diff options
Diffstat (limited to 'config/pfblockerng/pfblockerng_alerts.php')
-rw-r--r-- | config/pfblockerng/pfblockerng_alerts.php | 381 |
1 files changed, 230 insertions, 151 deletions
diff --git a/config/pfblockerng/pfblockerng_alerts.php b/config/pfblockerng/pfblockerng_alerts.php index 0b251295..bfb15c07 100644 --- a/config/pfblockerng/pfblockerng_alerts.php +++ b/config/pfblockerng/pfblockerng_alerts.php @@ -57,7 +57,7 @@ if (isset($_REQUEST['getpfhostname'])) { require_once("util.inc"); require_once("guiconfig.inc"); require_once("/usr/local/pkg/pfblockerng/pfblockerng.inc"); -global $rule_list; +global $rule_list, $pfb_localsub; pfb_global(); $pfs_version = substr(trim(file_get_contents("/etc/version")),0,3); @@ -69,26 +69,25 @@ if ($pfs_version == "2.2") { } // Application Paths -$pathgeoip = $prefix . "/bin/geoiplookup"; -$pathgeoip6 = $prefix . "/bin/geoiplookup6"; +$pathgeoip = "{$prefix}/bin/geoiplookup"; +$pathgeoip6 = "{$prefix}/bin/geoiplookup6"; // Define File Locations $filter_logfile = "{$g['varlog_path']}/filter.log"; -$pathgeoipdat = $prefix . "/share/GeoIP/GeoIP.dat"; -$pathgeoipdat6 = $prefix . "/share/GeoIP/GeoIPv6.dat"; - -// Define Alerts Log filter Rollup window variable. (Alert Filtering Code adapted from B.Meeks - Snort Package) -$pfb['filterlogentries'] = FALSE; +$pathgeoipdat = "{$prefix}/share/GeoIP/GeoIP.dat"; +$pathgeoipdat6 = "{$prefix}/share/GeoIP/GeoIPv6.dat"; // Emerging Threats IQRisk Header Name Reference $pfb['et_header'] = TRUE; $et_header = $config['installedpackages']['pfblockerngreputation']['config'][0]['et_header']; -if (empty($et_header)) +if (empty($et_header)) { $pfb['et_header'] = FALSE; +} // Collect pfBlockerNGSuppress Alias and Create pfbsuppression.txt -if ($pfb['supp'] == "on") +if ($pfb['supp'] == "on") { pfb_create_suppression_file(); +} // Collect Number of Suppressed Hosts if (file_exists("{$pfb['supptxt']}")) { @@ -97,62 +96,88 @@ if (file_exists("{$pfb['supptxt']}")) { $pfbsupp_cnt = 0; } -// Collect pfBlockerNG Rule Names and Number -$rule_list = array(); -$results = array(); -$data = exec ("/sbin/pfctl -vv -sr | grep 'pfB_'", $results); - -if (!isset($config['installedpackages']['pfblockerngglobal']['pfbdenycnt'])) - $config['installedpackages']['pfblockerngglobal']['pfbdenycnt'] = '25'; -if (!isset($config['installedpackages']['pfblockerngglobal']['pfbpermitcnt'])) - $config['installedpackages']['pfblockerngglobal']['pfbpermitcnt'] = '5'; -if (!isset($config['installedpackages']['pfblockerngglobal']['pfbmatchcnt'])) - $config['installedpackages']['pfblockerngglobal']['pfbmatchcnt'] = '5'; -if (empty($config['installedpackages']['pfblockerngglobal']['alertrefresh'])) - $config['installedpackages']['pfblockerngglobal']['alertrefresh'] = 'off'; -if (empty($config['installedpackages']['pfblockerngglobal']['hostlookup'])) - $config['installedpackages']['pfblockerngglobal']['hostlookup'] = 'off'; +$pfb['global'] = &$config['installedpackages']['pfblockerngglobal']; -if (isset($_POST['save'])) { - if (!is_array($config['installedpackages']['pfblockerngglobal'])) - $config['installedpackages']['pfblockerngglobal'] = array(); - $config['installedpackages']['pfblockerngglobal']['alertrefresh'] = $_POST['alertrefresh'] ? 'on' : 'off'; - $config['installedpackages']['pfblockerngglobal']['hostlookup'] = $_POST['hostlookup'] ? 'on' : 'off'; - if (is_numeric($_POST['pfbdenycnt'])) - $config['installedpackages']['pfblockerngglobal']['pfbdenycnt'] = $_POST['pfbdenycnt']; - if (is_numeric($_POST['pfbpermitcnt'])) - $config['installedpackages']['pfblockerngglobal']['pfbpermitcnt'] = $_POST['pfbpermitcnt']; - if (is_numeric($_POST['pfbmatchcnt'])) - $config['installedpackages']['pfblockerngglobal']['pfbmatchcnt'] = $_POST['pfbmatchcnt']; +if (!isset($pfb['global']['pfbdenycnt'])) { + $pfb['global']['pfbdenycnt'] = '25'; +} +if (!isset($pfb['global']['pfbpermitcnt'])) { + $pfb['global']['pfbpermitcnt'] = '5'; +} +if (!isset($pfb['global']['pfbmatchcnt'])) { + $pfb['global']['pfbmatchcnt'] = '5'; +} +if (!isset($pfb['global']['pfbdnscnt'])) { + $pfb['global']['pfbdnscnt'] = '5'; +} +if (empty($pfb['global']['alertrefresh'])) { + $pfb['global']['alertrefresh'] = 'off'; +} +if (empty($pfb['global']['hostlookup'])) { + $pfb['global']['hostlookup'] = 'off'; +} +if (isset($_POST['save'])) { + if (!is_array($pfb['global'])) { + $pfb['global'] = array(); + } + $pfb['global']['alertrefresh'] = $_POST['alertrefresh'] ? 