diff options
-rw-r--r-- | config/pfblockerng/pfblockerng_alerts.php.bak | 866 |
1 files changed, 0 insertions, 866 deletions
diff --git a/config/pfblockerng/pfblockerng_alerts.php.bak b/config/pfblockerng/pfblockerng_alerts.php.bak deleted file mode 100644 index cb892187..00000000 --- a/config/pfblockerng/pfblockerng_alerts.php.bak +++ /dev/null @@ -1,866 +0,0 @@ -<?php -/* - pfBlockerNG_Alerts.php - - pfBlockerNG - Copyright (C) 2014 BBcan177@gmail.com - All rights reserved. - - Portions of this code are based on original work done for - pfSense from the following contributors: - - Parts based on works from Snort_alerts.php - Copyright (C) 2014 Bill Meeks - All rights reserved. - - Javascript Hostname Lookup modifications by J. Nieuwenhuizen - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -// Auto-Resolve Hostnames -if (isset($_REQUEST['getpfhostname'])) { - $getpfhostname = trim(htmlspecialchars($_REQUEST['getpfhostname'])); - if (strlen($getpfhostname) >= 8) { - $hostname = htmlspecialchars(gethostbyaddr($getpfhostname), ENT_QUOTES); - } else { - $hostname = $getpfhostname; - } - if ($hostname == $getpfhostname) { - $hostname = 'unknown'; - } - echo $hostname; - die; -} - -require_once("util.inc"); -require_once("guiconfig.inc"); -require_once("/usr/local/pkg/pfblockerng/pfblockerng.inc"); -global $rule_list; -pfb_global(); - -// Application Paths -$pathgeoip = "/usr/pbi/pfblockerng-" . php_uname("m") . "/bin/geoiplookup"; -$pathgeoip6 = "/usr/pbi/pfblockerng-" . php_uname("m") . "/bin/geoiplookup6"; - -// Define File Locations -$filter_logfile = "{$g['varlog_path']}/filter.log"; -$pathgeoipdat = "/usr/pbi/pfblockerng-" . php_uname("m") . "/share/GeoIP/GeoIP.dat"; -$pathgeoipdat6 = "/usr/pbi/pfblockerng-" . php_uname("m") . "/share/GeoIP/GeoIPv6.dat"; - -// Emerging Threats IQRisk Header Name Reference -$pfb['et_header'] = TRUE; -$et_header = $config['installedpackages']['pfblockerngreputation']['config'][0]['et_header']; -if (empty($et_header)) - $pfb['et_header'] = FALSE; - -// Collect pfBlockerNGSuppress Alias and Create pfbsuppression.txt -if ($pfb['supp'] == "on") - pfb_create_suppression_file(); - -// Collect Number of Suppressed Hosts -if (file_exists("{$pfb['supptxt']}")) { - $pfbsupp_cnt = exec ("/usr/bin/grep -c ^ {$pfb['supptxt']}"); -} else { - $pfbsupp_cnt = 0; -} - -// Collect pfBlockerNG Rule Names and Number -$rule_list = array(); -$results = array(); -$data = exec ("/sbin/pfctl -vv -sr | grep 'pfB_'", $results); - -if (!isset($config['installedpackages']['pfblockerngglobal']['pfbdenycnt'])) - $config['installedpackages']['pfblockerngglobal']['pfbdenycnt'] = '25'; -if (!isset($config['installedpackages']['pfblockerngglobal']['pfbpermitcnt'])) - $config['installedpackages']['pfblockerngglobal']['pfbpermitcnt'] = '5'; -if (!isset($config['installedpackages']['pfblockerngglobal']['pfbmatchcnt'])) - $config['installedpackages']['pfblockerngglobal']['pfbmatchcnt'] = '5'; -if (empty($config['installedpackages']['pfblockerngglobal']['alertrefresh'])) - $config['installedpackages']['pfblockerngglobal']['alertrefresh'] = 'off'; -if (empty($config['installedpackages']['pfblockerngglobal']['hostlookup'])) - $config['installedpackages']['pfblockerngglobal']['hostlookup'] = 'off'; - -if (isset($_POST['save'])) { - if (!is_array($config['installedpackages']['pfblockerngglobal'])) - $config['installedpackages']['pfblockerngglobal'] = array(); - $config['installedpackages']['pfblockerngglobal']['alertrefresh'] = $_POST['alertrefresh'] ? 'on' : 'off'; - $config['installedpackages']['pfblockerngglobal']['hostlookup'] = $_POST['hostlookup'] ? 'on' : 'off'; - if (is_numeric($_POST['pfbdenycnt'])) - $config['installedpackages']['pfblockerngglobal']['pfbdenycnt'] = $_POST['pfbdenycnt']; - if (is_numeric($_POST['pfbpermitcnt'])) - $config['installedpackages']['pfblockerngglobal']['pfbpermitcnt'] = $_POST['pfbpermitcnt']; - if (is_numeric($_POST['pfbmatchcnt'])) - $config['installedpackages']['pfblockerngglobal']['pfbmatchcnt'] = $_POST['pfbmatchcnt']; - - write_config("pfBlockerNG pkg: updated ALERTS tab settings."); - header("Location: " . $_SERVER['PHP_SELF']); - exit; -} - -if (is_array($config['installedpackages']['pfblockerngglobal'])) { - $alertrefresh = $config['installedpackages']['pfblockerngglobal']['alertrefresh']; - $hostlookup = $config['installedpackages']['pfblockerngglobal']['hostlookup']; - $pfbdenycnt = $config['installedpackages']['pfblockerngglobal']['pfbdenycnt']; - $pfbpermitcnt = $config['installedpackages']['pfblockerngglobal']['pfbpermitcnt']; - $pfbmatchcnt = $config['installedpackages']['pfblockerngglobal']['pfbmatchcnt']; -} - -// Collect pfBlockerNG Firewall Rules -if (!empty($results)) { - foreach ($results as $result) { - - # Find Rule Descriptions - $descr = ""; - if (preg_match("/USER_RULE: (\w+)/",$result,$desc)) - $descr = $desc[1]; - - if ($pfb['pfsenseversion'] >= '2.2') { - preg_match ("/@(\d+)\(/",$result, $rule); - } else { - preg_match ("/@(\d+)\s/",$result, $rule); - } - - $id = $rule[1]; - # Create array of Rule Description and pfctl Rule Number - $rule_list['id'][] = $id; - $rule_list[$id]['name'] = $descr; - } -} - -// Add IP to the Suppression Alias -if (isset($_POST['addsuppress'])) { - $ip = ""; - if (isset($_POST['ip'])) { - $ip = $_POST['ip']; - $table = $_POST['table']; - $descr = $_POST['descr']; - $cidr = $_POST['cidr']; - - // If Description or CIDR field is empty, exit. - if (empty($descr) || empty($cidr)) { - header("Location: " . $_SERVER['PHP_SELF']); - exit; - } - - if (is_ipaddr($ip)) { - - $savemsg1 = "Host IP address {$ip}"; - if (is_ipaddrv4($ip)) { - $iptrim1 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '$1.$2.$3.0/24', $ip); - $iptrim2 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '$1.$2.$3.', $ip); - $iptrim3 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '$4', $ip); - - if ($cidr == "32") { - $pfb_pfctl = exec ("/sbin/pfctl -t {$table} -T show | grep {$iptrim1} 2>&1"); - - if ($pfb_pfctl == "") { - $savemsg2 = " : Removed /32 entry"; - exec ("/sbin/pfctl -t {$table} -T delete {$ip}"); - } else { - $savemsg2 = " : Removed /24 entry, added 254 addr"; - exec ("/sbin/pfctl -t {$table} -T delete {$iptrim1}"); - for ($add_ip=0; $add_ip <= 255; $add_ip++){ - if ($add_ip != $iptrim3) { - exec ("/sbin/pfctl -t {$table} -T add {$iptrim2}{$add_ip}"); - } - } - } - } else { - $cidr = 24; - $savemsg2 = " : Removed /24 entry"; - exec ("/sbin/pfctl -t {$table} -T delete {$iptrim1} 2>&1", $pfb_pfctl); - if (!preg_grep("/1\/1 addresses deleted/", $pfb_pfctl)) { - $savemsg2 = " : Removed all entries"; - // Remove 0-255 IP Address from Alias Table - for ($del_ip=0; $del_ip <= 255; $del_ip++){ - exec ("/sbin/pfctl -t {$table} -T delete {$iptrim2}{$del_ip}"); - } - } - } - } - - // Collect pfBlockerNGSuppress Alias Contents - $pfb_sup_list = array(); - $pfb_sup_array = array(); - $pfb['found'] = FALSE; - $pfb['update'] = FALSE; - if (is_array($config['aliases']['alias'])) { - foreach ($config['aliases']['alias'] as $alias) { - if ($alias['name'] == "pfBlockerNGSuppress") { - $data = $alias['address']; - $data2 = $alias['detail']; - $arr1 = explode(" ",$data); - $arr2 = explode("||",$data2); - - if (!empty($data)) { - $row = 0; - foreach ($arr1 as $host) { - $pfb_sup_list[] = $host; - $pfb_sup_array[$row]['host'] = $host; - $row++; - } - $row = 0; - foreach ($arr2 as $detail) { - $pfb_sup_array[$row]['detail'] = $detail; - $row++; - } - } - $pfb['found'] = TRUE; - } - } - } - - // Call Function to Create Suppression Alias if not found. - if (!$pfb['found']) - pfb_create_suppression_alias(); - - // Save New Suppress IP to pfBlockerNGSuppress Alias - if (in_array($ip . '/' . $cidr, $pfb_sup_list)) { - $savemsg = gettext("Host IP address {$ip} already exists in the pfBlockerNG Suppress Table."); - } else { - if (!$pfb['found'] && empty($pfb_sup_list)) { - $next_id = 0; - } else { - $next_id = count($pfb_sup_list); - } - $pfb_sup_array[$next_id]['host'] = $ip . '/' . $cidr; - $pfb_sup_array[$next_id]['detail'] = $descr; - - $address = ""; - $detail = ""; - foreach ($pfb_sup_array as $pfb_sup) { - $address .