diff options
27 files changed, 2318 insertions, 1225 deletions
diff --git a/config/ipblocklist/IP-Blocklist.sh b/config/ipblocklist/IP-Blocklist.sh new file mode 100755 index 00000000..14ca535d --- /dev/null +++ b/config/ipblocklist/IP-Blocklist.sh @@ -0,0 +1 @@ +/usr/local/www/packages/ipblocklist/convert-execute.sh
\ No newline at end of file diff --git a/config/ipblocklist/convert-execute.sh b/config/ipblocklist/convert-execute.sh new file mode 100755 index 00000000..dd668baa --- /dev/null +++ b/config/ipblocklist/convert-execute.sh @@ -0,0 +1,100 @@ +#Version 2 + +#kill tables to elminate dups +pfctl -t ipblocklist -T kill +pfctl -t ipblocklistW -T kill +sed -i -e '/ipblocklist/d' /tmp/rules.debug +sed -i -e '/ipblocklistW/d' /tmp/rules.debug + +#Generate lists to process +ls lists > file_list.txt +ls Wlists > file_Wlist.txt +filelist="file_list.txt" +Wfilelist="file_Wlist.txt" + +#READ contents in file_list.txt and process as file +for fileline in $(cat $filelist); do +iplist="lists/$fileline" +iplistout="lists/ipfw.ipfw" +perl convert.pl $iplist $iplistout +done + +#Whitelist +for Wfileline in $(cat $Wfilelist); do +Wiplist="Wlists/$Wfileline" +Wiplistout="Wlists/whitelist" +perl convert.pl $Wiplist $Wiplistout +done +#echo "ipfw made" + +#clean up ipfw.ipfw (duplicates) +rm lists/ipfw.ipfwTEMP +sort lists/ipfw.ipfw | uniq -u >> lists/ipfw.ipfwTEMP +mv lists/ipfw.ipfwTEMP lists/ipfw.ipfw +#echo "ipfw clean" + +#clean up whitelist (duplicates) +rm Wlists/whitelistTEMP +sort Wlists/whitelist | uniq -u >> Wlists/whitelistTEMP +mv Wlists/whitelistTEMP Wlists/whitelist +#echo "whitelist clean" + + + +#Now edit /tmp/rules.debug + +#find my line for table +export i=`grep -n 'block quick from any to <snort2c>' /tmp/rules.debug | grep -o '[0-9]\{2,4\}'` +export t=`grep -n 'User Aliases' /tmp/rules.debug |grep -o '[0-9]'` + +i=$(($i+'1')) +t=$(($t+'1')) +#echo $i +#echo $t + +rm /tmp/rules.debug.tmp + +#Insert table-entry limit +sed -i -e '/900000/d' /tmp/rules.debug +while read line + do a=$(($a+1)); + #echo $a; + if [ "$a" = "$t" ]; then + echo "" >> /tmp/rules.debug.tmp + echo "set limit table-entries 900000" >> /tmp/rules.debug.tmp + fi + echo $line >> /tmp/rules.debug.tmp +done < "/tmp/rules.debug" + +mv /tmp/rules.debug /tmp/rules.debug.old +mv /tmp/rules.debug.tmp /tmp/rules.debug + +pfctl -o basic -f /tmp/rules.debug > errorOUT.txt 2>&1 + +rm /tmp/rules.debug.tmp +#Insert ipblocklist rules +a="0" +echo $a +while read line + do a=$(($a+1)); + echo $a; + if [ "$a" = "$i" ]; then + echo "" >> /tmp/rules.debug.tmp + echo "#ipblocklist" >> /tmp/rules.debug.tmp + echo "table <ipblocklist> persist file '/usr/local/www/packages/ipblocklist/lists/ipfw.ipfw'" >> /tmp/rules.debug.tmp + echo "table <ipblocklistW> persist file '/usr/local/www/packages/ipblocklist/Wlists/whitelist'" >> /tmp/rules.debug.tmp + echo "pass quick from <ipblocklistW> to any label 'IP-Blocklist'" >> /tmp/rules.debug.tmp + echo "pass quick from any to <ipblocklistW> label 'IP-Blocklist'" >> /tmp/rules.debug.tmp + echo "block quick from <ipblocklist> to any label 'IP-Blocklist'" >> /tmp/rules.debug.tmp + echo "block quick from any to <ipblocklist> label 'IP-Blocklist'" >> /tmp/rules.debug.tmp + fi + echo $line >> /tmp/rules.debug.tmp +done < "/tmp/rules.debug" + +mv /tmp/rules.debug /tmp/rules.debug.old +mv /tmp/rules.debug.tmp /tmp/rules.debug + +#Now execute the ipfw list (Take a long time in old version) +#sh lists/ipfw.ipfw (Version 0.1.4) +rm errorOUT.txt +pfctl -o basic -f /tmp/rules.debug > errorOUT.txt 2>&1 diff --git a/config/ipblocklist/convert.pl b/config/ipblocklist/convert.pl new file mode 100755 index 00000000..44b4add2 --- /dev/null +++ b/config/ipblocklist/convert.pl @@ -0,0 +1,67 @@ +#!/usr/bin/perl -w
+use strict;
+
+if($#ARGV != 1) {
+ print("Usage: $0 <input file> <output file>\n");
+ exit(1);
+}
+
+my ($line,$title,$iprange,$cidr);
+my $i = 30000;
+
+open(INFILE,'<',$ARGV[0]) or die("Could not open input file $ARGV[0]");
+open(OUTFILE,'>>',$ARGV[1]) or die("Could not open output file $ARGV[1]");
+
+foreach $line (<INFILE>) {
+ chomp($line);
+ $line =~ s/:((\d{1,3}[-\.]*){8})//;
+ $iprange = $1;
+ print OUTFILE "#$line\n";
+ foreach $cidr (split(/\n/,range($iprange))) {
+ print OUTFILE "$cidr\n";
+ #print OUTFILE "ipfw -q add 1000 drop ip from any to $cidr\n"; (version 0.1.4)
+ #$i++;
+ #print OUTFILE "ipfw -q add 1001 drop ip from $cidr to any\n"; (version 0.1.4)
+ #$i++;
+ }
+}
+
+close(INFILE);
+close(OUTFILE);
+
+sub ntoa {
+ return join ".",unpack("CCCC",pack("N",shift));
+}
+sub aton {
+ return unpack 'N', pack 'C4', split/\./, shift;
+}
+sub deaggregate {
+ my $thirtytwobits = 4294967295;
+ my $start = shift;
+ my $end = shift;
+ my $base = $start;
+ my ($step,$output);
+ while ($base <= $end) {
+ $step = 0;
+ while (($base | (1 << $step)) != $base) {
+ if (($base | (((~0) & $thirtytwobits) >> (31-$step))) > $end) {
+ last;
+ }
+ $step++;
+ }
+ if($step == 0) {
+ $output .= ntoa($base);
+ }else{
+ $output .= ntoa($base)."/" .(32-$step);
+ }
+ $output .= "\n";
+ $base += 1 << $step;
+ }
+ return $output;
+}
+sub range {
+ my ($address,$address2) = split /-/, shift;
+ $address = aton($address);
+ $address2 = aton($address2);
+ return deaggregate($address,$address2);
+}
\ No newline at end of file diff --git a/config/ipblocklist/index.tmp b/config/ipblocklist/index.tmp new file mode 100755 index 00000000..7c768af6 --- /dev/null +++ b/config/ipblocklist/index.tmp @@ -0,0 +1,11 @@ +<html> +<HEAD> +<SCRIPT language="JavaScript"> +<!-- +window.parent.location="../../index.php"; +//--> +</SCRIPT> +</HEAD> + + +</html>
\ No newline at end of file diff --git a/config/ipblocklist/ipblocklist.inc b/config/ipblocklist/ipblocklist.inc new file mode 100755 index 00000000..c5ce30f4 --- /dev/null +++ b/config/ipblocklist/ipblocklist.inc @@ -0,0 +1,130 @@ +<?php +/* $Id$ */ +/* +/* ========================================================================== */ +/* + ipblocklist.inc v2 + Copyright (C) 2010 Tom Schaefer + All rights reserved. + */ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + + +function pkg_is_service_running($servicename) +{ + exec("/bin/ps ax | awk '{ print $5 }'", $psout); + array_shift($psout); + foreach($psout as $line) { + $ps[] = trim(array_pop(explode(' ', array_pop(explode('/', $line))))); + } + if(is_service_running($servicename, $ps) or is_process_running($servicename) ) { + return true; + } + else { + return false; + } +} +*/ +function byte_convert( $bytes ) { + if ($bytes<=0) + return '0 Byte'; + + $convention=1000; //[1000->10^x|1024->2^x] + $s=array('B', 'kB', 'MB', 'GB', 'TB', 'PB', 'EB', 'ZB'); + $e=floor(log($bytes,$convention)); + return round($bytes/pow($convention,$e),2).' '.$s[$e]; +} + + + + +function php_sync_package() +{ + global $config; +} + + +function php_install_command() +{ + + global $config; + conf_mount_rw(); + config_lock(); + + if (!is_dir('/usr/local/www/packages/')) { + exec("mkdir /usr/local/www/packages/"); + } + + if (!is_dir('/usr/local/www/packages/ipblocklist/')) { + exec("mkdir /usr/local/www/packages/ipblocklist/"); + } + + + //install PERL + exec("pkg_add -r ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-7.2-release/All/perl-5.8.9_2.tbz"); + exec("pkg_add -r ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-7.2-release/All/p5-Net-CIDR-0.13.tbz"); + + //rename PHP files from .tmp to .php + exec("cp /tmp/ipblocklist.tmp /usr/local/www/packages/ipblocklist/ipblocklist.php"); + unlink_if_exists("/tmp/ipblocklist.tmp"); + exec("cp /tmp/ipblocklist_list.tmp /usr/local/www/packages/ipblocklist/ipblocklist_list.php"); + unlink_if_exists("/tmp/ipblocklist_list.tmp"); + exec("cp /tmp/purge.tmp /usr/local/www/packages/ipblocklist/purge.php"); + unlink_if_exists("/tmp/purge.tmp"); + exec("cp /tmp/index.tmp /usr/local/www/packages/ipblocklist/index.php"); + unlink_if_exists("/tmp/index.tmp"); + exec("cp /tmp/whitelist.tmp /usr/local/www/packages/ipblocklist/whitelist.php"); + unlink_if_exists("/tmp/whitelist.tmp"); + exec("cp /tmp/purgeip.tmp /usr/local/www/packages/ipblocklist/purgeip.php"); + unlink_if_exists("/tmp/purgeip.tmp"); + //Get scripts + exec("cp /tmp/convert.pl /usr/local/www/packages/ipblocklist/convert.pl"); + unlink_if_exists("/tmp/convert.pl"); + exec("cp /tmp/convert-execute.sh /usr/local/www/packages/ipblocklist/convert-execute.sh"); + unlink_if_exists("/tmp/convert-execute.sh"); + exec("cp /tmp/IP-Blocklist.sh /usr/local/etc/rc.d/IP-Blocklist.sh"); + unlink_if_exists("/tmp/IP-Blocklist.sh"); + + + + conf_mount_ro(); + config_unlock(); +} + + +function deinstall_command() +{ + conf_mount_rw(); + $handle = popen("/usr/local/etc/rc.d/ipblocklist.sh stop", "r"); + unlink_if_exists("/usr/local/pkg/ipblocklist.xml"); + unlink_if_exists("/usr/local/pkg/ipblocklist.inc"); + exec("rm -R /usr/local/www/packages/ipblocklist/ipblocklists"); + exec("rm -R /usr/local/www/packages/ipblocklist"); + exec("rm /usr/local/etc/rc.d/IP-Blocklist.sh"); + exec("pfctl -t ipblocklist -T kill"); + exec("ipfw -f flush"); + conf_mount_ro(); +} + +?>
\ No newline at end of file diff --git a/config/ipblocklist/ipblocklist.tmp b/config/ipblocklist/ipblocklist.tmp new file mode 100755 index 00000000..6387cb34 --- /dev/null +++ b/config/ipblocklist/ipblocklist.tmp @@ -0,0 +1,158 @@ +<?php + //Version 2 + + require_once('config.inc'); + require("guiconfig.inc"); + include("head.inc"); + + //set the config as a global variable + global $config; + + $global_usage = '/usr/local/www/packages/ipblocklist/global_usage'; + //$fh = fopen($global_usage, 'r'); + + //phpinfo(); + +if (count($_POST)>0) { + + conf_mount_rw(); + + $ent = array(); + + if ($_POST['enable'] == 1) { + //echo "enabled"; + $config['installedpackages']['ipblocklist_settings']['config'][0]['enable'] = 1; + + //Process list by downloading and extracting + $myFile = "lists.txt"; + $myWFile = "wlists.txt"; + $fileContents = file_get_contents($myFile); + $fileWContents = file_get_contents($myWFile); + $lines = explode(PHP_EOL, $fileContents); + $Wlines = explode(PHP_EOL, $fileWContents); + //Remove DIR lists to eliminate duplates + exec("rm -R lists"); + exec("rm -R Wlists"); + //Process each list URL, Extract, and put in DIR lists + exec("mkdir lists"); + exec("mkdir Wlists"); + foreach ($lines as $line) { + exec("fetch -o lists $line"); + $filename = basename($line); + //Extract list + exec("gzip -d lists/$filename"); + } + foreach ($Wlines as $Wline) { + exec("fetch -o Wlists $Wline"); + $Wfilename = basename($Wline); + //Extract Whitelist + exec("gzip -d Wlists/$Wfilename"); + } + //Prep pfctl + mwexec("touch lists/ipfw.ipfw"); + mwexec("touch Wlists/whitelist"); + //Now clear ipfw, and process each list to ipfw commands + mwexec("sh convert-execute.sh"); + + } + else { + //echo "disabled"; + $config['installedpackages']['ipblocklist_settings']['config'][0]['enable'] = 0; + //Clear Lists + mwexec("ipfw -f flush"); + mwexec("pfctl -t ipblocklist -T kill"); + mwexec("rm -R /usr/local/www/packages/ipblocklist/lists"); + mwexec("sed -i -e '/ipblocklist/d' /tmp/rules.debug"); + mwexec("pfctl -o basic -f /tmp/rules.debug"); + //Clear errorOUT.txt + mwexec("rm errorOUT.txt"); + + } + + + write_config(); + //services_dnsmasq_configure(); + sleep(1); + $savemsg_dnsb = "IP-Blocklist settings have been saved/updated. "; + conf_mount_ro(); +} +?> + +<?php include("fbegin.inc"); ?> +<p class="pgtitle">Firewall: IP-Blocklist</p> +<form method=POST action=""> + +<?php +if ($config['installedpackages']['ipblocklist_settings']['config'][0]['enable'] == 1) { + echo "<input name='enable' type='checkbox' value='1' checked>\n"; +} +else { + echo "<input name='enable' type='checkbox' value='1'>\n"; +} +?> + +<strong>Enable IP-Blocklist</strong><br><br> +<table width="100%" border="0" cellpadding="0" cellspacing="0"> +<tr> + <td class="tabcont" > + <?php if ($savemsg_dnsb) print_info_box($savemsg_dnsb); ?> + + </form> + <center> + <iframe frameboarder=0 boarder=0 src="ipblocklist_list.php" name="lists" id="lists" width="100%" height="200"> + </iframe> + </center> + <br/> + <u>Usage</u> + <br/> + Add direct link to list and press <img src="../../themes/nervecenter/images/icons/icon_plus.gif"> + (Example: + <a href="http://iblocklist.whitacrecomputers.com/files/bt_level1.gz">Level1</a>, + <a href="http://iblocklist.whitacrecomputers.com/files/bt_level2.gz">Level2</a>, + <a href="http://iblocklist.whitacrecomputers.com/files/bt_level3.gz">Level3</a>) + <br/> + Compressed lists should have .gz extention and follows PeerBlock syntax <br/> + + <br/><span style="color:red">Warning!</span> - Apply after firewall change or state reset. Use at your own risk. + <?php + echo "<br/><br/>Current Status = "; + ob_start(); + $results = exec("pfctl -s rules | grep -c ipblocklist"); + ob_end_clean(); + if ($results > '2') echo "Running"; + else + echo "<span style='color:red'>NOT running</span>"; + + //Get Errors if exists + ob_start(); + $results = exec("tail -r errorOUT.txt"); + ob_end_clean(); + echo "<br/><span style='color:red'>"; + echo $results; + echo "</span>"; + ?> + + + +<br/> +<br/> + + + + +</div> +<?php + //This input guarantees that a POST is sent + echo "<input type='hidden' name='zzz' value='required'>"; +?> + +</td> +</tr> +</table> +<input type="submit" value="Save/Update"> +</form> + +<?php include("fend.inc"); ?> + +</body> +</html>
\ No newline at end of file diff --git a/config/ipblocklist/ipblocklist.xml b/config/ipblocklist/ipblocklist.xml new file mode 100755 index 00000000..16c26c3e --- /dev/null +++ b/config/ipblocklist/ipblocklist.xml @@ -0,0 +1,145 @@ +<?xml version="1.0" encoding="utf-8" ?>
+<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd">
+<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?>
+<packagegui>
+ <copyright>
+ <![CDATA[
+/* $Id$ */
+/* ========================================================================== */
+/*
+ ipblocklist.xml
+ Copyright (C) 2010 Tom Schaefer
+ All rights reserved.