'on' : 'off'; + $pfb['global']['hostlookup'] = $_POST['hostlookup'] ? 'on' : 'off'; + if (is_numeric($_POST['pfbdenycnt'])) { + $pfb['global']['pfbdenycnt'] = $_POST['pfbdenycnt']; + } + if (is_numeric($_POST['pfbpermitcnt'])) { + $pfb['global']['pfbpermitcnt'] = $_POST['pfbpermitcnt']; + } + if (is_numeric($_POST['pfbmatchcnt'])) { + $pfb['global']['pfbmatchcnt'] = $_POST['pfbmatchcnt']; + } + if (is_numeric($_POST['pfbdnscnt'])) { + $pfb['global']['pfbdnscnt'] = $_POST['pfbdnscnt']; + } write_config("pfBlockerNG pkg: updated ALERTS tab settings."); header("Location: " . $_SERVER['PHP_SELF']); exit; } -if (is_array($config['installedpackages']['pfblockerngglobal'])) { - $alertrefresh = $config['installedpackages']['pfblockerngglobal']['alertrefresh']; - $hostlookup = $config['installedpackages']['pfblockerngglobal']['hostlookup']; - $pfbdenycnt = $config['installedpackages']['pfblockerngglobal']['pfbdenycnt']; - $pfbpermitcnt = $config['installedpackages']['pfblockerngglobal']['pfbpermitcnt']; - $pfbmatchcnt = $config['installedpackages']['pfblockerngglobal']['pfbmatchcnt']; +if (is_array($pfb['global'])) { + $alertrefresh = $pfb['global']['alertrefresh']; + $hostlookup = $pfb['global']['hostlookup']; + $pfbdenycnt = $pfb['global']['pfbdenycnt']; + $pfbpermitcnt = $pfb['global']['pfbpermitcnt']; + $pfbmatchcnt = $pfb['global']['pfbmatchcnt']; + $pfbdnscnt = $pfb['global']['pfbdnscnt']; +} + + +// Define Alerts Log filter Rollup window variable and collect Widget Alert Pivot details +if (isset($_REQUEST['rule'])) { + $filterfieldsarray[0] = $_REQUEST['rule']; + $pfbdenycnt = $pfbpermitcnt = $pfbmatchcnt = $_REQUEST['entries']; + $pfb['filterlogentries'] = TRUE; +} +else { + $pfb['filterlogentries'] = FALSE; } function pfb_match_filter_field($flent, $fields) { foreach ($fields as $key => $field) { - if ($field == null) + if ($field == null) { continue; + } if ((strpos($field, '!') === 0)) { $field = substr($field, 1); $field_regex = str_replace('/', '\/', str_replace('\/', '/', $field)); - if (@preg_match("/{$field_regex}/i", $flent[$key])) + if (@preg_match("/{$field_regex}/i", $flent[$key])) { return false; + } } else { $field_regex = str_replace('/', '\/', str_replace('\/', '/', $field)); - if (!@preg_match("/{$field_regex}/i", $flent[$key])) + if (!@preg_match("/{$field_regex}/i", $flent[$key])) { return false; + } } } return true; @@ -185,23 +210,22 @@ if ($_POST['filterlogentries_clear']) { } -// Collect pfBlockerNG Firewall Rules +// Collect pfBlockerNG Rule Names and Number +$rule_list = array(); +exec("/sbin/pfctl -vv -sr | grep 'pfB_'", $results); if (!empty($results)) { foreach ($results as $result) { - # Find Rule Descriptions + // Find Rule Descriptions $descr = ""; - if (preg_match("/USER_RULE: (\w+)/",$result,$desc)) + if (preg_match("/USER_RULE: (\w+)/",$result,$desc)) { $descr = $desc[1]; - - if ($pfb['pfsenseversion'] >= '2.2') { - preg_match ("/@(\d+)\(/",$result, $rule); - } else { - preg_match ("/@(\d+)\s/",$result, $rule); } + preg_match ("/@(\d+)\(/",$result, $rule); + $id = $rule[1]; - # Create array of Rule Description and pfctl Rule Number + // Create array of Rule Description and pfctl Rule Number $rule_list['id'][] = $id; $rule_list[$id]['name'] = $descr; } @@ -291,8 +315,9 @@ if (isset($_POST['addsuppress'])) { } // Call Function to Create Suppression Alias if not found. - if (!$pfb['found']) + if (!