Suricata $WAN_ADDRESS
-
Hello,
For Suricata, I want to make a $WAN_ADDRESS, but since im not on static IP and i dont want to input it manually each change of IP, what should I put in /usr/local/pkg/suricata/suricata_yaml_template.inc ?
I know its included in $HOME_NET, but I just need $WAN_ADDRESS ;)
address-groups:
WAN_ADDRESS: ???Thanks.
F.
-
Not sure how you are going to pull this one off. Variables can be defined in the YAML configuration and then subsequently used in the rules, but you must provide a hard-coded definition in the YAML file for each variable. In other words, you would have to manually enter something like $WAN_ADDRESS = 1.2.3.4 in the suricata.yaml configuration file.
There is nothing now within the Suricata binary nor the GUI package that can handle automatically updating that. However, you could write a shell script that used utilities like sed or similar text modifiers to grab the new WAN IP, write it to the suricata.yaml file, and then restart Suricata so it will re-read the configuration. In order to fire off this custom script, you would need to modify /etc/rc.newwanip to call your script.
It's a lot of manual effort that would be wiped out on each pfSense update (since /etc/rc.newwanip would get overwritten).
Bill
-
Cool, Ill do that, thanks for your support Bill.
F.
