diff options
Diffstat (limited to 'config')
-rwxr-xr-x | config/snort/snort.inc | 109 | ||||
-rwxr-xr-x | config/snort/snort.xml | 4 | ||||
-rwxr-xr-x | config/snort/snort_alerts.php | 83 | ||||
-rw-r--r-- | config/snort/snort_blocked.php | 68 | ||||
-rwxr-xr-x | config/snort/snort_download_updates.php | 2 | ||||
-rwxr-xr-x | config/snort/snort_interfaces_edit.php | 6 | ||||
-rw-r--r-- | config/snort/snort_interfaces_global.php | 4 | ||||
-rw-r--r-- | config/snort/snort_migrate_config.php | 2 | ||||
-rw-r--r-- | config/snort/snort_passlist_edit.php | 134 | ||||
-rw-r--r-- | config/snort/snort_post_install.php | 2 | ||||
-rwxr-xr-x | config/snort/snort_preprocessors.php | 37 | ||||
-rwxr-xr-x | config/snort/snort_rules.php | 60 | ||||
-rw-r--r-- | config/snort/snort_rules_flowbits.php | 4 |
13 files changed, 367 insertions, 148 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc index 2a6d006a..e442755a 100755 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -51,7 +51,7 @@ $snortver = array(); exec("/usr/local/bin/snort -V 2>&1 |/usr/bin/grep Version | /usr/bin/cut -c20-26", $snortver); /* Used to indicate latest version of this include file has been loaded */ -$pfSense_snort_version = "3.1.1"; +$pfSense_snort_version = "3.1.2"; /* get installed package version for display */ $snort_package_version = "Snort {$config['installedpackages']['package'][get_pkg_id("snort")]['version']}"; @@ -333,9 +333,11 @@ function snort_build_list($snortcfg, $listname = "", $whitelist = false) { $home_net = explode(" ", trim(filter_expand_alias($list['address']))); } - /* Always add loopback to HOME_NET and whitelist (ftphelper) */ + /* Always add loopback addresses to HOME_NET and whitelist */ if (!in_array("127.0.0.1", $home_net)) $home_net[] = "127.0.0.1"; + if (!in_array("::1", $home_net)) + $home_net[] = "::1"; /********************************************************************/ /* Always put the interface running Snort in HOME_NET and whitelist */ @@ -363,27 +365,37 @@ function snort_build_list($snortcfg, $listname = "", $whitelist = false) { } } - /* Handle IPv6 if available (2.1 and higher) */ - if (function_exists('get_interface_ipv6')) { - $snortip = get_interface_ipv6($snortcfg['interface']); - if (!$whitelist || $localnet == 'yes' || empty($localnet)) { - if (is_ipaddrv6($snortip)) { - if ($snortcfg['interface'] <> "wan") { - $sn = get_interface_subnetv6($snortcfg['interface']); - $ip = gen_subnetv6($snortip, $sn). "/{$sn}"; - if (!in_array($ip, $home_net)) - $home_net[] = $ip; - } + $snortip = get_interface_ipv6($snortcfg['interface']); + if (!$whitelist || $localnet == 'yes' || empty($localnet)) { + if (is_ipaddrv6($snortip)) { + if ($snortcfg['interface'] <> "wan") { + $sn = get_interface_subnetv6($snortcfg['interface']); + $ip = gen_subnetv6($snortip, $sn). "/{$sn}"; + if (!in_array($ip, $home_net)) + $home_net[] = $ip; } } - else { - if (is_ipaddrv6($snortip)) { - if (!in_array($snortip, $home_net)) - $home_net[] = $snortip; - } + } + else { + if (is_ipaddrv6($snortip)) { + // Trim off the interface designation (e.g., %em1) if present + if (strpos($snortip, "%") !== FALSE) + $snortip = substr($snortip, 0, strpos($snortip, "%")); + if (!in_array($snortip, $home_net)) + $home_net[] = $snortip; } } + // Add link-local address + $snortip = get_interface_linklocal($snortcfg['interface']); + if (!empty($snortip)) { + // Trim off the interface designation (e.g., %em1) if present + if (strpos($snortip, "%") !== FALSE) + $snortip = substr($snortip, 0, strpos($snortip, "%")); + if (!in_array($snortip, $home_net)) + $home_net[] = $snortip; + } + if (!$whitelist || $localnet == 'yes' || empty($localnet)) { /*************************************************************************/ /* Iterate through the interface list and write out whitelist items and */ @@ -402,16 +414,23 @@ function snort_build_list($snortcfg, $listname = "", $whitelist = false) { if (!in_array($ip, $home_net)) $home_net[] = $ip; } - if (function_exists("get_interface_ipv6")) { - if ($int == "wan") - continue; - $subnet = get_interface_ipv6($int); - if (is_ipaddrv6($subnet)) { - $sn = get_interface_subnetv6($int); - $ip = gen_subnetv6($subnet, $sn). "/{$sn}"; - if (!in_array($ip, $home_net)) - $home_net[] = $ip; - } + + $subnet = get_interface_ipv6($int); + if (is_ipaddrv6($subnet)) { + $sn = get_interface_subnetv6($int); + $ip = gen_subnetv6($subnet, $sn). "/{$sn}"; + if (!in_array($ip, $home_net)) + $home_net[] = $ip; + } + + // Add link-local address + $snortip = get_interface_linklocal($int); + if (!empty($snortip)) { + // Trim off the interface designation (e.g., %em1) if present + if (strpos($snortip, "%") !== FALSE) + $snortip = substr($snortip, 0, strpos($snortip, "%")); + if (!in_array($snortip, $home_net)) + $home_net[] = $snortip; } } } @@ -422,12 +441,23 @@ function snort_build_list($snortcfg, $listname = "", $whitelist = false) { if (!in_array($ip, $home_net)) $home_net[] = $ip; } - if (function_exists("get_interface_ipv6")) { - $ip = get_interface_ipv6("wan"); - if (is_ipaddrv6($ip)) { - if (!in_array($ip, $home_net)) - $home_net[] = $ip; - } + $ip = get_interface_ipv6("wan"); + if (is_ipaddrv6($ip)) { + // Trim off the interface designation (e.g., %em1) if present + if (strpos($ip, "%") !