$pfb['found']) { pfb_create_suppression_alias(); + } // Save New Suppress IP to pfBlockerNGSuppress Alias if (in_array($ip . '/' . $cidr, $pfb_sup_list)) { @@ -332,12 +357,13 @@ if (isset($_POST['addsuppress'])) { if ($pfb['found'] || $pfb['update']) { // Save all Changes to pfsense config file - write_config(); + write_config("pfBlockerNG: Added {$ip} to IP Suppress List"); } } } } + // Host Resolve Function lookup function getpfbhostname($type = 'src', $hostip, $countme = 0) { $hostnames['src'] = ''; @@ -347,10 +373,18 @@ function getpfbhostname($type = 'src', $hostip, $countme = 0) { } -// Determine if Alert Host 'Dest' is within the Local Lan IP Range. -function check_lan_dest($lan_ip,$lan_mask,$dest_ip,$dest_mask="32") { - $result = check_subnets_overlap($lan_ip, $lan_mask, $dest_ip, $dest_mask); - return $result; +// For subnet addresses - Determine if Alert Host 'Dest' is within a Local IP Range. +function ip_in_pfb_localsub($subnet) { + global $pfb_localsub; + + if (!empty($pfb_localsub)) { + foreach ($pfb_localsub as $line) { + if (ip_in_subnet($subnet, $line)) { + return true; + } + } + } + return false; } @@ -373,16 +407,18 @@ function conv_log_filter_lite($logfile, $nentries, $tail, $pfbdenycnt, $pfbpermi $pfbalert = array(); $log_split = ""; - if (!preg_match("/(.*)\s(.*)\sfilterlog:\s(.*)$/", $logent, $log_split)) + if (!preg_match("/(.*)\s(.*)\sfilterlog:\s(.*)$/", $logent, $log_split)) { continue; + } list($all, $pfbalert[99], $host, $rule) = $log_split; $rule_data = explode(",", $rule); $pfbalert[0] = $rule_data[0]; // Rulenum // Skip Alert if Rule is not a pfBNG Alert - if (!in_array($pfbalert[0], $rule_list['id'])) + if (!in_array($pfbalert[0], $rule_list['id'])) { continue; + } $pfbalert[1] = $rule_data[4]; // Realint $pfbalert[3] = $rule_data[6]; // Act @@ -415,8 +451,9 @@ function conv_log_filter_lite($logfile, $nentries, $tail, $pfbdenycnt, $pfbpermi } // Skip Repeated Alerts - if (($pfbalert[3] . $pfbalert[8] . $pfbalert[10]) == $previous_dstip || ($pfbalert[3] . $pfbalert[7] . $pfbalert[9]) == $previous_srcip) + if (($pfbalert[3] . $pfbalert[8] . $pfbalert[10]) == $previous_dstip || ($pfbalert[3] . $pfbalert[7] . $pfbalert[9]) == $previous_srcip) { continue; + } $pfbalert[2] = convert_real_interface_to_friendly_descr($rule_data[4]); // Friendly Interface Name $pfbalert[6] = str_replace("TCP", "TCP-", strtoupper($pfbalert[6]), $pfbalert[6]) . $pfbalert[11]; // Protocol Flags @@ -474,12 +511,14 @@ include_once("head.inc"); include_once("fbegin.inc"); /* refresh every 60 secs */ -if ($alertrefresh == 'on') +if ($alertrefresh == 'on') { echo "<meta http-equiv=\"refresh\" content=\"60;url={$_SERVER['PHP_SELF']}\" />\n"; +} if ($savemsg) { print_info_box($savemsg); } +$skipcount = 0; $counter = 0; ?> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> @@ -518,17 +557,22 @@ if ($savemsg) { <tr> <td width="10%" class="vncell"><?php echo gettext('Alert Settings'); ?></td> <td width="90%" class="vtable"> - <input name="pfbdenycnt" type="text" class="formfld unknown" id="pdbdenycnt" size="1" title="Enter the number of 'Deny' Alerts to Show" value="<?=htmlspecialchars($pfbdenycnt);?>"/> + <input name="pfbdenycnt" type="text" class="formfld unknown" id="pdbdenycnt" size="1" + title="Enter the number of 'Deny' Alerts to Show" value="<?=htmlspecialchars($pfbdenycnt);?>"/> <?php printf(gettext('%sDeny%s. ') , '<strong>', '</strong>'); ?> - <input name="pfbpermitcnt" type="text" class="formfld unknown" id="pdbpermitcnt" size="1" title="Enter the number of 'Permit' Alerts to Show" value="<?=htmlspecialchars($pfbpermitcnt);?>"/> + <input name="pfbpermitcnt" type="text" class="formfld unknown" id="pdbpermitcnt" size="1" + title="Enter the number of 'Permit' Alerts to Show" value="<?=htmlspecialchars($pfbpermitcnt);?>"/> <?php printf(gettext('%sPermit%s. '), '<strong>', '</strong>'); ?> - <input name="pfbmatchcnt" type="text" class="formfld unknown" id="pdbmatchcnt" size="1" title="Enter the number of 'Match' Alerts to Show" value="<?=htmlspecialchars($pfbmatchcnt); ?>"/> + <input name="pfbmatchcnt" type="text" class="formfld unknown" id="pdbmatchcnt" size="1" + title="Enter the number of 'Match' Alerts to Show" value="<?