12061 – suricata: HOME_NET should always contain all networks

Bug 12061 - suricata: HOME_NET should always contain all networks

Summary: suricata: HOME_NET should always contain all networks

Status:	CLOSED NOTABUG

Alias:	None

Product:	IPFire
Classification:	Unclassified
Component:	--- (show other bugs)
Version:	2
Hardware:	unspecified Unspecified

Importance:	Will affect all users Major Usability
Assignee:	Stefan Schantl
QA Contact:

URL:
Keywords:

Depends on:
Blocks:	SURICATA
	Show dependency tree / graph

Reported:	2019-04-23 20:59 UTC by Michael Tremer
Modified:	2019-04-26 09:57 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Michael Tremer 2019-04-23 20:59:54 UTC

The network layout does not change depending on which zones should be scanned. The network stays the same.

Therefore HOME_NET should always be as if all networks are enabled - although when they are not.

Comment 1 Stefan Schantl 2019-04-25 18:31:13 UTC

Hello Michael,

the generate_home_net_file() function starting with line 597 in the file ids-functions.pl does not care about if the IPS is enabled or disabled for a specific zone.

It always adds all configured subnets and if red has a static configuration also all configured alias addresses to the home net declaration file.

So I'm unable to fix this bug, because there is nothing to do.