+ */
+/* ========================================================================== */
+/*
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
+/* ========================================================================== */
+ ]]>
+ </copyright>
+ <description>IP Blocklist</description>
+ <requirements>perl</requirements>
+ <faq>http://forum.pfsense.org/index.php/topic,24769.0.html</faq>
+ <name>IP Blocklist Settings</name>
+ <version>0.1.9</version>
+ <title>Settings</title>
+ <include_file>/usr/local/pkg/ipblocklist.inc</include_file>
+ <menu>
+ <name>IP Blocklist</name>
+ <tooltiptext>IP Blocklist settings.</tooltiptext>
+ <section>Firewall</section>
+ <configfile>ipblocklist.xml</configfile>
+ <url>/packages/ipblocklist/ipblocklist.php</url>
+ </menu>
+ <tabs>
+ <tab>
+ <text>Settings</text>
+ <url>/packages/ipblocklist/ipblocklist.php</url>
+ <active/>
+ </tab>
+ </tabs>
+ <configpath>installedpackages->package->$packagename->configuration->ipblocklist</configpath>
+ <additional_files_needed>
+ <prefix>/usr/local/pkg/</prefix>
+ <chmod>0755</chmod>
+ <item>http://www.pfsense.com/packages/config/ipblocklist/ipblocklist.xml</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/pkg/</prefix>
+ <chmod>0755</chmod>
+ <item>http://www.pfsense.com/packages/config/ipblocklist/ipblocklist.inc</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/tmp/</prefix>
+ <chmod>0755</chmod>
+ <item>http://www.pfsense.com/packages/config/ipblocklist/ipblocklist.tmp</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/tmp/</prefix>
+ <chmod>0755</chmod>
+ <item>http://www.pfsense.com/packages/config/ipblocklist/ipblocklist_list.tmp</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/tmp/</prefix>
+ <chmod>0755</chmod>
+ <item>http://www.pfsense.com/packages/config/ipblocklist/convert.pl</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/tmp/</prefix>
+ <chmod>0755</chmod>
+ <item>http://www.pfsense.com/packages/config/ipblocklist/convert-execute.sh</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/tmp/</prefix>
+ <chmod>0755</chmod>
+ <item>http://www.pfsense.com/packages/config/ipblocklist/purge.tmp</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/tmp/</prefix>
+ <chmod>0755</chmod>
+ <item>http://www.pfsense.com/packages/config/ipblocklist/index.tmp</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/tmp/</prefix>
+ <chmod>0755</chmod>
+ <item>http://www.pfsense.com/packages/config/ipblocklist/whitelist.tmp</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/tmp/</prefix>
+ <chmod>0755</chmod>
+ <item>http://www.pfsense.com/packages/config/ipblocklist/purgeip.tmp</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/tmp/</prefix>
+ <chmod>0755</chmod>
+ <item>http://www.pfsense.com/packages/config/ipblocklist/IP-Blocklist.sh</item>
+ </additional_files_needed>
+ <fields>
+ <field>
+ <fielddescr>Variable One</fielddescr>
+ <fieldname>var1</fieldname>
+ <description>Enter the variable one here.</description>
+ <type>input</type>
+ </field>
+ <field>
+ <fielddescr>Variable Two</fielddescr>
+ <fieldname>var1</fieldname>
+ <description>Enter the variable one here.</description>
+ <type>input</type>
+ </field>
+ </fields>
+ <custom_add_php_command>
+ </custom_add_php_command>
+ <custom_php_resync_config_command>
+ php_sync_package();
+ </custom_php_resync_config_command>
+ <custom_delete_php_command>
+ php_sync_package();
+ </custom_delete_php_command>
+ <custom_php_install_command>
+ php_install_command();
+ </custom_php_install_command>
+ <custom_php_deinstall_command>
+ deinstall_command();
+ </custom_php_deinstall_command>
+</packagegui>
\ No newline at end of file diff --git a/config/ipblocklist/ipblocklist_list.tmp b/config/ipblocklist/ipblocklist_list.tmp new file mode 100755 index 00000000..d1b3cf8a --- /dev/null +++ b/config/ipblocklist/ipblocklist_list.tmp @@ -0,0 +1,115 @@ +<html> +<head> +<a href="whitelist.php"><img src="../../themes/nervecenter/images/icons/icon_plus.gif" ALT="Whitelist" ALIGN=RIGHT></a> +Add List URL: <form method="post" action=""> +<input name="content" type="text" /> +<input type="image" src="../../themes/nervecenter/images/icons/icon_plus.gif" value="submit"> +<a href="purge.php?line=0">Purge All</a> + +<STYLE type="text/css"> + a img {border:none; } + </STYLE> +</head> + +<?php + +function delLineFromFile($fileName, $lineNum){ +// check the file exists + if(!is_writable($fileName)) + { + // print an error + print "The file $fileName is not writable"; + // exit the function + exit; + } + else + { + // read the file into an array + $arr = file($fileName); + } + + // the line to delete is the line number minus 1, because arrays begin at zero + $lineToDelete = $lineNum-1; + + // check if the line to delete is greater than the length of the file + if($lineToDelete > sizeof($arr)) + { + // print an error + print "You have chosen a line number, <b>[$lineNum]</b>, higher than the length of the file."; + // exit the function + exit; + } + + //remove the line + unset($arr["$lineToDelete"]); + + // open the file for reading + if (!$fp = fopen($fileName, 'w+')) + { + // print an error + print "Cannot open file ($fileName)"; + // exit the function + exit; + } + + // if $fp is valid + if($fp) + { + // write the array to the file + foreach($arr as $line) { fwrite($fp,$line); } + + // close the file + fclose($fp); + } + +echo "done"; +} + + +$myFile = "lists.txt"; +$content = $_REQUEST['content']; +$fh = fopen($myFile, 'a+'); +fwrite($fh, $content); +if (strlen($content) > 1) { + fwrite($fh, "\n"); + } else { +} +fclose($fh); + + +//echo (filesize($myFile)); +if (filesize($myFile) > 1) { + //$fh = fopen($myFile, 'r'); + //$theData = fread($fh, filesize($myFile)); + //fclose($fh); + echo "<br/> Current List(s): <br/>"; + // Get the whole file into a single string + $fileContents = file_get_contents($myFile); + + // Explode the file contents string by each line + $lines = explode(PHP_EOL, $fileContents); // Replace PHP_EOL with "\r\n" or "\n" or "\r" if you like + + // Iterate through each line and do what you need with it + + foreach ($lines as $line) { + $i++; + echo "<a href=purge.php?line=$i style='border-style: none'><img src='../../themes/nervecenter/images/icons/icon_x.gif'></a>"; + echo " "; + echo $line; + //echo ""; + // echo $i; + echo "<br/>"; + + } + + + //echo $theData; + + +} +echo "<br/><br/>"; + + + + +?>
\ No newline at end of file diff --git a/config/ipblocklist/manual_add.tmp b/config/ipblocklist/manual_add.tmp new file mode 100755 index 00000000..ecf42678 --- /dev/null +++ b/config/ipblocklist/manual_add.tmp @@ -0,0 +1,69 @@ +<html> +<head> +<STYLE type="text/css"> + a img {border:none; } + </STYLE> +</head> +<a href="ipblocklist_list.php"><img src="../../themes/nervecenter/images/icons/icon_alias_url_reload.gif" ALT="Manual" ALIGN=RIGHT></a> + +<span style="color:red">Experimental!</span> - This uses a different process to block IPs (uses IPFW) <a href="http://forum.pfsense.org/index.php/topic,24822.0.html" target="_blank"><img src="../../themes/nervecenter/images/icons/icon_log.gif"></a> + <br/>Enter in IP format (xx.xx.xx.xx) or CIDR format (xx.xx.xx.xx/xx) +<br/><form method="post" action=""> +<input name="content" type="text" /> +<input type="image" src="../../themes/nervecenter/images/icons/icon_plus.gif" value="submit"> +<br/> + +<?php + + +$myFile = "ips.ipfw"; +$content = $_REQUEST['content']; +$fh = fopen($myFile, 'a+'); +fwrite($fh, $content); +if (strlen($content) > 1) { + fwrite($fh, "\n"); + } else { + +} +fclose($fh); + + +//echo (filesize($myFile)); +if (filesize($myFile) > 1) { + //$fh = fopen($myFile, 'r'); + //$theData = fread($fh, filesize($myFile)); + //fclose($fh); + echo "<br/> Current List(s): <br/>"; + // Get the whole file into a single string + $fileContents = file_get_contents($myFile); + + // Explode the file contents string by each line + $lines = explode(PHP_EOL, $fileContents); // Replace PHP_EOL with "\r\n" or "\n" or "\r" if you like + + // Iterate through each line and do what you need with it + + foreach ($lines as $line) { + $i++; + echo "<a href=purgeip.php?line=$i style='border-style: none'><img src='../../themes/nervecenter/images/icons/icon_x.gif'></a>"; + echo " "; + exec("kldload ipfw.ko"); + exec("ipfw -q add 2000 drop ip from any to $line"); + exec("ipfw -q add 2001 drop ip from $line to any"); + echo $line; + //echo ""; + // echo $i; + echo "<br/>"; + + } + + + + + +} +echo "<br/><br/>"; + + + + +?>
\ No newline at end of file diff --git a/config/ipblocklist/purge.tmp b/config/ipblocklist/purge.tmp new file mode 100755 index 00000000..47dbed98 --- /dev/null +++ b/config/ipblocklist/purge.tmp @@ -0,0 +1,26 @@ +<?php +$line = $_GET["line"]; + +//echo("$line"); +//exec("more lists.txt > temp_lists.txt"); +if ($line == 0) { + exec("rm lists.txt"); + } else { + exec("sed $line'd' lists.txt > temp_lists.txt"); + } +exec("more temp_lists.txt > lists.txt"); +exec("rm temp_lists.txt"); + + +?> +<html> +<HEAD> +<SCRIPT language="JavaScript"> +<!-- +window.parent.location="ipblocklist.php"; +//--> +</SCRIPT> +</HEAD> + + +</html>
\ No newline at end of file diff --git a/config/ipblocklist/purgeip.tmp b/config/ipblocklist/purgeip.tmp new file mode 100755 index 00000000..449cb262 --- /dev/null +++ b/config/ipblocklist/purgeip.tmp @@ -0,0 +1,26 @@ +<?php +$line = $_GET["line"]; + +//echo("$line"); +//exec("more ips.ipfw > temp_ips.ipfw"); +if ($line == 0) { + exec("rm wlists.txt"); + } else { + exec("sed $line'd' wlists.txt > temp_wlists.txt"); + } +exec("more temp_wlists.txt > wlists.txt"); +exec("rm temp_wlists.txt"); + + +?> +<html> +<HEAD> +<SCRIPT language="JavaScript"> +<!-- +window.parent.location="ipblocklist.php"; +//--> +</SCRIPT> +</HEAD> + + +</html>
\ No newline at end of file diff --git a/config/ipblocklist/whitelist.tmp b/config/ipblocklist/whitelist.tmp new file mode 100755 index 00000000..17cae247 --- /dev/null +++ b/config/ipblocklist/whitelist.tmp @@ -0,0 +1,66 @@ +<html> +<head> +<STYLE type="text/css"> + a img {border:none; } + </STYLE> +</head> +<a href="ipblocklist_list.php"><img src="../../themes/nervecenter/images/icons/icon_alias_url_reload.gif" ALT="Manual" ALIGN=RIGHT></a> + +<span style="color:red">White lists</span> - The lists added here will be added to a whitelist + <br/>Add List URL: +<br/><form method="post" action=""> +<input name="content" type="text" /> +<input type="image" src="../../themes/nervecenter/images/icons/icon_plus.gif" value="submit"> +<br/> + +<?php + + +$myFile = "wlists.txt"; +$content = $_REQUEST['content']; +$fh = fopen($myFile, 'a+'); +fwrite($fh, $content); +if (strlen($content) > 1) { + fwrite($fh, "\n"); + } else { + +} +fclose($fh); + + +//echo (filesize($myFile)); +if (filesize($myFile) > 1) { + //$fh = fopen($myFile, 'r'); + //$theData = fread($fh, filesize($myFile)); + //fclose($fh); + echo "<br/> Current List(s): <br/>"; + // Get the whole file into a single string + $fileContents = file_get_contents($myFile); + + // Explode the file contents string by each line + $lines = explode(PHP_EOL, $fileContents); // Replace PHP_EOL with "\r\n" or "\n" or "\r" if you like + + // Iterate through each line and do what you need with it + + foreach ($lines as $line) { + $i++; + echo "<a href=purgeip.php?line=$i style='border-style: none'><img src='../../themes/nervecenter/images/icons/icon_x.gif'></a>"; + echo " "; + echo $line; + //echo ""; + // echo $i; + echo "<br/>"; + + } + + + + + +} +echo "<br/><br/>"; + + + + +?>
\ No newline at end of file diff --git a/config/packetcapturefix/packetcapturefix.inc b/config/packetcapturefix/packetcapturefix.inc new file mode 100644 index 00000000..8636c25c --- /dev/null +++ b/config/packetcapturefix/packetcapturefix.inc @@ -0,0 +1,18 @@ +<?php + +function packetcapturefix_install() { + global $g, $config; + + // Test to make sure the patch is not already applied. + $out = `patch -fslC --reverse -p1 -b .before_packetcapturefix -d / -i /usr/local/pkg/packetcapturefix.patch |& grep -ci reject`; + if ($out == 0) { + // If the patch has not already been applied, test to see if it will apply cleanly. + $out = `patch -fsNlC -p1 -b .before_packetcapturefix -d / -i /usr/local/pkg/packetcapturefix.patch |& grep -ci reject`; + if ($out == 0) { + // The patch should apply cleanly, let 'er rip. + mwexec("patch -fsNl -p1 -b .before_packetcapturefix -d / -i /usr/local/pkg/packetcapturefix.patch "); + } + } +} + +?>
\ No newline at end of file diff --git a/config/packetcapturefix/packetcapturefix.patch b/config/packetcapturefix/packetcapturefix.patch new file mode 100644 index 00000000..659fdd10 --- /dev/null +++ b/config/packetcapturefix/packetcapturefix.patch @@ -0,0 +1,23 @@ +diff --git a/usr/local/www/diag_packet_capture.php b/usr/local/www/diag_packet_capture.php +index 69fd677..91d61cd 100644 +--- a/usr/local/www/diag_packet_capture.php ++++ b/usr/local/www/diag_packet_capture.php +@@ -265,6 +265,9 @@ include("head.inc"); ?> + <textarea style="width:98%" name="code" rows="15" cols="66" wrap="off" readonly="readonly"> + <?php + system ("/usr/sbin/tcpdump $disabledns $detail -r $fp$fn");?> ++ ++ conf_mount_ro(); ++ + </textarea><?php + } + }?> +@@ -277,8 +280,6 @@ include("head.inc"); ?> + </td></tr></table> + <?php + +-conf_mount_ro(); +- + include("fend.inc"); + + ?> diff --git a/config/packetcapturefix/packetcapturefix.xml b/config/packetcapturefix/packetcapturefix.xml new file mode 100644 index 00000000..96386cf9 --- /dev/null +++ b/config/packetcapturefix/packetcapturefix.xml @@ -0,0 +1,65 @@ +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> +<packagegui> + <copyright> + <![CDATA[ +/* $Id$ */ +/* ========================================================================== */ +/* + packetcapturefix.xml + part of pfSense (http://www.pfSense.com) + Copyright (C) 2007 to whom it may belong + All rights reserved. + + Based on m0n0wall (http://m0n0.ch/wall) + Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. + All rights reserved. + */ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + </copyright> + <description>Patch to fix packet capture on 1.2.3 Embedded (NanoBSD)</description> + <requirements>pfSense 1.2.3</requirements> + <faq>None</faq> + <name>Packet Capture NanoBSD Fix</name> + <version>0.2</version> + <title>Packet Capture NanoBSD Fix</title> + <include_file>/usr/local/pkg/packetcapturefix.inc</include_file> + <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/packetcapturefix/packetcapturefix.inc</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/packetcapturefix/packetcapturefix.patch</item> + </additional_files_needed> + <custom_php_install_command> + packetcapturefix_install(); + </custom_php_install_command> +</packagegui> diff --git a/config/snort/javascript/row_helper.js b/config/snort/javascript/row_helper.js index aaf6df37..8b14732d 100644 --- a/config/snort/javascript/row_helper.js +++ b/config/snort/javascript/row_helper.js @@ -1,69 +1,69 @@ -// Global Variables
-var rowname = new Array(99);
-var rowtype = new Array(99);
-var newrow = new Array(99);
-var rowsize = new Array(99);
-
-for (i = 0; i < 99; i++) {
- rowname[i] = '';
- rowtype[i] = '';
- newrow[i] = '';
- rowsize[i] = '25';
-}
-
-var field_counter_js = 0;
-var loaded = 0;
-var is_streaming_progress_bar = 0;
-var temp_streaming_text = "";
-
-var addRowTo = (function() {
- return (function (tableId) {
- var d, tbody, tr, td, bgc, i, ii, j;
- d = document;
- tbody = d.getElementById(tableId).getElementsByTagName("tbody").item(0);
- tr = d.createElement("tr");
- totalrows++;
- for (i = 0; i < field_counter_js; i++) {
- td = d.createElement("td");
- if(rowtype[i] == 'textbox') {
- td.innerHTML="<INPUT type='hidden' value='" + totalrows +"' name='" + rowname[i] + "_row-" + totalrows + "'></input><input size='" + rowsize[i] + "' name='" + rowname[i] + totalrows + "'></input> ";
- } else if(rowtype[i] == 'select') {
- td.innerHTML="<INPUT type='hidden' value='" + totalrows +"' name='" + rowname[i] + "_row-" + totalrows + "'></input><select size='" + rowsize[i] + "' name='" + rowname[i] + totalrows + "'><option value=\"32\" selected>32</option><option value=\"31\" >31</option><option value=\"30\" >30</option><option value=\"29\" >29</option><option value=\"28\" >28</option><option value=\"27\" >27</option><option value=\"26\" >26</option><option value=\"25\" >25</option><option value=\"24\" >24</option><option value=\"23\" >23</option><option value=\"22\" >22</option><option value=\"21\" >21</option><option value=\"20\" >20</option><option value=\"19\" >19</option><option value=\"18\" >18</option><option value=\"17\" >17</option><option value=\"16\" >16</option><option value=\"15\" >15</option><option value=\"14\" >14</option><option value=\"13\" >13</option><option value=\"12\" >12</option><option value=\"11\" >11</option><option value=\"10\" >10</option><option value=\"9\" >9</option><option value=\"8\" >8</option><option value=\"7\" >7</option><option value=\"6\" >6</option><option value=\"5\" >5</option><option value=\"4\" >4</option><option value=\"3\" >3</option><option value=\"2\" >2</option><option value=\"1\" >1</option></select> ";