=htmlspecialchars($pfbmatchcnt); ?>"/> <?php printf(gettext('%sMatch%s.'), '<strong>', '</strong>'); ?> - <?php echo gettext(' Click to Auto-Refresh');?> <input name="alertrefresh" type="checkbox" value="on" title="Click to enable Auto-Refresh of this Tab once per minute" + <?php echo gettext(' Click to Auto-Refresh');?> <input name="alertrefresh" type="checkbox" value="on" + title="Click to enable Auto-Refresh of this Tab once per minute" <?php if ($config['installedpackages']['pfblockerngglobal']['alertrefresh']=="on") echo "checked"; ?>/> - <?php echo gettext(' Click to Auto-Resolve');?> <input name="hostlookup" type="checkbox" value="on" title="Click to enable Auto-Resolve of Hostnames. Country Blocks/Permit/Match Lists will not auto-resolve" + <?php echo gettext(' Click to Auto-Resolve');?> <input name="hostlookup" type="checkbox" value="on" + title="Click to enable Auto-Resolve of Hostnames. Country Blocks/Permit/Match Lists will not auto-resolve" <?php if ($config['installedpackages']['pfblockerngglobal']['hostlookup']=="on") echo "checked"; ?>/> <input name="save" type="submit" class="formbtns" value="Save" title="<?=gettext('Save settings');?>"/><br /> @@ -542,7 +586,8 @@ if ($savemsg) { <tr id="filter_enable_row" style="display:<?php if (!$pfb['filterlogentries']) {echo "table-row;";} else {echo "none;";} ?>"> <td width="10%" class="vncell"><?php echo gettext('Filter Options'); ?></td> <td width="90%" class="vtable"> - <input name="show_filter" id="show_filter" type="button" class="formbtns" value="<?=gettext("Show Filter");?>" onclick="enable_showFilter();" /> + <input name="show_filter" id="show_filter" type="button" class="formbtns" value="<?=gettext("Show Filter");?>" + onclick="enable_showFilter();" /> <?=gettext("Click to display advanced filtering options dialog");?> </td> </tr> @@ -552,48 +597,67 @@ if ($savemsg) { <tr> <td valign="top"> <div align="center"><?=gettext("Date");?></div> - <div align="center"><input id="filterlogentries_date" name="filterlogentries_date" class="formfld search" type="text" size="15" value="<?= $filterfieldsarray[99] ?>" /></div> + <div align="center"><input id="filterlogentries_date" name="filterlogentries_date" class="formfld search" + type="text" size="15" value="<?= $filterfieldsarray[99] ?>" /></div> </td> <td valign="top"> - <div align="center"><?=gettext("Interface");?></div> - <div align="center"><input id="filterlogentries_int" name="filterlogentries_int" class="formfld search" type="text" size="15" value="<?= $filterfieldsarray[2] ?>" /></div> + <div align="center"><?=gettext("Source IP Address");?></div> + <div align="center"><input id="filterlogentries_srcip" name="filterlogentries_srcip" class="formfld search" + type="text" size="28" value="<?= $filterfieldsarray[7] ?>" /></div> </td> <td valign="top"> - <div align="center"><?=gettext("Rule Number Only");?></div> - <div align="center"><input id="filterlogentries_rule" name="filterlogentries_rule" class="formfld search" type="text" size="15" value="<?= $filterfieldsarray[0] ?>" /></div> + <div align="center"><?=gettext("Source Port");?></div> + <div align="center"><input id="filterlogentries_srcport" name="filterlogentries_srcport" class="formfld search" + type="text" size="5" value="<?= $filterfieldsarray[9] ?>" /></div> </td> <td valign="top"> - <div align="center"><?=gettext("Protocol");?></div> - <div align="center"><input id="filterlogentries_proto" name="filterlogentries_proto" class="formfld search" type="text" size="15" value="<?= $filterfieldsarray[6] ?>" /></div> + <div align="center"><?=gettext("Interface");?></div> + <div align="center"><input id="filterlogentries_int" name="filterlogentries_int" class="formfld search" + type="text" size="15" value="<?= $filterfieldsarray[2] ?>" /></div> </td> </tr> <tr> <td valign="top"> - <div align="center"><?=gettext("Source IP Address");?></div> - <div align="center"><input id="filterlogentries_srcip" name="filterlogentries_srcip" class="formfld search" type="text" size="28" value="<?