diff options
author | bmeeks8 <bmeeks8@bellsouth.net> | 2013-05-16 19:47:54 -0400 |
---|---|---|
committer | bmeeks8 <bmeeks8@bellsouth.net> | 2013-05-16 19:47:54 -0400 |
commit | f4e899011f9312f79d7f5448ebb99ec59590537d (patch) | |
tree | ca1d69793dd269d440a97a8bf1a161cf312818e8 /config/snort | |
parent | 22ac2fcf01952441d6ecc6bd0aed8ead35f2b3df (diff) | |
download | pfsense-packages-f4e899011f9312f79d7f5448ebb99ec59590537d.tar.gz pfsense-packages-f4e899011f9312f79d7f5448ebb99ec59590537d.tar.bz2 pfsense-packages-f4e899011f9312f79d7f5448ebb99ec59590537d.zip |
Add error trapping for Snort interface adds and deletes.
Diffstat (limited to 'config/snort')
-rwxr-xr-x | config/snort/snort_interfaces.php | 53 | ||||
-rwxr-xr-x | config/snort/snort_interfaces_edit.php | 46 |
2 files changed, 77 insertions, 22 deletions
diff --git a/config/snort/snort_interfaces.php b/config/snort/snort_interfaces.php index c2a66f98..4f7eaebf 100755 --- a/config/snort/snort_interfaces.php +++ b/config/snort/snort_interfaces.php @@ -57,6 +57,18 @@ if (isset($_POST['del_x'])) { exec("/bin/rm -r /var/log/snort/snort_{$if_real}{$snort_uuid}"); exec("/bin/rm -r {$snortdir}/snort_{$snort_uuid}_{$if_real}"); + // If interface had auto-generated Suppress List, then + // delete that along with the interface + $autolist = "{$a_nat[$rulei]['interface']}" . "suppress"; + $a_suppress = &$config['installedpackages']['snortglobal']['suppress']['item']; + foreach ($a_suppress as $k => $i) { + if ($i['name'] == $autolist) { + unset($config['installedpackages']['snortglobal']['suppress']['item'][$k]); + break; + } + } + + // Finally delete the interface's config entry entirely unset($a_nat[$rulei]); } conf_mount_ro(); @@ -215,7 +227,7 @@ if ($pfsense_stable == 'yes') <td></td> <td align="center" valign="middle"><a href="snort_interfaces_edit.php?id=<?php echo $id_gen;?>"><img src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" - width="17" height="17" border="0" title="<?php echo gettext('add interface');?>"></a></td> + width="17" height="17" border="0" title="<?php echo gettext('Add Snort interface mapping');?>"></a></td> </tr> </table> </td> @@ -354,7 +366,7 @@ foreach ($a_nat as $natent): ?> <tr> <td><a href="snort_interfaces_edit.php?id=<?=$i;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" - width="17" height="17" border="0" title="<?php echo gettext('edit interface'); ?>"></a> + width="17" height="17" border="0" title="<?php echo gettext('Edit Snort interface mapping'); ?>"></a> </td> </tr> </table> @@ -374,11 +386,13 @@ foreach ($a_nat as $natent): ?> <tr> <td><?php if ($nnats == 0): ?><img src="../themes/<?= $g['theme']; ?>/images/icons/icon_x_d.gif" - width="17" height="17" title="<?php echo gettext("delete selected interface"); ?>" border="0"><?php else: ?> + width="17" height="17" " border="0"> + <?php else: ?> <input name="del" type="image" src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" - width="17" height="17" title="<?php echo gettext("delete selected interface"); ?>" - onclick="return confirm('Do you really want to delete the selected Snort mapping?')"><?php endif; ?></td> + width="17" height="17" title="<?php echo gettext("Delete selected Snort interface mapping(s)"); ?>" + onclick="return intf_del()"> + <?php endif; ?></td> </tr> </table> </td> @@ -396,9 +410,12 @@ foreach ($a_nat as $natent): ?> <table class="tabcont" width="100%" border="0" cellpadding="1" cellspacing="1"> <tr> <td colspan="3"><span class="red"><strong><?php echo gettext("Note:"); ?></strong></span> <br> - <?php echo gettext('This is the <strong>Snort Menu</strong> where you can see an over ' . - 'view of all your interface settings. ' . - 'Please visit the <strong>Global Settings</strong> tab before adding ' . 'an interface.'); ?> + <?php echo gettext("This is the ") . "<strong>" . gettext("Snort Menu ") . + "</strong>" . gettext("where you can see an overview of all your interface settings."); + if (empty($a_nat)) { + echo gettext("Please visit the ") . "<strong>" . gettext("Global Settings") . + "</strong>" . gettext(" tab before adding an interface."); + }?