- } else {
- td.innerHTML="<INPUT type='hidden' value='" + totalrows +"' name='" + rowname[i] + "_row-" + totalrows + "'></input><input type='checkbox' name='" + rowname[i] + totalrows + "'></input> ";
- }
- tr.appendChild(td);
- }
- td = d.createElement("td");
- td.rowSpan = "1";
-
- td.innerHTML = '<input type="image" src="/themes/' + theme + '/images/icons/icon_x.gif" onclick="removeRow(this); return false;" value="Delete">';
- tr.appendChild(td);
- tbody.appendChild(tr);
- });
-})();
-
-function removeRow(el) {
- var cel;
- while (el && el.nodeName.toLowerCase() != "tr")
- el = el.parentNode;
-
- if (el && el.parentNode) {
- cel = el.getElementsByTagName("td").item(0);
- el.parentNode.removeChild(el);
- }
-}
-
-function find_unique_field_name(field_name) {
- // loop through field_name and strip off -NUMBER
- var last_found_dash = 0;
- for (var i = 0; i < field_name.length; i++) {
- // is this a dash, if so, update
- // last_found_dash
- if (field_name.substr(i,1) == "-" )
- last_found_dash = i;
- }
- if (last_found_dash < 1)
- return field_name;
- return(field_name.substr(0,last_found_dash));
-}
+// Global Variables +var rowname = new Array(99); +var rowtype = new Array(99); +var newrow = new Array(99); +var rowsize = new Array(99); + +for (i = 0; i < 99; i++) { + rowname[i] = ''; + rowtype[i] = ''; + newrow[i] = ''; + rowsize[i] = '25'; +} + +var field_counter_js = 0; +var loaded = 0; +var is_streaming_progress_bar = 0; +var temp_streaming_text = ""; + +var addRowTo = (function() { + return (function (tableId) { + var d, tbody, tr, td, bgc, i, ii, j; + d = document; + tbody = d.getElementById(tableId).getElementsByTagName("tbody").item(0); + tr = d.createElement("tr"); + totalrows++; + for (i = 0; i < field_counter_js; i++) { + td = d.createElement("td"); + if(rowtype[i] == 'textbox') { + td.innerHTML="<INPUT type='hidden' value='" + totalrows +"' name='" + rowname[i] + "_row-" + totalrows + "'></input><input size='" + rowsize[i] + "' name='" + rowname[i] + totalrows + "'></input> "; + } else if(rowtype[i] == 'select') { + td.innerHTML="<INPUT type='hidden' value='" + totalrows +"' name='" + rowname[i] + "_row-" + totalrows + "'></input><select size='" + rowsize[i] + "' name='" + rowname[i] + totalrows + "'><option value=\"32\" selected>32</option><option value=\"31\" >31</option><option value=\"30\" >30</option><option value=\"29\" >29</option><option value=\"28\" >28</option><option value=\"27\" >27</option><option value=\"26\" >26</option><option value=\"25\" >25</option><option value=\"24\" >24</option><option value=\"23\" >23</option><option value=\"22\" >22</option><option value=\"21\" >21</option><option value=\"20\" >20</option><option value=\"19\" >19</option><option value=\"18\" >18</option><option value=\"17\" >17</option><option value=\"16\" >16</option><option value=\"15\" >15</option><option value=\"14\" >14</option><option value=\"13\" >13</option><option value=\"12\" >12</option><option value=\"11\" >11</option><option value=\"10\" >10</option><option value=\"9\" >9</option><option value=\"8\" >8</option><option value=\"7\" >7</option><option value=\"6\" >6</option><option value=\"5\" >5</option><option value=\"4\" >4</option><option value=\"3\" >3</option><option value=\"2\" >2</option><option value=\"1\" >1</option></select> "; + } else { + td.innerHTML="<INPUT type='hidden' value='" + totalrows +"' name='" + rowname[i] + "_row-" + totalrows + "'></input><input type='checkbox' name='" + rowname[i] + totalrows + "'></input> "; + } + tr.appendChild(td); + } + td = d.createElement("td"); + td.rowSpan = "1"; + + td.innerHTML = '<input type="image" src="/themes/' + theme + '/images/icons/icon_x.gif" onclick="removeRow(this); return false;" value="Delete">'; + tr.appendChild(td); + tbody.appendChild(tr); + }); +})(); + +function removeRow(el) { + var cel; + while (el && el.nodeName.toLowerCase() != "tr") + el = el.parentNode; + + if (el && el.parentNode) { + cel = el.getElementsByTagName("td").item(0); + el.parentNode.removeChild(el); + } +} + +function find_unique_field_name(field_name) { + // loop through field_name and strip off -NUMBER + var last_found_dash = 0; + for (var i = 0; i < field_name.length; i++) { + // is this a dash, if so, update + // last_found_dash + if (field_name.substr(i,1) == "-" ) + last_found_dash = i; + } + if (last_found_dash < 1) + return field_name; + return(field_name.substr(0,last_found_dash)); +} diff --git a/config/snort/snort_check_for_rule_updates.php b/config/snort/snort_check_for_rule_updates.php index ba953c73..9bc2d5b8 100644 --- a/config/snort/snort_check_for_rule_updates.php +++ b/config/snort/snort_check_for_rule_updates.php @@ -211,7 +211,7 @@ if ($snortdownload == "basic" || $snortdownload == "premium") } else { echo "Downloading snort.org md5 file...\n"; ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); - $image = @file_get_contents("http://dl.snort.org/{$premium_url}/snortrules-snapshot-2.8{$premium_subscriber}.tar.gz.md5?oink_code={$oinkid}"); + $image = @file_get_contents("http://dl.snort.org/{$premium_url}/snortrules-snapshot-2860{$premium_subscriber}.tar.gz.md5?oink_code={$oinkid}"); // $image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/snortrules-snapshot-2.8{$premium_subscriber}.tar.gz.md5"); $f = fopen("{$tmpfname}/snortrules-snapshot-2.8.tar.gz.md5", 'w'); fwrite($f, $image); @@ -381,7 +381,7 @@ if ($snortdownload != "off") } else { echo "There is a new set of Snort.org rules posted. Downloading...\n"; echo "May take 4 to 10 min...\n"; - download_file_with_progress_bar2("http://dl.snort.org/{$premium_url}/snortrules-snapshot-2.8{$premium_subscriber}.tar.gz?oink_code={$oinkid}", $tmpfname . "/{$snort_filename}"); + download_file_with_progress_bar2("http://dl.snort.org/{$premium_url}/snortrules-snapshot-2860{$premium_subscriber}.tar.gz?oink_code={$oinkid}", $tmpfname . "/{$snort_filename}"); echo "Done downloading rules file.\n"; if (150000 > filesize("{$tmpfname}/{$snort_filename}")){ echo "Error with the snort rules download...\n"; @@ -455,6 +455,14 @@ if ($snortdownload != "off") { if ($snort_md5_check_ok != on) { if (file_exists("{$tmpfname}/{$snort_filename}")) { + + if ($pfsense_stable == 'yes') + { + $freebsd_version_so = 'FreeBSD-7-2'; + }else{ + $freebsd_version_so = 'FreeBSD-8-0'; + } + echo "Extracting Snort.org rules...\n"; echo "May take a while...\n"; /* extract snort.org rules and add prefix to all snort.org files*/ @@ -465,9 +473,9 @@ if ($snortdownload != "off") sleep(2); exec('/usr/local/bin/perl /usr/local/bin/snort_rename.pl s/^/snort_/ *.rules'); /* extract so rules */ - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/precompiled/FreeBSD-7.0/i386/2.8.5.3/"); + exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/precompiled/$freebsd_version_so/i386/2.8.6.0/"); exec('/bin/mkdir -p /usr/local/lib/snort/dynamicrules/'); - exec("/bin/mv -f {$snortdir}/so_rules/precompiled/FreeBSD-7.0/i386/2.8.5.3/* /usr/local/lib/snort/dynamicrules/"); + exec("/bin/mv -f {$snortdir}/so_rules/precompiled/$freebsd_version_so/i386/2.8.6.0/* /usr/local/lib/snort/dynamicrules/"); /* extract so rules none bin and rename */ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/bad-traffic.rules/" . " so_rules/chat.rules/" . diff --git a/config/snort/snort_download_rules.php b/config/snort/snort_download_rules.php index 36000827..78334f8e 100644 --- a/config/snort/snort_download_rules.php +++ b/config/snort/snort_download_rules.php @@ -391,7 +391,7 @@ if ($snortdownload == "basic" || $snortdownload == "premium") } else { update_status(gettext("Downloading snort.org md5 file...")); ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); - $image = @file_get_contents("http://dl.snort.org/{$premium_url}/snortrules-snapshot-2.8{$premium_subscriber}.tar.gz.md5?oink_code={$oinkid}"); + $image = @file_get_contents("http://dl.snort.org/{$premium_url}/snortrules-snapshot-2860{$premium_subscriber}.tar.gz.md5?oink_code={$oinkid}"); // $image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/snortrules-snapshot-2.8{$premium_subscriber}.tar.gz.md5"); $f = fopen("{$tmpfname}/snortrules-snapshot-2.8.tar.gz.md5", 'w'); fwrite($f, $image); @@ -613,7 +613,7 @@ if ($snortdownload != "off") update_status(gettext("There is a new set of Snort.org rules posted. Downloading...")); update_output_window(gettext("May take 4 to 10 min...")); // download_file_with_progress_bar("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/snortrules-snapshot-2.8{$premium_subscriber}.tar.gz", $tmpfname . "/{$snort_filename}", "read_body_firmware"); - download_file_with_progress_bar("http://dl.snort.org/{$premium_url}/snortrules-snapshot-2.8{$premium_subscriber}.tar.gz?oink_code={$oinkid}", $tmpfname . "/{$snort_filename}", "read_body_firmware"); + download_file_with_progress_bar("http://dl.snort.org/{$premium_url}/snortrules-snapshot-2860{$premium_subscriber}.tar.gz?oink_code={$oinkid}", $tmpfname . "/{$snort_filename}", "read_body_firmware"); update_all_status($static_output); update_status(gettext("Done downloading rules file.")); if (150000 > filesize("{$tmpfname}/$snort_filename")){ @@ -701,6 +701,14 @@ if ($snortdownload != "off") { if ($snort_md5_check_ok != on) { if (file_exists("{$tmpfname}/{$snort_filename}")) { + + if ($pfsense_stable == 'yes') + { + $freebsd_version_so = 'FreeBSD-7-2'; + }else{ + $freebsd_version_so = 'FreeBSD-8-0'; + } + update_status(gettext("Extracting Snort.org rules...")); update_output_window(gettext("May take a while...")); /* extract snort.org rules and add prefix to all snort.org files*/ @@ -711,9 +719,9 @@ if ($snortdownload != "off") sleep(2); exec('/usr/local/bin/perl /usr/local/bin/snort_rename.pl s/^/snort_/ *.rules'); /* extract so rules */ - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/precompiled/FreeBSD-7.0/i386/2.8.5.3/"); + exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/precompiled/$freebsd_version_so/i386/2.8.6.0/"); exec('/bin/mkdir -p /usr/local/lib/snort/dynamicrules/'); - exec("/bin/mv -f {$snortdir}/so_rules/precompiled/FreeBSD-7.0/i386/2.8.5.3/* /usr/local/lib/snort/dynamicrules/"); + exec("/bin/mv -f {$snortdir}/so_rules/precompiled/$freebsd_version_so/i386/2.8.6.0/* /usr/local/lib/snort/dynamicrules/"); /* extract so rules none bin and rename */ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/bad-traffic.rules/" . " so_rules/chat.rules/" . diff --git a/config/snort/snort_interfaces.php b/config/snort/snort_interfaces.php index 9db023a7..b5b05f1d 100644 --- a/config/snort/snort_interfaces.php +++ b/config/snort/snort_interfaces.php @@ -240,7 +240,7 @@ if ($_GET['act'] == 'toggle' && $_GET['id'] != '') -$pgtitle = "Services: Snort 2.8.5.3 pkg v. 1.25"; +$pgtitle = "Services: Snort 2.8.6 pkg v. 1.26"; include("head.inc"); ?> diff --git a/config/snort/snort_interfaces_suppress.php b/config/snort/snort_interfaces_suppress.php index c2ecf817..65bf1d4c 100644 --- a/config/snort/snort_interfaces_suppress.php +++ b/config/snort/snort_interfaces_suppress.php @@ -1,170 +1,170 @@ -<?php -/* $Id$ */ -/* - firewall_aliases.php - Copyright (C) 2004 Scott Ullrich - All rights reserved. - - originially part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - All rights reserved. - - modified for the pfsense snort package - Copyright (C) 2009-2010 Robert Zelaya. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require("guiconfig.inc"); - - -if (!is_array($config['installedpackages']['snortglobal']['suppress']['item'])) - $config['installedpackages']['snortglobal']['suppress']['item'] = array(); - -//aliases_sort(); << what ? -$a_suppress = &$config['installedpackages']['snortglobal']['suppress']['item']; - -if (isset($config['installedpackages']['snortglobal']['suppress']['item'])) { -$id_gen = count($config['installedpackages']['snortglobal']['suppress']['item']); -}else{ -$id_gen = '0'; -} - -$d_suppresslistdirty_path = '/var/run/snort_suppress.dirty'; - -if ($_POST) { - - $pconfig = $_POST; - - if ($_POST['apply']) { - $retval = 0; - - if(stristr($retval, "error") <> true) - $savemsg = get_std_save_message($retval); - else - $savemsg = $retval; - if ($retval == 0) { - if (file_exists($d_suppresslistdirty_path)) - unlink($d_suppresslistdirty_path); - } - } -} - -if ($_GET['act'] == "del") { - if ($a_suppress[$_GET['id']]) { - /* make sure rule is not being referenced by any nat or filter rules */ - - unset($a_suppress[$_GET['id']]); - write_config(); - filter_configure(); - touch($d_suppresslistdirty_path); - header("Location: /snort/snort_interfaces_suppress.php"); - exit; - } -} - -$pgtitle = "Services: Snort: Suppression"; -include("head.inc"); - -?> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<?php include("./snort_fbegin.inc"); ?> -<p class="pgtitle"><?=$pgtitle?></p> -<form action="/snort/snort_interfaces_suppress.php" method="post"> -<?php if ($savemsg) print_info_box($savemsg); ?> -<?php if (file_exists($d_suppresslistdirty_path)): ?><p> -<?php print_info_box_np("The white list has been changed.<br>You must apply the changes in order for them to take effect.");?> -<?php endif; ?> - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr><td class="tabnavtbl"> -<?php - $tab_array = array(); - $tab_array[] = array("Snort Interfaces", false, "/snort/snort_interfaces.php"); - $tab_array[] = array("Global Settings", false, "/snort/snort_interfaces_global.php"); - $tab_array[] = array("Rule Updates", false, "/snort/snort_download_rules.php"); - $tab_array[] = array("Alerts", false, "/snort/snort_alerts.php"); - $tab_array[] = array("Blocked", false, "/snort/snort_blocked.php"); - $tab_array[] = array("Whitelists", false, "/snort/snort_interfaces_whitelist.php"); - $tab_array[] = array("Suppress", true, "/snort/snort_interfaces_suppress.php"); - $tab_array[] = array("Help", false, "/snort/snort_help_info.php"); - display_top_tabs($tab_array); -?> </td></tr> -<tr> -<td class="tabcont"> - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - -<tr> - <td width="30%" class="listhdrr">File Name</td> - <td width="70%" class="listhdr">Description</td> - - <td width="10%" class="list"> - </td> -</tr> - <?php $i = 0; foreach ($a_suppress as $list): ?> -<tr> - <td class="listlr" ondblclick="document.location='snort_interfaces_suppress_edit.php?id=<?=$i;?>';"> - <?=htmlspecialchars($list['name']);?> - </td> - <td class="listbg" ondblclick="document.location='snort_interfaces_suppress_edit.php?id=<?=$i;?>';"> - <font color="#FFFFFF"> - <?=htmlspecialchars($list['descr']);?> - </td> - - <td valign="middle" nowrap class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td valign="middle"><a href="snort_interfaces_suppress_edit.php?id=<?=$i;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" title="edit whitelist"></a></td> - <td><a href="/snort/snort_interfaces_whitelist.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this whitelist? All elements that still use it will become invalid (e.g. snort rules will fall back to the default whitelist)!')"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" title="delete whitelist"></a></td> - </tr> - </table> - </td> -</tr> - <?php $i++; endforeach; ?> -<tr> - <td class="list" colspan="2"></td> - <td class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td valign="middle" width="17"> </td> - <td valign="middle"><a href="snort_interfaces_suppress_edit.php?id=<?php echo $id_gen;?> "><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" title="add a new list"></a></td> - </tr> - </table> - </td> -</tr> -</table> - </td> - </tr> - </table> -<br> -<table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> -<td width="100%"><span class="vexpl"><span class="red"><strong>Note:</strong></span> - <p><span class="vexpl">Here you can create event filtering and suppression for your snort package rules.<br>Please note that you must restart a running rule so that changes can take effect.</span></p> -</td> -</table> -</form> -<?php include("fend.inc"); ?> -</body> -</html> +<?php
+/* $Id$ */
+/*
+ firewall_aliases.php
+ Copyright (C) 2004 Scott Ullrich
+ All rights reserved.
