diff options
author | bmeeks8 <bmeeks8@bellsouth.net> | 2014-05-15 13:29:50 -0400 |
---|---|---|
committer | bmeeks8 <bmeeks8@bellsouth.net> | 2014-05-15 13:29:50 -0400 |
commit | 8a90a221025cd200222b1c9e90311c90d0da4fa8 (patch) | |
tree | e34efc01af631174d2de3504851ce7a5730b8197 /config/suricata | |
parent | 6bb8f2645df25737dc48c14bf99fffbd0305add6 (diff) | |
download | pfsense-packages-8a90a221025cd200222b1c9e90311c90d0da4fa8.tar.gz pfsense-packages-8a90a221025cd200222b1c9e90311c90d0da4fa8.tar.bz2 pfsense-packages-8a90a221025cd200222b1c9e90311c90d0da4fa8.zip |
Add DUP capability to create new Suricata instance based on existing one.
Diffstat (limited to 'config/suricata')
-rw-r--r-- | config/suricata/suricata_interfaces.php | 45 | ||||
-rw-r--r-- | config/suricata/suricata_interfaces_edit.php | 55 |
2 files changed, 90 insertions, 10 deletions
diff --git a/config/suricata/suricata_interfaces.php b/config/suricata/suricata_interfaces.php index 26d57b71..205a872b 100644 --- a/config/suricata/suricata_interfaces.php +++ b/config/suricata/suricata_interfaces.php @@ -57,6 +57,10 @@ if (!is_array($config['installedpackages']['suricata']['rule'])) $a_nat = &$config['installedpackages']['suricata']['rule']; $id_gen = count($config['installedpackages']['suricata']['rule']); +// Get list of configured firewall interfaces +$ifaces = get_configured_interface_list(); + + if ($_POST['del_x']) { /* delete selected interfaces */ if (is_array($_POST['rule'])) { @@ -207,9 +211,22 @@ include_once("head.inc"); <th class="listhdrr"><?php echo gettext("Block"); ?></th> <th class="listhdrr"><?php echo gettext("Barnyard2"); ?></th> <th class="listhdr"><?php echo gettext("Description"); ?></th> - <th class="list"><a href="suricata_interfaces_edit.php?id=<?php echo $id_gen;?>"> - <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" - width="17" height="17" border="0" title="<?php echo gettext('Add Suricata interface mapping');?>"></a> + <th class="list"> + <?php if ($id_gen < count($ifaces)): ?> + <a href="suricata_interfaces_edit.php?id=<?php echo $id_gen;?>"> + <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" + width="17" height="17" border="0" title="<?php echo gettext('Add Suricata interface mapping');?>"></a> + <?php else: ?> + <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus_d.gif" width="17" height="17" border="0" + title="<?php echo gettext('No available interfaces for a new Suricata mapping');?>"> + <?php endif; ?> + <?php if ($id_gen == 0): ?> + <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_x_d.gif" width="17" height="17" " border="0"> + <?php else: ?> + <input name="del" type="image" src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" + width="17" height="17" title="<?php echo gettext("Delete selected Suricata interface mapping(s)"); ?>" + onclick="return intf_del()"> + <?php endif; ?> </th> </tr> </thead> @@ -342,7 +359,15 @@ include_once("head.inc"); <td valign="middle" class="list" nowrap> <a href="suricata_interfaces_edit.php?id=<?=$i;?>"> <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" - width="17" height="17" border="0" title="<?php echo gettext('Edit Suricata interface mapping'); ?>"></a> + width="17" height="17" border="0" title="<?php echo gettext('Edit this Suricata interface mapping'); ?>"></a> + <?php if ($id_gen < count($ifaces)): ?> + <a href="suricata_interfaces_edit.php?id=<?=$i;?>&action=dup"> + <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" + width="17" height="17" border="0" title="<?php echo gettext('Add new interface mapping based on this one'); ?>"></a> + <?php else: ?> + <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus_d.gif" width="17" height="17" border="0" + title="<?php echo gettext('No available interfaces for a new Suricata mapping');?>"> + <?php endif; ?> </td> </tr> <?php $i++; $nnats++; endforeach; ob_end_flush(); ?> @@ -354,8 +379,16 @@ include_once("head.inc"); <?php else: ?> <?php endif; ?> </td> - <td class="list" valign="middle" nowrap> - <?php if ($nnats == 0): ?> + <td class="list"> + <?php if ($id_gen < count($ifaces)): ?> + <a href="suricata_interfaces_edit.php?id=<?php echo $id_gen;?