Bug 12061

Summary: suricata: HOME_NET should always contain all networks
Product: IPFire Reporter: Michael Tremer <michael.tremer>
Component: ---Assignee: Stefan Schantl <stefan.schantl>
Status: CLOSED NOTABUG QA Contact:
Severity: Major Usability    
Priority: Will affect all users CC: arne.fitzenreiter
Version: 2   
Hardware: unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 11801    

Description Michael Tremer 2019-04-23 20:59:54 UTC 
The network layout does not change depending on which zones should be scanned. The network stays the same.

Therefore HOME_NET should always be as if all networks are enabled - although when they are not.
Comment 1 Stefan Schantl 2019-04-25 18:31:13 UTC 
Hello Michael,

the generate_home_net_file() function starting with line 597 in the file ids-functions.pl does not care about if the IPS is enabled or disabled for a specific zone.

It always adds all configured subnets and if red has a static configuration also all configured alias addresses to the home net declaration file.

So I'm unable to fix this bug, because there is nothing to do.