1 <= x <= 16
option queue_start '4' # 1 <= x <= 32768
option queue_maxlen '1024' # 1024 <= x <= 65536
option fanout_type 'hash' # one of [hash, lb, cpu, rollover, rnd, qm]
option thread_count '0' # 0 <= x <= 32
option chain_type 'input' # one of [prerouting, input, forward, output, postrouting]
option chain_priority 'filter' # one of [raw, filter, 300]
option include '' # a path string
View Git Blame Copy Permalink