From 014439f986741a238e67b21851e524c6d460a1b3 Mon Sep 17 00:00:00 2001
From: Mike Reeves <luke@geekempire.com>
Date: Wed, 26 Sep 2018 12:53:08 -0400
Subject: [PATCH] Suricata Module - Add proper homent and interface support

---
 salt/suricata/files/suricata.yaml | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/salt/suricata/files/suricata.yaml b/salt/suricata/files/suricata.yaml
index c539e976b..cf88a2685 100644
--- a/salt/suricata/files/suricata.yaml
+++ b/salt/suricata/files/suricata.yaml
@@ -1,6 +1,11 @@
 %YAML 1.1
 ---
-
+{%- set interface = salt['pillar.get']('sensor:interface', '') %}
+{%- if salt['pillar.get']('sensor:homenet') %}
+  {%- set homenet = salt['pillar.get']('sensor:homenet', '') %}
+{%- else %}
+  {%- set homenet = salt['pillar.get']('static:homenet', '') %}
+{%- endif %}
 # Suricata configuration file. In addition to the comments describing all
 # options in this file, full documentation can be found at:
 # https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Suricatayaml
@@ -12,7 +17,7 @@
 vars:
   # more specifc is better for alert accuracy and performance
   address-groups:
-    HOME_NET: "[192.168.0.0/16,10.0.0.0/8,172.16.0.0/12]"
+    HOME_NET: "[{{ homenet }}]"
     #HOME_NET: "[192.168.0.0/16]"
     #HOME_NET: "[10.0.0.0/8]"
     #HOME_NET: "[172.16.0.0/12]"
@@ -482,7 +487,7 @@ logging:
       enabled: no
 
 af-packet:
-  - interface: eth0
+  - interface: {{ interface }}
     # Number of receive threads. "auto" uses the number of cores
     #threads: auto
     # Default clusterid. AF_PACKET will load balance packets based on flow.