aboutsummaryrefslogtreecommitdiffstats
path: root/config/suricata
diff options
context:
space:
mode:
authorbmeeks8 <bmeeks8@bellsouth.net>2014-05-15 13:29:50 -0400
committerbmeeks8 <bmeeks8@bellsouth.net>2014-05-15 13:29:50 -0400
commit8a90a221025cd200222b1c9e90311c90d0da4fa8 (patch)
treee34efc01af631174d2de3504851ce7a5730b8197 /config/suricata
parent6bb8f2645df25737dc48c14bf99fffbd0305add6 (diff)
downloadpfsense-packages-8a90a221025cd200222b1c9e90311c90d0da4fa8.tar.gz
pfsense-packages-8a90a221025cd200222b1c9e90311c90d0da4fa8.tar.bz2
pfsense-packages-8a90a221025cd200222b1c9e90311c90d0da4fa8.zip
Add DUP capability to create new Suricata instance based on existing one.
Diffstat (limited to 'config/suricata')
-rw-r--r--config/suricata/suricata_interfaces.php45
-rw-r--r--config/suricata/suricata_interfaces_edit.php55
2 files changed, 90 insertions, 10 deletions
diff --git a/config/suricata/suricata_interfaces.php b/config/suricata/suricata_interfaces.php
index 26d57b71..205a872b 100644
--- a/config/suricata/suricata_interfaces.php
+++ b/config/suricata/suricata_interfaces.php
@@ -57,6 +57,10 @@ if (!is_array($config['installedpackages']['suricata']['rule']))
$a_nat = &$config['installedpackages']['suricata']['rule'];
$id_gen = count($config['installedpackages']['suricata']['rule']);
+// Get list of configured firewall interfaces
+$ifaces = get_configured_interface_list();
+
+
if ($_POST['del_x']) {
/* delete selected interfaces */
if (is_array($_POST['rule'])) {
@@ -207,9 +211,22 @@ include_once("head.inc");
<th class="listhdrr"><?php echo gettext("Block"); ?></th>
<th class="listhdrr"><?php echo gettext("Barnyard2"); ?></th>
<th class="listhdr"><?php echo gettext("Description"); ?></th>
- <th class="list"><a href="suricata_interfaces_edit.php?id=<?php echo $id_gen;?>">
- <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif"
- width="17" height="17" border="0" title="<?php echo gettext('Add Suricata interface mapping');?>"></a>
+ <th class="list">
+ <?php if ($id_gen < count($ifaces)): ?>
+ <a href="suricata_interfaces_edit.php?id=<?php echo $id_gen;?>">
+ <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif"
+ width="17" height="17" border="0" title="<?php echo gettext('Add Suricata interface mapping');?>"></a>
+ <?php else: ?>
+ <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus_d.gif" width="17" height="17" border="0"
+ title="<?php echo gettext('No available interfaces for a new Suricata mapping');?>">
+ <?php endif; ?>
+ <?php if ($id_gen == 0): ?>
+ <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_x_d.gif" width="17" height="17" " border="0">
+ <?php else: ?>
+ <input name="del" type="image" src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif"
+ width="17" height="17" title="<?php echo gettext("Delete selected Suricata interface mapping(s)"); ?>"
+ onclick="return intf_del()">
+ <?php endif; ?>
</th>
</tr>
</thead>
@@ -342,7 +359,15 @@ include_once("head.inc");
<td valign="middle" class="list" nowrap>
<a href="suricata_interfaces_edit.php?id=<?=$i;?>">
<img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif"
- width="17" height="17" border="0" title="<?php echo gettext('Edit Suricata interface mapping'); ?>"></a>
+ width="17" height="17" border="0" title="<?php echo gettext('Edit this Suricata interface mapping'); ?>"></a>
+ <?php if ($id_gen < count($ifaces)): ?>
+ <a href="suricata_interfaces_edit.php?id=<?=$i;?>&action=dup">
+ <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif"
+ width="17" height="17" border="0" title="<?php echo gettext('Add new interface mapping based on this one'); ?>"></a>
+ <?php else: ?>
+ <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus_d.gif" width="17" height="17" border="0"
+ title="<?php echo gettext('No available interfaces for a new Suricata mapping');?>">
+ <?php endif; ?>
</td>
</tr>
<?php $i++; $nnats++; endforeach; ob_end_flush(); ?>
@@ -354,8 +379,16 @@ include_once("head.inc");
<?php else: ?>&nbsp;
<?php endif; ?>
</td>
- <td class="list" valign="middle" nowrap>
- <?php if ($nnats == 0): ?>
+ <td class="list">
+ <?php if ($id_gen < count($ifaces)): ?>
+ <a href="suricata_interfaces_edit.php?id=<?php echo $id_gen;?>">
