aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorbmeeks8 <bmeeks8@bellsouth.net>2013-05-16 19:47:54 -0400
committerbmeeks8 <bmeeks8@bellsouth.net>2013-05-16 19:47:54 -0400
commitf4e899011f9312f79d7f5448ebb99ec59590537d (patch)
treeca1d69793dd269d440a97a8bf1a161cf312818e8
parent22ac2fcf01952441d6ecc6bd0aed8ead35f2b3df (diff)
downloadpfsense-packages-f4e899011f9312f79d7f5448ebb99ec59590537d.tar.gz
pfsense-packages-f4e899011f9312f79d7f5448ebb99ec59590537d.tar.bz2
pfsense-packages-f4e899011f9312f79d7f5448ebb99ec59590537d.zip
Add error trapping for Snort interface adds and deletes.
-rwxr-xr-xconfig/snort/snort_interfaces.php53
-rwxr-xr-xconfig/snort/snort_interfaces_edit.php46
2 files changed, 77 insertions, 22 deletions
diff --git a/config/snort/snort_interfaces.php b/config/snort/snort_interfaces.php
index c2a66f98..4f7eaebf 100755
--- a/config/snort/snort_interfaces.php
+++ b/config/snort/snort_interfaces.php
@@ -57,6 +57,18 @@ if (isset($_POST['del_x'])) {
exec("/bin/rm -r /var/log/snort/snort_{$if_real}{$snort_uuid}");
exec("/bin/rm -r {$snortdir}/snort_{$snort_uuid}_{$if_real}");
+ // If interface had auto-generated Suppress List, then
+ // delete that along with the interface
+ $autolist = "{$a_nat[$rulei]['interface']}" . "suppress";
+ $a_suppress = &$config['installedpackages']['snortglobal']['suppress']['item'];
+ foreach ($a_suppress as $k => $i) {
+ if ($i['name'] == $autolist) {
+ unset($config['installedpackages']['snortglobal']['suppress']['item'][$k]);
+ break;
+ }
+ }
+
+ // Finally delete the interface's config entry entirely
unset($a_nat[$rulei]);
}
conf_mount_ro();
@@ -215,7 +227,7 @@ if ($pfsense_stable == 'yes')
<td></td>
<td align="center" valign="middle"><a href="snort_interfaces_edit.php?id=<?php echo $id_gen;?>"><img
src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif"
- width="17" height="17" border="0" title="<?php echo gettext('add interface');?>"></a></td>
+ width="17" height="17" border="0" title="<?php echo gettext('Add Snort interface mapping');?>"></a></td>
</tr>
</table>
</td>
@@ -354,7 +366,7 @@ foreach ($a_nat as $natent): ?>
<tr>
<td><a href="snort_interfaces_edit.php?id=<?=$i;?>"><img
src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif"
- width="17" height="17" border="0" title="<?php echo gettext('edit interface'); ?>"></a>
+ width="17" height="17" border="0" title="<?php echo gettext('Edit Snort interface mapping'); ?>"></a>
</td>
</tr>
</table>
@@ -374,11 +386,13 @@ foreach ($a_nat as $natent): ?>
<tr>
<td><?php if ($nnats == 0): ?><img
src="../themes/<?= $g['theme']; ?>/images/icons/icon_x_d.gif"
- width="17" height="17" title="<?php echo gettext("delete selected interface"); ?>" border="0"><?php else: ?>
+ width="17" height="17" " border="0">
+ <?php else: ?>
<input name="del" type="image"
src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif"
- width="17" height="17" title="<?php echo gettext("delete selected interface"); ?>"
- onclick="return confirm('Do you really want to delete the selected Snort mapping?')"><?php endif; ?></td>
+ width="17" height="17" title="<?php echo gettext("Delete selected Snort interface mapping(s)"); ?>"
+ onclick="return intf_del()">
+ <?php endif; ?></td>
</tr>
</table>
</td>
@@ -396,9 +410,12 @@ foreach ($a_nat as $natent): ?>
<table class="tabcont" width="100%" border="0" cellpadding="1" cellspacing="1">
<tr>
<td colspan="3"><span class="red"><strong><?php echo gettext("Note:"); ?></strong></span> <br>
- <?php echo gettext('This is the <strong>Snort Menu</strong> where you can see an over ' .
- 'view of all your interface settings. ' .
- 'Please visit the <strong>Global Settings</strong> tab before adding ' . 'an interface.'); ?>
+ <?php echo gettext("This is the ") . "<strong>" . gettext("Snort Menu ") .
+ "</strong>" . gettext("where you can see an overview of all your interface settings.");
+ if (empty($a_nat)) {
+ echo gettext("Please visit the ") . "<strong>" . gettext("Global Settings") .