= $pfb_sup['host'] . " "; - $detail .= $pfb_sup['detail'] . "||"; - } - - // Find pfBlockerNGSuppress Array ID Number - if (is_array($config['aliases']['alias'])) { - $pfb_id = 0; - foreach ($config['aliases']['alias'] as $alias) { - if ($alias['name'] == "pfBlockerNGSuppress") { - break; - } - $pfb_id++; - } - } - - $config['aliases']['alias'][$pfb_id]['address'] = rtrim($address, " "); - $config['aliases']['alias'][$pfb_id]['detail'] = rtrim($detail, "||"); - $savemsg = gettext($savemsg1) . gettext($savemsg2) . gettext(" and added Host to the pfBlockerNG Suppress Table."); - $pfb['update'] = TRUE; - } - - if ($pfb['found'] || $pfb['update']) { - // Save all Changes to pfsense config file - write_config(); - } - } - } -} - -// Host Resolve Function lookup -function getpfbhostname($type = 'src', $hostip, $countme = 0) { - $hostnames['src'] = ''; - $hostnames['dst'] = ''; - $hostnames[$type] = '<div id="gethostname_' . $countme . '" name="' . $hostip . '"></div>'; - return $hostnames; -} - - -// Determine if Alert Host 'Dest' is within the Local Lan IP Range. -function check_lan_dest($lan_ip,$lan_mask,$dest_ip,$dest_mask="32") { - $result = check_subnets_overlap($lan_ip, $lan_mask, $dest_ip, $dest_mask); - return $result; -} - - -// Parse Filter log for pfBlockerNG Alerts -function conv_log_filter_lite($logfile, $nentries, $tail, $pfbdenycnt, $pfbpermitcnt, $pfbmatchcnt) { - global $rule_list; - $fields_array = array(); - $logarr = ""; - $denycnt = 0; - $permitcnt = 0; - $matchcnt = 0; - - if (file_exists($logfile)) { - exec("/usr/local/sbin/clog " . escapeshellarg($logfile) . " | grep -v \"CLOG\" | grep -v \"\033\" | /usr/bin/grep 'filterlog:' | /usr/bin/tail -r -n {$tail}", $logarr); - } - else return; - - if (!empty($logarr) && !empty($rule_list['id'])) { - foreach ($logarr as $logent) { - $pfbalert = array(); - $log_split = ""; - - if (!preg_match("/(.*)\s(.*)\sfilterlog:\s(.*)$/", $logent, $log_split)) - continue; - - list($all, $pfbalert[99], $host, $rule) = $log_split; - $rule_data = explode(",", $rule); - $pfbalert[0] = $rule_data[0]; // Rulenum - - // Skip Alert if Rule is not a pfBNG Alert - if (!in_array($pfbalert[0], $rule_list['id'])) - continue; - - $pfbalert[1] = $rule_data[4]; // Realint - $pfbalert[3] = $rule_data[6]; // Act - $pfbalert[4] = $rule_data[8]; // Version - - if ($pfbalert[4] == "4") { - $pfbalert[5] = $rule_data[15]; // Protocol ID - $pfbalert[6] = $rule_data[16]; // Protocol - $pfbalert[7] = $rule_data[18]; // SRC IP - $pfbalert[8] = $rule_data[19]; // DST IP - } else { - $pfbalert[5] = $rule_data[14]; // Protocol ID - $pfbalert[6] = $rule_data[13]; // Protocol - $pfbalert[7] = $rule_data[15]; // SRC IP - $pfbalert[8] = $rule_data[16]; // DST IP - } - - if ($pfbalert[5] == "6" || $pfbalert[5] == "17") { - $pfbalert[9] = $rule_data[20]; // SRC Port - $pfbalert[10] = $rule_data[21]; // DST Port - $pfbalert[11] = $rule_data[23]; // TCP Flags - } else { - $pfbalert[9] = ""; - $pfbalert[10] = ""; - $pfbalert[11] = ""; - } - - // Skip Repeated Alerts - if (($pfbalert[3] . $pfbalert[8] . $pfbalert[10]) == $previous_dstip || ($pfbalert[3] . $pfbalert[7] . $pfbalert[9]) == $previous_srcip) - continue; - - $pfbalert[2] = convert_real_interface_to_friendly_descr($rule_data[4]); // Friendly Interface Name - $pfbalert[6] = strtoupper($pfbalert[6]); - - if ($pfbalert[3] == "block") { - if ($denycnt < $pfbdenycnt) { - $fields_array['Deny'][] = $pfbalert; - $denycnt++; - } - } - elseif ($pfbalert[3] == "pass") { - if ($permitcnt < $pfbpermitcnt) { - $fields_array['Permit'][] = $pfbalert; - $permitcnt++; - } - } - elseif ($pfbalert[3] == "unkn(%u)" || $pfbalert[3] == "unkn(11)") { - if ($matchcnt < $pfbmatchcnt) { - $fields_array['Match'][] = $pfbalert; - $matchcnt++; - } - } - - // Exit function if Sufficinet Matches found. - if ($denycnt >= $pfbdenycnt && $permitcnt >= $pfbpermitcnt && $matchcnt >= $pfbmatchcnt) { - unset ($pfbalert, $logarr); - return $fields_array; - } - - // Collect Details for Repeated Alert Comparison - $previous_srcip = $pfbalert[3] . $pfbalert[7] . $pfbalert[9]; - $previous_dstip = $pfbalert[3] . $pfbalert[8] . $pfbalert[10]; - } - unset ($pfbalert, $logarr); - return $fields_array; - } -} - -$pgtitle = gettext("pfBlockerNG: Alerts"); -include_once("head.inc"); -?