This diff updates the Snort pkg/README to change the Snort ruleset download URL from HTTP to HTTPS to avoid exposing the oinkcode in transit (suggested by David Hill a while ago).
It also adds a note that registered users without a paid subscription are only allowed to download the official Snort ruleset once every 15 minutes (suggested by Adam Jeanguenat a while ago). This restriction is not obvious from the official snort.org site, so I think it would be helpful to users to include a note here. This diff does not make any functional change to Snort itself. Thoughts? OK? Lawrence Index: Makefile =================================================================== RCS file: /cvs/ports/net/snort/Makefile,v retrieving revision 1.73 diff -u -p -r1.73 Makefile --- Makefile 16 Jan 2013 04:52:53 -0000 1.73 +++ Makefile 27 Jan 2013 03:37:37 -0000 @@ -7,6 +7,7 @@ COMMENT = highly flexible sniffer/NIDS VERSION = 2.9.4.0 DISTNAME = snort-2.9.4 PKGNAME = snort-${VERSION} +REVISION = 0 CATEGORIES = net security Index: pkg/README =================================================================== RCS file: /cvs/ports/net/snort/pkg/README,v retrieving revision 1.2 diff -u -p -r1.2 README --- pkg/README 11 Oct 2012 02:40:48 -0000 1.2 +++ pkg/README 7 Feb 2013 04:31:41 -0000 @@ -29,8 +29,11 @@ to the correct directory: * Official Snort rules (replace <oinkcode> with yours): ftp -o snortrules-snapshot-${V}.tar.gz \ - http://www.snort.org/reg-rules/snortrules-snapshot-${V}.tar.gz/<oinkcode> + https://www.snort.org/reg-rules/snortrules-snapshot-${V}.tar.gz/<oinkcode> tar -C /etc/snort -xzf snortrules-snapshot-${V}.tar.gz rules preproc_rules + + Note that registered users without a paid subscription are only + allowed to download the official Snort ruleset once every 15 minutes. * Emerging Threats rules: