#!/bin/sh

# PROVIDE: snort
# REQUIRE: DAEMON
# BEFORE: LOGIN
# KEYWORD: shutdown

# Add the following lines to /etc/rc.conf to enable snort:
# snort_enable (bool):		Set to YES to enable snort
# 				Default: NO
# snort_flags (str):		Extra flags passed to snort
#				Default: -D -q
# snort_interface (str):	Network interface to sniff
#				Default: ""
# snort_conf (str):		Snort configuration file
#				Default: ${PREFIX}/etc/snort/snort.conf
# snort_expression (str):	filter expression
#				If your expression is very long, set
#				kern.ps_arg_cache_limit sysctl variable
#				to large value. Otherwise, snort won't
#				restart!
#				Default: ""
#
# To enable multi interface, use:
# snort_rules="eth0 eth1"
# defaults will follow, snort.conf becomes 'snort_eth0.conf', etc.

. /etc/rc.subr

name="snort"
rcvar=snort_enable
extra_commands=reload

command="%%PREFIX%%/bin/snort"

load_rc_config $name

[ -z "$snort_enable" ]    && snort_enable="NO"
[ -z "$snort_conf" ]      && snort_conf="%%PREFIX%%/etc/snort/snort.conf"
[ -z "$snort_flags" ]     && snort_flags="-D -q"

[ -n "$snort_interface" ] && snort_flags="$snort_flags -i $snort_interface" \
                          && pidfile="/var/run/snort_${snort_interface}.pid"
[ -n "$snort_conf" ]      && snort_flags="$snort_flags -c $snort_conf"
[ -n "$snort_expression" ] && snort_flags="$snort_flags $snort_expression"

if [ -n "$snort_rules" ]; then
  _1=$1
  if [ $# -gt 1 ]; then shift; snort_rules=$*; fi
  snort_conf=""
  snort_flags=""
  rc=0
  for i in ${snort_rules}; do
	eval _conf=\$snort_${i}_conf
	eval _flags=\$snort_${i}_flags
	[ -z "$_flags" ] && _flags="-D -q"
	eval _intf=\$snort_${i}_interface
	eval _expr=\$snort_${i}_expression
        if [ -n "$_intf" ] ;then
            _conf="$_conf -i $_intf"
	   eval pidfile="/var/run/snort_$_intf.pid"
        fi
	command_args="$_flags -c $_conf $_expr"
        run_rc_command "$_1"
        if [ $? -ne 0 ]; then rc=1; fi
	unset _pidcmd _rc_restart_done
   done
   exit $rc
else
   run_rc_command "$1"
fi