== FALSE) + $ip = substr($ip, 0, strpos($ip, "%")); + if (!in_array($ip, $home_net)) + $home_net[] = $ip; + } + + // Add link-local address + $snortip = get_interface_linklocal("wan"); + if (!empty($snortip)) { + // Trim off the interface designation (e.g., %em1) if present + if (strpos($snortip, "%") !== FALSE) + $snortip = substr($snortip, 0, strpos($snortip, "%")); + if (!in_array($snortip, $home_net)) + $home_net[] = $snortip; } } @@ -441,11 +471,12 @@ function snort_build_list($snortcfg, $listname = "", $whitelist = false) { $gw = get_interface_gateway($snortcfg['interface']); if (is_ipaddr($gw) && !in_array($gw, $home_net)) $home_net[] = $gw; - if (function_exists("get_interface_gateway_v6")) { - $gw = get_interface_gateway_v6($snortcfg['interface']); - if (is_ipaddrv6($gw) && !in_array($gw, $home_net)) - $home_net[] = $gw; - } + $gw = get_interface_gateway_v6($snortcfg['interface']); + // Trim off the interface designation (e.g., %em1) if present + if (strpos($gw, "%") !== FALSE) + $gw = substr($gw, 0, strpos($gw, "%")); + if (is_ipaddrv6($gw) && !in_array($gw, $home_net)) + $home_net[] = $gw; } if ($wandns == 'yes') { diff --git a/config/snort/snort.xml b/config/snort/snort.xml index 3feede80..663ce4eb 100755 --- a/config/snort/snort.xml +++ b/config/snort/snort.xml @@ -47,7 +47,7 @@ <faq>Currently there are no FAQ items provided.</faq> <name>Snort</name> <version>2.9.6.2</version> - <title>Services:2.9.6.2 pkg v3.1.1</title> + <title>Services:2.9.6.2 pkg v3.1.2</title> <include_file>/usr/local/pkg/snort/snort.inc</include_file> <menu> <name>Snort</name> @@ -279,7 +279,7 @@ </custom_add_php_command> <custom_php_resync_config_command> <![CDATA[ - if ($GLOBALS['pfSense_snort_version'] == "3.1.1") + if ($GLOBALS['pfSense_snort_version'] == "3.1.2") sync_snort_package_config(); ]]> </custom_php_resync_config_command> diff --git a/config/snort/snort_alerts.php b/config/snort/snort_alerts.php index 1c9d8492..c04f4e31 100755 --- a/config/snort/snort_alerts.php +++ b/config/snort/snort_alerts.php @@ -7,6 +7,7 @@ * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. * Copyright (C) 2006 Scott Ullrich * Copyright (C) 2012 Ermal Luci + * Copyright (C) 2014 Jim Pingle jim@pingle.org * Copyright (C) 2013,2014 Bill Meeks * All rights reserved. * @@ -164,6 +165,21 @@ if (empty($pconfig['arefresh'])) $pconfig['arefresh'] = 'off'; $anentries = $pconfig['alertnumber']; +# --- AJAX REVERSE DNS RESOLVE Start --- +if (isset($_POST['resolve'])) { + $ip = strtolower($_POST['resolve']); + $res = (is_ipaddr($ip) ? gethostbyaddr($ip) : ''); + + if ($res && $res != $ip) + $response = array('resolve_ip' => $ip, 'resolve_text' => $res); + else + $response = array('resolve_ip' => $ip, 'resolve_text' => gettext("Cannot resolve")); + + echo json_encode(str_replace("\\","\\\\", $response)); // single escape chars can break JSON decode + exit; +} +# --- AJAX REVERSE DNS RESOLVE End --- + if ($_POST['save']) { if (!is_array($config['installedpackages']['snortglobal']['alertsblocks'])) $config['installedpackages']['snortglobal']['alertsblocks'] = array(); @@ -344,7 +360,6 @@ include_once("head.inc"); ?> <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<script src="/javascript/filter_log.js" type="text/javascript"></script> <?php include_once("fbegin.inc"); @@ -444,7 +459,7 @@ if ($savemsg) { <col axis="string"> </colgroup> <thead> - <tr> + <tr class="sortableHeaderRowIdentifier"> <th class="listhdrr" axis="date"><?php echo gettext("Date"); ?></th> <th class="listhdrr" axis="number"><?php echo gettext("Pri"); ?></th> <th class="listhdrr" axis="string"><?php echo gettext("Proto"); ?></th> @@ -488,16 +503,12 @@ if (file_exists("{$snortlogdir}/snort_{$if_real}{$snort_uuid}/alert")) { $alert_ip_src = $fields[6]; /* Add zero-width space as soft-break opportunity after each colon if we have an IPv6 address */ $alert_ip_src = str_replace(":", ":​", $alert_ip_src); + /* Add Reverse DNS lookup icons (two different links if pfSense version supports them) */ $alert_ip_src .= "<br/>"; - if ($pfs_version > 2.0) { - $alert_ip_src .= "<a onclick=\"javascript:getURL('/diag_dns.php?host={$fields[6]}&dialog_output=true', outputrule);\">"; - $alert_ip_src .= "<img src='../themes/{$g['theme']}/images/icons/icon_log_d.gif' width='11' height='11' border='0' "; - $alert_ip_src .= "title='" . gettext("Resolve host via reverse DNS lookup (quick pop-up)") . "' style=\"cursor: pointer;\"></a> "; - } - $alert_ip_src .= "<a href='/diag_dns.php?host={$fields[6]}&instance={$instanceid}'>"; - $alert_ip_src .= "<img src='../themes/{$g['theme']}/images/icons/icon_log.gif' width='11' height='11' border='0' "; - $alert_ip_src .= "title='" . gettext("Resolve host via reverse DNS lookup") . "'></a>"; + $alert_ip_src .= "<img onclick=\"javascript:resolve_with_ajax('{$fields[6]}');\" title=\""; + $alert_ip_src .= gettext("Resolve host via reverse DNS lookup") . "\" border=\"0\" src=\"/themes/{$g['theme']}/images/icons/icon_log.gif\" alt=\"Icon Reverse Resolve with DNS\" "; + $alert_ip_src .= " style=\"cursor: pointer;\"/>"; /* Add icons for auto-adding to Suppress List if appropriate */ if (!snort_is_alert_globally_suppressed($supplist, $fields[1], $fields[2]) && @@ -521,16 +532,13 @@ if (file_exists("{$snortlogdir}/snort_{$if_real}{$snort_uuid}/alert")) { $alert_ip_dst = $fields[8]; /* Add zero-width space as soft-break opportunity after each colon if we have an IPv6 address */ $alert_ip_dst = str_replace(":", ":​", $alert_ip_dst); + /* Add Reverse DNS lookup icons (two different links if pfSense version supports them) */ $alert_ip_dst .