+
+ originially part of m0n0wall (http://m0n0.ch/wall)
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+
+ modified for the pfsense snort package
+ Copyright (C) 2009-2010 Robert Zelaya.
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+
+require("guiconfig.inc");
+
+
+if (!is_array($config['installedpackages']['snortglobal']['suppress']['item']))
+ $config['installedpackages']['snortglobal']['suppress']['item'] = array();
+
+//aliases_sort(); << what ?
+$a_suppress = &$config['installedpackages']['snortglobal']['suppress']['item'];
+
+if (isset($config['installedpackages']['snortglobal']['suppress']['item'])) {
+$id_gen = count($config['installedpackages']['snortglobal']['suppress']['item']);
+}else{
+$id_gen = '0';
+}
+
+$d_suppresslistdirty_path = '/var/run/snort_suppress.dirty';
+
+if ($_POST) {
+
+ $pconfig = $_POST;
+
+ if ($_POST['apply']) {
+ $retval = 0;
+
+ if(stristr($retval, "error") <> true)
+ $savemsg = get_std_save_message($retval);
+ else
+ $savemsg = $retval;
+ if ($retval == 0) {
+ if (file_exists($d_suppresslistdirty_path))
+ unlink($d_suppresslistdirty_path);
+ }
+ }
+}
+
+if ($_GET['act'] == "del") {
+ if ($a_suppress[$_GET['id']]) {
+ /* make sure rule is not being referenced by any nat or filter rules */
+
+ unset($a_suppress[$_GET['id']]);
+ write_config();
+ filter_configure();
+ touch($d_suppresslistdirty_path);
+ header("Location: /snort/snort_interfaces_suppress.php");
+ exit;
+ }
+}
+
+$pgtitle = "Services: Snort: Suppression";
+include("head.inc");
+
+?>
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+<?php include("./snort_fbegin.inc"); ?>
+<p class="pgtitle"><?=$pgtitle?></p>
+<form action="/snort/snort_interfaces_suppress.php" method="post">
+<?php if ($savemsg) print_info_box($savemsg); ?>
+<?php if (file_exists($d_suppresslistdirty_path)): ?><p>
+<?php print_info_box_np("The white list has been changed.<br>You must apply the changes in order for them to take effect.");?>
+<?php endif; ?>
+
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr><td class="tabnavtbl">
+<?php
+ $tab_array = array();
+ $tab_array[] = array("Snort Interfaces", false, "/snort/snort_interfaces.php");
+ $tab_array[] = array("Global Settings", false, "/snort/snort_interfaces_global.php");
+ $tab_array[] = array("Rule Updates", false, "/snort/snort_download_rules.php");
+ $tab_array[] = array("Alerts", false, "/snort/snort_alerts.php");
+ $tab_array[] = array("Blocked", false, "/snort/snort_blocked.php");
+ $tab_array[] = array("Whitelists", false, "/snort/snort_interfaces_whitelist.php");
+ $tab_array[] = array("Suppress", true, "/snort/snort_interfaces_suppress.php");
+ $tab_array[] = array("Help", false, "/snort/snort_help_info.php");
+ display_top_tabs($tab_array);
+?> </td></tr>
+<tr>
+<td class="tabcont">
+
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+
+<tr>
+ <td width="30%" class="listhdrr">File Name</td>
+ <td width="70%" class="listhdr">Description</td>
+
+ <td width="10%" class="list">
+ </td>
+</tr>
+ <?php $i = 0; foreach ($a_suppress as $list): ?>
+<tr>
+ <td class="listlr" ondblclick="document.location='snort_interfaces_suppress_edit.php?id=<?=$i;?>';">
+ <?=htmlspecialchars($list['name']);?>
+ </td>
+ <td class="listbg" ondblclick="document.location='snort_interfaces_suppress_edit.php?id=<?=$i;?>';">
+ <font color="#FFFFFF">
+ <?=htmlspecialchars($list['descr']);?>
+ </td>
+
+ <td valign="middle" nowrap class="list">
+ <table border="0" cellspacing="0" cellpadding="1">
+ <tr>
+ <td valign="middle"><a href="snort_interfaces_suppress_edit.php?id=<?=$i;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" title="edit whitelist"></a></td>
+ <td><a href="/snort/snort_interfaces_suppress.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this whitelist? All elements that still use it will become invalid (e.g. snort rules will fall back to the default whitelist)!')"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" title="delete whitelist"></a></td>
+ </tr>
+ </table>
+ </td>
+</tr>
+ <?php $i++; endforeach; ?>
+<tr>
+ <td class="list" colspan="2"></td>
+ <td class="list">
+ <table border="0" cellspacing="0" cellpadding="1">
+ <tr>
+ <td valign="middle" width="17"> </td>
+ <td valign="middle"><a href="snort_interfaces_suppress_edit.php?id=<?php echo $id_gen;?> "><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" title="add a new list"></a></td>
+ </tr>
+ </table>
+ </td>
+</tr>
+</table>
+ </td>
+ </tr>
+ </table>
+<br>
+<table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
+<td width="100%"><span class="vexpl"><span class="red"><strong>Note:</strong></span>
+ <p><span class="vexpl">Here you can create event filtering and suppression for your snort package rules.<br>Please note that you must restart a running rule so that changes can take effect.</span></p>
+</td>
+</table>
+</form>
+<?php include("fend.inc"); ?>
+</body>
+</html>
diff --git a/config/snort/snort_interfaces_suppress_edit.php b/config/snort/snort_interfaces_suppress_edit.php index 13c43b4e..530a7800 100644 --- a/config/snort/snort_interfaces_suppress_edit.php +++ b/config/snort/snort_interfaces_suppress_edit.php @@ -1,312 +1,312 @@ -<?php -/* $Id$ */ -/* - firewall_aliases_edit.php - Copyright (C) 2004 Scott Ullrich - All rights reserved. - - originially part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - All rights reserved. - - modified for the pfsense snort package - Copyright (C) 2009-2010 Robert Zelaya. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort.inc"); -require_once("/usr/local/pkg/snort/snort_gui.inc"); - -if (!is_array($config['installedpackages']['snortglobal']['suppress']['item'])) - $config['installedpackages']['snortglobal']['suppress']['item'] = array(); - -$a_suppress = &$config['installedpackages']['snortglobal']['suppress']['item']; - -$id = $_GET['id']; -if (isset($_POST['id'])) - $id = $_POST['id']; - - -/* gen uuid for each iface !inportant */ -if ($config['installedpackages']['snortglobal']['suppress']['item'][$id]['uuid'] == '') { - //$snort_uuid = gen_snort_uuid(strrev(uniqid(true))); -$suppress_uuid = 0; -while ($suppress_uuid > 65535 || $suppress_uuid == 0) { - $suppress_uuid = mt_rand(1, 65535); - $pconfig['uuid'] = $suppress_uuid; - } -} - -if ($config['installedpackages']['snortglobal']['suppress']['item'][$id]['uuid'] != '') { - $suppress_uuid = $config['installedpackages']['snortglobal']['suppress']['item'][$id]['uuid']; -} - -$pgtitle = "Services: Snort: Suppression: Edit $suppress_uuid"; - -$d_snort_suppress_dirty_path = '/var/run/snort_suppress.dirty'; - -/* returns true if $name is a valid name for a whitelist file name or ip */ -function is_validwhitelistname($name) { - if (!is_string($name)) - return false; - - if (!preg_match("/[^a-zA-Z0-9\.\/]/", $name)) - return true; - - return false; -} - - -if (isset($id) && $a_suppress[$id]) { - - /* old settings */ - $pconfig['name'] = $a_suppress[$id]['name']; - $pconfig['uuid'] = $a_suppress[$id]['uuid']; - $pconfig['descr'] = $a_suppress[$id]['descr']; - $pconfig['suppresspassthru'] = base64_decode($a_suppress[$id]['suppresspassthru']); - - - -} - - /* this will exec when alert says apply */ - if ($_POST['apply']) { - - if (file_exists("$d_snort_suppress_dirty_path")) { - - write_config(); - - sync_snort_package_config(); - sync_snort_package(); - - unlink("$d_snort_suppress_dirty_path"); - - } - - } - -if ($_POST['submit']) { - - unset($input_errors); - $pconfig = $_POST; - - do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); - - if(strtolower($_POST['name']) == "defaultwhitelist") - $input_errors[] = "Whitelist file names may not be named defaultwhitelist."; - - $x = is_validwhitelistname($_POST['name']); - if (!isset($x)) { - $input_errors[] = "Reserved word used for whitelist file name."; - } else { - if (is_validwhitelistname($_POST['name']) == false) - $input_errors[] = "Whitelist file name may only consist of the characters a-z, A-Z and 0-9 _. Note: No Spaces. Press Cancel to reset."; - } - - - /* check for name conflicts */ - foreach ($a_suppress as $s_list) { - if (isset($id) && ($a_suppress[$id]) && ($a_suppress[$id] === $s_list)) - continue; - - if ($s_list['name'] == $_POST['name']) { - $input_errors[] = "A whitelist file name with this name already exists."; - break; - } - } - - - $s_list = array(); - /* post user input */ - - if (!$input_errors) { - - $s_list['name'] = $_POST['name']; - $s_list['uuid'] = $suppress_uuid; - $s_list['descr'] = mb_convert_encoding($_POST['descr'],"HTML-ENTITIES","auto"); - $s_list['suppresspassthru'] = base64_encode($_POST['suppresspassthru']); - - - if (isset($id) && $a_suppress[$id]) - $a_suppress[$id] = $s_list; - else - $a_suppress[] = $s_list; - - touch($d_snort_suppress_dirty_path); - - write_config(); - - header("Location: /snort/snort_interfaces_suppress_edit.php?id=$id"); - exit; - } - -} - -include("head.inc"); - -?> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC" onload="<?= $jsevents["body"]["onload"] ?>"> - -<style type="text/css"> -.formpre { -font-family: Tahoma,Verdana,Arial,Helvetica,sans-serif; -font-size: 1.1em; -} -</style> - -<?php - include("./snort_fbegin.inc"); -?> -<p class="pgtitle"><?=$pgtitle?></p> - -<?php if ($input_errors) print_input_errors($input_errors); ?> -<div id="inputerrors"></div> - -<form action="/snort/snort_interfaces_suppress_edit.php?id=<?=$id?>" method="post" name="iform" id="iform"> - -<?php - /* Display Alert message */ - if ($input_errors) { - print_input_errors($input_errors); // TODO: add checks - } - - if ($savemsg) { - print_info_box2($savemsg); - } - - //if (file_exists($d_snortconfdirty_path)) { - if (file_exists($d_snort_suppress_dirty_path)) { - echo '<p>'; - - if($savemsg) { - print_info_box_np2("{$savemsg}"); - }else{ - print_info_box_np2(' - The Snort configuration has changed and snort needs to be restarted on this interface.<br> - You must apply the changes in order for them to take effect.<br> - '); - } - } -?> - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr><td class="tabnavtbl"> -<?php - $tab_array = array(); - $tab_array[] = array("Snort Interfaces", false, "/snort/snort_interfaces.php"); - $tab_array[] = array("Global Settings", false, "/snort/snort_interfaces_global.php"); - $tab_array[] = array("Rule Updates", false, "/snort/snort_download_rules.php"); - $tab_array[] = array("Alerts", false, "/snort/snort_alerts.php"); - $tab_array[] = array("Blocked", false, "/snort/snort_blocked.php"); - $tab_array[] = array("Whitelists", false, "/snort/snort_interfaces_whitelist.php"); - $tab_array[] = array("Suppress", true, "/snort/snort_interfaces_suppress.php"); - $tab_array[] = array("Help", false, "/snort/snort_help_info.php"); - display_top_tabs($tab_array); -?> </td></tr> -<tr> -<td class="tabcont"> -<table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td colspan="2" valign="top" class="listtopic">Add the name and description of the file.</td> - </tr> - <tr> - <td valign="top" class="vncellreq">Name</td> - <td class="vtable"> - <input name="name" type="text" id="name" size="40" value="<?=htmlspecialchars($pconfig['name']);?>" /> - <br /> - <span class="vexpl"> - The list name may only consist of the characters a-z, A-Z and 0-9. <span class="red">Note: </span> No Spaces. - </span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Description</td> - <td width="78%" class="vtable"> - <input name="descr" type="text" id="descr" size="40" value="<?=$pconfig['descr'];?>" /> - <br /> - <span class="vexpl"> - You may enter a description here for your reference (not parsed). - </span> - </td> - </tr> -</table> -<table width="100%" border="0" cellpadding="6" cellspacing="0"> - <table height="32" width="100%"> - <tr> - <td> - <div style='background-color:#E0E0E0' id='redbox'> - <table width='100%'> - <tr> - <td width='8%'> - <img style='vertical-align:middle' src="/snort/images/icon_excli.png" width="40" height="32"> - </td> - <td width='70%'> - <font size="2" color='#FF850A'><b>NOTE:</b></font> - <font size="2" color='#000000'> The threshold keyword is deprecated as of version 2.8.5. Use the event_filter keyword instead.</font> - </td> - </tr> - </table> - </div> - </td> - </tr> - <script type="text/javascript"> - NiftyCheck(); - Rounded("div#redbox","all","#FFF","#E0E0E0","smooth"); - Rounded("td#blackbox","all","#FFF","#000000","smooth"); - </script> - <tr> - <td colspan="2" valign="top" class="listtopic">Apply suppression or filters to rules. Valid keywords are 'suppress', 'event_filter' and 'rate_filter'.</td> - </tr> - <tr> - <td colspan="2" valign="top" class="vncell"> - <b>Example 1;</b> suppress gen_id 1, sig_id 1852, track by_src, ip 10.1.1.54<br> - <b>Example 2;</b> event_filter gen_id 1, sig_id 1851, type limit, track by_src, count 1, seconds 60<br> - <b>Example 3;</b> rate_filter gen_id 135, sig_id 1, track by_src, count 100, seconds 1, new_action log, timeout 10 - </td> - </tr> - <tr> - <td width="100%" class="vtable"> - <textarea wrap="off" name="suppresspassthru" cols="142" rows="28" id="suppresspassthru" class="formpre"><?=htmlspecialchars($pconfig['suppresspassthru']);?></textarea> -</td> - </tr> - <tr> - <td width="78%"> - <input id="submit" name="submit" type="submit" class="formbtn" value="Save" /> - <input id="cancelbutton" name="cancelbutton" type="button" class="formbtn" value="Cancel" onclick="history.back()" /> - <?php if (isset($id) && $a_suppress[$id]): ?> - <input name="id" type="hidden" value="<?=$id;?>" /> - <?php endif; ?> - </td> - </tr> - </table> - </table> - </td> - </tr> - </table> -</form> -<?php include("fend.inc"); ?> -</body> +<?php
+/* $Id$ */
+/*
+ firewall_aliases_edit.php
+ Copyright (C) 2004 Scott Ullrich
+ All rights reserved.
