77 lines
4.4 KiB
Plaintext
77 lines
4.4 KiB
Plaintext
#
|
|
# This is not an exhaustive list of configuration items, just those that
|
|
# require more explanation than is given in the tables that define them, below.
|
|
#
|
|
# https://openwrt.org/docs/guide-user/services/snort
|
|
#
|
|
# snort
|
|
# manual - When set to 1, use manual configuration for legacy behavior.
|
|
# When disabled, then use this config.
|
|
# interface - Default should usually be 'uci get network.wan.device',
|
|
# something like 'eth0'
|
|
# home_net - IP range/ranges to protect. May be 'any', but more likely it's
|
|
# your lan range, default is '192.168.1.0/24'
|
|
# external_net - IP range external to home. Usually 'any', but if you only
|
|
# care about true external hosts (trusting all lan devices),
|
|
# then '!$HOME_NET' or some specific range
|
|
# mode - 'ids' or 'ips', for detection-only or prevention, respectively
|
|
# oinkcode - https://www.snort.org/oinkcodes
|
|
# config_dir - Location of the base snort configuration files. Default /etc/snort
|
|
# temp_dir - Location of all transient snort config, including downloaded rules
|
|
# Default /var/snort.d
|
|
# logging - Enable external logging of events thus enabling 'snort-mgr report',
|
|
# otherwise events only go to system log (i.e., 'logread -e snort:')
|
|
# log_dir - Location of the generated logs, and oh-by-the-way the snort
|
|
# PID file (why?). Default /var/log
|
|
# openappid - Enabled inspection using the 'openappid' package
|
|
# See 'opkg info openappid'
|
|
# action - 'alert', 'block', 'reject' or 'drop'
|
|
# method - 'pcap', 'afpacket' or 'nfq'
|
|
# snaplen - int daq.snaplen = 1518: set snap length (same as -s) { 0:65535 }
|
|
# include - User-defined snort configuration, applied at end of generated snort.lua
|
|
#
|
|
# nfq - https://github.com/snort3/libdaq/blob/master/modules/nfq/README.nfq.md
|
|
# queue_maxlen - nfq's '--daq-var queue_maxlen=int'
|
|
# queue_count - Count of queues to use when method=nfq, usually 2-8
|
|
# fanout_type - Sets kernel load balancing algorithm*, one of hash, lb, cpu,
|
|
# rollover, rnd, qm.
|
|
# thread_count - int snort.-z: <count> maximum number of packet threads
|
|
# (same as --max-packet-threads); 0 gets the number of
|
|
# CPU cores reported by the system; default is 1 { 0:max32 }
|
|
# chain_type - Chain type when generating nft output
|
|
# chain_priority - Chain priority when generating nft output
|
|
# include - Full path to user-defined extra rules to include inside queue chain
|
|
#
|
|
# * - for details on fanout_type, see these pages:
|
|
# https://github.com/florincoras/daq/blob/master/README
|
|
# https://www.kernel.org/doc/Documentation/networking/packet_mmap.txt
|
|
#
|
|
config snort 'snort'
|
|
option enabled '0' # one of [0, 1]
|
|
option manual '1' # one of [0, 1]
|
|
option oinkcode '' # a string
|
|
option home_net '192.168.1.0/24' # a string
|
|
option external_net 'any' # a string
|
|
option config_dir '/etc/snort' # a path string
|
|
option temp_dir '/var/snort.d' # a path string
|
|
option log_dir '/var/log' # a path string
|
|
option logging '1' # one of [0, 1]
|
|
option openappid '0' # one of [0, 1]
|
|
option mode 'ids' # one of [ids, ips]
|
|
option method 'pcap' # one of [pcap, afpacket, nfq]
|
|
option action 'alert' # one of [alert, block, drop, reject]
|
|
option interface 'eth0' # a string
|
|
option snaplen '1518' # 1518 <= x <= 65535
|
|
option include '' # a path string
|
|
|
|
config nfq 'nfq'
|
|
option queue_count '4' # 1 <= x <= 16
|
|
option queue_start '4' # 1 <= x <= 32768
|
|
option queue_maxlen '1024' # 1024 <= x <= 65536
|
|
option fanout_type 'hash' # one of [hash, lb, cpu, rollover, rnd, qm]
|
|
option thread_count '0' # 0 <= x <= 32
|
|
option chain_type 'input' # one of [prerouting, input, forward, output, postrouting]
|
|
option chain_priority 'filter' # one of [raw, filter, 300]
|
|
option include '' # a path string
|
|
|