diff options
author | Michele Di Maria <michele@nt2.it> | 2011-12-05 22:49:15 +0100 |
---|---|---|
committer | Michele Di Maria <michele@nt2.it> | 2011-12-05 22:49:15 +0100 |
commit | 2fbc6884d4aa24eeea690b2afeb2e182feeabc8e (patch) | |
tree | 419199f4193e7005d3d5ae0696d2170a84cc50d2 /config/snort | |
parent | e35aa3111520afb6d020816d09992bd66469839a (diff) | |
download | pfsense-packages-2fbc6884d4aa24eeea690b2afeb2e182feeabc8e.tar.gz pfsense-packages-2fbc6884d4aa24eeea690b2afeb2e182feeabc8e.tar.bz2 pfsense-packages-2fbc6884d4aa24eeea690b2afeb2e182feeabc8e.zip |
Adds two variables for SIP services in the "Define Servers" interface:
SIP_SERVERS, default=$HOME_NET
SIP_PORTS, default=[5060:5090,16384:32768]
Reference: http://redmine.pfsense.org/issues/2033
Diffstat (limited to 'config/snort')
-rw-r--r-- | config/snort/snort.inc | 16 | ||||
-rw-r--r-- | config/snort/snort_define_servers.php | 20 | ||||
-rw-r--r-- | config/snort/snort_interfaces_edit.php | 4 |
3 files changed, 40 insertions, 0 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc index 0e624c7f..36f58760 100644 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -1581,6 +1581,20 @@ function generate_snort_conf($id, $if_real, $snort_uuid) $def_sip_proxy_ports_type = "5060:5090,16384:32768"; else $def_sip_proxy_ports_type = "$def_sip_proxy_ports_info_chk"; + + /* def SIP_IP */ + $def_sip_ip_info_chk = $snortcfg['def_sip_ip']; + if ($def_sip_ip_info_chk == "") + $def_sip_ip_type = "\$HOME_NET"; + else + $def_sip_ip_type = "$def_sip_ip_info_chk"; + + /* def SIP_PORTS */ + $def_sip_ports_info_chk = $snortcfg['def_sip_ports']; + if ($def_sip_ports_info_chk == "") + $def_sip_ports_type = "5060:5090,16384:32768"; + else + $def_sip_ports_type = "$def_sip_ports_info_chk"; /* def AUTH_PORTS */ $def_auth_ports_info_chk = $snortcfg['def_auth_ports']; @@ -1964,6 +1978,7 @@ var IMAP_SERVERS [{$def_imap_servers_type}] var RPC_SERVERS \$HOME_NET var WWW_SERVERS [{$def_www_servers_type}] var SIP_PROXY_IP [{$def_sip_proxy_ip_type}] +var SIP_IP [{$def_sip_ip_type}] var AIM_SERVERS \ [64.12.24.0/23,64.12.28.0/23,64.12.161.0/24,64.12.163.0/24,64.12.200.0/24,205.188.3.0/24,205.188.5.0/24,205.188.7.0/24,205.188.9.0/24,205.188.153.0/24,205.188.179.0/24,205.188.248.0/24] @@ -1997,6 +2012,7 @@ portvar TELNET_PORTS [{$def_telnet_ports_type}] portvar MAIL_PORTS [{$def_mail_ports_type}] portvar SSL_PORTS [{$def_ssl_ports_type}] portvar SIP_PROXY_PORTS [{$def_sip_proxy_ports_type}] +portvar SIP_PORTS [{$def_sip_ports_type}] # DCERPC NCACN-IP-TCP portvar DCERPC_NCACN_IP_TCP [139,445] diff --git a/config/snort/snort_define_servers.php b/config/snort/snort_define_servers.php index e3238ef7..45264995 100644 --- a/config/snort/snort_define_servers.php +++ b/config/snort/snort_define_servers.php @@ -88,6 +88,8 @@ if (isset($id) && $a_nat[$id]) { $pconfig['def_imap_servers'] = $a_nat[$id]['def_imap_servers']; $pconfig['def_imap_ports'] = $a_nat[$id]['def_imap_ports']; $pconfig['def_sip_proxy_ip'] = $a_nat[$id]['def_sip_proxy_ip']; + $pconfig['def_sip_servers_ip'] = $a_nat[$id]['def_sip_servers_ip']; + $pconfig['def_sip_ports'] = $a_nat[$id]['def_sip_ports']; $pconfig['def_sip_proxy_ports'] = $a_nat[$id]['def_sip_proxy_ports']; $pconfig['def_auth_ports'] = $a_nat[$id]['def_auth_ports']; $pconfig['def_finger_ports'] = $a_nat[$id]['def_finger_ports']; @@ -139,6 +141,8 @@ if ($_POST) { if ($_POST['def_imap_ports'] != "") { $natent['def_imap_ports'] = $_POST['def_imap_ports']; }else{ $natent['def_imap_ports'] = ""; } if ($_POST['def_sip_proxy_ip'] != "") { $natent['def_sip_proxy_ip'] = $_POST['def_sip_proxy_ip']; }else{ $natent['def_sip_proxy_ip'] = ""; } if ($_POST['def_sip_proxy_ports'] != "") { $natent['def_sip_proxy_ports'] = $_POST['def_sip_proxy_ports']; }else{ $natent['def_sip_proxy_ports'] = ""; } + if ($_POST['def_sip_ip'] != "") { $natent['def_sip_ip'] = $_POST['def_sip_ip']; }else{ $natent['def_sip_ip'] = ""; } + if ($_POST['def_sip_ports'] != "") { $natent['def_sip_ports'] = $_POST['def_sip_ports']; }else{ $natent['def_sip_ports'] = ""; } if ($_POST['def_auth_ports'] != "") { $natent['def_auth_ports'] = $_POST['def_auth_ports']; }else{ $natent['def_auth_ports'] = ""; } if ($_POST['def_finger_ports'] != "") { $natent['def_finger_ports'] = $_POST['def_finger_ports']; }else{ $natent['def_finger_ports'] = ""; } if ($_POST['def_irc_ports'] != "") { $natent['def_irc_ports'] = $_POST['def_irc_ports']; }else{ $natent['def_irc_ports'] = ""; } @@ -442,8 +446,24 @@ echo "{$snort_general_css}\n"; value="<?=htmlspecialchars($pconfig['def_sip_proxy_ports']);?>"> <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 5060:5090,16384:32768.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Define SIP_SERVERS</td> + <td width="78%" class="vtable"><input name="def_sip_ip" + type="text" class="formfld" id="def_sip_ip" size="40" + value="<?=htmlspecialchars($pconfig['def_sip_ip']);?>"> <br> + <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave + blank to scan all networks.</span></td> </tr> <tr> + <td width="22%" valign="top" class="vncell2">Define SIP_PORTS</td> + <td width="78%" class="vtable"><input name="def_sip_ports" + type="text" class="formfld" id="def_sip_ports" size="40" + value="<?=htmlspecialchars($pconfig['def_sip_ports']);?>"> <br> + <span class="vexpl">Example: Specific ports "25,443" or All ports + betwen "5060:5090 . Default is 5060:5090,16384:32768.</span></td> + </tr> + <tr> <td width="22%" valign="top" class="vncell2">Define AUTH_PORTS</td> <td width="78%" class="vtable"><input name="def_auth_ports" type="text" class="formfld" id="def_auth_ports" size="40" diff --git a/config/snort/snort_interfaces_edit.php b/config/snort/snort_interfaces_edit.php index b1a091e7..a0e912cd 100644 --- a/config/snort/snort_interfaces_edit.php +++ b/config/snort/snort_interfaces_edit.php @@ -111,6 +111,8 @@ if (isset($id) && $a_nat[$id]) { $pconfig['def_imap_servers'] = $a_nat[$id]['def_imap_servers']; $pconfig['def_imap_ports'] = $a_nat[$id]['def_imap_ports']; $pconfig['def_sip_proxy_ip'] = $a_nat[$id]['def_sip_proxy_ip']; + $pconfig['def_sip_servers_ip'] = $a_nat[$id]['def_sip_servers_ip']; + $pconfig['def_sip_ports'] = $a_nat[$id]['def_sip_ports']; $pconfig['def_sip_proxy_ports'] = $a_nat[$id]['def_sip_proxy_ports']; $pconfig['def_auth_ports'] = $a_nat[$id]['def_auth_ports']; $pconfig['def_finger_ports'] = $a_nat[$id]['def_finger_ports']; @@ -253,6 +255,8 @@ if (isset($_GET['dup'])) if ($pconfig['def_imap_servers'] != "") { $natent['def_imap_servers'] = $pconfig['def_imap_servers']; } if ($pconfig['def_imap_ports'] != "") { $natent['def_imap_ports'] = $pconfig['def_imap_ports']; } if ($pconfig['def_sip_proxy_ip'] != "") { $natent['def_sip_proxy_ip'] = $pconfig['def_sip_proxy_ip']; } + if ($pconfig['def_sip_ip'] != "") { $natent['def_sip_ip'] = $pconfig['def_sip_ip']; }else{ $natent['def_sip_ip'] = ""; } + if ($pconfig['def_sip_ports'] != "") { $natent['def_sip_ports'] = $pconfig['def_sip_ports']; }else{ $natent['def_sip_ports'] = ""; } if ($pconfig['def_sip_proxy_ports'] != "") { $natent['def_sip_proxy_ports'] = $pconfig['def_sip_proxy_ports']; } if ($pconfig['def_auth_ports'] != "") { $natent['def_auth_ports'] = $pconfig['def_auth_ports']; } if ($pconfig['def_finger_ports'] != "") { $natent['def_finger_ports'] = $pconfig['def_finger_ports']; } |