+
+ originially part of m0n0wall (http://m0n0.ch/wall)
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+
+ modified for the pfsense snort package
+ Copyright (C) 2009-2010 Robert Zelaya.
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+
+require_once("guiconfig.inc");
+require_once("/usr/local/pkg/snort/snort.inc");
+require_once("/usr/local/pkg/snort/snort_gui.inc");
+
+if (!is_array($config['installedpackages']['snortglobal']['suppress']['item']))
+ $config['installedpackages']['snortglobal']['suppress']['item'] = array();
+
+$a_suppress = &$config['installedpackages']['snortglobal']['suppress']['item'];
+
+$id = $_GET['id'];
+if (isset($_POST['id']))
+ $id = $_POST['id'];
+
+
+/* gen uuid for each iface !inportant */
+if ($config['installedpackages']['snortglobal']['suppress']['item'][$id]['uuid'] == '') {
+ //$snort_uuid = gen_snort_uuid(strrev(uniqid(true)));
+$suppress_uuid = 0;
+while ($suppress_uuid > 65535 || $suppress_uuid == 0) {
+ $suppress_uuid = mt_rand(1, 65535);
+ $pconfig['uuid'] = $suppress_uuid;
+ }
+}
+
+if ($config['installedpackages']['snortglobal']['suppress']['item'][$id]['uuid'] != '') {
+ $suppress_uuid = $config['installedpackages']['snortglobal']['suppress']['item'][$id]['uuid'];
+}
+
+$pgtitle = "Services: Snort: Suppression: Edit $suppress_uuid";
+
+$d_snort_suppress_dirty_path = '/var/run/snort_suppress.dirty';
+
+/* returns true if $name is a valid name for a whitelist file name or ip */
+function is_validwhitelistname($name) {
+ if (!is_string($name))
+ return false;
+
+ if (!preg_match("/[^a-zA-Z0-9\.\/]/", $name))
+ return true;
+
+ return false;
+}
+
+
+if (isset($id) && $a_suppress[$id]) {
+
+ /* old settings */
+ $pconfig['name'] = $a_suppress[$id]['name'];
+ $pconfig['uuid'] = $a_suppress[$id]['uuid'];
+ $pconfig['descr'] = $a_suppress[$id]['descr'];
+ $pconfig['suppresspassthru'] = base64_decode($a_suppress[$id]['suppresspassthru']);
+
+
+
+}
+
+ /* this will exec when alert says apply */
+ if ($_POST['apply']) {
+
+ if (file_exists("$d_snort_suppress_dirty_path")) {
+
+ write_config();
+
+ sync_snort_package_config();
+ sync_snort_package();
+
+ unlink("$d_snort_suppress_dirty_path");
+
+ }
+
+ }
+
+if ($_POST['submit']) {
+
+ unset($input_errors);
+ $pconfig = $_POST;
+
+ do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
+
+ if(strtolower($_POST['name']) == "defaultwhitelist")
+ $input_errors[] = "Whitelist file names may not be named defaultwhitelist.";
+
+ $x = is_validwhitelistname($_POST['name']);
+ if (!isset($x)) {
+ $input_errors[] = "Reserved word used for whitelist file name.";
+ } else {
+ if (is_validwhitelistname($_POST['name']) == false)
+ $input_errors[] = "Whitelist file name may only consist of the characters a-z, A-Z and 0-9 _. Note: No Spaces. Press Cancel to reset.";
+ }
+
+
+ /* check for name conflicts */
+ foreach ($a_suppress as $s_list) {
+ if (isset($id) && ($a_suppress[$id]) && ($a_suppress[$id] === $s_list))
+ continue;
+
+ if ($s_list['name'] == $_POST['name']) {
+ $input_errors[] = "A whitelist file name with this name already exists.";
+ break;
+ }
+ }
+
+
+ $s_list = array();
+ /* post user input */
+
+ if (!$input_errors) {
+
+ $s_list['name'] = $_POST['name'];
+ $s_list['uuid'] = $suppress_uuid;
+ $s_list['descr'] = mb_convert_encoding($_POST['descr'],"HTML-ENTITIES","auto");
+ $s_list['suppresspassthru'] = base64_encode($_POST['suppresspassthru']);
+
+
+ if (isset($id) && $a_suppress[$id])
+ $a_suppress[$id] = $s_list;
+ else
+ $a_suppress[] = $s_list;
+
+ touch($d_snort_suppress_dirty_path);
+
+ write_config();
+
+ header("Location: /snort/snort_interfaces_suppress_edit.php?id=$id");
+ exit;
+ }
+
+}
+
+include("head.inc");
+
+?>
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC" onload="<?= $jsevents["body"]["onload"] ?>">
+
+<style type="text/css">
+.formpre {
+font-family: Tahoma,Verdana,Arial,Helvetica,sans-serif;
+font-size: 1.1em;
+}
+</style>
+
+<?php
+ include("./snort_fbegin.inc");
+?>
+<p class="pgtitle"><?=$pgtitle?></p>
+
+<?php if ($input_errors) print_input_errors($input_errors); ?>
+<div id="inputerrors"></div>
+
+<form action="/snort/snort_interfaces_suppress_edit.php?id=<?=$id?>" method="post" name="iform" id="iform">
+
+<?php
+ /* Display Alert message */
+ if ($input_errors) {
+ print_input_errors($input_errors); // TODO: add checks
+ }
+
+ if ($savemsg) {
+ print_info_box2($savemsg);
+ }
+
+ //if (file_exists($d_snortconfdirty_path)) {
+ if (file_exists($d_snort_suppress_dirty_path)) {
+ echo '<p>';
+
+ if($savemsg) {
+ print_info_box_np2("{$savemsg}");
+ }else{
+ print_info_box_np2('
+ The Snort configuration has changed and snort needs to be restarted on this interface.<br>
+ You must apply the changes in order for them to take effect.<br>
+ ');
+ }
+ }
+?>
+
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr><td class="tabnavtbl">
+<?php
+ $tab_array = array();
+ $tab_array[] = array("Snort Interfaces", false, "/snort/snort_interfaces.php");
+ $tab_array[] = array("Global Settings", false, "/snort/snort_interfaces_global.php");
+ $tab_array[] = array("Rule Updates", false, "/snort/snort_download_rules.php");
+ $tab_array[] = array("Alerts", false, "/snort/snort_alerts.php");
+ $tab_array[] = array("Blocked", false, "/snort/snort_blocked.php");
+ $tab_array[] = array("Whitelists", false, "/snort/snort_interfaces_whitelist.php");
+ $tab_array[] = array("Suppress", true, "/snort/snort_interfaces_suppress.php");
+ $tab_array[] = array("Help", false, "/snort/snort_help_info.php");
+ display_top_tabs($tab_array);
+?> </td></tr>
+<tr>
+<td class="tabcont">
+<table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">Add the name and description of the file.</td>
+ </tr>
+ <tr>
+ <td valign="top" class="vncellreq">Name</td>
+ <td class="vtable">
+ <input name="name" type="text" id="name" size="40" value="<?=htmlspecialchars($pconfig['name']);?>" />
+ <br />
+ <span class="vexpl">
+ The list name may only consist of the characters a-z, A-Z and 0-9. <span class="red">Note: </span> No Spaces.
+ </span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell">Description</td>
+ <td width="78%" class="vtable">
+ <input name="descr" type="text" id="descr" size="40" value="<?=$pconfig['descr'];?>" />
+ <br />
+ <span class="vexpl">
+ You may enter a description here for your reference (not parsed).
+ </span>
+ </td>
+ </tr>
+</table>
+<table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <table height="32" width="100%">
+ <tr>
+ <td>
+ <div style='background-color:#E0E0E0' id='redbox'>
+ <table width='100%'>
+ <tr>
+ <td width='8%'>
+ <img style='vertical-align:middle' src="/snort/images/icon_excli.png" width="40" height="32">
+ </td>
+ <td width='70%'>
+ <font size="2" color='#FF850A'><b>NOTE:</b></font>
+ <font size="2" color='#000000'> The threshold keyword is deprecated as of version 2.8.5. Use the event_filter keyword instead.</font>
+ </td>
+ </tr>
+ </table>
+ </div>
+ </td>
+ </tr>
+ <script type="text/javascript">
+ NiftyCheck();
+ Rounded("div#redbox","all","#FFF","#E0E0E0","smooth");
+ Rounded("td#blackbox","all","#FFF","#000000","smooth");
+ </script>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">Apply suppression or filters to rules. Valid keywords are 'suppress', 'event_filter' and 'rate_filter'.</td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="vncell">
+ <b>Example 1;</b> suppress gen_id 1, sig_id 1852, track by_src, ip 10.1.1.54<br>
+ <b>Example 2;</b> event_filter gen_id 1, sig_id 1851, type limit, track by_src, count 1, seconds 60<br>
+ <b>Example 3;</b> rate_filter gen_id 135, sig_id 1, track by_src, count 100, seconds 1, new_action log, timeout 10
+ </td>
+ </tr>
+ <tr>
+ <td width="100%" class="vtable">
+ <textarea wrap="off" name="suppresspassthru" cols="142" rows="28" id="suppresspassthru" class="formpre"><?=htmlspecialchars($pconfig['suppresspassthru']);?></textarea>
+</td>
+ </tr>
+ <tr>
+ <td width="78%">
+ <input id="submit" name="submit" type="submit" class="formbtn" value="Save" />
+ <input id="cancelbutton" name="cancelbutton" type="button" class="formbtn" value="Cancel" onclick="history.back()" />
+ <?php if (isset($id) && $a_suppress[$id]): ?>
+ <input name="id" type="hidden" value="<?=$id;?>" />
+ <?php endif; ?>
+ </td>
+ </tr>
+ </table>
+ </table>
+ </td>
+ </tr>
+ </table>
+</form>
+<?php include("fend.inc"); ?>
+</body>
</html>
\ No newline at end of file diff --git a/config/snort/snort_interfaces_whitelist.php b/config/snort/snort_interfaces_whitelist.php index 3dd8f4dc..87da2f57 100644 --- a/config/snort/snort_interfaces_whitelist.php +++ b/config/snort/snort_interfaces_whitelist.php @@ -1,180 +1,180 @@ -<?php -/* $Id$ */ -/* - firewall_aliases.php - Copyright (C) 2004 Scott Ullrich - All rights reserved. - - originially part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - All rights reserved. - - modified for the pfsense snort package - Copyright (C) 2009-2010 Robert Zelaya. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require("guiconfig.inc"); - - -if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item'])) - $config['installedpackages']['snortglobal']['whitelist']['item'] = array(); - -//aliases_sort(); << what ? -$a_whitelist = &$config['installedpackages']['snortglobal']['whitelist']['item']; - -if (isset($config['installedpackages']['snortglobal']['whitelist']['item'])) { -$id_gen = count($config['installedpackages']['snortglobal']['whitelist']['item']); -}else{ -$id_gen = '0'; -} - -$d_whitelistdirty_path = '/var/run/snort_whitelist.dirty'; - -if ($_POST) { - - $pconfig = $_POST; - - if ($_POST['apply']) { - $retval = 0; - - if(stristr($retval, "error") <> true) - $savemsg = get_std_save_message($retval); - else - $savemsg = $retval; - if ($retval == 0) { - if (file_exists($d_whitelistdirty_path)) - unlink($d_whitelistdirty_path); - } - } -} - -if ($_GET['act'] == "del") { - if ($a_whitelist[$_GET['id']]) { - /* make sure rule is not being referenced by any nat or filter rules */ - - unset($a_whitelist[$_GET['id']]); - write_config(); - filter_configure(); - touch($d_whitelistdirty_path); - header("Location: /snort/snort_interfaces_whitelist.php"); - exit; - } -} - -$pgtitle = "Services: Snort: Whitelist"; -include("head.inc"); - -?> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<?php include("./snort_fbegin.inc"); ?> -<p class="pgtitle"><?=$pgtitle?></p> -<form action="/snort/snort_interfaces_whitelist.php" method="post"> -<?php if ($savemsg) print_info_box($savemsg); ?> -<?php if (file_exists($d_whitelistdirty_path)): ?><p> -<?php print_info_box_np("The white list has been changed.<br>You must apply the changes in order for them to take effect.");?> -<?php endif; ?> - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr><td class="tabnavtbl"> -<?php - $tab_array = array(); - $tab_array[] = array("Snort Interfaces", false, "/snort/snort_interfaces.php"); - $tab_array[] = array("Global Settings", false, "/snort/snort_interfaces_global.php"); - $tab_array[] = array("Rule Updates", false, "/snort/snort_download_rules.php"); - $tab_array[] = array("Alerts", false, "/snort/snort_alerts.php"); - $tab_array[] = array("Blocked", false, "/snort/snort_blocked.php"); - $tab_array[] = array("Whitelists", true, "/snort/snort_interfaces_whitelist.php"); - $tab_array[] = array("Suppress", false, "/snort/snort_interfaces_suppress.php"); - $tab_array[] = array("Help", false, "/snort/snort_help_info.php"); - display_top_tabs($tab_array); -?> </td></tr> -<tr> -<td class="tabcont"> - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - -<tr> - <td width="20%" class="listhdrr">File Name</td> - <td width="40%" class="listhdrr">Values</td> - <td width="40%" class="listhdr">Description</td> - <td width="10%" class="list"> - </td> -</tr> - <?php $i = 0; foreach ($a_whitelist as $list): ?> -<tr> - <td class="listlr" ondblclick="document.location='snort_interfaces_whitelist_edit.php?id=<?=$i;?>';"> - <?=htmlspecialchars($list['name']);?> - </td> - <td class="listr" ondblclick="document.location='snort_interfaces_whitelist_edit.php?id=<?=$i;?>';"> - <?php - $addresses = implode(", ", array_slice(explode(" ", $list['address']), 0, 10)); - echo $addresses; - if(count($addresses) < 10) { - echo " "; - } else { - echo "..."; - } - ?> - </td> - <td class="listbg" ondblclick="document.location='snort_interfaces_whitelist_edit.php?id=<?=$i;?>';"> - <font color="#FFFFFF"> - <?=htmlspecialchars($list['descr']);?> - </td> - <td valign="middle" nowrap class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td valign="middle"><a href="snort_interfaces_whitelist_edit.php?id=<?=$i;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" title="edit whitelist"></a></td> - <td><a href="/snort/snort_interfaces_whitelist.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this whitelist? All elements that still use it will become invalid (e.g. snort rules will fall back to the default whitelist)!')"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" title="delete whitelist"></a></td> - </tr> - </table> - </td> -</tr> - <?php $i++; endforeach; ?> -<tr> - <td class="list" colspan="3"></td> - <td class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td valign="middle" width="17"> </td> - <td valign="middle"><a href="snort_interfaces_whitelist_edit.php?id=<?php echo $id_gen;?> "><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" title="add a new list"></a></td> - </tr> - </table> - </td> -</tr> -</table> - </td> - </tr> - </table> -<br> -<table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> -<td width="100%"><span class="vexpl"><span class="red"><strong>Note:</strong></span> - <p><span class="vexpl">Here you can create whitelist files for your snort package rules.<br>Please add all the ips or networks you want to protect against snort block decisions.<br>Remember that the default whitelist only includes local networks.<br>Be careful, it is very easy to get locked out of you system.</span></p> -</td> -</table> -</form> -<?php include("fend.inc"); ?> -</body> -</html> +<?php
+/* $Id$ */
+/*
+ firewall_aliases.php
+ Copyright (C) 2004 Scott Ullrich
+ All rights reserved.