= "<br/>"; - if ($pfs_version > 2.0) { - $alert_ip_dst .= "<a onclick=\"javascript:getURL('/diag_dns.php?host={$fields[8]}&dialog_output=true', outputrule);\">"; - $alert_ip_dst .= "<img src='../themes/{$g['theme']}/images/icons/icon_log_d.gif' width='11' height='11' border='0' "; - $alert_ip_dst .= "title='" . gettext("Resolve host via reverse DNS lookup (quick pop-up)") . "' style=\"cursor: pointer;\"></a> "; - } - $alert_ip_dst .= "<a href='/diag_dns.php?host={$fields[8]}&instance={$instanceid}'>"; - $alert_ip_dst .= "<img src='../themes/{$g['theme']}/images/icons/icon_log.gif' width='11' height='11' border='0' "; - $alert_ip_dst .= "title='" . gettext("Resolve host via reverse DNS lookup") . "'></a>"; + $alert_ip_dst .= "<img onclick=\"javascript:resolve_with_ajax('{$fields[8]}');\" title=\""; + $alert_ip_dst .= gettext("Resolve host via reverse DNS lookup") . "\" border=\"0\" src=\"/themes/{$g['theme']}/images/icons/icon_log.gif\" alt=\"Icon Reverse Resolve with DNS\" "; + $alert_ip_dst .= " style=\"cursor: pointer;\"/>"; + /* Add icons for auto-adding to Suppress List if appropriate */ if (!snort_is_alert_globally_suppressed($supplist, $fields[1], $fields[2]) && !isset($supplist[$fields[1]][$fields[2]]['by_dst'][$fields[8]])) { @@ -580,11 +588,11 @@ if (file_exists("{$snortlogdir}/snort_{$if_real}{$snort_uuid}/alert")) { <td class='listr' align='center'>{$alert_priority}</td> <td class='listr' align='center'>{$alert_proto}</td> <td class='listr' style=\"word-wrap:break-word;\">{$alert_class}</td> - <td class='listr' align='center' sorttable_customkey='{$fields[6]}'>{$alert_ip_src}</td> + <td class='listr' align='center' style=\"sorttable_customkey:{$fields[6]};\" sorttable_customkey=\"{$fields[6]}\">{$alert_ip_src}</td> <td class='listr' align='center'>{$alert_src_p}</td> - <td class='listr' align='center' sorttable_customkey='{$fields[8]}'>{$alert_ip_dst}</td> + <td class='listr' align='center' style=\"sorttable_customkey:{$fields[8]};\" sorttable_customkey=\"{$fields[8]}\">{$alert_ip_dst}</td> <td class='listr' align='center'>{$alert_dst_p}</td> - <td class='listr' align='center' sorttable_customkey='{$fields[2]}'>{$alert_sid_str}<br/>{$sidsupplink} {$sid_dsbl_link}</td> + <td class='listr' align='center' style=\"sorttable_customkey:{$fields[2]};\" sorttable_customkey=\"{$fields[2]}\">{$alert_sid_str}<br/>{$sidsupplink} {$sid_dsbl_link}</td> <td class='listbg' style=\"word-wrap:break-word;\">{$alert_descr}</td> </tr>\n"; $counter++; @@ -622,5 +630,38 @@ function encRuleSig(rulegid,rulesid,srcip,ruledescr) { document.getElementById("descr").value = ruledescr; } </script> + +<!-- The following AJAX code was borrowed from the diag_logs_filter.php --> +<!-- file in pfSense. See copyright info at top of this page. --> +<script type="text/javascript"> +//<![CDATA[ +function resolve_with_ajax(ip_to_resolve) { + var url = "/snort/snort_alerts.php"; + + jQuery.ajax( + url, + { + type: 'post', + dataType: 'json', + data: { + resolve: ip_to_resolve, + }, + complete: resolve_ip_callback + }); +} + +function resolve_ip_callback(transport) { + var response = jQuery.parseJSON(transport.responseText); + var msg = 'IP address "' + response.resolve_ip + '" resolves to\n'; + alert(msg + 'host "' + htmlspecialchars(response.resolve_text) + '"'); +} + +// From http://stackoverflow.com/questions/5499078/fastest-method-to-escape-html-tags-as-html-entities +function htmlspecialchars(str) { + return str.replace(/&/g, '&').replace(/</g, '<').replace(/>/g, '>').replace(/"/g, '"').replace(/'/g, '''); +} +//]]> +</script> + </body> </html> diff --git a/config/snort/snort_blocked.php b/config/snort/snort_blocked.php index 97301a0f..087724e3 100644 --- a/config/snort/snort_blocked.php +++ b/config/snort/snort_blocked.php @@ -7,6 +7,7 @@ * * Modified for the Pfsense snort package v. 1.8+ * Copyright (C) 2009 Robert Zelaya Sr. Developer + * Copyright (C) 2014 Jim Pingle jim@pingle.org * Copyright (C) 2014 Bill Meeks * * Redistribution and use in source and binary forms, with or without @@ -50,6 +51,21 @@ if (empty($pconfig['blertnumber'])) else $bnentries = $pconfig['blertnumber']; +# --- AJAX REVERSE DNS RESOLVE Start --- +if (isset($_POST['resolve'])) { + $ip = strtolower($_POST['resolve']); + $res = (is_ipaddr($ip) ? gethostbyaddr($ip) : ''); + + if ($res && $res != $ip) + $response = array('resolve_ip' => $ip, 'resolve_text' => $res); + else + $response = array('resolve_ip' => $ip, 'resolve_text' => gettext("Cannot resolve")); + + echo json_encode(str_replace("\\","\\\\", $response)); // single escape chars can break JSON decode + exit; +} +# --- AJAX REVERSE DNS RESOLVE End --- + if ($_POST['todelete']) { $ip = ""; if ($_POST['ip']) @@ -133,7 +149,6 @@ include_once("head.inc"); ?> <body link="#000000" vlink="#000000" alink="#000000"> -<script src="/javascript/filter_log.js" type="text/javascript"></script> <?php @@ -214,11 +229,11 @@ if ($savemsg) { <col width="10%" align="center"> </colgroup> <thead> - <tr> + <tr class="sortableHeaderRowIdentifier"> <th class="listhdrr" axis="number">#</th> <th class="listhdrr" axis="string"><?php echo gettext("IP"); ?></th> <th class="listhdrr" axis="string"><?php echo gettext("Alert Description"); ?></th> - <th class="listhdrr"><?php echo gettext("Remove"); ?></th> + <th class="listhdrr sorttable_nosort"><?php echo gettext("Remove"); ?></th> </tr> </thead> <tbody> @@ -278,20 +293,16 @@ if ($savemsg) { $tmp_ip = str_replace(":", ":​", $blocked_ip); /* Add reverse DNS lookup icons (two different links if pfSense version supports them) */ $rdns_link = ""; - if ($pfs_version > 2.0) { - $rdns_link .= "<a onclick=\"javascript:getURL('/diag_dns.php?host={$blocked_ip}&dialog_output=true', outputrule);\">"; - $rdns_link .= "<img src='../themes/{$g['theme']}/images/icons/icon_log_d.gif' width='11' height='11' border='0' "; - $rdns_link .= "title='" . gettext("Resolve host via reverse DNS lookup (quick pop-up)") . "' style=\"cursor: pointer;\"></a> "; - } - $rdns_link .= "<a href='/diag_dns.php?host={$blocked_ip}'>"; - $rdns_link .= "<img src='../themes/{$g['theme']}/images/icons/icon_log.gif' width='11' height='11' border='0' "; - $rdns_link .= "title='" . gettext("Resolve host via reverse DNS lookup") . "'></a>"; + $rdns_link .= "<img onclick=\"javascript:resolve_with_ajax('{$blocked_ip}');\" title=\""; + $rdns_link .= gettext("Resolve host via reverse DNS lookup") . "\" border=\"0\" src=\"/themes/{$g['theme']}/images/icons/icon_log.gif\" alt=\"Icon Reverse Resolve with DNS\" "; + $rdns_link.= " style=\"cursor: pointer;\"/>"; + /* use one echo to do the magic*/ echo "<tr> <td align=\"center\" valign=\"middle\" class=\"listr\">{$counter}</td> <td align=\"center\" valign=\"middle\" class=\"listr\">{$tmp_ip}<br/>{$rdns_link}</td> <td valign=\"middle\" class=\"listr\">{$blocked_desc}</td> - <td align=\"center\" valign=\"middle\" class=\"listr\" sorttable_customkey=\"\"> + <td align=\"center\" valign=\"middle\" class=\"listr\"> <input type=\"image\" name=\"todelete[]\" onClick=\"document.getElementById('ip').value='{$blocked_ip}';\" src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\" title=\"" . gettext("Delete host from Blocked Table") . "\" border=\"0\" /></td> </tr>\n"; @@ -325,5 +336,38 @@ if ($savemsg) { <?php include("fend.inc"); ?> + +<!-- The following AJAX code was borrowed from the diag_logs_filter.php --> +<!-- file in pfSense. See copyright info at top of this page. --> +<script type="text/javascript"> +//<![CDATA[ +function resolve_with_ajax(ip_to_resolve) { + var url = "/snort/snort_blocked.php"; + + jQuery.ajax( + url, + { + type: 'post', + dataType: 'json', + data: { + resolve: ip_to_resolve, + }, + complete: resolve_ip_callback + }); +} + +function resolve_ip_callback(transport) { + var response = jQuery.parseJSON(transport.responseText); + var msg = 'IP address "' + response.resolve_ip + '" resolves to\n'; + alert(msg + 'host "' + htmlspecialchars(response.resolve_text) + '"'); +} + +// From http://stackoverflow.com/questions/5499078/fastest-method-to-escape-html-tags-as-html-entities +function htmlspecialchars(str) { + return str.replace(/&/g, '&').replace(/</g, '<').replace(/>/g, '>').replace(/"/g, '"').replace(/'/g, '''); +} +//]]> +</script> + </body> </html> diff --git a/config/snort/snort_download_updates.php b/config/snort/snort_download_updates.php index 7f8bc7a1..ff05bdfd 100755 --- a/config/snort/snort_download_updates.php +++ b/config/snort/snort_download_updates.php @@ -251,7 +251,7 @@ include_once("head.inc"); <p style="text-align:center;" class="vexpl"> <font class="red"><b><?php echo gettext("WARNING:");?></b></font> <?php echo gettext('No rule types have been selected for download. ') . - gettext('Visit the ') . '<a href="/snort/snort_global.php">Global Settings Tab</a>' . gettext(' to select rule types.'); ?> + gettext('Visit the ') . '<a href="/snort/snort_interfaces_global.php">Global Settings Tab</a>' . gettext(' to select rule types.'); ?> <br/></p> <?php else: ?> <br/> diff --git a/config/snort/snort_interfaces_edit.php b/config/snort/snort_interfaces_edit.php index ca8d03ee..fb573a73 100755 --- a/config/snort/snort_interfaces_edit.php +++ b/config/snort/snort_interfaces_edit.php @@ -176,6 +176,9 @@ if ($_POST["save"] && !$input_errors) { /* if no errors write to conf */ if (!$input_errors) { + /* Most changes don't require a rules rebuild, so default to "off" */ + $rebuild_rules = false; + $natent = $a_rule[$id]; $natent['interface'] = $_POST['interface']; $natent['enable'] = $_POST['enable'] ? 'on' : 'off'; @@ -360,9 +363,6 @@ if ($_POST["save"] && !$input_errors) { /* Save configuration changes */ write_config("Snort pkg: modified interface configuration for {$natent['interface']}."); - /* Most changes don't require a rules rebuild, so default to "off" */ - $rebuild_rules = false; - /* Update snort.conf and snort.sh files for this interface */ sync_snort_package_config(); diff --git a/config/snort/snort_interfaces_global.php b/config/snort/snort_interfaces_global.php index 849dea8f..195e1a5e 100644 --- a/config/snort/snort_interfaces_global.php +++ b/config/snort/snort_interfaces_global.php @@ -219,8 +219,8 @@ if ($input_errors) <td><span class="vexpl"><?php echo gettext("Snort VRT free Registered User or paid Subscriber rules"); ?></span></td> <tr> <td> </td> - <td><a href="https://www.snort.org/signup" target="_blank"><?php echo gettext("Sign Up for a free Registered User Rule Account"); ?> </a><br/> - <a href="http://www.snort.org/vrt/buy-a-subscription" target="_blank"> + <td><a href="https://www.snort.org/users/sign_up" target="_blank"><?php echo gettext("Sign Up for a free Registered User Rule Account"); ?