packages/net/snort3/files/nftables.uc

# Do not edit, automatically generated.  See /usr/share/snort/templates.
{%
// Copyright (c) 2023-2024 Eric Fahlgren <eric.fahlgren@gmail.com>
// SPDX-License-Identifier: GPL-2.0

let queues     = `${nfq.queue_start}-${int(nfq.queue_start)+int(nfq.queue_count)-1}`;
let chain_type = nfq.chain_type;
-%}

table inet snort {
	chain {{ chain_type }}_{{ snort.mode }} {
		type filter  hook {{ chain_type }}  priority {{ nfq.chain_priority }}
		policy accept
		{% if (nfq.include) {
		  // We use the ucode include here, so that the included file is also
		  // part of the template and can use values passed in from the config.
		  printf("\n\t\t" + rpad(`#-- Include from '${nfq.include}'`, ">", 64) + "\n");
		  include(nfq.include, { snort, nfq });
		  printf("\t\t" + rpad("#-- End of included file.", "<", 64) + "\n\n");
		} %}
		counter  queue flags bypass to {{ queues }}
	}
}
snort3: complete rework - Add many options to config file. - Move rules and generated snort.lua to /tmp. - Add script for downloading rules. - Add preliminary reporting capabilites. Signed-off-by: Eric Fahlgren <ericfahlgren@gmail.com> 2023-11-28 00:21:43 +08:00			`# Do not edit, automatically generated. See /usr/share/snort/templates.`
			`{%`
snort3: finish up several incomplete capabilities Reporting - Use json alert data for 10x speed improvement in report generation - Include both gid and sid, plus packet direction in report output - Add by-date incident filtering - Add verbose mode which displays actual rules triggered and their source - Attempt to look up host names from IPs in verbose mode - Clean up display of port number involved in incidents Rules - Complete downloader for subscription rules using oinkcode (only tested with snort.org's "free" tier subscription) - Auto-detect multiple rules files and include them in lua 'ips.rules' - Add '--backup' option to copy out current rules before installing new - Add '--persistent' option to 'snort-rules', storing in persistent location CLI interface - Completely rework command line option parsing in all user scripts - Allow options and commands to be in any order on command line - Add long-form names for all options ('--help' for '-h' and so on) - Detect errors properly in options, enhance help pages Bug fixes - Use 'mkdir -p' on all directory creation - Use proper tmp directory from 'snort.snort.temp_dir' everywhere Signed-off-by: Eric Fahlgren <ericfahlgren@gmail.com> 2024-01-11 00:10:05 +08:00			`// Copyright (c) 2023-2024 Eric Fahlgren <eric.fahlgren@gmail.com>`
snort3: complete rework - Add many options to config file. - Move rules and generated snort.lua to /tmp. - Add script for downloading rules. - Add preliminary reporting capabilites. Signed-off-by: Eric Fahlgren <ericfahlgren@gmail.com> 2023-11-28 00:21:43 +08:00			`// SPDX-License-Identifier: GPL-2.0`

			let queues = `${nfq.queue_start}-${int(nfq.queue_start)+int(nfq.queue_count)-1}`;
			`let chain_type = nfq.chain_type;`
			`-%}`