> -<body link="#000000" vlink="#0000CC" alink="#000000"> -<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> -<input type="hidden" name="ip" id="ip" value=""/> -<input type="hidden" name="table" id="table" value=""/> -<input type="hidden" name="descr" id="descr" value=""/> -<input type="hidden" name="cidr" id="cidr" value=""/> -<?php - -include_once("fbegin.inc"); - -/* refresh every 60 secs */ -if ($alertrefresh == 'on') - echo "<meta http-equiv=\"refresh\" content=\"60;url={$_SERVER['PHP_SELF']}\" />\n"; -if ($savemsg) { - print_info_box($savemsg); -} - -?> - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td> - <?php - $tab_array = array(); - $tab_array[] = array(gettext("General"), false, "/pkg_edit.php?xml=pfblockerng.xml&id=0"); - $tab_array[] = array(gettext("Update"), false, "/pfblockerng/pfblockerng_update.php"); - $tab_array[] = array(gettext("Alerts"), true, "/pfblockerng/pfblockerng_alerts.php"); - $tab_array[] = array(gettext("Reputation"), false, "/pkg_edit.php?xml=/pfblockerng/pfblockerng_reputation.xml&id=0"); - $tab_array[] = array(gettext("IPv4"), false, "/pkg.php?xml=/pfblockerng/pfblockerng_v4lists.xml"); - $tab_array[] = array(gettext("IPv6"), false, "/pkg.php?xml=/pfblockerng/pfblockerng_v6lists.xml"); - $tab_array[] = array(gettext("Top 20"), false, "/pkg_edit.php?xml=/pfblockerng/pfblockerng_top20.xml&id=0"); - $tab_array[] = array(gettext("Africa"), false, "/pkg_edit.php?xml=/pfblockerng/pfblockerng_Africa.xml&id=0"); - $tab_array[] = array(gettext("Asia"), false, "/pkg_edit.php?xml=/pfblockerng/pfblockerng_Asia.xml&id=0"); - $tab_array[] = array(gettext("Europe"), false, "/pkg_edit.php?xml=/pfblockerng/pfblockerng_Europe.xml&id=0"); - $tab_array[] = array(gettext("N.A."), false, "/pkg_edit.php?xml=/pfblockerng/pfblockerng_NorthAmerica.xml&id=0"); - $tab_array[] = array(gettext("Oceania"), false, "/pkg_edit.php?xml=/pfblockerng/pfblockerng_Oceania.xml&id=0"); - $tab_array[] = array(gettext("S.A."), false, "/pkg_edit.php?xml=/pfblockerng/pfblockerng_SouthAmerica.xml&id=0"); - $tab_array[] = array(gettext("P.S."), false, "/pkg_edit.php?xml=/pfblockerng/pfblockerng_ProxyandSatellite.xml&id=0"); - $tab_array[] = array(gettext("Logs"), false, "/pfblockerng/pfblockerng_log.php"); - $tab_array[] = array(gettext("Sync"), false, "/pkg_edit.php?xml=/pfblockerng/pfblockerng_sync.xml&id=0"); - display_top_tabs($tab_array, true); - ?> - </td> - </tr> - <tr> - <td><div id="mainarea"> - <table id="maintable" class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="6"> - <tr> - <td colspan="3" class="vncell" align="left"><?php echo gettext("LINKS :"); ?> - <a href='/firewall_aliases.php' target="_blank"><?php echo gettext("Firewall Alias"); ?></a> - <a href='/firewall_rules.php' target="_blank"><?php echo gettext("Firewall Rules"); ?></a> - <a href='/diag_logs_filter.php' target="_blank"><?php echo gettext("Firewall Logs"); ?></a><br /></td> - </tr> - <tr> - <td width="10%" class="vncell"><?php echo gettext('Alert Settings'); ?></td> - <td width="90%" class="vtable"> - <input name="pfbdenycnt" type="text" class="formfld unknown" id="pdbdenycnt" size="1" title="Enter the number of 'Deny' Alerts to Show" value="<?=htmlspecialchars($pfbdenycnt);?>"/> - <?php printf(gettext('%sDeny%s. ') , '<strong>', '</strong>'); ?> - <input name="pfbpermitcnt" type="text" class="formfld unknown" id="pdbpermitcnt" size="1" title="Enter the number of 'Permit' Alerts to Show" value="<?=htmlspecialchars($pfbpermitcnt);?>"/> - <?php printf(gettext('%sPermit%s. '), '<strong>', '</strong>'); ?> - <input name="pfbmatchcnt" type="text" class="formfld unknown" id="pdbmatchcnt" size="1" title="Enter the number of 'Match' Alerts to Show" value="<?=htmlspecialchars($pfbmatchcnt); ?>"/> - <?php printf(gettext('%sMatch%s.'), '<strong>', '</strong>'); ?> - - <?php echo gettext(' Click to Auto-Refresh');?