> </a><br/> + <a href="https://www.snort.org/products" target="_blank"> <?php echo gettext("Sign Up for paid Sourcefire VRT Certified Subscriber Rules"); ?></a></td> </tr> </table> diff --git a/config/snort/snort_migrate_config.php b/config/snort/snort_migrate_config.php index 5e1e5113..af02261f 100644 --- a/config/snort/snort_migrate_config.php +++ b/config/snort/snort_migrate_config.php @@ -459,7 +459,7 @@ unset($r); // Write out the new configuration to disk if we changed anything if ($updated_cfg) { - $config['installedpackages']['snortglobal']['snort_config_ver'] = "3.1.1"; + $config['installedpackages']['snortglobal']['snort_config_ver'] = "3.1.2"; log_error("[Snort] Saving configuration settings in new format..."); write_config("Snort pkg: migrate existing settings to new format as part of package upgrade."); log_error("[Snort] Settings successfully migrated to new configuration format..."); diff --git a/config/snort/snort_passlist_edit.php b/config/snort/snort_passlist_edit.php index f501e0fc..d5b89877 100644 --- a/config/snort/snort_passlist_edit.php +++ b/config/snort/snort_passlist_edit.php @@ -39,6 +39,8 @@ require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort.inc"); +$pconfig = array(); + if ($_POST['cancel']) { header("Location: /snort/snort_passlist.php"); exit; @@ -52,24 +54,63 @@ $a_passlist = &$config['installedpackages']['snortglobal']['whitelist']['item']; if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; -elseif (isset($_GET['id']) && is_numericint($_GET['id'])) +elseif (isset($_GET['id']) && is_numericint($_GET['id'])) { $id = htmlspecialchars($_GET['id']); +} /* Should never be called without identifying list index, so bail */ if (is_null($id)) { - header("Location: /snort/snort_interfaces_whitelist.php"); + header("Location: /snort/snort_passlist.php"); exit; } +if (isset($id) && isset($a_passlist[$id])) { + /* Retrieve saved settings */ + $pconfig['name'] = $a_passlist[$id]['name']; + $pconfig['uuid'] = $a_passlist[$id]['uuid']; + $pconfig['address'] = $a_passlist[$id]['address']; + $pconfig['descr'] = html_entity_decode($a_passlist[$id]['descr']); + $pconfig['localnets'] = $a_passlist[$id]['localnets']; + $pconfig['wanips'] = $a_passlist[$id]['wanips']; + $pconfig['wangateips'] = $a_passlist[$id]['wangateips']; + $pconfig['wandnsips'] = $a_passlist[$id]['wandnsips']; + $pconfig['vips'] = $a_passlist[$id]['vips']; + $pconfig['vpnips'] = $a_passlist[$id]['vpnips']; +} + +// Check for returned "selected alias" if action is import +if ($_GET['act'] == "import") { + + // Retrieve previously typed values we passed to SELECT ALIAS page + $pconfig['name'] = htmlspecialchars($_GET['name']); + $pconfig['uuid'] = htmlspecialchars($_GET['uuid']); + $pconfig['address'] = htmlspecialchars($_GET['address']); + $pconfig['descr'] = htmlspecialchars($_GET['descr']); + $pconfig['localnets'] = htmlspecialchars($_GET['localnets'])? 'yes' : 'no'; + $pconfig['wanips'] = htmlspecialchars($_GET['wanips'])? 'yes' : 'no'; + $pconfig['wangateips'] = htmlspecialchars($_GET['wangateips'])? 'yes' : 'no'; + $pconfig['wandnsips'] = htmlspecialchars($_GET['wandnsips'])? 'yes' : 'no'; + $pconfig['vips'] = htmlspecialchars($_GET['vips'])? 'yes' : 'no'; + $pconfig['vpnips'] = htmlspecialchars($_GET['vpnips'])? 'yes' : 'no'; + + // Now retrieve the "selected alias" returned from SELECT ALIAS page + if ($_GET['varname'] == "address" && isset($_GET['varvalue'])) + $pconfig[$_GET['varname']] = htmlspecialchars($_GET['varvalue']); +} + /* If no entry for this passlist, then create a UUID and treat it like a new list */ -if (!isset($a_passlist[$id]['uuid'])) { +if (!isset($a_passlist[$id]['uuid']) && empty($pconfig['uuid'])) { $passlist_uuid = 0; while ($passlist_uuid > 65535 || $passlist_uuid == 0) { $passlist_uuid = mt_rand(1, 65535); $pconfig['uuid'] = $passlist_uuid; $pconfig['name'] = "passlist_{$passlist_uuid}"; } -} else +} +elseif (!empty($pconfig['uuid'])) { + $passlist_uuid = $pconfig['uuid']; +} +else $passlist_uuid = $a_passlist[$id]['uuid']; /* returns true if $name is a valid name for a pass list file name or ip */ @@ -83,28 +124,6 @@ function is_validpasslistname($name) { return false; } -if (isset($id) && $a_passlist[$id]) { - /* old settings */ - $pconfig = array(); - $pconfig['name'] = $a_passlist[$id]['name']; - $pconfig['uuid'] = $a_passlist[$id]['uuid']; - $pconfig['detail'] = $a_passlist[$id]['detail']; - $pconfig['address'] = $a_passlist[$id]['address']; - $pconfig['descr'] = html_entity_decode($a_passlist[$id]['descr']); - $pconfig['localnets'] = $a_passlist[$id]['localnets']; - $pconfig['wanips'] = $a_passlist[$id]['wanips']; - $pconfig['wangateips'] = $a_passlist[$id]['wangateips']; - $pconfig['wandnsips'] = $a_passlist[$id]['wandnsips']; - $pconfig['vips'] = $a_passlist[$id]['vips']; - $pconfig['vpnips'] = $a_passlist[$id]['vpnips']; -} - -// Check for returned "selected alias" if action is import -if ($_GET['act'] == "import") { - if ($_GET['varname'] == "address" && isset($_GET['varvalue'])) - $pconfig[$_GET['varname']] = htmlspecialchars($_GET['varvalue']); -} - if ($_POST['save']) { unset($input_errors); $pconfig = $_POST; @@ -126,11 +145,11 @@ if ($_POST['save']) { $input_errors[] = gettext("Pass List file name may only consist of the characters \"a-z, A-Z, 0-9 and _\". Note: No Spaces or dashes. Press Cancel to reset."); /* check for name conflicts */ - foreach ($a_passlist as $w_list) { - if (isset($id) && ($a_passlist[$id]) && ($a_passlist[$id] === $w_list)) + foreach ($a_passlist as $p_list) { + if (isset($id) && ($a_passlist[$id]) && ($a_passlist[$id] === $p_list)) continue; - if ($w_list['name'] == $_POST['name']) { + if ($p_list['name'] == $_POST['name']) { $input_errors[] = gettext("A Pass List file name with this name already exists."); break; } @@ -141,27 +160,25 @@ if ($_POST['save']) { $input_errors[] = gettext("A valid alias must be provided"); if (!