			`table inet snort {`
			`chain {{ chain_type }}_{{ snort.mode }} {`
			`type filter hook {{ chain_type }} priority {{ nfq.chain_priority }}`
			`policy accept`
snort3: add missing config include and general cleanup - Delete legacy configuration files homenet.lua and local.lua - Add snort config 'include' to allow user customizations in the lua - Enhance 'check' to test generated nftables file - Suppress inclusion of rules file when doing silent config check - Suppress warnings on configuration check unless '-v'erbose - Replace text logging with json logging to reduce footprint and make reports easier - Fix some typos in the snort.uc template - Fix up some error messages suggesting solutions Signed-off-by: Eric Fahlgren <ericfahlgren@gmail.com> 2023-12-07 07:37:32 +08:00			`{% if (nfq.include) {`
			`// We use the ucode include here, so that the included file is also`
			`// part of the template and can use values passed in from the config.`
snort3: finish up several incomplete capabilities Reporting - Use json alert data for 10x speed improvement in report generation - Include both gid and sid, plus packet direction in report output - Add by-date incident filtering - Add verbose mode which displays actual rules triggered and their source - Attempt to look up host names from IPs in verbose mode - Clean up display of port number involved in incidents Rules - Complete downloader for subscription rules using oinkcode (only tested with snort.org's "free" tier subscription) - Auto-detect multiple rules files and include them in lua 'ips.rules' - Add '--backup' option to copy out current rules before installing new - Add '--persistent' option to 'snort-rules', storing in persistent location CLI interface - Completely rework command line option parsing in all user scripts - Allow options and commands to be in any order on command line - Add long-form names for all options ('--help' for '-h' and so on) - Detect errors properly in options, enhance help pages Bug fixes - Use 'mkdir -p' on all directory creation - Use proper tmp directory from 'snort.snort.temp_dir' everywhere Signed-off-by: Eric Fahlgren <ericfahlgren@gmail.com> 2024-01-11 00:10:05 +08:00			printf("\n\t\t" + rpad(`#-- Include from '${nfq.include}'`, ">", 64) + "\n");
snort3: add missing config include and general cleanup - Delete legacy configuration files homenet.lua and local.lua - Add snort config 'include' to allow user customizations in the lua - Enhance 'check' to test generated nftables file - Suppress inclusion of rules file when doing silent config check - Suppress warnings on configuration check unless '-v'erbose - Replace text logging with json logging to reduce footprint and make reports easier - Fix some typos in the snort.uc template - Fix up some error messages suggesting solutions Signed-off-by: Eric Fahlgren <ericfahlgren@gmail.com> 2023-12-07 07:37:32 +08:00			`include(nfq.include, { snort, nfq });`
snort3: finish up several incomplete capabilities Reporting - Use json alert data for 10x speed improvement in report generation - Include both gid and sid, plus packet direction in report output - Add by-date incident filtering - Add verbose mode which displays actual rules triggered and their source - Attempt to look up host names from IPs in verbose mode - Clean up display of port number involved in incidents Rules - Complete downloader for subscription rules using oinkcode (only tested with snort.org's "free" tier subscription) - Auto-detect multiple rules files and include them in lua 'ips.rules' - Add '--backup' option to copy out current rules before installing new - Add '--persistent' option to 'snort-rules', storing in persistent location CLI interface - Completely rework command line option parsing in all user scripts - Allow options and commands to be in any order on command line - Add long-form names for all options ('--help' for '-h' and so on) - Detect errors properly in options, enhance help pages Bug fixes - Use 'mkdir -p' on all directory creation - Use proper tmp directory from 'snort.snort.temp_dir' everywhere Signed-off-by: Eric Fahlgren <ericfahlgren@gmail.com> 2024-01-11 00:10:05 +08:00			`printf("\t\t" + rpad("#-- End of included file.", "<", 64) + "\n\n");`
snort3: add missing config include and general cleanup - Delete legacy configuration files homenet.lua and local.lua - Add snort config 'include' to allow user customizations in the lua - Enhance 'check' to test generated nftables file - Suppress inclusion of rules file when doing silent config check - Suppress warnings on configuration check unless '-v'erbose - Replace text logging with json logging to reduce footprint and make reports easier - Fix some typos in the snort.uc template - Fix up some error messages suggesting solutions Signed-off-by: Eric Fahlgren <ericfahlgren@gmail.com> 2023-12-07 07:37:32 +08:00			`} %}`
snort3: complete rework - Add many options to config file. - Move rules and generated snort.lua to /tmp. - Add script for downloading rules. - Add preliminary reporting capabilites. Signed-off-by: Eric Fahlgren <ericfahlgren@gmail.com> 2023-11-28 00:21:43 +08:00			`counter queue flags bypass to {{ queues }}`
			`}`
			`}`