pulledpork-0.7.3 updates local.rules file when configured to ignore local.rules

[gmarkj]

I am running pulled pork with the -k parameter and ignore=local.rules in the configuration file. I have observed that my local.rules file is being updated by pulled pork to delete all rules starting with # (example below). I expected the local.rules to be unchanged however wanted to check prior to proposing a patch?

my local.rules file has the following content prior to running pulled pork

----- Begin local Rules Category -----

alert icmp any any -> $HOME_NET any (msg:"ICMP test"; sid:10000001; rev:001;) #alert icmp any any -> $HOME_NET any (msg:"ICMP test"; sid:10000002; rev:001;)

after running pulled pork the file has been changed to

----- Begin local Rules Category -----

-- Begin GID:0 Based Rules --

alert icmp any any -> $HOME_NET any (msg:"ICMP test"; sid:10000001; rev:001;)

[shirkdog]

I am not seeing this issue, but there is something with this process that does not work correctly. so not an issue with removing signatures from local.rules, but not actually ignoring local.rules.