$input_errors) { - $w_list = array(); + $p_list = array(); /* post user input */ - $w_list['name'] = $_POST['name']; - $w_list['uuid'] = $passlist_uuid; - $w_list['localnets'] = $_POST['localnets']? 'yes' : 'no'; - $w_list['wanips'] = $_POST['wanips']? 'yes' : 'no'; - $w_list['wangateips'] = $_POST['wangateips']? 'yes' : 'no'; - $w_list['wandnsips'] = $_POST['wandnsips']? 'yes' : 'no'; - $w_list['vips'] = $_POST['vips']? 'yes' : 'no'; - $w_list['vpnips'] = $_POST['vpnips']? 'yes' : 'no'; - - $w_list['address'] = $_POST['address']; - $w_list['descr'] = mb_convert_encoding($_POST['descr'],"HTML-ENTITIES","auto"); - $w_list['detail'] = $final_address_details; + $p_list['name'] = $_POST['name']; + $p_list['uuid'] = $passlist_uuid; + $p_list['localnets'] = $_POST['localnets']? 'yes' : 'no'; + $p_list['wanips'] = $_POST['wanips']? 'yes' : 'no'; + $p_list['wangateips'] = $_POST['wangateips']? 'yes' : 'no'; + $p_list['wandnsips'] = $_POST['wandnsips']? 'yes' : 'no'; + $p_list['vips'] = $_POST['vips']? 'yes' : 'no'; + $p_list['vpnips'] = $_POST['vpnips']? 'yes' : 'no'; + $p_list['address'] = $_POST['address']; + $p_list['descr'] = mb_convert_encoding($_POST['descr'],"HTML-ENTITIES","auto"); if (isset($id) && $a_passlist[$id]) - $a_passlist[$id] = $w_list; + $a_passlist[$id] = $p_list; else - $a_passlist[] = $w_list; + $a_passlist[] = $p_list; - write_config("Snort pkg: modified PASS LIST {$w_list['name']}."); + write_config("Snort pkg: modified PASS LIST {$p_list['name']}."); /* create pass list and homenet file, then sync files */ sync_snort_package_config(); @@ -284,8 +301,8 @@ if ($savemsg) </td> <td width="78%" class="vtable"> <input autocomplete="off" name="address" type="text" class="formfldalias" id="address" size="30" value="<?=htmlspecialchars($pconfig['address']);?>" - title="<?=trim(filter_expand_alias($pconfig['address']));?>"/> - <input type="button" class="formbtns" value="Aliases" onclick="parent.location='snort_select_alias.php?id=0&type=host|network&varname=address&act=import&multi_ip=yes&returl=<?=urlencode($_SERVER['PHP_SELF']);?>'" + title="<?=trim(filter_expand_alias($pconfig['address']));?>"/> + <input type="button" class="formbtns" value="Aliases" onclick="selectAlias();" title="<?php echo gettext("Select an existing IP alias");?>"/> </td> </tr> @@ -326,6 +343,29 @@ function createAutoSuggest() { setTimeout("createAutoSuggest();", 500); +function selectAlias() { + + var loc; + var fields = [ "name", "descr", "localnets", "wanips", "wangateips", "wandnsips", "vips", "vpnips", "address" ]; + + // Scrape current form field values and add to + // the select alias URL as a query string. + var loc = 'snort_select_alias.php?id=<?=$id;?>&act=import&type=host|network'; + loc = loc + '&varname=address&multi_ip=yes'; + loc = loc + '&returl=<?=urlencode($_SERVER['PHP_SELF']);?>'; + loc = loc + '&uuid=<?=$passlist_uuid;?>'; + + // Iterate over just the specific form fields we want to pass to + // the select alias URL. + fields.forEach(function(entry) { + var tmp = $(entry).serialize(); + if (tmp.length > 0) + loc = loc + '&' + tmp; + }); + + window.parent.location = loc; +} + </script> <?php include("fend.inc"); ?> </body> diff --git a/config/snort/snort_post_install.php b/config/snort/snort_post_install.php index 25be448a..c1be72cc 100644 --- a/config/snort/snort_post_install.php +++ b/config/snort/snort_post_install.php @@ -178,7 +178,7 @@ if (stristr($config['widgets']['sequence'], "snort_alerts-container") === FALSE) $config['widgets']['sequence'] .= ",{$snort_widget_container}"; /* Update Snort package version in configuration */ -$config['installedpackages']['snortglobal']['snort_config_ver'] = "3.1.1"; +$config['installedpackages']['snortglobal']['snort_config_ver'] = "3.1.2"; write_config("Snort pkg: post-install configuration saved."); /* Done with post-install, so clear flag */ diff --git a/config/snort/snort_preprocessors.php b/config/snort/snort_preprocessors.php index da1c515e..133c0513 100755 --- a/config/snort/snort_preprocessors.php +++ b/config/snort/snort_preprocessors.php @@ -240,7 +240,17 @@ $disabled_rules_log = "{$if_friendly}_disabled_preproc_rules.log"; // Check for returned "selected alias" if action is import if ($_GET['act'] == "import" && isset($_GET['varname']) && !empty($_GET['varvalue'])) { - $pconfig[$_GET['varname']] = htmlspecialchars($_GET['varvalue']); + + // Retrieve previously typed values we passed to SELECT ALIAS page + $pconfig['sf_portscan'] = htmlspecialchars($_GET['sf_portscan'])? 