+
+ originially part of m0n0wall (http://m0n0.ch/wall)
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+
+ modified for the pfsense snort package
+ Copyright (C) 2009-2010 Robert Zelaya.
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+
+require("guiconfig.inc");
+
+
+if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item']))
+ $config['installedpackages']['snortglobal']['whitelist']['item'] = array();
+
+//aliases_sort(); << what ?
+$a_whitelist = &$config['installedpackages']['snortglobal']['whitelist']['item'];
+
+if (isset($config['installedpackages']['snortglobal']['whitelist']['item'])) {
+$id_gen = count($config['installedpackages']['snortglobal']['whitelist']['item']);
+}else{
+$id_gen = '0';
+}
+
+$d_whitelistdirty_path = '/var/run/snort_whitelist.dirty';
+
+if ($_POST) {
+
+ $pconfig = $_POST;
+
+ if ($_POST['apply']) {
+ $retval = 0;
+
+ if(stristr($retval, "error") <> true)
+ $savemsg = get_std_save_message($retval);
+ else
+ $savemsg = $retval;
+ if ($retval == 0) {
+ if (file_exists($d_whitelistdirty_path))
+ unlink($d_whitelistdirty_path);
+ }
+ }
+}
+
+if ($_GET['act'] == "del") {
+ if ($a_whitelist[$_GET['id']]) {
+ /* make sure rule is not being referenced by any nat or filter rules */
+
+ unset($a_whitelist[$_GET['id']]);
+ write_config();
+ filter_configure();
+ touch($d_whitelistdirty_path);
+ header("Location: /snort/snort_interfaces_whitelist.php");
+ exit;
+ }
+}
+
+$pgtitle = "Services: Snort: Whitelist";
+include("head.inc");
+
+?>
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+<?php include("./snort_fbegin.inc"); ?>
+<p class="pgtitle"><?=$pgtitle?></p>
+<form action="/snort/snort_interfaces_whitelist.php" method="post">
+<?php if ($savemsg) print_info_box($savemsg); ?>
+<?php if (file_exists($d_whitelistdirty_path)): ?><p>
+<?php print_info_box_np("The white list has been changed.<br>You must apply the changes in order for them to take effect.");?>
+<?php endif; ?>
+
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr><td class="tabnavtbl">
+<?php
+ $tab_array = array();
+ $tab_array[] = array("Snort Interfaces", false, "/snort/snort_interfaces.php");
+ $tab_array[] = array("Global Settings", false, "/snort/snort_interfaces_global.php");
+ $tab_array[] = array("Rule Updates", false, "/snort/snort_download_rules.php");
+ $tab_array[] = array("Alerts", false, "/snort/snort_alerts.php");
+ $tab_array[] = array("Blocked", false, "/snort/snort_blocked.php");
+ $tab_array[] = array("Whitelists", true, "/snort/snort_interfaces_whitelist.php");
+ $tab_array[] = array("Suppress", false, "/snort/snort_interfaces_suppress.php");
+ $tab_array[] = array("Help", false, "/snort/snort_help_info.php");
+ display_top_tabs($tab_array);
+?> </td></tr>
+<tr>
+<td class="tabcont">
+
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+
+<tr>
+ <td width="20%" class="listhdrr">File Name</td>
+ <td width="40%" class="listhdrr">Values</td>
+ <td width="40%" class="listhdr">Description</td>
+ <td width="10%" class="list">
+ </td>
+</tr>
+ <?php $i = 0; foreach ($a_whitelist as $list): ?>
+<tr>
+ <td class="listlr" ondblclick="document.location='snort_interfaces_whitelist_edit.php?id=<?=$i;?>';">
+ <?=htmlspecialchars($list['name']);?>
+ </td>
+ <td class="listr" ondblclick="document.location='snort_interfaces_whitelist_edit.php?id=<?=$i;?>';">
+ <?php
+ $addresses = implode(", ", array_slice(explode(" ", $list['address']), 0, 10));
+ echo $addresses;
+ if(count($addresses) < 10) {
+ echo " ";
+ } else {
+ echo "...";
+ }
+ ?>
+ </td>
+ <td class="listbg" ondblclick="document.location='snort_interfaces_whitelist_edit.php?id=<?=$i;?>';">
+ <font color="#FFFFFF">
+ <?=htmlspecialchars($list['descr']);?>
+ </td>
+ <td valign="middle" nowrap class="list">
+ <table border="0" cellspacing="0" cellpadding="1">
+ <tr>
+ <td valign="middle"><a href="snort_interfaces_whitelist_edit.php?id=<?=$i;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" title="edit whitelist"></a></td>
+ <td><a href="/snort/snort_interfaces_whitelist.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this whitelist? All elements that still use it will become invalid (e.g. snort rules will fall back to the default whitelist)!')"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" title="delete whitelist"></a></td>
+ </tr>
+ </table>
+ </td>
+</tr>
+ <?php $i++; endforeach; ?>
+<tr>
+ <td class="list" colspan="3"></td>
+ <td class="list">
+ <table border="0" cellspacing="0" cellpadding="1">
+ <tr>
+ <td valign="middle" width="17"> </td>
+ <td valign="middle"><a href="snort_interfaces_whitelist_edit.php?id=<?php echo $id_gen;?> "><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" title="add a new list"></a></td>
+ </tr>
+ </table>
+ </td>
+</tr>
+</table>
+ </td>
+ </tr>
+ </table>
+<br>
+<table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
+<td width="100%"><span class="vexpl"><span class="red"><strong>Note:</strong></span>
+ <p><span class="vexpl">Here you can create whitelist files for your snort package rules.<br>Please add all the ips or networks you want to protect against snort block decisions.<br>Remember that the default whitelist only includes local networks.<br>Be careful, it is very easy to get locked out of you system.</span></p>
+</td>
+</table>
+</form>
+<?php include("fend.inc"); ?>
+</body>
+</html>
diff --git a/config/snort/snort_interfaces_whitelist_edit.php b/config/snort/snort_interfaces_whitelist_edit.php index 4f2d027b..c147ca7f 100644 --- a/config/snort/snort_interfaces_whitelist_edit.php +++ b/config/snort/snort_interfaces_whitelist_edit.php @@ -1,477 +1,477 @@ -<?php -/* $Id$ */ -/* - firewall_aliases_edit.php - Copyright (C) 2004 Scott Ullrich - All rights reserved. - - originially part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - All rights reserved. - - modified for the pfsense snort package - Copyright (C) 2009-2010 Robert Zelaya. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort.inc"); -require_once("/usr/local/pkg/snort/snort_gui.inc"); - -if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item'])) - $config['installedpackages']['snortglobal']['whitelist']['item'] = array(); - -$a_whitelist = &$config['installedpackages']['snortglobal']['whitelist']['item']; - -$id = $_GET['id']; -if (isset($_POST['id'])) - $id = $_POST['id']; - - -/* gen uuid for each iface !inportant */ -if ($config['installedpackages']['snortglobal']['whitelist']['item'][$id]['uuid'] == '') { - //$snort_uuid = gen_snort_uuid(strrev(uniqid(true))); -$whitelist_uuid = 0; -while ($whitelist_uuid > 65535 || $whitelist_uuid == 0) { - $whitelist_uuid = mt_rand(1, 65535); - $pconfig['uuid'] = $whitelist_uuid; - } -} - -if ($config['installedpackages']['snortglobal']['whitelist']['item'][$id]['uuid'] != '') { - $whitelist_uuid = $config['installedpackages']['snortglobal']['whitelist']['item'][$id]['uuid']; -} - -$pgtitle = "Services: Snort: Whitelist: Edit $whitelist_uuid"; - -$d_snort_whitelist_dirty_path = '/var/run/snort_whitelist.dirty'; - -/* returns true if $name is a valid name for a whitelist file name or ip */ -function is_validwhitelistname($name) { - if (!is_string($name)) - return false; - - if (!preg_match("/[^a-zA-Z0-9\.\/]/", $name)) - return true; - - return false; -} - - -if (isset($id) && $a_whitelist[$id]) { - - /* old settings */ - $pconfig['name'] = $a_whitelist[$id]['name']; - $pconfig['uuid'] = $a_whitelist[$id]['uuid']; - $pconfig['detail'] = $a_whitelist[$id]['detail']; - $pconfig['snortlisttype'] = $a_whitelist[$id]['snortlisttype']; - $pconfig['address'] = $a_whitelist[$id]['address']; - $pconfig['descr'] = html_entity_decode($a_whitelist[$id]['descr']); - $pconfig['wanips'] = $a_whitelist[$id]['wanips']; - $pconfig['wangateips'] = $a_whitelist[$id]['wangateips']; - $pconfig['wandnsips'] = $a_whitelist[$id]['wandnsips']; - $pconfig['vips'] = $a_whitelist[$id]['vips']; - $pconfig['vpnips'] = $a_whitelist[$id]['vpnips']; - - - $addresses = explode(' ', $pconfig['address']); - $address = explode(" ", $addresses[0]); - if ($address[1]) - $addresssubnettest = true; - else - $addresssubnettest = false; -} - - /* this will exec when alert says apply */ - if ($_POST['apply']) { - - if (file_exists("$d_snort_whitelist_dirty_path")) { - - write_config(); - - sync_snort_package_config(); - sync_snort_package(); - - unlink("$d_snort_whitelist_dirty_path"); - - } - - } - -if ($_POST['submit']) { - - unset($input_errors); - $pconfig = $_POST; - - /* input validation */ - $reqdfields = explode(" ", "name address"); - $reqdfieldsn = explode(",", "Name,Address"); - - do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); - - if(strtolower($_POST['name']) == "defaultwhitelist") - $input_errors[] = "Whitelist file names may not be named defaultwhitelist."; - - $x = is_validwhitelistname($_POST['name']); - if (!isset($x)) { - $input_errors[] = "Reserved word used for whitelist file name."; - } else { - if (is_validwhitelistname($_POST['name']) == false) - $input_errors[] = "Whitelist file name may only consist of the characters a-z, A-Z and 0-9 _. Note: No Spaces. Press Cancel to reset."; - } - - if (is_validwhitelistname($_POST['address']) == false) - $input_errors[] = "Whitelist address may only consist of the characters 0-9 and /. Note: No Spaces. Press Cancel to reset."; - - - /* check for name conflicts */ - foreach ($a_whitelist as $w_list) { - if (isset($id) && ($a_whitelist[$id]) && ($a_whitelist[$id] === $w_list)) - continue; - - if ($w_list['name'] == $_POST['name']) { - $input_errors[] = "A whitelist file name with this name already exists."; - break; - } - } - - - $w_list = array(); - /* post user input */ - $w_list['name'] = $_POST['name']; - $w_list['uuid'] = $whitelist_uuid; - $w_list['snortlisttype'] = $_POST['snortlisttype']; - $w_list['address'] = $_POST['address']; - $w_list['wanips'] = $_POST['wanips']? yes : no; - $w_list['wangateips'] = $_POST['wangateips']? yes : no; - $w_list['wandnsips'] = $_POST['wandnsips']? yes : no; - $w_list['vips'] = $_POST['vips']? yes : no; - $w_list['vpnips'] = $_POST['vpnips']? yes : no; - - - $address = $w_list['address']; - $final_address_detail = mb_convert_encoding($_POST['detail'],"HTML-ENTITIES","auto"); - if($final_address_detail <> "") { - $final_address_details .= $final_address_detail; - } else { - $final_address_details .= "Entry added" . " "; - $final_address_details .= date('r'); - } - $final_address_details .= "||"; - $isfirst = 0; - - - /* add another entry code */ - for($x=0; $x<299; $x++) { - $comd = "\$subnet = \$_POST['address" . $x . "'];"; - eval($comd); - $comd = "\$subnet_address = \$_POST['address_subnet" . $x . "'];"; - eval($comd); - if($subnet <> "") { - $address .= " "; - $address .= $subnet; - if($subnet_address <> "") $address .= "" . $subnet_address; - - /* Compress in details to a single key, data separated by pipes. - Pulling details here lets us only pull in details for valid - address entries, saving us from having to track which ones to - process later. */ - $comd = "\$final_address_detail = mb_convert_encoding(\$_POST['detail" . $x . "'],'HTML-ENTITIES','auto');"; - eval($comd); - if($final_address_detail <> "") { - $final_address_details .= $final_address_detail; - } else { - $final_address_details .= "Entry added" . " "; - $final_address_details .= date('r'); - } - $final_address_details .= "||"; - } - } - - if (!$input_errors) { - $w_list['address'] = $address; - $w_list['descr'] = mb_convert_encoding($_POST['descr'],"HTML-ENTITIES","auto"); - $w_list['detail'] = $final_address_details; - - if (isset($id) && $a_whitelist[$id]) - $a_whitelist[$id] = $w_list; - else - $a_whitelist[] = $w_list; - - touch($d_snort_whitelist_dirty_path); - - write_config(); - - header("Location: /snort/snort_interfaces_whitelist_edit.php?id=$id"); - exit; - } - //we received input errors, copy data to prevent retype - else - { - $pconfig['descr'] = mb_convert_encoding($_POST['descr'],"HTML-ENTITIES","auto"); - $pconfig['address'] = $address; - $pconfig['detail'] = $final_address_details; - } -} - -include("head.inc"); - -?> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC" onload="<?= $jsevents["body"]["onload"] ?>"> -<?php - include("./snort_fbegin.inc"); - echo $jscriptstr; -?> - -<script type="text/javascript" src="/snort/javascript/row_helper.js"></script> -<input type='hidden' name='address_type' value='textbox' /> -<script type="text/javascript"> - rowname[0] = "address"; - rowtype[0] = "textbox"; - rowsize[0] = "30"; - - rowname[1] = "detail"; - rowtype[1] = "textbox"; - rowsize[1] = "50"; -</script> - -<p class="pgtitle"><?=$pgtitle?></p> - -<?php if ($input_errors) print_input_errors($input_errors); ?> -<div id="inputerrors"></div> - -<form action="snort_interfaces_whitelist_edit.php?id=<?=$id?>" method="post" name="iform" id="iform"> - -<?php - /* Display Alert message */ - if ($input_errors) { - print_input_errors($input_errors); // TODO: add checks - } - - if ($savemsg) { - print_info_box2($savemsg); - } - - //if (file_exists($d_snortconfdirty_path)) { - if (file_exists($d_snort_whitelist_dirty_path)) { - echo '<p>'; - - if($savemsg) { - print_info_box_np2("{$savemsg}"); - }else{ - print_info_box_np2(' - The Snort configuration has changed and snort needs to be restarted on this interface.<br> - You must apply the changes in order for them to take effect.<br> - '); - } - } -?> - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr><td class="tabnavtbl"> -<?php - $tab_array = array(); - $tab_array[] = array("Snort Interfaces", false, "/snort/snort_interfaces.php"); - $tab_array[] = array("Global Settings", false, "/snort/snort_interfaces_global.php"); - $tab_array[] = array("Rule Updates", false, "/snort/snort_download_rules.php"); - $tab_array[] = array("Alerts", false, "/snort/snort_alerts.php"); - $tab_array[] = array("Blocked", false, "/snort/snort_blocked.php"); - $tab_array[] = array("Whitelists", true, "/snort/snort_interfaces_whitelist.php"); - $tab_array[] = array("Suppress", false, "/snort/snort_interfaces_suppress.php"); - $tab_array[] = array("Help", false, "/snort/snort_help_info.php"); - display_top_tabs($tab_array); -?> </td></tr> -<tr> -<td class="tabcont"> - -<table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td colspan="2" valign="top" class="listtopic">Add the name and description of the file.</td> - </tr> - <tr> - <td valign="top" class="vncellreq">Name</td> - <td class="vtable"> - <input name="name" type="text" id="name" size="40" value="<?=htmlspecialchars($pconfig['name']);?