Suricata+Shorewall config permanent changes

clouca · October 20, 2020, 8:23am

NethServer Version: NethServer 7.8.2003
Module: suricata
Hello all, I need some help according to nethserver configuration. I made some change in /etc/suricata/suricata.yaml. These changes are lost as soon as I enable / disable a rules or something else from the cockpit environment.
The same happens on /etc/shorewall/interfaces as well.
I did not find the way to make these changes permanent.
Does anybody knows how to do that ?
Thanks

mrmarkuz · October 20, 2020, 12:28pm

Hi and welcome to Neth Community,

what changes would you like? Maybe Neth already supports it via UI.

The config files are templated, to make a change permanent, you’ll need a custom template.

clouca · October 20, 2020, 1:18pm

Yes for the Suricata case I found the path in templates and fixed the issue. According to shorewall/interfaces
I would like to add tun0 interface as local like the following and add permanent
loc tun0 dhcp,nosmurfs,routeback

mrmarkuz · October 20, 2020, 1:49pm

Is it instead of the openvpn tun0?

If yes create the template fragment /etc/e-smith/templates-custom/etc/shorewall/interfaces/99openvpn with your changes.

If not create /etc/e-smith/templates-custom/etc/shorewall/interfaces/90custom with your changes.

Restart firewall:

signal-event firewall-adjust

clouca · October 21, 2020, 9:36am

Okay I will try that.
I setup openvpn as client. That’s why I want to add this custom interface.
I will try that and let you know

clouca · October 22, 2020, 5:09am

Hello mrmarkuz,
I cannot find the file /etc/e-smith/templates-custom/etc/shorewall/interfaces/90custom do i have to create it ? What is the syntax ?
Thanks.

mrmarkuz · October 22, 2020, 11:08am

Yes, you need to create it and add your configuration options.
To test it you may expand the template with

expand-template /etc/shorewall/interfaces

and check /etc/shorewall/interfaces if your config is there.

Then restart the firewall and test if it works.

clouca · October 26, 2020, 9:44am

Hello @mrmarkuz
I made the changes and works fine.
If anybody wants to do the same follow the commands below

mkdir -p /etc/e-smith/templates-custom/etc/shorewall/interfaces
nano /etc/e-smith/templates-custom/etc/shorewall/interfaces/90custom (add the config with same syntax as shorewall /etc/shorewall/interfaces
expand-template /etc/shorewall/interfaces
restart shorewal

Thanks.!