> <input name="alertrefresh" type="checkbox" value="on" title="Click to enable Auto-Refresh of this Tab once per minute" - <?php if ($config['installedpackages']['pfblockerngglobal']['alertrefresh']=="on") echo "checked"; ?>/> - - <?php echo gettext(' Click to Auto-Resolve');?> <input name="hostlookup" type="checkbox" value="on" title="Click to enable Auto-Resolve of Hostnames. Country Blocks/Permit/Match Lists will not auto-resolve" - <?php if ($config['installedpackages']['pfblockerngglobal']['hostlookup']=="on") echo "checked"; ?>/> - <input name="save" type="submit" class="formbtns" value="Save" title="<?=gettext('Save settings');?>"/><br /> - - <?php printf(gettext('Enter number of log entries to view.')); ?> - <?php printf(gettext("Currently Suppressing %s$pfbsupp_cnt%s Hosts."), '<strong>', '</strong>');?> - </td> - </tr> -<!--Create Three Output Windows 'Deny', 'Permit' and 'Match'--> -<?php foreach (array ("Deny" => $pfb['denydir'] . " " . $pfb['nativedir'], "Permit" => $pfb['permitdir'], "Match" => $pfb['matchdir']) as $type => $pfbfolder ): - switch($type) { - case "Deny": - $rtype = "block"; - $pfbentries = "{$pfbdenycnt}"; - break; - case "Permit": - $rtype = "pass"; - $pfbentries = "{$pfbpermitcnt}"; - break; - case "Match": - if ($pfb['pfsenseversion'] >= '2.2') { - $rtype = "unkn(%u)"; - } else { - $rtype = "unkn(11)"; - } - $pfbentries = "{$pfbmatchcnt}"; - break; - } - -?> - <table id="maintable" class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="6"> - <tr> - <!--Print Table Info--> - <td colspan="2" class="listtopic"><?php printf(gettext(" {$type} - Last %s Alert Entries."),"{$pfbentries}"); ?> - <?php if ($type == "Deny"): ?> - <?php echo gettext("Firewall Rule changes can unsync these Alerts."); ?> - <?php endif; ?> - </td> - </tr> - -<td width="100%" colspan="2"> -<table id="pfbAlertsTable" style="table-layout: fixed;" width="100%" class="sortable" border="0" cellpadding="0" cellspacing="0"> - <colgroup> - <col width="8%" align="center" axis="date"> - <col width="6%" align="center" axis="string"> - <col width="16%" align="center" axis="string"> - <col width="6%" align="center" axis="string"> - <col width="20%" align="center" axis="string"> - <col width="20%" align="center" axis="string"> - <col width="3%" align="center" axis="string"> - <col width="13%" align="center" axis="string"> - </colgroup> - <thead> - <tr class="sortableHeaderRowIdentifier"> - <th class="listhdrr" axis="date"><?php echo gettext("Date"); ?></th> - <th class="listhdrr" axis="string"><?php echo gettext("IF"); ?></th> - <th class="listhdrr" axis="string"><?php echo gettext("Rule"); ?></th> - <th class="listhdrr" axis="string"><?php echo gettext("Proto"); ?></th> - <th class="listhdrr" axis="string"><?php echo gettext("Source"); ?></th> - <th class="listhdrr" axis="string"><?php echo gettext("Destination"); ?></th> - <th class="listhdrr" axis="string"><?php echo gettext("CC"); ?></th> - <th class="listhdrr" axis="string"><?php echo gettext("List"); ?></th> - </tr> - </thead> - <tbody> -<?php - -$pfb['runonce'] = TRUE; -if (isset($pfb['load'])) - $pfb['runonce'] = FALSE; - -// Execute the following once per refresh -if ($pfb['runonce']) { - $pfb['load'] = TRUE; - $fields_array = array(); - - // pfSense versions below 2.2 have the Logfiles in two lines. - if ($pfb['pfsenseversion'] >= '2.2') { - $pfblines = exec("/usr/local/sbin/clog {$filter_logfile} | /usr/bin/grep -c ^"); - } else { - $pfblines = (exec("/usr/local/sbin/clog {$filter_logfile} | /usr/bin/grep -c ^") /2 ); - } - - $fields_array = conv_log_filter_lite($filter_logfile, $pfblines, $pfblines, $pfbdenycnt, $pfbpermitcnt, $pfbmatchcnt); - $continents = array('pfB_Africa','pfB_Antartica','pfB_Asia','pfB_Europe','pfB_NAmerica','pfB_Oceania','pfB_SAmerica','pfB_Top'); - - $supp_ip_txt .= "Clicking this Suppression Icon, will immediately remove the Block.\n\nSuppressing a /32 CIDR is better than Suppressing the full /24"; - $supp_ip_txt .= " CIDR.\nThe Host will be added to the pfBlockerNG Suppress Alias Table.