>" /> - <br /> - <span class="vexpl"> - The list name may only consist of the characters a-z, A-Z and 0-9. <span class="red">Note: </span> No Spaces. - </span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Description</td> - <td width="78%" class="vtable"> - <input name="descr" type="text" id="descr" size="40" value="<?=$pconfig['descr'];?>" /> - <br /> - <span class="vexpl"> - You may enter a description here for your reference (not parsed). - </span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">List Type</td> - <td width="78%" class="vtable"> - <select name="snortlisttype" class="formfld" id="snortlisttype"> - <?php - $interfaces4 = array('whitelist' => 'WHITELIST', 'netlist' => 'NETLIST'); - foreach ($interfaces4 as $iface4 => $ifacename4): ?> - <option value="<?=$iface4;?>" <?php if ($iface4 == $pconfig['snortlisttype']) echo "selected"; ?>> - <?=htmlspecialchars($ifacename4);?> - </option> - <?php endforeach; ?> - </select><br> - <span class="vexpl">Choose the type of list you will like see in your Interface Edit Tab. Hint: Best pratice is to test every list you make. - </span> <span class="red">Note:</span> NETLIST's are only for defining snort.conf's external or home NETS.</td> - </tr> - <tr> - <td colspan="2" valign="top" class="listtopic">Add auto generated ips.</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">WAN IPs</td> - <td width="78%" class="vtable"> - <input name="wanips" type="checkbox" id="wanips" size="40" value="yes" <?php if($pconfig['wanips'] == 'yes'){ echo "checked";} if($pconfig['wanips'] == ''){ echo "checked";} ?>/> - <span class="vexpl"> - Add WAN IPs to the list. - </span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Wan Gateways</td> - <td width="78%" class="vtable"> - <input name="wangateips" type="checkbox" id="wangateips" size="40" value="yes" <?php if($pconfig['wangateips'] == 'yes'){ echo "checked";} if($pconfig['wangateips'] == ''){ echo "checked";} ?>/> - <span class="vexpl"> - Add WAN Gateways to the list. - </span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Wan DNS servers</td> - <td width="78%" class="vtable"> - <input name="wandnsips" type="checkbox" id="wandnsips" size="40" value="yes" <?php if($pconfig['wandnsips'] == 'yes'){ echo "checked";} if($pconfig['wandnsips'] == ''){ echo "checked";} ?>/> - <span class="vexpl"> - Add WAN DNS servers to the list. - </span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Virtual IP Addresses</td> - <td width="78%" class="vtable"> - <input name="vips" type="checkbox" id="vips" size="40" value="yes" <?php if($pconfig['vips'] == 'yes'){ echo "checked";} if($pconfig['vips'] == ''){ echo "checked";} ?>/> - <span class="vexpl"> - Add Virtual IP Addresses to the list. - </span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">VPNs</td> - <td width="78%" class="vtable"> - <input name="vpnips" type="checkbox" id="vpnips" size="40" value="yes" <?php if($pconfig['vpnips'] == 'yes'){ echo "checked";} if($pconfig['vpnips'] == ''){ echo "checked";} ?>/> - <span class="vexpl"> - Add VPN Addresses to the list. - </span> - </td> - </tr> - <tr> - <td colspan="2" valign="top" class="listtopic">Add your own custom ips.</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq"><div id="addressnetworkport">IP or CIDR items</div></td> - <td width="78%" class="vtable"> - <table id="maintable"> - <tbody> - <tr> - <td colspan="4"> - <div style="padding:5px; margin-top: 16px; margin-bottom: 16px; border:1px dashed #000066; background-color: #ffffff; color: #000000; font-size: 8pt;" id="itemhelp"> - Enter only ips or CIDR notations. Example: 192.168.4.1 or 192.168.1.0/24</div> - </td> - </tr> - <tr> - <td><div id="onecolumn">IP or CIDR</div></td> - <td><div id="threecolumn">Add a Description or leave blank and a date will be added.</div></td> - </tr> - - <?php - /* cleanup code */ - $counter = 0; - $address = $pconfig['address']; - $item = explode(" ", $address); - $item3 = explode("||", $pconfig['detail']); - foreach($item as $ww) { - $address = $item[$counter]; - $item4 = $item3[$counter]; - if($counter > 0) $tracker = $counter + 1; - ?> - <tr> - <td> - <input name="address<?php echo $tracker; ?>" type="text" id="address<?php echo $tracker; ?>" size="30" value="<?=htmlspecialchars($address);?>" /> - </td> - <td> - <input name="detail<?php echo $tracker; ?>" type="text" id="detail<?php echo $tracker; ?>" size="50" value="<?=$item4;?>" /> - </td> - <td> - <?php - if($counter > 0) - echo "<input type=\"image\" src=\"/themes/".$g['theme']."/images/icons/icon_x.gif\" onclick=\"removeRow(this); return false;\" value=\"Delete\" />"; - ?> - </td> - </tr> - <?php - $counter++; - - } // end foreach - ?> - </tbody> - </table> - <a onclick="javascript:addRowTo('maintable'); return false;" href="#"><img border="0" src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" alt="" title="add another entry" /> - </a> - </td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> - <input id="submit" name="submit" type="submit" class="formbtn" value="Save" /> - <input id="cancelbutton" name="cancelbutton" type="button" class="formbtn" value="Cancel" onclick="history.back()" /> - <?php if (isset($id) && $a_whitelist[$id]): ?> - <input name="id" type="hidden" value="<?=$id;?>" /> - <?php endif; ?> - </td> - </tr> -</table> - </td> - </tr> - </table> -</form> - -<script type="text/javascript"> - /* row and col adjust when you add extra entries */ - field_counter_js = 2; - rows = 1; - totalrows = <?php echo $counter; ?>; - loaded = <?php echo $counter; ?>; -</script> - -<?php include("fend.inc"); ?> -</body> +<?php
+/* $Id$ */
+/*
+ firewall_aliases_edit.php
+ Copyright (C) 2004 Scott Ullrich
+ All rights reserved.
+
+ originially part of m0n0wall (http://m0n0.ch/wall)
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+
+ modified for the pfsense snort package
+ Copyright (C) 2009-2010 Robert Zelaya.
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+
+require_once("guiconfig.inc");
+require_once("/usr/local/pkg/snort/snort.inc");
+require_once("/usr/local/pkg/snort/snort_gui.inc");
+
+if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item']))
+ $config['installedpackages']['snortglobal']['whitelist']['item'] = array();
+
+$a_whitelist = &$config['installedpackages']['snortglobal']['whitelist']['item'];
+
+$id = $_GET['id'];
+if (isset($_POST['id']))
+ $id = $_POST['id'];
+
+
+/* gen uuid for each iface !inportant */
+if ($config['installedpackages']['snortglobal']['whitelist']['item'][$id]['uuid'] == '') {
+ //$snort_uuid = gen_snort_uuid(strrev(uniqid(true)));
+$whitelist_uuid = 0;
+while ($whitelist_uuid > 65535 || $whitelist_uuid == 0) {
+ $whitelist_uuid = mt_rand(1, 65535);
+ $pconfig['uuid'] = $whitelist_uuid;
+ }
+}
+
+if ($config['installedpackages']['snortglobal']['whitelist']['item'][$id]['uuid'] != '') {
+ $whitelist_uuid = $config['installedpackages']['snortglobal']['whitelist']['item'][$id]['uuid'];
+}
+
+$pgtitle = "Services: Snort: Whitelist: Edit $whitelist_uuid";
+
+$d_snort_whitelist_dirty_path = '/var/run/snort_whitelist.dirty';
+
+/* returns true if $name is a valid name for a whitelist file name or ip */
+function is_validwhitelistname($name) {
+ if (!is_string($name))
+ return false;
+
+ if (!preg_match("/[^a-zA-Z0-9\.\/]/", $name))
+ return true;
+
+ return false;
+}
+
+
+if (isset($id) && $a_whitelist[$id]) {
+
+ /* old settings */
+ $pconfig['name'] = $a_whitelist[$id]['name'];
+ $pconfig['uuid'] = $a_whitelist[$id]['uuid'];
+ $pconfig['detail'] = $a_whitelist[$id]['detail'];
+ $pconfig['snortlisttype'] = $a_whitelist[$id]['snortlisttype'];
+ $pconfig['address'] = $a_whitelist[$id]['address'];
+ $pconfig['descr'] = html_entity_decode($a_whitelist[$id]['descr']);
+ $pconfig['wanips'] = $a_whitelist[$id]['wanips'];
+ $pconfig['wangateips'] = $a_whitelist[$id]['wangateips'];
+ $pconfig['wandnsips'] = $a_whitelist[$id]['wandnsips'];
+ $pconfig['vips'] = $a_whitelist[$id]['vips'];
+ $pconfig['vpnips'] = $a_whitelist[$id]['vpnips'];
+
+
+ $addresses = explode(' ', $pconfig['address']);
+ $address = explode(" ", $addresses[0]);
+ if ($address[1])
+ $addresssubnettest = true;
+ else
+ $addresssubnettest = false;
+}
+
+ /* this will exec when alert says apply */
+ if ($_POST['apply']) {
+
+ if (file_exists("$d_snort_whitelist_dirty_path")) {
+
+ write_config();
+
+ sync_snort_package_config();
+ sync_snort_package();
+
+ unlink("$d_snort_whitelist_dirty_path");
+
+ }
+
+ }
+
+if ($_POST['submit']) {
+
+ unset($input_errors);
+ $pconfig = $_POST;
+
+ /* input validation */
+ $reqdfields = explode(" ", "name address");
+ $reqdfieldsn = explode(",", "Name,Address");
+
+ do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
+
+ if(strtolower($_POST['name']) == "defaultwhitelist")
+ $input_errors[] = "Whitelist file names may not be named defaultwhitelist.";
+
+ $x = is_validwhitelistname($_POST['name']);
+ if (!isset($x)) {
+ $input_errors[] = "Reserved word used for whitelist file name.";
+ } else {
+ if (is_validwhitelistname($_POST['name']) == false)
+ $input_errors[] = "Whitelist file name may only consist of the characters a-z, A-Z and 0-9 _. Note: No Spaces. Press Cancel to reset.";
+ }
+
+ if (is_validwhitelistname($_POST['address']) == false)
+ $input_errors[] = "Whitelist address may only consist of the characters 0-9 and /. Note: No Spaces. Press Cancel to reset.";
+
+
+ /* check for name conflicts */
+ foreach ($a_whitelist as $w_list) {
+ if (isset($id) && ($a_whitelist[$id]) && ($a_whitelist[$id] === $w_list))
+ continue;
+
+ if ($w_list['name'] == $_POST['name']) {
+ $input_errors[] = "A whitelist file name with this name already exists.";
+ break;
+ }
+ }
+
+
+ $w_list = array();
+ /* post user input */
+ $w_list['name'] = $_POST['name'];
+ $w_list['uuid'] = $whitelist_uuid;
+ $w_list['snortlisttype'] = $_POST['snortlisttype'];
+ $w_list['address'] = $_POST['address'];
+ $w_list['wanips'] = $_POST['wanips']? yes : no;
+ $w_list['wangateips'] = $_POST['wangateips']? yes : no;
+ $w_list['wandnsips'] = $_POST['wandnsips']? yes : no;
+ $w_list['vips'] = $_POST['vips']? yes : no;
+ $w_list['vpnips'] = $_POST['vpnips']? yes : no;
+
+
+ $address = $w_list['address'];
+ $final_address_detail = mb_convert_encoding($_POST['detail'],"HTML-ENTITIES","auto");
+ if($final_address_detail <> "") {
+ $final_address_details .= $final_address_detail;
+ } else {
+ $final_address_details .= "Entry added" . " ";
+ $final_address_details .= date('r');
+ }
+ $final_address_details .= "||";
+ $isfirst = 0;
+
+
+ /* add another entry code */
+ for($x=0; $x<299; $x++) {
+ $comd = "\$subnet = \$_POST['address" . $x . "'];";
+ eval($comd);
+ $comd = "\$subnet_address = \$_POST['address_subnet" . $x . "'];";
+ eval($comd);
+ if($subnet <> "") {
+ $address .= " ";
+ $address .= $subnet;
+ if($subnet_address <> "") $address .= "" . $subnet_address;
+
+ /* Compress in details to a single key, data separated by pipes.
+ Pulling details here lets us only pull in details for valid
+ address entries, saving us from having to track which ones to
+ process later. */
+ $comd = "\$final_address_detail = mb_convert_encoding(\$_POST['detail" . $x . "'],'HTML-ENTITIES','auto');";
+ eval($comd);
+ if($final_address_detail <> "") {
+ $final_address_details .= $final_address_detail;
+ } else {
+ $final_address_details .= "Entry added" . " ";
+ $final_address_details .= date('r');
+ }
+ $final_address_details .= "||";
+ }
+ }
+
+ if (!$input_errors) {
+ $w_list['address'] = $address;
+ $w_list['descr'] = mb_convert_encoding($_POST['descr'],"HTML-ENTITIES","auto");
+ $w_list['detail'] = $final_address_details;
+
+ if (isset($id) && $a_whitelist[$id])
+ $a_whitelist[$id] = $w_list;
+ else
+ $a_whitelist[] = $w_list;
+
+ touch($d_snort_whitelist_dirty_path);
+
+ write_config();
+
+ header("Location: /snort/snort_interfaces_whitelist_edit.php?id=$id");
+ exit;
+ }
+ //we received input errors, copy data to prevent retype
+ else
+ {
+ $pconfig['descr'] = mb_convert_encoding($_POST['descr'],"HTML-ENTITIES","auto");
+ $pconfig['address'] = $address;
+ $pconfig['detail'] = $final_address_details;
+ }
+}
+
+include("head.inc");
+
+?>
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC" onload="<?= $jsevents["body"]["onload"] ?>">
+<?php
+ include("./snort_fbegin.inc");
+ echo $jscriptstr;
+?>
+
+<script type="text/javascript" src="/snort/javascript/row_helper.js"></script>
+<input type='hidden' name='address_type' value='textbox' />
+<script type="text/javascript">
+ rowname[0] = "address";
+ rowtype[0] = "textbox";
+ rowsize[0] = "30";
+
+ rowname[1] = "detail";
+ rowtype[1] = "textbox";
+ rowsize[1] = "50";
+</script>
+
+<p class="pgtitle"><?=$pgtitle?></p>
+
+<?php if ($input_errors) print_input_errors($input_errors); ?>
+<div id="inputerrors"></div>
+
+<form action="snort_interfaces_whitelist_edit.php?id=<?=$id?>" method="post" name="iform" id="iform">
+
+<?php
+ /* Display Alert message */
+ if ($input_errors) {
+ print_input_errors($input_errors); // TODO: add checks
+ }
+
+ if ($savemsg) {
+ print_info_box2($savemsg);
+ }
+
+ //if (file_exists($d_snortconfdirty_path)) {
+ if (file_exists($d_snort_whitelist_dirty_path)) {
+ echo '<p>';
+
+ if($savemsg) {
+ print_info_box_np2("{$savemsg}");
+ }else{
+ print_info_box_np2('
+ The Snort configuration has changed and snort needs to be restarted on this interface.<br>
+ You must apply the changes in order for them to take effect.<br>
+ ');
+ }
+ }
+?>
+
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr><td class="tabnavtbl">
+<?php
+ $tab_array = array();
+ $tab_array[] = array("Snort Interfaces", false, "/snort/snort_interfaces.php");
+ $tab_array[] = array("Global Settings", false, "/snort/snort_interfaces_global.php");
+ $tab_array[] = array("Rule Updates", false, "/snort/snort_download_rules.php");
+ $tab_array[] = array("Alerts", false, "/snort/snort_alerts.php");
+ $tab_array[] = array("Blocked", false, "/snort/snort_blocked.php");
+ $tab_array[] = array("Whitelists", true, "/snort/snort_interfaces_whitelist.php");
+ $tab_array[] = array("Suppress", false, "/snort/snort_interfaces_suppress.php");
+ $tab_array[] = array("Help", false, "/snort/snort_help_info.php");
+ display_top_tabs($tab_array);
+?> </td></tr>
+<tr>
+<td class="tabcont">
+
+<table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">Add the name and description of the file.</td>
+ </tr>
+ <tr>
+ <td valign="top" class="vncellreq">Name</td>
+ <td class="vtable">
+ <input name="name" type="text" id="name" size="40" value="<?=htmlspecialchars($pconfig['name']);?>" />
+ <br />
+ <span class="vexpl">
+ The list name may only consist of the characters a-z, A-Z and 0-9. <span class="red">Note: </span> No Spaces.