+ <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif"
+ width="17" height="17" border="0" title="<?php echo gettext('Add Suricata interface mapping');?>"></a>
+ <?php else: ?>
+ <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus_d.gif" width="17" height="17" border="0"
+ title="<?php echo gettext('No available interfaces for a new Suricata mapping');?>">
+ <?php endif; ?>
+ <?php if ($id_gen == 0): ?>
<img src="../themes/<?= $g['theme']; ?>/images/icons/icon_x_d.gif" width="17" height="17" " border="0">
<?php else: ?>
<input name="del" type="image" src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif"
diff --git a/config/suricata/suricata_interfaces_edit.php b/config/suricata/suricata_interfaces_edit.php
index 3b61755c..dcf6fe3f 100644
--- a/config/suricata/suricata_interfaces_edit.php
+++ b/config/suricata/suricata_interfaces_edit.php
@@ -62,6 +62,13 @@ elseif (isset($_GET['id']) && is_numericint($_GET['id']));
if (is_null($id))
$id = 0;
+if (isset($_POST['action']))
+ $action = htmlspecialchars($_POST['action'], ENT_QUOTES | ENT_HTML401);
+elseif (isset($_GET['action']))
+ $action = htmlspecialchars($_GET['action'], ENT_QUOTES | ENT_HTML401);
+else
+ $action = "";
+
$pconfig = array();
if (empty($suricataglob['rule'][$id]['uuid'])) {
/* Adding new interface, so flag rules to build. */
@@ -142,7 +149,37 @@ if (empty($pconfig['max_pcap_log_size']))
if (empty($pconfig['max_pcap_log_files']))
$pconfig['max_pcap_log_files'] = "1000";
-if ($_POST["save"]) {
+// See if creating a new interface by duplicating an existing one
+if (strcasecmp($action, 'dup') == 0) {
+
+ // Try to pick the next available physical interface to use
+ $ifaces = get_configured_interface_list();
+ $ifrules = array();
+ foreach($a_rule as $r)
+ $ifrules[] = $r['interface'];
+ foreach ($ifaces as $i) {
+ if (!in_array($i, $ifrules)) {
+ $pconfig['interface'] = $i;
+ $pconfig['enable'] = 'on';
+ $pconfig['descr'] = strtoupper($i);
+ $pconfig['inspect_recursion_limit'] = '3000';
+ break;
+ }
+ }
+ if (count($ifrules) == count($ifaces)) {
+ $input_errors[] = gettext("No more available interfaces to configure for Suricata!");
+ $interfaces = array();
+ $pconfig = array();
+ }
+
+ // Set Home Net, External Net, Suppress List and Pass List to defaults
+ unset($pconfig['suppresslistname']);
+ unset($pconfig['passlistname']);
+ unset($pconfig['homelistname']);
+ unset($pconfig['externallistname']);
+}
+
+if ($_POST["save"] && !$input_errors) {
// If the interface is not enabled, stop any running Suricata
// instance on it, save the new state and exit.
if (!isset($_POST['enable'])) {
@@ -237,7 +274,7 @@ if ($_POST["save"]) {
if ($_POST['configpassthru']) $natent['configpassthru'] = base64_encode($_POST['configpassthru']); else unset($natent['configpassthru']);
$if_real = get_real_interface($natent['interface']);
- if (isset($id) && $a_rule[$id]) {
+ if (isset($id) && $a_rule[$id] && $action == '') {
// See if moving an existing Suricata instance to another physical interface
if ($natent['interface'] != $a_rule[$id]['interface']) {
$oif_real = get_real_interface($a_rule[$id]['interface']);
@@ -253,7 +290,15 @@ if ($_POST["save"]) {
conf_mount_ro();
}
$a_rule[$id] = $natent;
- } else {
+ }
+ elseif (strcasecmp($action, 'dup') == 0) {
+ // Duplicating a new interface, so set flag to build new rules
+ $rebuild_rules = true;
+
+ // Add the new duplicated interface configuration to the [rule] array in config
+ $a_rule[] = $natent;
+ }
+ else {
// Adding new interface, so set interface configuration parameter defaults
$natent['ip_max_frags'] = "65535";
$natent['ip_frag_timeout'] = "60";
@@ -358,6 +403,9 @@ if ($savemsg) {
?>
<form action="suricata_interfaces_edit.php<?php echo "?id=$id";?>" method="post" name="iform" id="iform">
+<input name="id" type="hidden" value="<?=$id;?>"/>
+<input name="action" type="hidden" value="<?=$action;?>"/>
+
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr><td>
<?php
@@ -773,7 +821,6 @@ if ($savemsg) {
<tr>
<td colspan="2" align="center" valign="middle"><input name="save" type="submit" class="formbtn" value="Save" title="<?php echo
gettext("Click to save settings and exit"); ?>"/>
- <input name="id" type="hidden" value="<?=$id;?>"/>
</td>
</tr>
<tr>