\n\nOnly 32 or 24 CIDR IPs can be Suppressed with the '+' Icon."; - $supp_ip_txt .= "\nTo manually add Host(s), edit the 'pfBlockerNGSuppress' Alias in the Alias Tab.\nManual entries will not remove existing Blocked Hosts"; - - // Array of all Local IPs for Alert Analysis - $pfb_local = array(); - - // Collect Gateway IP Addresses for Inbound/Outbound List matching - $int_gateway = get_interfaces_with_gateway(); - if (is_array($int_gateway)) { - foreach ($int_gateway as $gateway) { - $convert = get_interface_ip($gateway); - $pfb_local[] = $convert; - } - } - - // Collect Virtual IP Aliases for Inbound/Outbound List Matching - if (is_array($config['virtualip']['vip'])) { - foreach ($config['virtualip']['vip'] as $list) { - $pfb_local[] = $list['subnet']; - } - } - // Collect NAT IP Addresses for Inbound/Outbound List Matching - if (is_array($config['nat']['rule'])) { - foreach ($config['nat']['rule'] as $natent) { - $pfb_local[] = $natent['target']; - } - } - - // Collect 1:1 NAT IP Addresses for Inbound/Outbound List Matching - if(is_array($config['nat']['onetoone'])) { - foreach ($config['nat']['onetoone'] as $onetoone) { - $pfb_local[] = $onetoone['source']['address']; - } - } - - // Convert any 'Firewall Aliases' to IP Address Format - if (is_array($config['aliases']['alias'])) { - for ($cnt = 0; $cnt <= count($pfb_local); $cnt++) { - foreach ($config['aliases']['alias'] as $i=> $alias) { - if (isset($alias['name']) && isset($pfb_local[$cnt])) { - if ($alias['name'] == $pfb_local[$cnt]) { - $pfb_local[$cnt] = $alias['address']; - } - } - } - } - } - // Remove any Duplicate IPs - $pfb_local = array_unique($pfb_local); - - // Determine Lan IP Address and Mask - if (is_array($config['interfaces']['lan'])) { - $lan_ip = $config['interfaces']['lan']['ipaddr']; - $lan_mask = $config['interfaces']['lan']['subnet']; - } -} - -$counter = 0; -// Process Fields_array and generate Output -if (!empty($fields_array[$type]) && !empty($rule_list)) { - $key = 0; - foreach ($fields_array[$type] as $fields) { - $rulenum = ""; - $alert_ip = ""; - $supp_ip = ""; - $pfb_query = ""; - - /* Fields_array Reference [0] = Rulenum [6] = Protocol - [1] = Real Interface [7] = SRC IP - [2] = Friendly Interface Name [8] = DST IP - [3] = Action [9] = SRC Port - [4] = Version [10] = DST Port - [5] = Protocol ID [11] = Flags - [99] = Timestamp */ - - $rulenum = $fields[0]; - if ($counter < $pfbentries) { - $proto = str_replace("TCP", "TCP-", $fields[6]) . $fields[11]; - - // Cleanup Port Output - if ($fields[6] == "ICMP") { - $srcport = ""; - $dstport = ""; - } else { - $srcport = " :" . $fields[9]; - $dstport = " :" . $fields[10]; - } - - // Don't add Suppress Icon to Country Block Lines - if (in_array(substr($rule_list[$rulenum]['name'], 0, -3), $continents)) { - $pfb_query = "Country"; - } - - // Add DNS Resolve and Suppression Icons to External IPs only. GeoIP Code to External IPs only. - if (in_array($fields[8], $pfb_local) || check_lan_dest($lan_ip,$lan_mask,$fields[8],"32")) { - // Destination is Gateway/NAT/VIP - $rule = $rule_list[$rulenum]['name'] . "<br />(" . $rulenum .")"; - $host = $fields[7]; - - if (is_ipaddrv4($host)) { - $country = substr(exec("$pathgeoip -f $pathgeoipdat $host"),23,2); - } else { - $country = substr(exec("$pathgeoip6 -f $pathgeoipdat6 $host"),26,2); - } - - $alert_ip .= "<a href='/pfblockerng/pfblockerng_diag_dns.php?host={$host}' title=\" " . gettext("Resolve host via Rev. DNS lookup"); - $alert_ip .= "\"> <img src=\"/themes/{$g['theme']}/images/icons/icon_log.gif\" width=\"11\" height=\"11\" border=\"0\" "; - $alert_ip .= "alt=\"Icon Reverse Resolve with DNS\" style=\"cursor: pointer;\"/></a>"; - - if ($pfb_query != "Country" && $rtype == "block" && $pfb['supp'] == "on") { - $supp_ip .= "<input type='image' name='addsuppress[]' onclick=\"hostruleid('{$host}','{$rule_list[$rulenum]['name']}');\" "; - $supp_ip .= "src=\"../themes/{$g['theme']}/images/icons/icon_plus.gif\" title=\""; - $supp_ip .