aboutsummaryrefslogtreecommitdiffstats
path: root/config/snort
diff options
context:
space:
mode:
authorErmal <eri@pfsense.org>2012-01-25 23:12:11 +0000
committerErmal <eri@pfsense.org>2012-01-25 23:12:11 +0000
commite4c13a5752c5f7b4947edbc4227b005cd333566d (patch)
treeb9c732034f918878790751ef9dd0344110101a4e /config/snort
parent3284c26553ab086cd8730e37c4f419d1b38acab0 (diff)
downloadpfsense-packages-e4c13a5752c5f7b4947edbc4227b005cd333566d.tar.gz
pfsense-packages-e4c13a5752c5f7b4947edbc4227b005cd333566d.tar.bz2
pfsense-packages-e4c13a5752c5f7b4947edbc4227b005cd333566d.zip
Expose the new options of spoink to the GUI
Improve spoink code a lot: - Allow to block by src/dst/both on the packet that generated alert. Default to src to keep backward compatibility - Speedup whitelist search - Create an option that allows to kill states on pf for blocked hosts. This allows to remove all access to the blocked host. TODO: - More fine grained blocking options? - Make whiwhitelist hparsing less sucky and IPv6 compatible
Diffstat (limited to 'config/snort')
-rw-r--r--config/snort/snort.inc6
-rw-r--r--config/snort/snort_interfaces_edit.php46
2 files changed, 48 insertions, 4 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc
index 98d7ebfa..6aef1eed 100644
--- a/config/snort/snort.inc
+++ b/config/snort/snort.inc
@@ -1383,7 +1383,11 @@ function generate_snort_conf($id, $if_real, $snort_uuid)
else if (file_exists("/usr/local/etc/snort/whitelist/{$snortcfg['whitelistname']}"))
$spoink_whitelist_name = $snortcfg['whitelistname'];
- $spoink_type = "output alert_pf: /usr/local/etc/snort/whitelist/{$spoink_whitelist_name},snort2c";
+ $pfkill = "";
+ if ($snortcfg['blockoffenderskill'] == "on")
+ $pfkill = "kill";
+
+ $spoink_type = "output alert_pf: /usr/local/etc/snort/whitelist/{$spoink_whitelist_name},snort2c,{$snortcfg['blockoffendersip']},{$pfkill}";
}
/* define threshold file */
diff --git a/config/snort/snort_interfaces_edit.php b/config/snort/snort_interfaces_edit.php
index 3b4ae8b4..90f48a4b 100644
--- a/config/snort/snort_interfaces_edit.php
+++ b/config/snort/snort_interfaces_edit.php
@@ -128,6 +128,8 @@ if (isset($id) && $a_nat[$id]) {
$pconfig['descr'] = $a_nat[$id]['descr'];
$pconfig['performance'] = $a_nat[$id]['performance'];
$pconfig['blockoffenders7'] = $a_nat[$id]['blockoffenders7'];
+ $pconfig['blockoffenderskill'] = $a_nat[$id]['blockoffenderskill'];
+ $pconfig['blockoffendersip'] = $a_nat[$id]['blockoffendersip'];
$pconfig['whitelistname'] = $a_nat[$id]['whitelistname'];
$pconfig['homelistname'] = $a_nat[$id]['homelistname'];
$pconfig['externallistname'] = $a_nat[$id]['externallistname'];
@@ -204,6 +206,11 @@ if (isset($_GET['dup']))
$natent['blockoffenders7'] = 'on';
else
$natent['blockoffenders7'] = 'off';
+ if ($_POST['blockoffenderskill'] == "on")
+ $natent['blockoffenderskill'] = 'on';
+ if ($_POST['blockoffendersip'])
+ $natent['blockoffendersip'] = $_POST['blockoffendersip'];
+
$natent['whitelistname'] = $_POST['whitelistname'] ? $_POST['whitelistname'] : $pconfig['whitelistname'];
$natent['homelistname'] = $_POST['homelistname'] ? $_POST['homelistname'] : $pconfig['homelistname'];
$natent['externallistname'] = $_POST['externallistname'] ? $_POST['externallistname'] : $pconfig['externallistname'];
@@ -340,6 +347,12 @@ enable JavaScript to view this content</strong></div>
<script language="JavaScript">
<!--
+function enable_blockoffenders() {
+ var endis = !(document.iform.blockoffenders7.checked);
+ document.iform.blockoffenderskill.disabled=endis;
+ document.iform.blockoffendersip.disabled=endis;
+}
+
function enable_change(enable_change) {
endis = !(document.iform.enable.checked || enable_change);
// make shure a default answer is called if this is envoked.
@@ -562,14 +575,40 @@ function enable_change(enable_change) {
</tr>
<tr>
<td width="22%" valign="top" class="vncell2">Block offenders</td>
- <td width="78%" class="vtable"><input name="blockoffenders7"
- type="checkbox" value="on"
+ <td width="78%" class="vtable">
+ <input name="blockoffenders7" id="blockoffenders7" type="checkbox" value="on"
<?php if ($pconfig['blockoffenders7'] == "on") echo "checked"; ?>
- onClick="enable_change(false)"><br>
+ onClick="enable_blockoffenders()"><br>
Checking this option will automatically block hosts that generate a
Snort alert.</td>
</tr>
<tr>
+ <td width="22%" valign="top" class="vncell2">Kill states</td>
+ <td width="78%" class="vtable">
+ <input name="blockoffenderskill" id="blockoffenderskill" type="checkbox" value="on" <?php if ($pconfig['blockoffenderskill'] == "on") echo "checked"; ?>>
+ <br/>Should firewall states be killed for the blocked ip
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Which ip to block</td>
+ <td width="78%" class="vtable">
+ <select name="blockoffendersip" class="formfld" id="blockoffendersip">
+ <?php
+ foreach (array("src", "dst", "both") as $btype) {
+ if ($value['snortlisttype'] == 'whitelist') {
+ if ($btype == $pconfig['blockoffendersip'])
+ echo "<option value='{$btype}' selected>";
+ else
+ echo "<option value='{$btype}'>";
+ echo htmlspecialchars($btype) . '</option>';
+ }
+ }
+ ?>
+ </select>
+ <br/> Which ip extracted from the packet you want to block
+ </td>
+ </tr>
+ <tr>
<td width="22%" valign="top" class="vncell2">Whitelist</td>
<td width="78%" class="vtable">
<select name="whitelistname" class="formfld" id="whitelistname">
@@ -687,6 +726,7 @@ function enable_change(enable_change) {
<script language="JavaScript">
<!--
enable_change(false);
+enable_blockoffenders();
//-->
</script>