= $filterfieldsarray[7] ?>" /></div> - </td> - <td valign="top"> - <div align="center"><?=gettext("Source Port");?></div> - <div align="center"><input id="filterlogentries_srcport" name="filterlogentries_srcport" class="formfld search" type="text" size="5" value="<?= $filterfieldsarray[9] ?>" /></div> + <div align="center"><?=gettext("Rule Number Only");?></div> + <div align="center"><input id="filterlogentries_rule" name="filterlogentries_rule" class="formfld search" + type="text" size="15" value="<?= $filterfieldsarray[0] ?>" /></div> </td> <td valign="top"> <div align="center"><?=gettext("Destination IP Address");?></div> - <div align="center"><input id="filterlogentries_dstip" name="filterlogentries_dstip" class="formfld search" type="text" size="28" value="<?= $filterfieldsarray[8] ?>" /></div> + <div align="center"><input id="filterlogentries_dstip" name="filterlogentries_dstip" class="formfld search" + type="text" size="28" value="<?= $filterfieldsarray[8] ?>" /></div> </td> <td valign="top"> <div align="center"><?=gettext("Destination Port");?></div> - <div align="center"><input id="filterlogentries_dstport" name="filterlogentries_dstport" class="formfld search" type="text" size="5" value="<?= $filterfieldsarray[10] ?>" /></div> + <div align="center"><input id="filterlogentries_dstport" name="filterlogentries_dstport" class="formfld search" + type="text" size="5" value="<?= $filterfieldsarray[10] ?>" /></div> + </td> + <td valign="top"> + <div align="center"><?=gettext("Protocol");?></div> + <div align="center"><input id="filterlogentries_proto" name="filterlogentries_proto" class="formfld search" + type="text" size="15" value="<?= $filterfieldsarray[6] ?>" /></div> + </td> + <td valign="top" colspan="3"> + </td> </tr> - <td colspan="5" style="vertical-align:bottom"> - <br /><?printf(gettext('Regex Style Matching Only! %1$s Regular Expression Help link%2$s.'), '<a target="_blank" href="http://www.php.net/manual/en/book.pcre.php">', '</a>');?> <?=gettext("Precede with exclamation (!) as first character to exclude match.) ");?> + <tr> + <td colspan="3" style="vertical-align:bottom"> + <br /><?printf(gettext('Regex Style Matching Only! %1$s Regular Expression Help link%2$s.'), ' + <a target="_blank" href="http://www.php.net/manual/en/book.pcre.php">', '</a>');?> + <?=gettext("Precede with exclamation (!) as first character to exclude match.) ");?> <br /><?printf(gettext("Example: ( ^80$ - Match Port 80, ^80$|^8080$ - Match both port 80 & 8080 ) "));?><br /> + </td> </tr> <tr> - <td colspan="1" style="vertical-align:bottom"> - <div align="left"><input id="filterlogentries_submit" name="filterlogentries_submit" type="submit" class="formbtns" value="<?=gettext("Apply Filter");?>" title="<?=gettext("Apply filter"); ?>" /> - <input id="filterlogentries_clear" name="filterlogentries_clear" type="submit" class="formbtns" value="<?=gettext("Clear");?>" title="<?=gettext("Remove filter");?>" /> - <input id="filterlogentries_hide" name="filterlogentries_hide" type="button" class="formbtns" value="<?=gettext("Hide");?>" onclick="enable_hideFilter();" title="<?=gettext("Hide filter options");?>" /></div> + <td colspan="3" style="vertical-align:bottom"> + <div align="left"><input id="filterlogentries_submit" name="filterlogentries_submit" type="submit" + class="formbtns" value="<?=gettext("Apply Filter");?>" title="<?=gettext("Apply filter"); ?>" /> + <input id="filterlogentries_clear" name="filterlogentries_clear" type="submit" + class="formbtns" value="<?=gettext("Clear");?>" title="<?=gettext("Remove filter");?>" /> + <input id="filterlogentries_hide" name="filterlogentries_hide" type="button" + class="formbtns" value="<?=gettext("Hide");?>" onclick="enable_hideFilter();" + title="<?=gettext("Hide filter options");?>" /></div> </td> </tr> </table> @@ -601,7 +665,7 @@ if ($savemsg) { </tr> <!