mirror of
https://git.openwrt.org/feed/packages.git
synced 2024-06-16 20:33:58 +02:00
![Eric Fahlgren](/assets/img/avatar_default.png)
Allow use of rules as-defined, and don't override their actions. This is generally the best way to use the ruleset, and overriding their actions should only be undertaken when you fully understand how it affects their use. Signed-off-by: Eric Fahlgren <ericfahlgren@gmail.com>
79 lines
4.6 KiB
Plaintext
79 lines
4.6 KiB
Plaintext
#
|
|
# This is not an exhaustive list of configuration items, just those that
|
|
# require more explanation than is given in the tables that define them, below.
|
|
#
|
|
# https://openwrt.org/docs/guide-user/services/snort
|
|
#
|
|
# snort
|
|
# manual - When set to 1, use manual configuration for legacy behavior.
|
|
# When disabled, then use this config.
|
|
# interface - Default should usually be 'uci get network.wan.device',
|
|
# something like 'eth0'
|
|
# home_net - IP range/ranges to protect. May be 'any', but more likely it's
|
|
# your lan range, default is '192.168.1.0/24'
|
|
# external_net - IP range external to home. Usually 'any', but if you only
|
|
# care about true external hosts (trusting all lan devices),
|
|
# then '!$HOME_NET' or some specific range
|
|
# mode - 'ids' or 'ips', for detection-only or prevention, respectively
|
|
# oinkcode - https://www.snort.org/oinkcodes
|
|
# config_dir - Location of the base snort configuration files. Default /etc/snort
|
|
# temp_dir - Location of all transient snort config, including downloaded rules
|
|
# Default /var/snort.d
|
|
# logging - Enable external logging of events thus enabling 'snort-mgr report',
|
|
# otherwise events only go to system log (i.e., 'logread -e snort:')
|
|
# log_dir - Location of the generated logs, and oh-by-the-way the snort
|
|
# PID file (why?). Default /var/log
|
|
# openappid - Enabled inspection using the 'openappid' package
|
|
# See 'opkg info openappid'
|
|
# action - Override the specified action of your rules. One of 'default',
|
|
# 'alert', 'block', 'reject' or 'drop', where 'default' means use
|
|
# the rule as defined and don't override.
|
|
# method - 'pcap', 'afpacket' or 'nfq'
|
|
# snaplen - int daq.snaplen = 1518: set snap length (same as -s) { 0:65535 }
|
|
# include - User-defined snort configuration, applied at end of generated snort.lua
|
|
#
|
|
# nfq - https://github.com/snort3/libdaq/blob/master/modules/nfq/README.nfq.md
|
|
# queue_maxlen - nfq's '--daq-var queue_maxlen=int'
|
|
# queue_count - Count of queues to use when method=nfq, usually 2-8
|
|
# fanout_type - Sets kernel load balancing algorithm*, one of hash, lb, cpu,
|
|
# rollover, rnd, qm.
|
|
# thread_count - int snort.-z: <count> maximum number of packet threads
|
|
# (same as --max-packet-threads); 0 gets the number of
|
|
# CPU cores reported by the system; default is 1 { 0:max32 }
|
|
# chain_type - Chain type when generating nft output
|
|
# chain_priority - Chain priority when generating nft output
|
|
# include - Full path to user-defined extra rules to include inside queue chain
|
|
#
|
|
# * - for details on fanout_type, see these pages:
|
|
# https://github.com/florincoras/daq/blob/master/README
|
|
# https://www.kernel.org/doc/Documentation/networking/packet_mmap.txt
|
|
#
|
|
config snort 'snort'
|
|
option enabled '0' # one of [0, 1]
|
|
option manual '1' # one of [0, 1]
|
|
option oinkcode '' # a string
|
|
option home_net '192.168.1.0/24' # a string
|
|
option external_net 'any' # a string
|
|
option config_dir '/etc/snort' # a path string
|
|
option temp_dir '/var/snort.d' # a path string
|
|
option log_dir '/var/log' # a path string
|
|
option logging '1' # one of [0, 1]
|
|
option openappid '0' # one of [0, 1]
|
|
option mode 'ids' # one of [ids, ips]
|
|
option method 'pcap' # one of [pcap, afpacket, nfq]
|
|
option action 'default' # one of [default, alert, block, drop, reject]
|
|
option interface 'eth0' # a string
|
|
option snaplen '1518' # 1518 <= x <= 65535
|
|
option include '' # a path string
|
|
|
|
config nfq 'nfq'
|
|
option queue_count '4' # 1 <= x <= 16
|
|
option queue_start '4' # 1 <= x <= 32768
|
|
option queue_maxlen '1024' # 1024 <= x <= 65536
|
|
option fanout_type 'hash' # one of [hash, lb, cpu, rollover, rnd, qm]
|
|
option thread_count '0' # 0 <= x <= 32
|
|
option chain_type 'input' # one of [prerouting, input, forward, output, postrouting]
|
|
option chain_priority 'filter' # one of [raw, filter, 300]
|
|
option include '' # a path string
|
|
|