diff options
| author | Ermal <eri@pfsense.org> | 2011-08-03 18:21:20 +0000 |
|---|---|---|
| committer | Ermal <eri@pfsense.org> | 2011-08-03 18:21:20 +0000 |
| commit | 0f4ea6c032de0d287d9a1620abbe32c59d557ab4 (patch) | |
| tree | 2db36f9bb3d984efd488430e02a519d09d9f4602 /config/snort | |
| parent | 85b7eb644dec64190b67207e09b52dcedc1344b6 (diff) | |
| download | pfsense-packages-0f4ea6c032de0d287d9a1620abbe32c59d557ab4.tar.gz pfsense-packages-0f4ea6c032de0d287d9a1620abbe32c59d557ab4.tar.bz2 pfsense-packages-0f4ea6c032de0d287d9a1620abbe32c59d557ab4.zip | |
Fixes for whitelists and suppress generation.
Diffstat (limited to 'config/snort')
| -rw-r--r-- | config/snort/snort.inc | 4 | ||||
| -rw-r--r-- | config/snort/snort_interfaces_edit.php | 112 |
2 files changed, 46 insertions, 70 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc index 7a5a4ffb..79d4cde8 100644 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -520,7 +520,7 @@ function snort_postinstall() if (!is_dir('/usr/local/etc/snort')) exec('/bin/mkdir -p /usr/local/etc/snort/custom_rules'); - if (!file_exists('/usr/local/etc/snort/whitelist')) + if (!is_dir('/usr/local/etc/snort/whitelist')) exec('/bin/mkdir -p /usr/local/etc/snort/whitelist/'); if (!is_dir('/var/log/snort/run')) @@ -1151,8 +1151,6 @@ function create_snort_suppress($id, $if_real) { if ($config['installedpackages']['snortglobal']['rule'][$id]['suppresslistname'] != 'default') { $whitelist_key_s = find_suppress_key($config['installedpackages']['snortglobal']['rule'][$id]['suppresslistname']); - if (empty($whitelist_key_s)) - return ""; /* file name */ $suppress_file_name = $config['installedpackages']['snortglobal']['suppress']['item'][$whitelist_key_s]['name']; diff --git a/config/snort/snort_interfaces_edit.php b/config/snort/snort_interfaces_edit.php index 019a8af0..667f3571 100644 --- a/config/snort/snort_interfaces_edit.php +++ b/config/snort/snort_interfaces_edit.php @@ -537,30 +537,24 @@ function enable_change(enable_change) { <td width="78%" class="vtable"><select name="homelistname" class="formfld" id="homelistname"> <?php + echo "<option value='default' >default</option>"; /* find whitelist names and filter by type */ - $hlist_select = $config['installedpackages']['snortglobal']['whitelist']['item']; - $hid = -1; - if ($pconfig['homelistname'] == 'default'){ $selected = 'selected'; } - $wlist_sub2 = preg_match('/^([a-zA-z0-9]+)/', $pconfig['homelistname'], $hlist_sub); - echo "<option value=\"default\" $selected>default</option> - "; - foreach ($hlist_select as $value): - $hid += 1; - if ($config['installedpackages']['snortglobal']['whitelist']['item'][$hid]['snortlisttype'] == 'netlist') { - $ilistname = $config['installedpackages']['snortglobal']['whitelist']['item'][$hid]['name']; - $whitelist_uuid = $config['installedpackages']['snortglobal']['whitelist']['item'][$hid]['uuid']; - if ($ilistname == $hlist_sub[0]){ - echo "<option value=\"$ilistname $whitelist_uuid\" selected>"; - }else{ - echo "<option value=\"$ilistname $whitelist_uuid\">"; + if (is_array($config['installedpackages']['snortglobal']['whitelist']['item'])) { + foreach ($config['installedpackages']['snortglobal']['whitelist']['item'] as $value) { + if ($value['snortlisttype'] == 'netlist') { + $ilistname = $value['name']; + if ($ilistname == $pconfig['homelistname']) + echo "<option value='$ilistname' selected>"; + else + echo "<option value='$ilistname'>"; + echo htmlspecialchars($ilistname) . '</option>'; + } } - echo htmlspecialchars($ilistname) . '</option>'; } - endforeach; ?> </select><br> <span class="vexpl">Choose the home net you will like this rule to - use. </span> <span class="red">Note:</span> Default home + use. </span> <br/><span class="red">Note:</span> Default home net adds only local networks.<br> <span class="red">Hint:</span> Most users add a list of friendly ips that the firewall cant see.</td> @@ -570,31 +564,24 @@ function enable_change(enable_change) { <td width="78%" class="vtable"><select name="externallistname" class="formfld" id="externallistname"> <?php + echo "<option value='default' >default</option>"; /* find whitelist names and filter by type */ - $exlist_select = $config['installedpackages']['snortglobal']['whitelist']['item']; - $exid = -1; - if ($pconfig['externallistname'] == 'default'){ $selected = 'selected'; } - preg_match('/^([a-zA-z0-9]+)/', $pconfig['externallistname'], $exlist_sub); - echo "<option value=\"default\" $selected>default</option> - "; - foreach ($exlist_select as $value): - $exid += 1; - if ($config['installedpackages']['snortglobal']['whitelist']['item'][$exid]['snortlisttype'] == 