+ "</strong>" . gettext(" tab before adding an interface.");
+ }?>
</td>
</tr>
<tr>
@@ -448,6 +465,26 @@ foreach ($a_nat as $natent): ?>
</tr>
</table>
</form>
+
+<script type="text/javascript">
+
+function intf_del() {
+ var isSelected = false;
+ var inputs = document.iform.elements;
+ for (var i = 0; i < inputs.length; i++) {
+ if (inputs[i].type == "checkbox") {
+ if (inputs[i].checked)
+ isSelected = true;
+ }
+ }
+ if (isSelected)
+ return confirm('Do you really want to delete the selected Snort mapping?');
+ else
+ alert("There is no Snort mapping selected for deletion. Click the checkbox beside the Snort mapping(s) you wish to delete.");
+}
+
+</script>
+
<?php
include("fend.inc");
?>
diff --git a/config/snort/snort_interfaces_edit.php b/config/snort/snort_interfaces_edit.php
index 36bc628d..0010ec40 100755
--- a/config/snort/snort_interfaces_edit.php
+++ b/config/snort/snort_interfaces_edit.php
@@ -57,10 +57,21 @@ if (empty($snortglob['rule'][$id]['uuid'])) {
}
else {
$pconfig['uuid'] = $a_rule[$id]['uuid'];
+ $pconfig['descr'] = $a_rule[$id]['descr'];
$rebuild_rules = "off";
}
$snort_uuid = $pconfig['uuid'];
+// Get the physical configured interfaces on the firewall
+if (function_exists('get_configured_interface_with_descr'))
+ $interfaces = get_configured_interface_with_descr();
+else {
+ $interfaces = array('wan' => 'WAN', 'lan' => 'LAN');
+ for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++)
+ $interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr'];
+}
+
+// See if interface is already configured, and use its values
if (isset($id) && $a_rule[$id]) {
/* old options */
$pconfig = $a_rule[$id];
@@ -68,8 +79,24 @@ if (isset($id) && $a_rule[$id]) {
$pconfig['configpassthru'] = base64_decode($pconfig['configpassthru']);
if (empty($pconfig['uuid']))
$pconfig['uuid'] = $snort_uuid;
- if (!$pconfig['interface'])
- $pconfig['interface'] = "wan";
+}
+// Must be a new interface, so try to pick next available physical interface to use
+elseif (isset($id) && !isset($a_rule[$id])) {
+ $ifaces = get_configured_interface_list();
+ $ifrules = array();
+ foreach($a_rule as $r)
+ $ifrules[] = $r['interface'];
+ foreach ($ifaces as $i) {
+ if (!in_array($i, $ifrules)) {
+ $pconfig['interface'] = $i;
+ break;
+ }
+ }
+ if (count($ifrules) == count($ifaces)) {
+ $input_errors[] = "No more available interfaces to configure for Snort!";
+ $interfaces = array();
+ $pconfig = array();
+ }
}
if (isset($_GET['dup']))
@@ -228,19 +255,11 @@ include_once("head.inc");
<td width="78%" class="vtable">
<select name="interface" class="formselect" tabindex="0">
<?php
- if (function_exists('get_configured_interface_with_descr'))
- $interfaces = get_configured_interface_with_descr();
- else {
- $interfaces = array('wan' => 'WAN', 'lan' => 'LAN');
- for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) {
- $interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr'];
- }
- }
foreach ($interfaces as $iface => $ifacename): ?>
<option value="<?=$iface;?>"
- <?php if ($iface == $pconfig['interface']) echo "selected"; ?>><?=htmlspecialchars($ifacename);?>
+ <?php if ($iface == $pconfig['interface']) echo " selected"; ?>><?=htmlspecialchars($ifacename);?>
</option>
- <?php endforeach; ?>
+ <?php endforeach; ?>
</select>&nbsp;&nbsp;
<span class="vexpl"><?php echo gettext("Choose which interface this Snort instance applies to."); ?><br/>
<span class="red"><?php echo gettext("Hint:"); ?> </span><?php echo gettext("in most cases, you'll want to use WAN here."); ?></span><br/></td>
@@ -248,8 +267,7 @@ include_once("head.inc");
<tr>
<td width="22%" valign="top" class="vncellreq"><?php echo gettext("Description"); ?></td>
<td width="78%" class="vtable"><input name="descr" type="text"
- class="formfld" id="descr" size="40"
- value="<?=htmlspecialchars($pconfig['descr']);?>"> <br/>
+ class="formfld" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']); ?>"> <br/>
<span class="vexpl"><?php echo gettext("Enter a meaningful description here for your reference."); ?></span><br/></td>
</tr>
<tr>