diff options
author | bmeeks8 <bmeeks8@bellsouth.net> | 2013-06-05 17:07:55 -0400 |
---|---|---|
committer | bmeeks8 <bmeeks8@bellsouth.net> | 2013-06-05 17:07:55 -0400 |
commit | 8e910fa46269ae3c933ad068ef2843b9dd9dda4e (patch) | |
tree | 8ec3f1d8eccacf6b49b44798608ca9f88d8ae10d /config/snort | |
parent | b3cbd705918a4a7f45eff9ddc330e2dab10c58db (diff) | |
download | pfsense-packages-8e910fa46269ae3c933ad068ef2843b9dd9dda4e.tar.gz pfsense-packages-8e910fa46269ae3c933ad068ef2843b9dd9dda4e.tar.bz2 pfsense-packages-8e910fa46269ae3c933ad068ef2843b9dd9dda4e.zip |
Fix SELECT ALL to not add all Snort rules when IPS Policy is set.
Diffstat (limited to 'config/snort')
-rwxr-xr-x | config/snort/snort_rulesets.php | 125 |
1 files changed, 69 insertions, 56 deletions
diff --git a/config/snort/snort_rulesets.php b/config/snort/snort_rulesets.php index 62200ba4..fa3efc1b 100755 --- a/config/snort/snort_rulesets.php +++ b/config/snort/snort_rulesets.php @@ -112,12 +112,14 @@ else /* alert file */ if ($_POST["Submit"]) { - if ($_POST['ips_policy_enable'] == "on") + if ($_POST['ips_policy_enable'] == "on") { $a_nat[$id]['ips_policy_enable'] = 'on'; - else + $a_nat[$id]['ips_policy'] = $_POST['ips_policy']; + } + else { $a_nat[$id]['ips_policy_enable'] = 'off'; - - $a_nat[$id]['ips_policy'] = $_POST['ips_policy']; + unset($a_nat[$id]['ips_policy']); + } $enabled_items = ""; if (is_array($_POST['toenable'])) @@ -152,6 +154,15 @@ if ($_POST["Submit"]) { if ($_POST['unselectall']) { $a_nat[$id]['rulesets'] = ""; + if ($_POST['ips_policy_enable'] == "on") { + $a_nat[$id]['ips_policy_enable'] = 'on'; + $a_nat[$id]['ips_policy'] = $_POST['ips_policy']; + } + else { + $a_nat[$id]['ips_policy_enable'] = 'off'; + unset($a_nat[$id]['ips_policy']); + } + write_config(); sync_snort_package_config(); @@ -161,6 +172,16 @@ if ($_POST['unselectall']) { if ($_POST['selectall']) { $rulesets = array(); + + if ($_POST['ips_policy_enable'] == "on") { + $a_nat[$id]['ips_policy_enable'] = 'on'; + $a_nat[$id]['ips_policy'] = $_POST['ips_policy']; + } + else { + $a_nat[$id]['ips_policy_enable'] = 'off'; + unset($a_nat[$id]['ips_policy']); + } + if ($emergingdownload == 'on') { $files = glob("{$snortdir}/rules/emerging*.rules"); foreach ($files as $file) @@ -171,7 +192,9 @@ if ($_POST['selectall']) { foreach ($files as $file) $rulesets[] = basename($file); } - if ($snortdownload == 'on') { + + /* Include the Snort VRT rules only if enabled and no IPS policy is set */ + if ($snortdownload == 'on' && $a_nat[$id]['ips_policy_enable'] == 'off') { $files = glob("{$snortdir}/rules/snort*.rules"); foreach ($files as $file) $rulesets[] = basename($file); @@ -210,49 +233,6 @@ if ($savemsg) { ?> -<script language="javascript" type="text/javascript"> -function popup(url) -{ - params = 'width='+screen.width; - params += ', height='+screen.height; - params += ', top=0, left=0' - params += ', fullscreen=yes'; - - newwin=window.open(url,'windowname4', params); - if (window.focus) {newwin.focus()} - return false; -} - -function wopen(url, name, w, h) -{ -// Fudge factors for window decoration space. -// In my tests these work well on all platforms & browsers. -w += 32; -h += 96; - var win = window.open(url, - name, - 'width=' + w + ', height=' + h + ', ' + - 'location=no, menubar=no, ' + - 'status=no, toolbar=no, scrollbars=yes, resizable=yes'); - win.resizeTo(w, h); - win.focus(); -} - -function enable_change() -{ - var endis = !(document.iform.ips_policy_enable.checked); - document.iform.ips_policy.disabled=endis; - - for (var i = 0; i < document.iform.elements.length; i++) { - if (document.iform.elements[i].type == 'checkbox') { - var str = document.iform.elements[i].value; - if (str.substr(0,6) == "snort_") - document.iform.elements[i].disabled = !(endis); - } - } -} -</script> - <form action="snort_rulesets.php" method="post" name="iform" id="iform"> <input type="hidden" name="id" id="id" value="<?=$id;?>" /> <table width="100%" border="0" cellpadding="0" cellspacing="0"> @@ -271,14 +251,14 @@ function enable_change() echo '</td></tr>'; echo '<tr><td class="tabnavtbl">'; $menu_iface=($if_friendly?substr($if_friendly,0,5)." ":"Iface "); - $tab_array = array(); - $tab_array[] = array($menu_iface . gettext("Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}"); - $tab_array[] = array($menu_iface . gettext("Categories"), true, "/snort/snort_rulesets.php?id={$id}"); - $tab_array[] = array($menu_iface . gettext("Rules"), false, "/snort/snort_rules.php?id={$id}"); - $tab_array[] = array($menu_iface . gettext("Variables"), false, "/snort/snort_define_servers.php?id={$id}"); - $tab_array[] = array($menu_iface . gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}"); - $tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}"); - display_top_tabs($tab_array); + $tab_array = array(); + $tab_array[] = array($menu_iface . gettext("Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Categories"), true, "/snort/snort_rulesets.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Rules"), false, "/snort/snort_rules.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Variables"), false, "/snort/snort_define_servers.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}"); + display_top_tabs($tab_array); ?> </td></tr> <tr> @@ -570,5 +550,38 @@ function enable_change() <?php include("fend.inc"); ?> + +<script language="javascript" type="text/javascript"> + +function wopen(url, name, w, h) +{ +// Fudge factors for window decoration space. +// In my tests these work well on all platforms & browsers. +w += 32; +h += 96; + var win = window.open(url, + name, + 'width=' + w + ', height=' + h + ', ' + + 'location=no, menubar=no, ' + + 'status=no, toolbar=no, scrollbars=yes, resizable=yes'); + win.resizeTo(w, h); + win.focus(); +} + +function enable_change() +{ + var endis = !(document.iform.ips_policy_enable.checked); + document.iform.ips_policy.disabled=endis; + + for (var i = 0; i < document.iform.elements.length; i++) { + if (document.iform.elements[i].type == 'checkbox') { + var str = document.iform.elements[i].value; + if (str.substr(0,6) == "snort_") + document.iform.elements[i].disabled = !(endis); + } + } +} +</script> + </body> </html> |