--Create Three Output Windows 'Deny', 'Permit' and 'Match'--> -<?php foreach (array ("Deny" => $pfb['denydir'] . " " . $pfb['nativedir'], "Permit" => $pfb['permitdir'], "Match" => $pfb['matchdir']) as $type => $pfbfolder ): +<?php foreach (array ( "Deny" => $pfb['denydir'] . " " . $pfb['nativedir'], "Permit" => $pfb['permitdir'], "Match" => $pfb['matchdir']) as $type => $pfbfolder ): switch($type) { case "Deny": $rtype = "block"; @@ -612,15 +676,16 @@ if ($savemsg) { $pfbentries = "{$pfbpermitcnt}"; break; case "Match": - if ($pfb['pfsenseversion'] >= '2.2') { - $rtype = "unkn(%u)"; - } else { - $rtype = "unkn(11)"; - } + $rtype = "unkn(%u)"; $pfbentries = "{$pfbmatchcnt}"; break; } + // Skip Table output if $pfbentries is zero. + if ($pfbentries == 0 && $skipcount != 2) { + $skipcount++; + continue; + } ?> <table id="maintable" class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="6"> <tr> @@ -660,30 +725,27 @@ if ($savemsg) { <?php $pfb['runonce'] = TRUE; -if (isset($pfb['load'])) +if (isset($pfb['load'])) { $pfb['runonce'] = FALSE; +} // Execute the following once per refresh if ($pfb['runonce']) { $pfb['load'] = TRUE; + $resolvecounter = 0; $fields_array = array(); - // pfSense versions below 2.2 have the Logfiles in two lines. - if ($pfb['pfsenseversion'] >= '2.2') { - $pfblines = exec("/usr/local/sbin/clog {$filter_logfile} | /usr/bin/grep -c ^"); - } else { - $pfblines = (exec("/usr/local/sbin/clog {$filter_logfile} | /usr/bin/grep -c ^") /2 ); - } - + $pfblines = exec("/usr/local/sbin/clog {$filter_logfile} | /usr/bin/grep -c ^"); $fields_array = conv_log_filter_lite($filter_logfile, $pfblines, $pfblines, $pfbdenycnt, $pfbpermitcnt, $pfbmatchcnt); $continents = array('pfB_Africa','pfB_Antartica','pfB_Asia','pfB_Europe','pfB_NAmerica','pfB_Oceania','pfB_SAmerica','pfB_Top'); - $supp_ip_txt .= "Clicking this Suppression Icon, will immediately remove the Block.\n\nSuppressing a /32 CIDR is better than Suppressing the full /24"; + $supp_ip_txt = "Clicking this Suppression Icon, will immediately remove the Block.\n\nSuppressing a /32 CIDR is better than Suppressing the full /24"; $supp_ip_txt .= " CIDR.\nThe Host will be added to the pfBlockerNG Suppress Alias Table.\n\nOnly 32 or 24 CIDR IPs can be Suppressed with the '+' Icon."; $supp_ip_txt .= "\nTo manually add Host(s), edit the 'pfBlockerNGSuppress' Alias in the Alias Tab.\nManual entries will not remove existing Blocked Hosts"; // Array of all Local IPs for Alert Analysis $pfb_local = array(); + $pfb_localsub = array(); // Collect Gateway IP Addresses for Inbound/Outbound List matching $int_gateway = get_interfaces_with_gateway(); @@ -697,12 +759,16 @@ if ($pfb['runonce']) { // Collect Virtual IP Aliases for Inbound/Outbound List Matching if (is_array($config['virtualip']['vip'])) { foreach ($config['virtualip']['vip'] as $list) { - if ($list['type'] == "single" && $list['subnet_bits'] == "32") - $pfb_local[] = $list['subnet']; - elseif ($list['type'] == "single" || $list['type'] == "network") - $pfb_local = array_merge (subnet_expand ("{$list['subnet']}/{$list['subnet_bits']}"), $pfb_local); + if ($list['subnet'] != "" && $list['subnet_bits'] != "") { + if ($list['subnet_bits'] >= 24) { + $pfb_local = array_merge(subnetv4_expand("{$list['subnet']}/{$list['subnet_bits']}"), $pfb_local); + } else { + $pfb_localsub[] = "{$list['subnet']}/{$list['subnet_bits']}"; + } + } } } + // Collect NAT IP Addresses for Inbound/Outbound List Matching if (is_array($config['nat']['rule'])) { foreach ($config['nat']['rule'] as $natent) { @@ -711,7 +777,7 @@ if ($pfb['runonce']) { } // Collect 1:1 NAT IP Addresses for Inbound/Outbound List Matching - if(is_array($config['nat']['onetoone'])) { + if (is_array($config['nat']['onetoone'])) { foreach ($config['nat']['onetoone'] as $onetoone) { $pfb_local[] = $onetoone['source']['address']; } @@ -729,17 +795,27 @@ if ($pfb['runonce']) { } } } - // Remove any Duplicate IPs - $pfb_local = array_unique($pfb_local); - // Determine Lan IP Address and Mask - if (is_array($config['interfaces']['lan'])) { - $lan_ip = $config['interfaces']['lan']['ipaddr']; - $lan_mask = $config['interfaces']['lan']['subnet']; + // Collect all Interface Addresses for Inbound/Outbound List Matching + if (is_array($config['interfaces'])) { + foreach ($config['interfaces'] as $int) { + if ($int['ipaddr'] != "dhcp") { + if ($int['ipaddr'] != "" && $int['subnet'] != "") { + if ($int['subnet'] >= 24) { + $pfb_local = array_merge(subnetv4_expand("{$int['ipaddr']}/{$int['subnet']}"), $pfb_local); + } else { + $pfb_localsub[] = "{$int['ipaddr']}/{$int['subnet']}"; + } + } + } + } } + + // Remove any Duplicate IPs + $pfb_local = array_unique($pfb_local); + $pfb_localsub = array_unique($pfb_localsub); } -$counter = 0; // Process Fields_array and generate Output if (!empty($fields_array[$type]) && !empty($rule_list)) { $key = 0; @@ -774,19 +850,19 @@ if (!empty($fields_array[$type]) && !empty($rule_list)) { } // Add DNS Resolve and Suppression Icons to External IPs only. GeoIP Code to External IPs only. - if (in_array($fields[8], $pfb_local) || check_lan_dest($lan_ip,$lan_mask,$fields[8],"32")) { + if (in_array($fields[8], $pfb_local) || ip_in_pfb_localsub($fields[8])) { // Destination is Gateway/NAT/VIP $rule = $rule_list[$rulenum]['name'] . "<br />(" . $rulenum .")"; $host = $fields[7]; - $alert_ip .= "<a href='/pfblockerng/pfblockerng_diag_dns.php?host={$host}' title=\" " . gettext("Resolve host via Rev. DNS lookup"); - $alert_ip .= "\"> <img src=\"/themes/{$g['theme']}/images/icons/icon_log.gif\" width=\"11\" height=\"11\" border=\"0\" "; - $alert_ip .= "alt=\"Icon Reverse Resolve with DNS\" style=\"cursor: pointer;\"/></a>"; + $alert_ip = "<a href='/pfblockerng/pfblockerng_diag_dns.php?host={$host}' title=\" " . gettext("Resolve host via Rev. DNS lookup"); + $alert_ip .= "\"> <img src=\"/themes/{$g['theme']}/images/icons/icon_log.gif\" width='11' height='11' border='0' "; + $alert_ip .= "alt=\"Icon Reverse Resolve with DNS\" style=\"cursor: pointer;\" /></a>"; if ($pfb_query != "Country" && $rtype == "block" && $pfb['supp'] == "on") { - $supp_ip .= "<input type='image' name='addsuppress[]' onclick=\"hostruleid('{$host}','{$rule_list[$rulenum]['name']}');\" "; + $supp_ip = "<input type='image' name='addsuppress[]' onclick=\"hostruleid('{$host}','{$rule_list[$rulenum]['name']}');\" "; $supp_ip .= "src=\"../themes/{$g['theme']}/images/icons/icon_pass_add.gif\" title=\""; - $supp_ip .= gettext($supp_ip_txt) . "\" border=\"0\" width='11' height='11'/>"; + $supp_ip .= gettext($supp_ip_txt) . "\" border='0' width='11' height='11' />"; } if ($pfb_query != "Country" && $rtype == "block" && $hostlookup == "on") { @@ -802,14 +878,14 @@ if (!empty($fields_array[$type]) && !empty($rule_list)) { $rule = $rule_list[$rulenum]['name'] . "<br />(" . $rulenum .")"; $host = $fields[8]; - $alert_ip .= "<a href='/pfblockerng/pfblockerng_diag_dns.php?host={$host}' title=\"" . gettext("Resolve host via Rev. DNS lookup"); - $alert_ip .= "\"> <img src=\"/themes/{$g['theme']}/images/icons/icon_log.gif\" width=\"11\" height=\"11\" border=\"0\" "; - $alert_ip .= "alt=\"Icon Reverse Resolve with DNS\" style=\"cursor: pointer;\"/></a>"; + $alert_ip = "<a href='/pfblockerng/pfblockerng_diag_dns.php?host={$host}' title=\"" . gettext("Resolve host via Rev. DNS lookup"); + $alert_ip .= "\"> <img src=\"/themes/{$g['theme']}/images/icons/icon_log.gif\" width='11' height='11' border='0' "; + $alert_ip .= "alt=\"Icon Reverse Resolve with DNS\" style=\"cursor: pointer;\" /></a>"; if ($pfb_query != "Country" && $rtype == "block" && $pfb['supp'] == "on") { - $supp_ip .= "<input type='image' name='addsuppress[]' onclick=\"hostruleid('{$host}','{$rule_list[$rulenum]['name']}');\" "; + $supp_ip = "<input type='image' name='addsuppress[]' onclick=\"hostruleid('{$host}','{$rule_list[$rulenum]['name']}');\" "; $supp_ip .= "src=\"../themes/{$g['theme']}/images/icons/icon_pass_add.gif\" title=\""; - $supp_ip .= gettext($supp_ip_txt) . "\" border=\"0\" width='11' height='11'/>"; + $supp_ip .