aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorErmal <eri@pfsense.org>2011-08-03 18:21:20 +0000
committerErmal <eri@pfsense.org>2011-08-03 18:21:20 +0000
commit0f4ea6c032de0d287d9a1620abbe32c59d557ab4 (patch)
tree2db36f9bb3d984efd488430e02a519d09d9f4602
parent85b7eb644dec64190b67207e09b52dcedc1344b6 (diff)
downloadpfsense-packages-0f4ea6c032de0d287d9a1620abbe32c59d557ab4.tar.gz
pfsense-packages-0f4ea6c032de0d287d9a1620abbe32c59d557ab4.tar.bz2
pfsense-packages-0f4ea6c032de0d287d9a1620abbe32c59d557ab4.zip
Fixes for whitelists and suppress generation.
-rw-r--r--config/snort/snort.inc4
-rw-r--r--config/snort/snort_interfaces_edit.php112
2 files changed, 46 insertions, 70 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc
index 7a5a4ffb..79d4cde8 100644
--- a/config/snort/snort.inc
+++ b/config/snort/snort.inc
@@ -520,7 +520,7 @@ function snort_postinstall()
if (!is_dir('/usr/local/etc/snort'))
exec('/bin/mkdir -p /usr/local/etc/snort/custom_rules');
- if (!file_exists('/usr/local/etc/snort/whitelist'))
+ if (!is_dir('/usr/local/etc/snort/whitelist'))
exec('/bin/mkdir -p /usr/local/etc/snort/whitelist/');
if (!is_dir('/var/log/snort/run'))
@@ -1151,8 +1151,6 @@ function create_snort_suppress($id, $if_real) {
if ($config['installedpackages']['snortglobal']['rule'][$id]['suppresslistname'] != 'default') {
$whitelist_key_s = find_suppress_key($config['installedpackages']['snortglobal']['rule'][$id]['suppresslistname']);
- if (empty($whitelist_key_s))
- return "";
/* file name */
$suppress_file_name = $config['installedpackages']['snortglobal']['suppress']['item'][$whitelist_key_s]['name'];
diff --git a/config/snort/snort_interfaces_edit.php b/config/snort/snort_interfaces_edit.php
index 019a8af0..667f3571 100644
--- a/config/snort/snort_interfaces_edit.php
+++ b/config/snort/snort_interfaces_edit.php
@@ -537,30 +537,24 @@ function enable_change(enable_change) {
<td width="78%" class="vtable"><select name="homelistname"
class="formfld" id="homelistname">
<?php
+ echo "<option value='default' >default</option>";
/* find whitelist names and filter by type */
- $hlist_select = $config['installedpackages']['snortglobal']['whitelist']['item'];
- $hid = -1;
- if ($pconfig['homelistname'] == 'default'){ $selected = 'selected'; }
- $wlist_sub2 = preg_match('/^([a-zA-z0-9]+)/', $pconfig['homelistname'], $hlist_sub);
- echo "<option value=\"default\" $selected>default</option>
- ";
- foreach ($hlist_select as $value):
- $hid += 1;
- if ($config['installedpackages']['snortglobal']['whitelist']['item'][$hid]['snortlisttype'] == 'netlist') {
- $ilistname = $config['installedpackages']['snortglobal']['whitelist']['item'][$hid]['name'];
- $whitelist_uuid = $config['installedpackages']['snortglobal']['whitelist']['item'][$hid]['uuid'];
- if ($ilistname == $hlist_sub[0]){
- echo "<option value=\"$ilistname $whitelist_uuid\" selected>";
- }else{
- echo "<option value=\"$ilistname $whitelist_uuid\">";
+ if (is_array($config['installedpackages']['snortglobal']['whitelist']['item'])) {
+ foreach ($config['installedpackages']['snortglobal']['whitelist']['item'] as $value) {
+ if ($value['snortlisttype'] == 'netlist') {
+ $ilistname = $value['name'];
+ if ($ilistname == $pconfig['homelistname'])
+ echo "<option value='$ilistname' selected>";
+ else
+ echo "<option value='$ilistname'>";
+ echo htmlspecialchars($ilistname) . '</option>';
+ }
}
- echo htmlspecialchars($ilistname) . '</option>';
}
- endforeach;
?>
</select><br>
<span class="vexpl">Choose the home net you will like this rule to
- use. </span>&nbsp;<span class="red">Note:</span>&nbsp;Default home
+ use. </span>&nbsp;<br/><span class="red">Note:</span>&nbsp;Default home
net adds only local networks.<br>
<span class="red">Hint:</span>&nbsp;Most users add a list of
friendly ips that the firewall cant see.</td>
@@ -570,31 +564,24 @@ function enable_change(enable_change) {
<td width="78%" class="vtable"><select name="externallistname"
class="formfld" id="externallistname">
<?php
+ echo "<option value='default' >default</option>";
/* find whitelist names and filter by type */
- $exlist_select = $config['installedpackages']['snortglobal']['whitelist']['item'];
- $exid = -1;
- if ($pconfig['externallistname'] == 'default'){ $selected = 'selected'; }
- preg_match('/^([a-zA-z0-9]+)/', $pconfig['externallistname'], $exlist_sub);
- echo "<option value=\"default\" $selected>default</option>
- ";
- foreach ($exlist_select as $value):
- $exid += 1;
- if ($config['installedpackages']['snortglobal']['whitelist']['item'][$exid]['snortlisttype'] == 'netlist') {