'netlist') { - $ilistname = $config['installedpackages']['snortglobal']['whitelist']['item'][$exid]['name']; - $whitelist_uuid = $config['installedpackages']['snortglobal']['whitelist']['item'][$exid]['uuid']; - if ($ilistname == $exlist_sub[0]){ - echo "<option value=\"$ilistname $whitelist_uuid\" selected>"; - }else{ - echo "<option value=\"$ilistname $whitelist_uuid\">"; + if (is_array($config['installedpackages']['snortglobal']['whitelist']['item'])) { + foreach ($config['installedpackages']['snortglobal']['whitelist']['item'] as $value) { + if ($value['snortlisttype'] == 'netlist') { + $ilistname = $value['name']; + if ($ilistname == $pconfig['externallistname']) + echo "<option value='$ilistname' selected>"; + else + echo "<option value='$ilistname'>"; + echo htmlspecialchars($ilistname) . '</option>'; + } } - echo htmlspecialchars($ilistname) . '</option> - '; } - endforeach; ?> - </select><br> + </select><br/> <span class="vexpl">Choose the external net you will like this rule - to use. </span> <span class="red">Note:</span> Default + to use. </span> <br/><span class="red">Note:</span> Default external net, networks that are not home net.<br> <span class="red">Hint:</span> Most users should leave this setting at default.</td> @@ -610,46 +597,37 @@ function enable_change(enable_change) { </tr> <tr> <td width="22%" valign="top" class="vncell2">Whitelist</td> - <td width="78%" class="vtable"><select name="whitelistname" - class="formfld" id="whitelistname"> + <td width="78%" class="vtable"> + <select name="whitelist" class="formfld" id="whitelistname"> <?php /* find whitelist names and filter by type, make sure to track by uuid */ - $wlist_select = $config['installedpackages']['snortglobal']['whitelist']['item']; - $wid = -1; - if ($pconfig['whitelistname'] == 'default'){ $selected = 'selected'; } - preg_match('/^([a-zA-z0-9]+)/', $pconfig['whitelistname'], $wlist_sub); - echo "<option value=\"default\" $selected>default</option> - "; - foreach ($wlist_select as $value): - $wid += 1; - if ($config['installedpackages']['snortglobal']['whitelist']['item'][$wid]['snortlisttype'] == 'whitelist') { - $ilistname = $config['installedpackages']['snortglobal']['whitelist']['item'][$wid]['name']; - $whitelist_uuid = $config['installedpackages']['snortglobal']['whitelist']['item'][$wid]['uuid']; - if ($ilistname == $wlist_sub[0]){ - echo "<option value=\"$ilistname $whitelist_uuid\" selected>"; - }else{ - echo "<option value=\"$ilistname $whitelist_uuid\">"; + echo "<option value='default' >default</option>\n"; + if (is_array($config['installedpackages']['snortglobal']['whitelist']['item'])) { + foreach ($config['installedpackages']['snortglobal']['whitelist']['item'] as $value) { + if ($value['snortlisttype'] == 'whitelist') { + if ($value['name'] == $pconfig['whitelist']) + echo "<option value='{$value['name']}' selected>"; + else + echo "<option value='{$value['name']}'>"; + echo htmlspecialchars($value['name']) . '</option>'; + } } - echo htmlspecialchars($ilistname) . '</option> - '; } - endforeach; ?> </select><br> <span class="vexpl">Choose the whitelist you will like this rule to - use. </span> <span class="red">Note:</span> Default - whitelist adds only local networks.</td> + use. </span> <br/><span class="red">Note:</span> Default + whitelist adds only local networks.<br/> + <span class="red">Note:</span> This option will only be used when block offenders is on. + </td> </tr> - <tr> <td width="22%" valign="top" class="vncell2">Suppression and filtering</td> - <td width="78%" class="vtable"><select name="suppresslistname" - class="formfld" id="suppresslistname"> + <td width="78%" class="vtable"> + <select name="suppresslistname" class="formfld" id="suppresslistname"> <?php - /* find whitelist names and filter by type, make sure to track by uuid */ - if ($pconfig['suppresslistname'] == 'default'){ $selected = 'selected'; } - echo "<option value=\"default\" $selected>default</option>"; + echo "<option value='default' >default</option>\n"; if (is_array($config['installedpackages']['snortglobal']['suppress']['item'])) { $slist_select = $config['installedpackages']['snortglobal']['suppress']['item']; foreach ($slist_select as $value) { @@ -664,7 +642,7 @@ function enable_change(enable_change) { ?> </select><br> <span class="vexpl">Choose the suppression or filtering file you - will like this rule to use. </span> <span class="red">Note:</span> Default + will like this rule to use. </span> <br/><span class="red">Note:</span> Default option disables suppression and filtering.</td> </tr> |