'on' : 'off'; + $pconfig['pscan_ignore_scanners'] = htmlspecialchars($_GET['pscan_ignore_scanners']); + $pconfig['pscan_protocol'] = htmlspecialchars($_GET['pscan_protocol']); + $pconfig['pscan_type'] = htmlspecialchars($_GET['pscan_type']); + $pconfig['pscan_memcap'] = htmlspecialchars($_GET['pscan_memcap']); + $pconfig['pscan_sense_level'] = htmlspecialchars($_GET['pscan_sense_level']); + + // Now retrieve the "selected alias" returned from SELECT ALIAS page + $pconfig[$_GET['varname']] = htmlspecialchars($_GET['varvalue']); } // Handle deleting of any of the multiple configuration engines @@ -1237,7 +1247,7 @@ if ($savemsg) { value="<?=$pconfig['pscan_ignore_scanners'];?>" title="<?=trim(filter_expand_alias($pconfig['pscan_ignore_scanners']));?>"> <?php echo gettext("Leave blank for default. ") . gettext("Default value is ") . "<strong>" . gettext("\$HOME_NET") . "</strong>"; ?>.</td> <td class="vexpl" align="right"> - <input type="button" class="formbtns" value="Aliases" onclick="parent.location='snort_select_alias.php?id=<?=$id;?>&type=host|network&varname=pscan_ignore_scanners&act=import&multi_ip=yes&returl=<?=urlencode($_SERVER['PHP_SELF']);?>'" + <input type="button" class="formbtns" value="Aliases" onclick="selectAlias();" title="<?php echo gettext("Select an existing IP alias");?>"/></td> </tr> <tr> @@ -2205,6 +2215,29 @@ function wopen(url, name, w, h) win.focus(); } +function selectAlias() { + + var loc; + var fields = [ "sf_portscan", "pscan_protocol", "pscan_type", "pscan_sense_level", "pscan_memcap", "pscan_ignore_scanners" ]; + + // Scrape current form field values and add to + // the select alias URL as a query string. + var loc = 'snort_select_alias.php?id=<?=$id;?>&act=import&type=host|network'; + loc = loc + '&varname=pscan_ignore_scanners&multi_ip=yes'; + loc = loc + '&returl=<?=urlencode($_SERVER['PHP_SELF']);?>'; + loc = loc + '&uuid=<?=$passlist_uuid;?>'; + + // Iterate over just the specific form fields we want to pass to + // the select alias URL. + fields.forEach(function(entry) { + var tmp = $(entry).serialize(); + if (tmp.length > 0) + loc = loc + '&' + tmp; + }); + + window.parent.location = loc; +} + // Set initial state of form controls enable_change_all(); diff --git a/config/snort/snort_rules.php b/config/snort/snort_rules.php index df17efc0..8d9aa6ba 100755 --- a/config/snort/snort_rules.php +++ b/config/snort/snort_rules.php @@ -157,12 +157,16 @@ if ($_POST['toggle'] && is_numeric($_POST['sid']) && is_numeric($_POST['gid']) & $sid = $_POST['sid']; // See if the target SID is in our list of modified SIDs, - // and toggle it back to default if present; otherwise, - // add it to the appropriate modified SID list. - if (isset($enablesid[$gid][$sid])) + // and toggle if present; otherwise, add it to the + // appropriate modified SID list. + if (isset($enablesid[$gid][$sid])) { unset($enablesid[$gid][$sid]); - elseif (isset($disablesid[$gid][$sid])) + $disablesid[$gid][$sid] = "disablesid"; + } + elseif (isset($disablesid[$gid][$sid])) { unset($disablesid[$gid][$sid]); + $enablesid[$gid][$sid] = "enablesid"; + } else { if ($rules_map[$gid][$sid]['disabled'] == 1) $enablesid[$gid][$sid] = "enablesid"; @@ -198,6 +202,10 @@ if ($_POST['toggle'] && is_numeric($_POST['sid']) && is_numeric($_POST['gid']) & /* Update the config.xml file. */ write_config("Snort pkg: modified state for rule {$gid}:{$sid} on {$a_rule[$id]['interface']}."); + // We changed a rule state, remind user to apply the changes + mark_subsystem_dirty('snort_rules'); + + // Set a scroll-to anchor location $anchor = "rule_{$gid}_{$sid}"; } elseif ($_POST['disable_all'] && !empty($rules_map)) { @@ -237,6 +245,9 @@ elseif ($_POST['disable_all'] && !empty($rules_map)) { unset($a_rule[$id]['rule_sid_off']); write_config("Snort pkg: disabled all rules in category {$currentruleset} for {$a_rule[$id]['interface']}."); + + // We changed a rule state, remind user to apply the changes + mark_subsystem_dirty('snort_rules'); } elseif ($_POST['enable_all'] && !empty($rules_map)) { @@ -274,6 +285,9 @@ elseif ($_POST['enable_all'] && !empty($rules_map)) { unset($a_rule[$id]['rule_sid_off']); write_config("Snort pkg: enable all rules in category {$currentruleset} for {$a_rule[$id]['interface']}."); + + // We changed a rule state, remind user to apply the changes + mark_subsystem_dirty('snort_rules'); } elseif ($_POST['resetcategory'] && !empty($rules_map)) { @@ -313,6 +327,9 @@ elseif ($_POST['resetcategory'] && !empty($rules_map)) { unset($a_rule[$id]['rule_sid_off']); write_config("Snort pkg: remove enablesid/disablesid changes for category {$currentruleset} on {$a_rule[$id]['interface']}."); + + // We changed a rule state, remind user to apply the changes + mark_subsystem_dirty('snort_rules'); } elseif ($_POST['resetall'] && !empty($rules_map)) { @@ -322,9 +339,13 @@ elseif ($_POST['resetall'] && !empty($rules_map)) { /* Update the config.xml file. */ write_config("Snort pkg: remove all enablesid/disablesid changes for {$a_rule[$id]['interface']}."); + + // We changed a rule state, remind user to apply the changes + mark_subsystem_dirty('snort_rules'); } else if ($_POST['cancel']) { $pconfig['customrules'] = base64_decode($a_rule[$id]['customrules']); + clear_subsystem_dirty('snort_rules'); } elseif ($_POST['clear']) { unset($a_rule[$id]['customrules']); @@ -365,6 +386,8 @@ elseif ($_POST['save']) { $savemsg = gettext("Custom rules validated successfully and have been saved to the Snort configuration files. "); $savemsg .