>"> + <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" + width="17" height="17" border="0" title="<?php echo gettext('Add Suricata interface mapping');?>"></a> + <?php else: ?> + <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus_d.gif" width="17" height="17" border="0" + title="<?php echo gettext('No available interfaces for a new Suricata mapping');?>"> + <?php endif; ?> + <?php if ($id_gen == 0): ?> <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_x_d.gif" width="17" height="17" " border="0"> <?php else: ?> <input name="del" type="image" src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" diff --git a/config/suricata/suricata_interfaces_edit.php b/config/suricata/suricata_interfaces_edit.php index 3b61755c..dcf6fe3f 100644 --- a/config/suricata/suricata_interfaces_edit.php +++ b/config/suricata/suricata_interfaces_edit.php @@ -62,6 +62,13 @@ elseif (isset($_GET['id']) && is_numericint($_GET['id'])); if (is_null($id)) $id = 0; +if (isset($_POST['action'])) + $action = htmlspecialchars($_POST['action'], ENT_QUOTES | ENT_HTML401); +elseif (isset($_GET['action'])) + $action = htmlspecialchars($_GET['action'], ENT_QUOTES | ENT_HTML401); +else + $action = ""; + $pconfig = array(); if (empty($suricataglob['rule'][$id]['uuid'])) { /* Adding new interface, so flag rules to build. */ @@ -142,7 +149,37 @@ if (empty($pconfig['max_pcap_log_size'])) if (empty($pconfig['max_pcap_log_files'])) $pconfig['max_pcap_log_files'] = "1000"; -if ($_POST["save"]) { +// See if creating a new interface by duplicating an existing one +if (strcasecmp($action, 'dup') == 0) { + + // Try to pick the next available physical interface to use + $ifaces = get_configured_interface_list(); + $ifrules = array(); + foreach($a_rule as $r) + $ifrules[] = $r['interface']; + foreach ($ifaces as $i) { + if (!in_array($i, $ifrules)) { + $pconfig['interface'] = $i; + $pconfig['enable'] = 'on'; + $pconfig['descr'] = strtoupper($i); + $pconfig['inspect_recursion_limit'] = '3000'; + break; + } + } + if (count($ifrules) == count($ifaces)) { + $input_errors[] = gettext("No more available interfaces to configure for Suricata!"); + $interfaces = array(); + $pconfig = array(); + } + + // Set Home Net, External Net, Suppress List and Pass List to defaults + unset($pconfig['suppresslistname']); + unset($pconfig['passlistname']); + unset($pconfig['homelistname']); + unset($pconfig['externallistname']); +} + +if ($_POST["save"] && !$input_errors) { // If the interface is not enabled, stop any running Suricata // instance on it, save the new state and exit. if (!isset($_POST['enable'])) { @@ -237,7 +274,7 @@ if ($_POST["save"]) { if ($_POST['configpassthru']) $natent['configpassthru'] = base64_encode($_POST['configpassthru']); else unset($natent['configpassthru']); $if_real = get_real_interface($natent['interface']); - if (isset($id) && $a_rule[$id]) { + if (isset($id) && $a_rule[$id] && $action == '') { // See if moving an existing Suricata instance to another physical interface if ($natent['interface'] != $a_rule[$id]['interface']) { $oif_real = get_real_interface($a_rule[$id]['interface']); @@ -253,7 +290,15 @@ if ($_POST["save"]) { conf_mount_ro(); } $a_rule[$id] = $natent; - } else { + } + elseif (strcasecmp($action, 'dup') == 0) { + // Duplicating a new interface, so set flag to build new rules + $rebuild_rules = true; + + // Add the new duplicated interface configuration to the [rule] array in config + $a_rule[] = $natent; + } + else { // Adding new interface, so set interface configuration parameter defaults $natent['ip_max_frags'] = "65535"; $natent['ip_frag_timeout'] = "60"; @@ -358,6 +403,9 @@ if ($savemsg) { ?> <form action="suricata_interfaces_edit.php<?php echo "?id=$id";?>" method="post" name="iform" id="iform"> +<input name="id" type="hidden" value="<?=$id;?>"/> +<input name="action" type="hidden" value="<?=$action;?>"/> + <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr><td> <?php @@ -773,7 +821,6 @@ if ($savemsg) { <tr> <td colspan="2" align="center" valign="middle"><input name="save" type="submit" class="formbtn" value="Save" title="<?php echo gettext("Click to save settings and exit"); ?>"/> - <input name="id" type="hidden" value="<?=$id;?>"/> </td> </tr> <tr> |