= gettext($supp_ip_txt) . "\" border='0' width='11' height='11' />"; } if ($pfb_query != "Country" && $rtype == "block" && $hostlookup == "on") { @@ -829,7 +905,7 @@ if (!empty($fields_array[$type]) && !empty($rule_list)) { $country = substr(exec("$pathgeoip6 -f $pathgeoipdat6 $host"),26,2); } - # IP Query Grep Exclusion + // IP Query Grep Exclusion $pfb_ex1 = "grep -v 'pfB\_\|\_v6\.txt'"; $pfb_ex2 = "grep -v 'pfB\_\|/32\|/24\|\_v6\.txt' | grep -m1 '/'"; @@ -857,8 +933,9 @@ if (!empty($fields_array[$type]) && !empty($rule_list)) { $host3 = $host2 - $cnt . '\''; $pfb_query = exec("/usr/bin/grep -rH {$host1}{$host3} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex2}"); // Break out of loop if found. - if (!empty($pfb_query)) + if (!empty($pfb_query)) { $cnt = 6; + } } } // Search for First Three Octets @@ -886,10 +963,11 @@ if (!empty($fields_array[$type]) && !empty($rule_list)) { } // Default to "No Match" if not found. - if (empty($pfb_query)) + if (empty($pfb_query)) { $pfb_query = "No Match"; + } - # Split List Column into Two lines. + // Split List Column into Two lines. unset ($pfb_match); if ($pfb_query == "No Match") { $pfb_match[1] = "{$pfb_query}"; @@ -921,43 +999,44 @@ if (!empty($fields_array[$type]) && !empty($rule_list)) { } // Print Alternating Line Shading - if ($pfb['pfsenseversion'] > '2.0') { - $alertRowEvenClass = "listMReven"; - $alertRowOddClass = "listMRodd"; - } else { - $alertRowEvenClass = "listr"; - $alertRowOddClass = "listr"; - } + $alertRowEvenClass = "style='background-color: #D8D8D8;'"; + $alertRowOddClass = "style='background-color: #E8E8E8;'"; $alertRowClass = $counter % 2 ? $alertRowEvenClass : $alertRowOddClass; - echo "<tr class='{$alertRowClass}'> + echo "<tr {$alertRowClass}> <td class='listMRr' align='center'>{$fields[99]}</td> <td class='listMRr' align='center'>{$fields[2]}</td> <td class='listMRr' align='center' title='The pfBlockerNG Rule that Blocked this Host.'>{$rule}</td> <td class='listMRr' align='center'>{$fields[6]}</td> - <td class='listMRr' align='center' style='sorttable_customkey:{$fields[7]};' sorttable_customkey='{$fields[7]}'>{$src_icons}{$fields[97]}{$srcport}<br /><small>{$hostname['src']}</small></td> - <td class='listMRr' align='center' style='sorttable_customkey:{$fields[8]};' sorttable_customkey='{$fields[8]}'>{$dst_icons}{$fields[98]}{$dstport}<br /><small>{$hostname['dst']}</small></td> + <td class='listMRr' align='center' sorttable_customkey='{$fields[97]}'>{$src_icons}{$fields[97]}{$srcport}<br /><small>{$hostname['src']}</small></td> + <td class='listMRr' align='center' sorttable_customkey='{$fields[98]}'>{$dst_icons}{$fields[98]}{$dstport}<br /><small>{$hostname['dst']}</small></td> <td class='listMRr' align='center'>{$country}</td> <td class='listbg' align='center' title='{$pfb_matchtitle}' style=\"font-size: 10px word-wrap:break-word;\">{$pfb_match[1]}<br />{$pfb_match[2]}</td></tr>"; $counter++; - if ($counter > 0 && $rtype == "block") { - $mycounter = $counter; - } else { - $mycounter = 0; + if ($rtype == "block") { + $resolvecounter = $counter; } } } } ?> </tbody> + <tr> + <!--Print Final Table Info--> + <?php + if ($pfbentries != $counter) { + $msg = " - Insufficient Firewall Alerts found."; + } + echo (" <td colspan='8' style='font-size:10px; background-color: #F0F0F0;' >Found {$counter} Alert Entries {$msg}</td>"); + $counter = 0; $msg = ''; + ?> + </tr> </table> </table> <?php endforeach; ?> <!--End - Create Three Output Windows 'Deny', 'Permit' and 'Match'--> <?php unset ($fields_array); ?> </td></tr> </table> - -</div> </td> <script type="text/javascript"> @@ -991,7 +1070,7 @@ function findhostnames(counter) { ) } -var alertlines = <?php echo $mycounter; ?>; +var alertlines = <?php echo $resolvecounter; ?>; var autoresolve = "<?php echo $config['installedpackages']['pfblockerngglobal']['hostlookup']; ?>"; if ( autoresolve == "on" ) { for (alertcount = 0; alertcount < alertlines; alertcount++) { @@ -1014,4 +1093,4 @@ function enable_hideFilter() { <?php include("fend.inc"); ?> </form> </body> -</html> +</html>
\ No newline at end of file |