Preprocs - possible to create two defaults
When creating a new server configuration, if you use the +Aliases button for the Bind-To Address and/or the Ports fields, the new HTTP Inspect server configuration will change to 'default'. If the user doesn't notice this and saves, there will be a second un-removeable default configuration. Snort will subsequently fail to start on that interface with the error:
FATAL ERROR: /usr/local/etc/snort/snort_34319_em0/snort.conf(237) => Cannot configure 'global_server' settings more than once.
This can be recreated on http_inspect, Frag3, or Stream5.
Steps to reproduce:
1. Create a new Snort interface
2. Edit the interface and navigate to the <interface> Preprocs tab
3. Add a new server configuration under HTTP Inspect
4. Click the + Aliases button next to the Ports field. Select a port alias and hit save
The engine name and Bind-To IP address will now be 'default' and 'all'
5. Click save
There is now a second un-removeable server configuration.
6. Click save again and the Snort on this interface will fail with the above error
Tested on 4.1.3_2 on pfSense 2.5 CE and 2.4.5p1
Updated by Bill Meeks 4 months ago
This problem is corrected by Pull Request 1058 here: https://github.com/pfsense/FreeBSD-ports/pull/1058. This issue can be marked "Resolved" when this pull request is merged.
Updated by Max Leighton 4 months ago
Tested in 2.6.0, and the original behavior is fixed. The GUI still has a slight issue:
When creating a new server configuration, if I use the alias button to select an IP alias for the Bind-To address, the Ports field is set automatically to default. Then, if I use the alias button to select a port alias, the bind-to IP becomes blank. Using the button for one field will change the value for the other. I have to type the name of my alias in one of the fields in order to use two aliases here. Once I have a server configuration saved, I can edit it and I don't see this behavior. It only happens when creating a new one.
Updated by Bill Meeks about 1 month ago
The remaining GUI bug reported in this issue is fixed in this Snort GUI package Pull Request: https://github.com/pfsense/FreeBSD-ports/pull/1075. This issue can be marked "resolved" when the pull request is merged.