aboutsummaryrefslogtreecommitdiffstats
path: root/config/snort/snort_ip_reputation.php
diff options
context:
space:
mode:
Diffstat (limited to 'config/snort/snort_ip_reputation.php')
-rw-r--r--config/snort/snort_ip_reputation.php58
1 files changed, 45 insertions, 13 deletions
diff --git a/config/snort/snort_ip_reputation.php b/config/snort/snort_ip_reputation.php
index a59021db..3de8c661 100644
--- a/config/snort/snort_ip_reputation.php
+++ b/config/snort/snort_ip_reputation.php
@@ -75,13 +75,24 @@ if ($_POST['mode'] == 'blist_add' && isset($_POST['iplist'])) {
// Test the supplied IP List file to see if it exists
if (file_exists($_POST['iplist'])) {
- $a_nat[$id]['blist_files']['item'][] = basename($_POST['iplist']);
- write_config();
- $pconfig['blist_files'] = $a_nat[$id]['blist_files'];
- $pconfig['wlist_files'] = $a_nat[$id]['wlist_files'];
+ // See if the file is already assigned to the interface
+ foreach ($a_nat[$id]['blist_files']['item'] as $f) {
+ if ($f == basename($_POST['iplist'])) {
+ $input_errors[] = gettext("The file {$f} is already assigned as a blacklist file.");
+ break;
+ }
+ }
+ if (!$input_errors) {
+ $a_nat[$id]['blist_files']['item'][] = basename($_POST['iplist']);
+ write_config("Snort pkg: added new blacklist file for IP REPUTATION preprocessor.");
+ mark_subsystem_dirty('snort_iprep');
+ }
}
else
$input_errors[] = gettext("The file '{$_POST['iplist']}' could not be found.");
+
+ $pconfig['blist_files'] = $a_nat[$id]['blist_files'];
+ $pconfig['wlist_files'] = $a_nat[$id]['wlist_files'];
}
if ($_POST['mode'] == 'wlist_add' && isset($_POST['iplist'])) {
@@ -89,19 +100,31 @@ if ($_POST['mode'] == 'wlist_add' && isset($_POST['iplist'])) {
// Test the supplied IP List file to see if it exists
if (file_exists($_POST['iplist'])) {
- $a_nat[$id]['wlist_files']['item'][] = basename($_POST['iplist']);
- write_config();
- $pconfig['wlist_files'] = $a_nat[$id]['wlist_files'];
- $pconfig['blist_files'] = $a_nat[$id]['blist_files'];
+ // See if the file is already assigned to the interface
+ foreach ($a_nat[$id]['wlist_files']['item'] as $f) {
+ if ($f == basename($_POST['iplist'])) {
+ $input_errors[] = gettext("The file {$f} is already assigned as a whitelist file.");
+ break;
+ }
+ }
+ if (!$input_errors) {
+ $a_nat[$id]['wlist_files']['item'][] = basename($_POST['iplist']);
+ write_config("Snort pkg: added new whitelist file for IP REPUTATION preprocessor.");
+ mark_subsystem_dirty('snort_iprep');
+ }
}
else
$input_errors[] = gettext("The file '{$_POST['iplist']}' could not be found.");
+
+ $pconfig['blist_files'] = $a_nat[$id]['blist_files'];
+ $pconfig['wlist_files'] = $a_nat[$id]['wlist_files'];
}
if ($_POST['blist_del'] && is_numericint($_POST['list_id'])) {
$pconfig = $_POST;
unset($a_nat[$id]['blist_files']['item'][$_POST['list_id']]);
- write_config();
+ write_config("Snort pkg: deleted blacklist file for IP REPUTATION preprocessor.");
+ mark_subsystem_dirty('snort_iprep');
$pconfig['blist_files'] = $a_nat[$id]['blist_files'];
$pconfig['wlist_files'] = $a_nat[$id]['wlist_files'];
}
@@ -109,12 +132,13 @@ if ($_POST['blist_del'] && is_numericint($_POST['list_id'])) {
if ($_POST['wlist_del'] && is_numericint($_POST['list_id'])) {
$pconfig = $_POST;
unset($a_nat[$id]['wlist_files']['item'][$_POST['list_id']]);
- write_config();
+ write_config("Snort pkg: deleted whitelist file for IP REPUTATION preprocessor.");
+ mark_subsystem_dirty('snort_iprep');
$pconfig['wlist_files'] = $a_nat[$id]['wlist_files'];
$pconfig['blist_files'] = $a_nat[$id]['blist_files'];
}
-if ($_POST['save']) {
+if ($_POST['save'] || $_POST['apply']) {
$natent = array();
$natent = $pconfig;
@@ -134,7 +158,7 @@ if ($_POST['save']) {
$a_nat[$id] = $natent;
- write_config();
+ write_config("Snort pkg: modified IP REPUTATION preprocessor settings for {$a_nat[$id]['interface']}.");
// Update the snort conf file for this interface
$rebuild_rules = false;
@@ -143,6 +167,9 @@ if ($_POST['save']) {
// Soft-restart Snort to live-load new variables
snort_reload_config($a_nat[$id]);
$pconfig = $natent;
+
+ // We have saved changes and done a soft restart, so clear "dirty" flag
+ clear_subsystem_dirty('snort_iprep');
}
else
$pconfig = $_POST;
@@ -169,6 +196,11 @@ if ($savemsg)
<input type="hidden" id="mode" name="mode" value="" />
<input name="iplist" id="iplist" type="hidden" value="" />
<input name="list_id" id="list_id" type="hidden" value="" />
+
+<?php if (is_subsystem_dirty('snort_iprep')): ?><p>
+<?php print_info_box_np(gettext("A change has been made to blacklist or whitelist file assignments.") . "<br/>" . gettext("You must apply the changes in order for them to take effect."));?>
+<?php endif; ?>
+
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td>
@@ -379,7 +411,6 @@ if ($savemsg)
</td>
</tr>
</table>
-</form>
<script type="text/javascript">
Event.observe(
@@ -469,6 +500,7 @@ function wlistComplete(req) {
</script>
+</form>
<?php include("fend.inc"); ?>
</body>
</html>
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-12 07:06:50 +0000