= gettext("Any active Snort process on this interface has been signalled to live-load the new rules."); } + + clear_subsystem_dirty('snort_rules'); } else if ($_POST['apply']) { /* Save new configuration */ @@ -382,9 +405,11 @@ else if ($_POST['apply']) { /* Soft-restart Snort to live-load new rules */ snort_reload_config($a_rule[$id]); + + // We have saved changes and done a soft restart, so clear "dirty" flag + clear_subsystem_dirty('snort_rules'); } -require_once("guiconfig.inc"); include_once("head.inc"); $if_friendly = convert_friendly_interface_to_friendly_descr($a_rule[$id]['interface']); @@ -411,6 +436,11 @@ if ($savemsg) { <input type='hidden' name='openruleset' id='openruleset' value='<?=$currentruleset;?>'/> <input type='hidden' name='sid' id='sid' value=''/> <input type='hidden' name='gid' id='gid' value=''/> + +<?php if (is_subsystem_dirty('snort_rules')): ?><p> +<?php print_info_box_np(gettext("A change has been made to a rule state.") . "<br/>" . gettext("Click APPLY when finished to send the changes to the running configuration."));?> +<?php endif; ?> + <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr><td> <?php @@ -570,8 +600,8 @@ if ($savemsg) { <col axis="string"> </colgroup> <thead> - <tr> - <th class="list"> </th> + <tr class="sortableHeaderRowIdentifier"> + <th class="list sorttable_nosort"> </th> <th class="listhdrr"><?php echo gettext("GID"); ?></th> <th class="listhdrr"><?php echo gettext("SID"); ?></th> <th class="listhdrr"><?php echo gettext("Proto"); ?></th> @@ -595,7 +625,7 @@ if ($savemsg) { $textse = "</span>"; $iconb = "icon_reject_d.gif"; $disable_cnt++; - $title = gettext("Disabled by user. Click to toggle to default state"); + $title = gettext("Disabled by user. Click to toggle to enabled state"); } elseif (($v['disabled'] == 1) && (!isset($enablesid[$gid][$sid]))) { $textss = "<span class=\"gray\">"; @@ -608,7 +638,7 @@ if ($savemsg) { $textss = $textse = ""; $iconb = "icon_reject.gif"; $enable_cnt++; - $title = gettext("Enabled by user. Click to toggle to default state"); + $title = gettext("Enabled by user. Click to toggle to disabled state"); } else { $textss = $textse = ""; @@ -638,7 +668,7 @@ if ($savemsg) { $message = snort_get_msg($v['rule']); // description field $sid_tooltip = gettext("View the raw text for this rule"); - echo "<tr><td class=\"listt\" align=\"left\" valign=\"middle\" sorttable_customkey=\"\">{$textss} + echo "<tr><td class=\"listt\" align=\"left\" valign=\"middle\">{$textss} <a id=\"rule_{$gid}_{$sid}\" href=''><input type=\"image\" onClick=\"document.getElementById('sid').value='{$sid}'; document.getElementById('gid').value='{$gid}';\" src=\"../themes/{$g['theme']}/images/icons/{$iconb}\" width=\"11\" height=\"11\" border=\"0\" @@ -693,8 +723,8 @@ if ($savemsg) { <col align="left" axis="string"> </colgroup> <thead> - <tr> - <th class="list"> </th> + <tr class="sortableHeaderRowIdentifier"> + <th class="list" sorttable_nosort> </th> <th class="listhdrr"><?php echo gettext("GID"); ?></th> <th class="listhdrr"><?php echo gettext("SID"); ?></th> <th class="listhdrr"><?php echo gettext("Classification"); ?></th> @@ -714,7 +744,7 @@ if ($savemsg) { $textse = "</span>"; $iconb = "icon_reject_d.gif"; $disable_cnt++; - $title = gettext("Disabled by user. Click to toggle to default state"); + $title = gettext("Disabled by user. Click to toggle to enabled state"); } elseif (($v['disabled'] == 1) && (!isset($enablesid[$gid][$sid]))) { $textss = "<span class=\"gray\">"; @@ -727,7 +757,7 @@ if ($savemsg) { $textss = $textse = ""; $iconb = "icon_reject.gif"; $enable_cnt++; - $title = gettext("Enabled by user. Click to toggle to default state"); + $title = gettext("Enabled by user. Click to toggle to disabled state"); } else { $textss = $textse = ""; @@ -747,7 +777,7 @@ if ($savemsg) { else $policy = "none"; - echo "<tr><td class=\"listt\" align=\"left\" valign=\"middle\" sorttable_customkey=\"\">{$textss} + echo "<tr><td class=\"listt\" align=\"left\" valign=\"middle\">{$textss} <input type=\"image\" onClick=\"document.getElementById('sid').value='{$sid}'; document.getElementById('gid').value='{$gid}';\" src=\"../themes/{$g['theme']}/images/icons/{$iconb}\" width=\"11\" height=\"11\" border=\"0\" diff --git a/config/snort/snort_rules_flowbits.php b/config/snort/snort_rules_flowbits.php index d7c18a9d..cbb7b631 100644 --- a/config/snort/snort_rules_flowbits.php +++ b/config/snort/snort_rules_flowbits.php @@ -216,7 +216,7 @@ if ($savemsg) <col axis="string"> </colgroup> <thead> - <tr> + <tr class="sortableHeaderRowIdentifier"> <th class="listhdrr" axis="number"><?php echo gettext("SID"); ?></th> <th class="listhdrr" axis="string"><?php echo gettext("Proto"); ?></th> <th class="listhdrr" axis="string"><?php echo gettext("Source"); ?></th> @@ -263,7 +263,7 @@ if ($savemsg) // Use "echo" to write the table HTML row-by-row. echo "<tr>" . - "<td class=\"listr\" sorttable_customkey=\"{$sid}\">{$sid} {$supplink}</td>" . + "<td class=\"listr\" style=\"sorttable_customkey:{$sid};\" sorttable_customkey=\"{$sid}\">{$sid} {$supplink}</td>" . "<td class=\"listr\" style=\"text-align:center;\">{$protocol}</td>" . "<td class=\"listr\" style=\"overflow: hidden; text-overflow: ellipsis; text-align:center;\" nowrap><span title=\"{$rule_content[2]}\">{$source}</span></td>" . "<td class=\"listr\" style=\"overflow: hidden; text-overflow: ellipsis; text-align:center;\" nowrap><span title=\"{$rule_content[5]}\">{$destination}</span></td>" . |