Open
Description
I am running pulled pork with the -k parameter and ignore=local.rules in the configuration file. I have observed that my local.rules file is being updated by pulled pork to delete all rules starting with # (example below).
I expected the local.rules to be unchanged however wanted to check prior to proposing a patch?
my local.rules file has the following content prior to running pulled pork
----- Begin local Rules Category -----
alert icmp any any -> $HOME_NET any (msg:"ICMP test"; sid:10000001; rev:001;)
#alert icmp any any -> $HOME_NET any (msg:"ICMP test"; sid:10000002; rev:001;)
after running pulled pork the file has been changed to
----- Begin local Rules Category -----
-- Begin GID:0 Based Rules --
alert icmp any any -> $HOME_NET any (msg:"ICMP test"; sid:10000001; rev:001;)