= gettext($supp_ip_txt) . "\" border=\"0\" width='11' height='11'/>"; - } - - if ($pfb_query != "Country" && $rtype == "block" && $hostlookup == "on") { - $hostname = getpfbhostname('src', $fields[7], $counter); - } else { - $hostname = ""; - } - - $src_icons = $alert_ip . " " . $supp_ip . " "; - $dst_icons = ""; - } else { - // Outbound - $rule = $rule_list[$rulenum]['name'] . "<br />(" . $rulenum .")"; - $host = $fields[8]; - - if (is_ipaddrv4($host)) { - $country = substr(exec("$pathgeoip -f $pathgeoipdat $host"),23,2); - } else { - $country = substr(exec("$pathgeoip6 -f $pathgeoipdat6 $host"),26,2); - } - - $alert_ip .= "<a href='/pfblockerng/pfblockerng_diag_dns.php?host={$host}' title=\"" . gettext("Resolve host via Rev. DNS lookup"); - $alert_ip .= "\"> <img src=\"/themes/{$g['theme']}/images/icons/icon_log.gif\" width=\"11\" height=\"11\" border=\"0\" "; - $alert_ip .= "alt=\"Icon Reverse Resolve with DNS\" style=\"cursor: pointer;\"/></a>"; - - if ($pfb_query != "Country" && $rtype == "block" && $pfb['supp'] == "on") { - $supp_ip .= "<input type='image' name='addsuppress[]' onclick=\"hostruleid('{$host}','{$rule_list[$rulenum]['name']}');\" "; - $supp_ip .= "src=\"../themes/{$g['theme']}/images/icons/icon_plus.gif\" title=\""; - $supp_ip .= gettext($supp_ip_txt) . "\" border=\"0\" width='11' height='11'/>"; - } - - if ($pfb_query != "Country" && $rtype == "block" && $hostlookup == "on") { - $hostname = getpfbhostname('dst', $fields[8], $counter); - } else { - $hostname = ""; - } - - $src_icons = ""; - $dst_icons = $alert_ip . " " . $supp_ip . " "; - } - - # IP Query Grep Exclusion - $pfb_ex1 = "grep -v 'pfB\_\|\_v6\.txt'"; - $pfb_ex2 = "grep -v 'pfB\_\|/32\|/24\|\_v6\.txt' | grep -m1 '/'"; - - // Find List which contains Blocked IP Host - if ($pfb_query == "Country") { - # Skip - } else { - // Search for exact IP Match - $host1 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '\'$1\.$2\.$3\.$4\'', $host); - $pfb_query = exec("grep -rHm1 {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/:.*//' -e 's/\..*/ /' | {$pfb_ex1}"); - // Search for IP in /24 CIDR - if (empty($pfb_query)) { - $host1 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '\'$1\.$2\.$3\.0/24\'', $host); - $pfb_query = exec("grep -rHm1 {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex1}"); - } - // Search for First Two IP Octets in CIDR Matches Only. Skip any pfB (Country Lists) or /32,/24 Addresses. - if (empty($pfb_query)) { - $host1 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '\'^$1\.$2\.\'', $host); - $pfb_query = exec("grep -rH {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex2}"); - } - // Search for First Two IP Octets in CIDR Matches Only (Subtract 1 from second Octet on each loop). - // Skip (Country Lists) or /32,/24 Addresses. - if (empty($pfb_query)) { - $host1 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '\'^$1\.', $host); - $host2 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '$2', $host); - for ($cnt = 1; $cnt <= 5; $cnt++) { - $host3 = $host2 - $cnt . '\''; - $pfb_query = exec("grep -rH {$host1}{$host3} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex2}"); - // Break out of loop if found. - if (!empty($pfb_query)) - $cnt = 6; - } - } - // Search for First Three Octets - if (empty($pfb_query)) { - $host1 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '\'^$1\.$2\.$3\.\'', $host); - $pfb_query = exec("grep -rH {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex2}"); - } - // Search for First Two Octets - if (empty($pfb_query)) { - $host1 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '\'^$1\.$2\.\'', $host); - $pfb_query = exec("grep -rH {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex2}"); - } - // Report Specific ET IQRisk Details - if ($pfb['et_header'] && preg_match("/{$et_header}/", $pfb_query)) { - $host1 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '\'$1\.$2\.$3\.$4\'', $host); - $pfb_query = exec("grep -Hm1 {$host1} {$pfb['etdir']}/* | sed -e 's/^.*[a-zA-Z]\///' -e 's/:.*//' -e 's/\..*/ /' -e 's/ET_/ET IPrep /' "); - if (empty($pfb_query)) { - $host1 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '\'$1.$2.