- $ilistname = $config['installedpackages']['snortglobal']['whitelist']['item'][$exid]['name'];
- $whitelist_uuid = $config['installedpackages']['snortglobal']['whitelist']['item'][$exid]['uuid'];
- if ($ilistname == $exlist_sub[0]){
- echo "<option value=\"$ilistname $whitelist_uuid\" selected>";
- }else{
- echo "<option value=\"$ilistname $whitelist_uuid\">";
+ if (is_array($config['installedpackages']['snortglobal']['whitelist']['item'])) {
+ foreach ($config['installedpackages']['snortglobal']['whitelist']['item'] as $value) {
+ if ($value['snortlisttype'] == 'netlist') {
+ $ilistname = $value['name'];
+ if ($ilistname == $pconfig['externallistname'])
+ echo "<option value='$ilistname' selected>";
+ else
+ echo "<option value='$ilistname'>";
+ echo htmlspecialchars($ilistname) . '</option>';
+ }
}
- echo htmlspecialchars($ilistname) . '</option>
- ';
}
- endforeach;
?>
- </select><br>
+ </select><br/>
<span class="vexpl">Choose the external net you will like this rule
- to use. </span>&nbsp;<span class="red">Note:</span>&nbsp;Default
+ to use. </span>&nbsp;<br/><span class="red">Note:</span>&nbsp;Default
external net, networks that are not home net.<br>
<span class="red">Hint:</span>&nbsp;Most users should leave this
setting at default.</td>
@@ -610,46 +597,37 @@ function enable_change(enable_change) {
</tr>
<tr>
<td width="22%" valign="top" class="vncell2">Whitelist</td>
- <td width="78%" class="vtable"><select name="whitelistname"
- class="formfld" id="whitelistname">
+ <td width="78%" class="vtable">
+ <select name="whitelist" class="formfld" id="whitelistname">
<?php
/* find whitelist names and filter by type, make sure to track by uuid */
- $wlist_select = $config['installedpackages']['snortglobal']['whitelist']['item'];
- $wid = -1;
- if ($pconfig['whitelistname'] == 'default'){ $selected = 'selected'; }
- preg_match('/^([a-zA-z0-9]+)/', $pconfig['whitelistname'], $wlist_sub);
- echo "<option value=\"default\" $selected>default</option>
- ";
- foreach ($wlist_select as $value):
- $wid += 1;
- if ($config['installedpackages']['snortglobal']['whitelist']['item'][$wid]['snortlisttype'] == 'whitelist') {
- $ilistname = $config['installedpackages']['snortglobal']['whitelist']['item'][$wid]['name'];
- $whitelist_uuid = $config['installedpackages']['snortglobal']['whitelist']['item'][$wid]['uuid'];
- if ($ilistname == $wlist_sub[0]){
- echo "<option value=\"$ilistname $whitelist_uuid\" selected>";
- }else{
- echo "<option value=\"$ilistname $whitelist_uuid\">";
+ echo "<option value='default' >default</option>\n";
+ if (is_array($config['installedpackages']['snortglobal']['whitelist']['item'])) {
+ foreach ($config['installedpackages']['snortglobal']['whitelist']['item'] as $value) {
+ if ($value['snortlisttype'] == 'whitelist') {
+ if ($value['name'] == $pconfig['whitelist'])
+ echo "<option value='{$value['name']}' selected>";
+ else
+ echo "<option value='{$value['name']}'>";
+ echo htmlspecialchars($value['name']) . '</option>';
+ }
}
- echo htmlspecialchars($ilistname) . '</option>
- ';
}
- endforeach;
?>
</select><br>
<span class="vexpl">Choose the whitelist you will like this rule to
- use. </span>&nbsp;<span class="red">Note:</span>&nbsp;Default
- whitelist adds only local networks.</td>
+ use. </span>&nbsp;<br/><span class="red">Note:</span>&nbsp;Default
+ whitelist adds only local networks.<br/>
+ <span class="red">Note:</span>&nbsp;This option will only be used when block offenders is on.
+ </td>
</tr>
-
<tr>
<td width="22%" valign="top" class="vncell2">Suppression and
filtering</td>
- <td width="78%" class="vtable"><select name="suppresslistname"
- class="formfld" id="suppresslistname">
+ <td width="78%" class="vtable">
+ <select name="suppresslistname" class="formfld" id="suppresslistname">
<?php
- /* find whitelist names and filter by type, make sure to track by uuid */
- if ($pconfig['suppresslistname'] == 'default'){ $selected = 'selected'; }
- echo "<option value=\"default\" $selected>default</option>";
+ echo "<option value='default' >default</option>\n";
if (is_array($config['installedpackages']['snortglobal']['suppress']['item'])) {
$slist_select = $config['installedpackages']['snortglobal']['suppress']['item'];
foreach ($slist_select as $value) {
@@ -664,7 +642,7 @@ function enable_change(enable_change) {
?>
</select><br>
<span class="vexpl">Choose the suppression or filtering file you
- will like this rule to use. </span>&nbsp;<span class="red">Note:</span>&nbsp;Default
+ will like this rule to use. </span>&nbsp;<br/><span class="red">Note:</span>&nbsp;Default
option disables suppression and filtering.</td>
</tr>