+ </span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell">Description</td>
+ <td width="78%" class="vtable">
+ <input name="descr" type="text" id="descr" size="40" value="<?=$pconfig['descr'];?>" />
+ <br />
+ <span class="vexpl">
+ You may enter a description here for your reference (not parsed).
+ </span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell">List Type</td>
+ <td width="78%" class="vtable">
+ <select name="snortlisttype" class="formfld" id="snortlisttype">
+ <?php
+ $interfaces4 = array('whitelist' => 'WHITELIST', 'netlist' => 'NETLIST');
+ foreach ($interfaces4 as $iface4 => $ifacename4): ?>
+ <option value="<?=$iface4;?>" <?php if ($iface4 == $pconfig['snortlisttype']) echo "selected"; ?>>
+ <?=htmlspecialchars($ifacename4);?>
+ </option>
+ <?php endforeach; ?>
+ </select><br>
+ <span class="vexpl">Choose the type of list you will like see in your Interface Edit Tab. Hint: Best pratice is to test every list you make.
+ </span> <span class="red">Note:</span> NETLIST's are only for defining snort.conf's external or home NETS.</td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">Add auto generated ips.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell">WAN IPs</td>
+ <td width="78%" class="vtable">
+ <input name="wanips" type="checkbox" id="wanips" size="40" value="yes" <?php if($pconfig['wanips'] == 'yes'){ echo "checked";} if($pconfig['wanips'] == ''){ echo "checked";} ?>/>
+ <span class="vexpl">
+ Add WAN IPs to the list.
+ </span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell">Wan Gateways</td>
+ <td width="78%" class="vtable">
+ <input name="wangateips" type="checkbox" id="wangateips" size="40" value="yes" <?php if($pconfig['wangateips'] == 'yes'){ echo "checked";} if($pconfig['wangateips'] == ''){ echo "checked";} ?>/>
+ <span class="vexpl">
+ Add WAN Gateways to the list.
+ </span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell">Wan DNS servers</td>
+ <td width="78%" class="vtable">
+ <input name="wandnsips" type="checkbox" id="wandnsips" size="40" value="yes" <?php if($pconfig['wandnsips'] == 'yes'){ echo "checked";} if($pconfig['wandnsips'] == ''){ echo "checked";} ?>/>
+ <span class="vexpl">
+ Add WAN DNS servers to the list.
+ </span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell">Virtual IP Addresses</td>
+ <td width="78%" class="vtable">
+ <input name="vips" type="checkbox" id="vips" size="40" value="yes" <?php if($pconfig['vips'] == 'yes'){ echo "checked";} if($pconfig['vips'] == ''){ echo "checked";} ?>/>
+ <span class="vexpl">
+ Add Virtual IP Addresses to the list.
+ </span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell">VPNs</td>
+ <td width="78%" class="vtable">
+ <input name="vpnips" type="checkbox" id="vpnips" size="40" value="yes" <?php if($pconfig['vpnips'] == 'yes'){ echo "checked";} if($pconfig['vpnips'] == ''){ echo "checked";} ?>/>
+ <span class="vexpl">
+ Add VPN Addresses to the list.
+ </span>
+ </td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">Add your own custom ips.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq"><div id="addressnetworkport">IP or CIDR items</div></td>
+ <td width="78%" class="vtable">
+ <table id="maintable">
+ <tbody>
+ <tr>
+ <td colspan="4">
+ <div style="padding:5px; margin-top: 16px; margin-bottom: 16px; border:1px dashed #000066; background-color: #ffffff; color: #000000; font-size: 8pt;" id="itemhelp">
+ Enter only ips or CIDR notations. Example: 192.168.4.1 or 192.168.1.0/24</div>
+ </td>
+ </tr>
+ <tr>
+ <td><div id="onecolumn">IP or CIDR</div></td>
+ <td><div id="threecolumn">Add a Description or leave blank and a date will be added.</div></td>
+ </tr>
+
+ <?php
+ /* cleanup code */
+ $counter = 0;
+ $address = $pconfig['address'];
+ $item = explode(" ", $address);
+ $item3 = explode("||", $pconfig['detail']);
+ foreach($item as $ww) {
+ $address = $item[$counter];
+ $item4 = $item3[$counter];
+ if($counter > 0) $tracker = $counter + 1;
+ ?>
+ <tr>
+ <td>
+ <input name="address<?php echo $tracker; ?>" type="text" id="address<?php echo $tracker; ?>" size="30" value="<?=htmlspecialchars($address);?>" />
+ </td>
+ <td>
+ <input name="detail<?php echo $tracker; ?>" type="text" id="detail<?php echo $tracker; ?>" size="50" value="<?=$item4;?>" />
+ </td>
+ <td>
+ <?php
+ if($counter > 0)
+ echo "<input type=\"image\" src=\"/themes/".$g['theme']."/images/icons/icon_x.gif\" onclick=\"removeRow(this); return false;\" value=\"Delete\" />";
+ ?>
+ </td>
+ </tr>
+ <?php
+ $counter++;
+
+ } // end foreach
+ ?>
+ </tbody>
+ </table>
+ <a onclick="javascript:addRowTo('maintable'); return false;" href="#"><img border="0" src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" alt="" title="add another entry" />
+ </a>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top"> </td>
+ <td width="78%">
+ <input id="submit" name="submit" type="submit" class="formbtn" value="Save" />
+ <input id="cancelbutton" name="cancelbutton" type="button" class="formbtn" value="Cancel" onclick="history.back()" />
+ <?php if (isset($id) && $a_whitelist[$id]): ?>
+ <input name="id" type="hidden" value="<?=$id;?>" />
+ <?php endif; ?>
+ </td>
+ </tr>
+</table>
+ </td>
+ </tr>
+ </table>
+</form>
+
+<script type="text/javascript">
+ /* row and col adjust when you add extra entries */
+ field_counter_js = 2;
+ rows = 1;
+ totalrows = <?php echo $counter; ?>;
+ loaded = <?php echo $counter; ?>;
+</script>
+
+<?php include("fend.inc"); ?>
+</body>
</html>
\ No newline at end of file diff --git a/config/varnish64/varnish_backends.xml b/config/varnish64/varnish_backends.xml index 6d404e80..24b38a2f 100644 --- a/config/varnish64/varnish_backends.xml +++ b/config/varnish64/varnish_backends.xml @@ -65,6 +65,11 @@ <item>http://www.pfsense.com/packages/config/varnish64/varnish.inc</item> </additional_files_needed> <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + <item>http://www.pfsense.com/packages/config/varnish64/varnish_sync</item> + </additional_files_needed> + <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> <item>http://www.pfsense.com/packages/config/varnish64/varnish_view_config.php</item> diff --git a/pkg_config.7.xml b/pkg_config.7.xml index 0fb9c6eb..9c9df036 100755 --- a/pkg_config.7.xml +++ b/pkg_config.7.xml @@ -2,6 +2,20 @@ <!-- pfSense packages --> <pfsensepkgs> <packages> + <package> + <name>IP-Blocklist</name> + <website/> + <descr>IP-Blocklist is like PeerGuardian2. IP lists are used to add deny/allow rules to the firewall for in & out traffic.</descr> + <category>Firewall</category> + <pkginfolink>http://forum.pfsense.org/index.php/topic,24769.0.html</pkginfolink> + <config_file>http://pfsense.org/packages/config/ipblocklist/ipblocklist.xml</config_file> + <depends_on_package_base_url>http://files.pfsense.org/packages/7/All/</depends_on_package_base_url> + <version>0.2.0</version> + <status>Beta</status> + <required_version>1.2.2</required_version> + <maintainer>tom@tomschaefer.org</maintainer> + <configurationfile>ipblocklist.xml</configurationfile> + </package> <package> <name>anyterm</name> <descr>Ajax Interactive Shell - Have you ever wanted SSH or telnet access to your system from an internet desert - from behind a strict firewall, from an internet cafe, or even from a mobile phone? Anyterm is a combination of a web page and a process that runs on your web server that provides this access. WARNING! We suggest using Stunnel in combination with this package!</descr> @@ -354,12 +368,12 @@ <descr>Used by fortune 500 companies and goverments Snort is the most widely deployed IDS/IPS technology worldwide. It features rules based logging and can perform content searching/matching in addition to being used to detect a variety of other attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, and much more.</descr> <category>Security</category> <depends_on_package_base_url>http://www.pfsense.com/packages/config/snort/bin/7.2.x86/</depends_on_package_base_url> - <depends_on_package>pcre-8.00.tbz</depends_on_package> + <depends_on_package>pcre-8.02.tbz</depends_on_package> <depends_on_package>perl-5.10.1.tbz</depends_on_package> <depends_on_package>mysql-client-5.1.44_1.tbz</depends_on_package> - <depends_on_package>snort-2.8.5.3.tbz</depends_on_package> + <depends_on_package>snort-2.8.6_1.tbz</depends_on_package> <config_file>http://www.pfsense.com/packages/config/snort/snort.xml</config_file> - <version>2.8.5.3 pkg v. 1.25</version> + <version>2.8.6 pkg v. 1.26</version> <required_version>1.2.3</required_version> <status>Stable</status> <configurationfile>/snort.xml</configurationfile> @@ -996,5 +1010,15 @@ <required_version>1.2.3</required_version> <maximum_version>1.2.3</maximum_version> </package> + <package> + <name>Packet Capture Fix</name> + <descr>Patch to fix packet capture on 1.2.3 embedded (NanoBSD)</descr> + <category>System</category> + <config_file>http://www.pfsense.com/packages/config/packetcapturefix/packetcapturefix.xml</config_file> + <version>0.1</version> + <status>BETA</status> + <required_version>1.2.3</required_version> + <maximum_version>1.2.3</maximum_version> + </package> </packages> </pfsensepkgs> diff --git a/pkg_config.8.xml b/pkg_config.8.xml index 8653ffb2..1f05446b 100755 --- a/pkg_config.8.xml +++ b/pkg_config.8.xml @@ -2,6 +2,20 @@ <!-- pfSense packages --> <pfsensepkgs> <packages> + <package> + <name>IP-Blocklist</name> + <website/> + <descr>IP-Blocklist is like PeerGuardian2. IP lists are used to add deny/allow rules to the firewall for in & out traffic.</descr> + <category>Firewall</category> + <pkginfolink>http://forum.pfsense.org/index.php/topic,24769.0.html</pkginfolink> + <config_file>http://pfsense.org/packages/config/ipblocklist/ipblocklist.xml</config_file> + <depends_on_package_base_url>http://files.pfsense.org/packages/7/All/</depends_on_package_base_url> + <version>0.2.0</version> + <status>Beta</status> + <required_version>1.2.2</required_version> + <maintainer>tom@tomschaefer.org</maintainer> + <configurationfile>ipblocklist.xml</configurationfile> + </package> <package> <name>anyterm</name> <descr>Ajax Interactive Shell - Have you ever wanted SSH or telnet access to your system from an internet desert - from behind a strict firewall, from an internet cafe, or even from a mobile phone? Anyterm is a combination of a web page and a process that runs on your web server that provides this access. WARNING! We suggest using Stunnel in combination with this package!</descr> @@ -240,12 +254,12 @@ <descr>Used by fortune 500 companies and goverments Snort is the most widely deployed IDS/IPS technology worldwide. It features rules based logging and can perform content searching/matching in addition to being used to detect a variety of other attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, and much more.</descr> <category>Security</category> <depends_on_package_base_url>http://www.pfsense.com/packages/config/snort/bin/8.0.x86/</depends_on_package_base_url> - <depends_on_package>pcre-8.00.tbz</depends_on_package> + <depends_on_package>pcre-8.02.tbz</depends_on_package> <depends_on_package>perl-5.10.1.tbz</depends_on_package> <depends_on_package>mysql-client-5.1.45.tbz</depends_on_package> - <depends_on_package>snort-2.8.5.3.tbz</depends_on_package> + <depends_on_package>snort-2.8.6_1.tbz</depends_on_package> <config_file>http://www.pfsense.com/packages/config/snort/snort.xml</config_file> - <version>2.8.5.3 pkg v. 1.25</version> + <version>2.8.6 pkg v. 1.26</version> <required_version>2.0</required_version> <status>Stable</status> <configurationfile>/snort.xml</configurationfile> @@ -333,7 +347,7 @@ <descr>A console-based network traffic monitor + vnstat PHP frontend</descr> <pkginfolink>http://forum.pfsense.org/index.php/topic,14179.0.html</pkginfolink> <category>Network Management</category> - <depends_on_package_base_url>http://pfsense.comuf.com/packages/All/</depends_on_package_base_url> + <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <depends_on_package>vnstat-1.10_2.tbz</depends_on_package> <version>1.10_2</version> <status>test</status> @@ -364,13 +378,13 @@ <version>1.0.6.6</version> <status>Beta</status> <pkginfolink>http://doc.pfsense.org/index.php/Tinydns_package</pkginfolink> - <required_version>1.2</required_version> + <required_version>2.0</required_version> <config_file>http://www.pfsense.com/packages/config/tinydns/tinydns.xml</config_file> <configurationfile>tinydns.xml</configurationfile> <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <depends_on_package>ucspi-tcp-0.88_2.tbz</depends_on_package> - <depends_on_package>daemontools-0.76_12.tbz</depends_on_package> - <depends_on_package>djbdns-1.05_12.tbz</depends_on_package> + <depends_on_package>daemontools-0.76_14.tbz</depends_on_package> + <depends_on_package>djbdns-1.05_13.tbz</depends_on_package> </package> <package> <name>Open-VM-Tools</name> diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64 index 30a68d4d..58d97756 100755 --- a/pkg_config.8.xml.amd64 +++ b/pkg_config.8.xml.amd64 @@ -2,6 +2,20 @@ <!-- pfSense packages --> <pfsensepkgs> <packages> + <package> + <name>IP-Blocklist</name> + <website/> + <descr>IP-Blocklist is like PeerGuardian2. IP lists are used to add deny/allow rules to the firewall for in & out traffic.</descr> + <category>Firewall</category> + <pkginfolink>http://forum.pfsense.org/index.php/topic,24769.0.html</pkginfolink> + <config_file>http://pfsense.org/packages/config/ipblocklist/ipblocklist.xml</config_file> + <depends_on_package_base_url>http://files.pfsense.org/packages/7/All/</depends_on_package_base_url> + <version>0.2.0</version> + <status>Beta</status> + <required_version>1.2.2</required_version> + <maintainer>tom@tomschaefer.org</maintainer> + <configurationfile>ipblocklist.xml</configurationfile> + </package> <package> <name>Varnish</name> <descr>Varnish is a state-of-the-art, high-performance HTTP accelerator. It uses the advanced features in FreeBSD 6/7/8 to achieve its high performance.</descr> |