> </td> </tr> <tr> @@ -448,6 +465,26 @@ foreach ($a_nat as $natent): ?> </tr> </table> </form> + +<script type="text/javascript"> + +function intf_del() { + var isSelected = false; + var inputs = document.iform.elements; + for (var i = 0; i < inputs.length; i++) { + if (inputs[i].type == "checkbox") { + if (inputs[i].checked) + isSelected = true; + } + } + if (isSelected) + return confirm('Do you really want to delete the selected Snort mapping?'); + else + alert("There is no Snort mapping selected for deletion. Click the checkbox beside the Snort mapping(s) you wish to delete."); +} + +</script> + <?php include("fend.inc"); ?> diff --git a/config/snort/snort_interfaces_edit.php b/config/snort/snort_interfaces_edit.php index 36bc628d..0010ec40 100755 --- a/config/snort/snort_interfaces_edit.php +++ b/config/snort/snort_interfaces_edit.php @@ -57,10 +57,21 @@ if (empty($snortglob['rule'][$id]['uuid'])) { } else { $pconfig['uuid'] = $a_rule[$id]['uuid']; + $pconfig['descr'] = $a_rule[$id]['descr']; $rebuild_rules = "off"; } $snort_uuid = $pconfig['uuid']; +// Get the physical configured interfaces on the firewall +if (function_exists('get_configured_interface_with_descr')) + $interfaces = get_configured_interface_with_descr(); +else { + $interfaces = array('wan' => 'WAN', 'lan' => 'LAN'); + for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) + $interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr']; +} + +// See if interface is already configured, and use its values if (isset($id) && $a_rule[$id]) { /* old options */ $pconfig = $a_rule[$id]; @@ -68,8 +79,24 @@ if (isset($id) && $a_rule[$id]) { $pconfig['configpassthru'] = base64_decode($pconfig['configpassthru']); if (empty($pconfig['uuid'])) $pconfig['uuid'] = $snort_uuid; - if (!$pconfig['interface']) - $pconfig['interface'] = "wan"; +} +// Must be a new interface, so try to pick next available physical interface to use +elseif (isset($id) && !isset($a_rule[$id])) { + $ifaces = get_configured_interface_list(); + $ifrules = array(); + foreach($a_rule as $r) + $ifrules[] = $r['interface']; + foreach ($ifaces as $i) { + if (!in_array($i, $ifrules)) { + $pconfig['interface'] = $i; + break; + } + } + if (count($ifrules) == count($ifaces)) { + $input_errors[] = "No more available interfaces to configure for Snort!"; + $interfaces = array(); + $pconfig = array(); + } } if (isset($_GET['dup'])) @@ -228,19 +255,11 @@ include_once("head.inc"); <td width="78%" class="vtable"> <select name="interface" class="formselect" tabindex="0"> <?php - if (function_exists('get_configured_interface_with_descr')) - $interfaces = get_configured_interface_with_descr(); - else { - $interfaces = array('wan' => 'WAN', 'lan' => 'LAN'); - for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) { - $interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr']; - } - } foreach ($interfaces as $iface => $ifacename): ?> <option value="<?=$iface;?>" - <?php if ($iface == $pconfig['interface']) echo "selected"; ?>><?=htmlspecialchars($ifacename);?> + <?php if ($iface == $pconfig['interface']) echo " selected"; ?>><?=htmlspecialchars($ifacename);?> </option> - <?php endforeach; ?> + <?php endforeach; ?> </select> <span class="vexpl"><?php echo gettext("Choose which interface this Snort instance applies to."); ?><br/> <span class="red"><?php echo gettext("Hint:"); ?> </span><?php echo gettext("in most cases, you'll want to use WAN here."); ?></span><br/></td> @@ -248,8 +267,7 @@ include_once("head.inc"); <tr> <td width="22%" valign="top" class="vncellreq"><?php echo gettext("Description"); ?></td> <td width="78%" class="vtable"><input name="descr" type="text" - class="formfld" id="descr" size="40" - value="<?=htmlspecialchars($pconfig['descr']);?>"> <br/> + class="formfld" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']); ?>"> <br/> <span class="vexpl"><?php echo gettext("Enter a meaningful description here for your reference."); ?></span><br/></td> </tr> <tr> |