Bug #11637
closedPreprocs - possible to create two defaults
0%
Description
When creating a new server configuration, if you use the +Aliases button for the Bind-To Address and/or the Ports fields, the new HTTP Inspect server configuration will change to 'default'. If the user doesn't notice this and saves, there will be a second un-removeable default configuration. Snort will subsequently fail to start on that interface with the error:
FATAL ERROR: /usr/local/etc/snort/snort_34319_em0/snort.conf(237) => Cannot configure 'global_server' settings more than once.
This can be recreated on http_inspect, Frag3, or Stream5.
Steps to reproduce:
1. Create a new Snort interface
2. Edit the interface and navigate to the <interface> Preprocs tab
3. Add a new server configuration under HTTP Inspect
4. Click the + Aliases button next to the Ports field. Select a port alias and hit save
The engine name and Bind-To IP address will now be 'default' and 'all'
5. Click save
There is now a second un-removeable server configuration.
6. Click save again and the Snort on this interface will fail with the above error
Tested on 4.1.3_2 on pfSense 2.5 CE and 2.4.5p1