$3.0/24\'', $host); - $pfb_query = exec("grep -rHm1 {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex1}"); - } - } - // Default to "No Match" if not found. - if (empty($pfb_query)) - $pfb_query = "No Match"; - } - - # Split List Column into Two lines. - unset ($pfb_match); - if ($pfb_query == "No Match") { - $pfb_match[1] = "{$pfb_query}"; - $pfb_match[2] = ""; - } else { - preg_match ("/(.*)\s(.*)/", $pfb_query, $pfb_match); - if ($pfb_match[1] == "") { - $pfb_match[1] = "{$pfb_query}"; - $pfb_match[2] = ""; - } - } - - // Truncate Long List Names - $pfb_matchtitle = "Country Block Rules cannot be suppressed.\n\nTo allow a particular Country IP, either remove the particular Country or add the Host\nto a Permit Alias in the Firewall Tab.\n\nIf the IP is not listed beside the List, this means that the Block is a /32 entry.\nOnly /32 or /24 CIDR Hosts can be suppressed.\n\nIf (Duplication) Checking is not enabled. You may see /24 and /32 CIDR Blocks for a given blocked Host"; - - if (strlen($pfb_match[1]) >= 17) { - $pfb_matchtitle = $pfb_match[1]; - $pfb_match[1] = substr($pfb_match[1], 0, 16) . '...'; - } - - // Print Alternating Line Shading - if ($pfb['pfsenseversion'] > '2.0') { - $alertRowEvenClass = "listMReven"; - $alertRowOddClass = "listMRodd"; - } else { - $alertRowEvenClass = "listr"; - $alertRowOddClass = "listr"; - } - - $alertRowClass = $counter % 2 ? $alertRowEvenClass : $alertRowOddClass; - echo "<tr class='{$alertRowClass}'> - <td class='listMRr' align='center'>{$fields[99]}</td> - <td class='listMRr' align='center'>{$fields[2]}</td> - <td class='listMRr' align='center' title='The pfBlockerNG Rule that Blocked this Host.'>{$rule}</td> - <td class='listMRr' align='center'>{$proto}</td> - <td nowrap='nowrap' class='listMRr' align='center' style='sorttable_customkey:{$fields[7]};' sorttable_customkey='{$fields[7]}'>{$src_icons}{$fields[7]}{$srcport}<br /><small>{$hostname['src']}</small></td> - <td nowrap='nowrap' class='listMRr' align='center' style='sorttable_customkey:{$fields[8]};' sorttable_customkey='{$fields[8]}'>{$dst_icons}{$fields[8]}{$dstport}<br /><small>{$hostname['dst']}</small></td> - <td class='listMRr' align='center'>{$country}</td> - <td class='listbg' align='center' title='{$pfb_matchtitle}' style=\"font-size: 10px word-wrap:break-word;\">{$pfb_match[1]}<br />{$pfb_match[2]}</td></tr>"; - $counter++; - if ($counter > 0 && $rtype == "block") { - $mycounter = $counter; - } - } - } -} -?> - </tbody> - </table> - </table> -<?php endforeach; ?> <!--End - Create Three Output Windows 'Deny', 'Permit' and 'Match'--> -<?php unset ($fields_array); ?> -</td></tr> -</table> - -</div> -</td> - -<script type="text/javascript"> -//<![CDATA[ - -// This function stuffs the passed HOST, Table values into hidden Form Fields for postback. -function hostruleid(host,table) { - document.getElementById("ip").value = host; - document.getElementById("table").value = table; - - var description = prompt("Please enter Suppression Description"); - document.getElementById("descr").value = description; - - if (description.value != "") { - var cidr = prompt("Please enter CIDR [ 32 or 24 CIDR only supported ]","32"); - document.getElementById("cidr").value = cidr; - } -} - -// Auto-Resolve of Alerted Hostnames -function findhostnames(counter) { - getip = jQuery('#gethostname_' + counter).attr('name'); - geturl = "<?php echo $_SERVER['PHP_SELF']; ?>"; - jQuery.get( geturl, { "getpfhostname": getip } ) - .done(function( data ) { - jQuery('#gethostname_' + counter).prop('title' , data ); - var str = data; - if(str.length > 32) str = str.substring(0,29)+"..."; - jQuery('#gethostname_' + counter).html( str ); - } - ) -} - -var alertlines = <?php echo $mycounter; ?>; -var autoresolve = "<?php echo $config['installedpackages']['pfblockerngglobal']['hostlookup']; ?>"; -if ( autoresolve == "on" ) { - for (alertcount = 0; alertcount < alertlines; alertcount++) { - setTimeout(findhostnames(alertcount), 30); - } -} - -//]]> -</script> -<?php include("fend.inc"); ?> -</form> -</body> -</html>
\ No newline at end of file |