From a68f5263bc92a88f92d97ddbdffb49f51514e075 Mon Sep 17 00:00:00 2001 From: BBcan177 Date: Sun, 30 Nov 2014 20:15:36 -0500 Subject: Revert "pfBlockerNG Beta v0.99" This reverts commit b3ce3bde07750e25fabca14faf18c0e5f0eb74dc. --- config/pfblockerng/pfblockerng_alerts.php | 754 ------------------------------ 1 file changed, 754 deletions(-) delete mode 100644 config/pfblockerng/pfblockerng_alerts.php (limited to 'config/pfblockerng/pfblockerng_alerts.php') diff --git a/config/pfblockerng/pfblockerng_alerts.php b/config/pfblockerng/pfblockerng_alerts.php deleted file mode 100644 index 0f754a69..00000000 --- a/config/pfblockerng/pfblockerng_alerts.php +++ /dev/null @@ -1,754 +0,0 @@ -= '2.2') { - preg_match ("/@(\d+)\(/",$result, $rule); - } else { - preg_match ("/@(\d+)\s/",$result, $rule); - } - - $id = $rule[1]; - # Create array of Rule Description and pfctl Rule Number - $rule_list['id'][] = $id; - $rule_list[$id]['name'] = $descr; - } -} - -// Add IP to the Suppression Alias -if (isset($_POST['addsuppress'])) { - $ip = ""; - if (isset($_POST['ip'])) { - $ip = $_POST['ip']; - $table = $_POST['table']; - $descr = $_POST['descr']; - if (empty($descr)) - $descr = sprintf(gettext("Entry added %s"), date('r')); - $cidr = $_POST['cidr']; - if (is_ipaddr($ip)) { - - $savemsg1 = "Host IP address {$ip}"; - if (is_ipaddrv4($ip)) { - $iptrim1 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '$1.$2.$3.0/24', $ip); - $iptrim2 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '$1.$2.$3.', $ip); - $iptrim3 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '$4', $ip); - - if ($cidr == "32") { - $pfb_pfctl = exec ("/sbin/pfctl -t {$table} -T show | grep {$iptrim1} 2>&1"); - - if ($pfb_pfctl == "") { - $savemsg2 = " : Removed /32 entry"; - exec ("/sbin/pfctl -t {$table} -T delete {$ip}"); - } else { - $savemsg2 = " : Removed /24 entry, added 254 addr"; - exec ("/sbin/pfctl -t {$table} -T delete {$iptrim1}"); - for ($add_ip=0; $add_ip <= 255; $add_ip++){ - if ($add_ip != $iptrim3) { - exec ("/sbin/pfctl -t {$table} -T add {$iptrim2}{$add_ip}"); - } - } - } - } else { - $cidr = 24; - $savemsg2 = " : Removed /24 entry"; - exec ("/sbin/pfctl -t {$table} -T delete {$iptrim1} 2>&1", $pfb_pfctl); - if (!preg_grep("/1\/1 addresses deleted/", $pfb_pfctl)) { - $savemsg2 = " : Removed all entries"; - // Remove 0-255 IP Address from Alias Table - for ($del_ip=0; $del_ip <= 255; $del_ip++){ - exec ("/sbin/pfctl -t {$table} -T delete {$iptrim2}{$del_ip}"); - } - } - } - } - - // Collect pfBlockerNGSuppress Alias Contents - $pfb_sup_list = array(); - $pfb_sup_array = array(); - $pfb['found'] = FALSE; - $pfb['update'] = FALSE; - if (is_array($config['aliases']['alias'])) { - foreach ($config['aliases']['alias'] as $alias) { - if ($alias['name'] == "pfBlockerNGSuppress") { - $data = $alias['address']; - $data2 = $alias['detail']; - $arr1 = explode(" ",$data); - $arr2 = explode("||",$data2); - - if (!empty($data)) { - $row = 0; - foreach ($arr1 as $host) { - $pfb_sup_list[] = $host; - $pfb_sup_array[$row]['host'] = $host; - $row++; - } - $row = 0; - foreach ($arr2 as $detail) { - $pfb_sup_array[$row]['detail'] = $detail; - $row++; - } - } - $pfb['found'] = TRUE; - } - } - } - - // Call Function to Create Suppression Alias if not found. - if (!$pfb['found']) - pfb_create_suppression_alias(); - - // Save New Suppress IP to pfBlockerNGSuppress Alias - if (in_array($ip . '/' . $cidr, $pfb_sup_list)) { - $savemsg = gettext("Host IP address {$ip} already exists in the pfBlockerNG Suppress Table."); - } else { - if (!$pfb['found'] && empty($pfb_sup_list)) { - $next_id = 0; - } else { - $next_id = count($pfb_sup_list); - } - $pfb_sup_array[$next_id]['host'] = $ip . '/' . $cidr; - $pfb_sup_array[$next_id]['detail'] = $descr; - - $address = ""; - $detail = ""; - foreach ($pfb_sup_array as $pfb_sup) { - $address .= $pfb_sup['host'] . " "; - $detail .= $pfb_sup['detail'] . "||"; - } - - // Find pfBlockerNGSuppress Array ID Number - if (is_array($config['aliases']['alias'])) { - $pfb_id = 0; - foreach ($config['aliases']['alias'] as $alias) { - if ($alias['name'] == "pfBlockerNGSuppress") { - break; - } - $pfb_id++; - } - } - - $config['aliases']['alias'][$pfb_id]['address'] = rtrim($address, " "); - $config['aliases']['alias'][$pfb_id]['detail'] = rtrim($detail, "||"); - $savemsg = gettext($savemsg1) . gettext($savemsg2) . gettext(" and added Host to the pfBlockerNG Suppress Table."); - $pfb['update'] = TRUE; - } - - if ($pfb['found'] || $pfb['update']) { - // Save all Changes to pfsense config file - write_config(); - } - } - } -} - -// Auto-Resolve Hostnames -if (isset($_REQUEST['getpfhostname'])) { - $getpfhostname = htmlspecialchars($_REQUEST['getpfhostname']); - $hostname = htmlspecialchars(gethostbyaddr($getpfhostname), ENT_QUOTES); - if ($hostname == $getpfhostname) { - $hostname = 'unknown'; - } - echo $hostname; - die; -} - - -// Host Resolve Function lookup -function getpfbhostname($type = 'src', $hostip, $countme = 0) { - $hostnames['src'] = ''; - $hostnames['dst'] = ''; - $hostnames[$type] = '
'; - return $hostnames; -} - - -// Determine if Alert Host 'Dest' is within the Local Lan IP Range. -function check_lan_dest($lan_ip,$lan_mask,$dest_ip,$dest_mask="32") { - $result = check_subnets_overlap($lan_ip, $lan_mask, $dest_ip, $dest_mask); - return $result; -} - - -$pgtitle = gettext("pfBlockerNG: Alerts"); -include_once("head.inc"); -?> - -
- - - - -\n"; -if ($savemsg) { - print_info_box($savemsg); -} - -?> - - - - - - -
- -
- - - - - - - - $pfb['denydir'], "Permit" => $pfb['permitdir'], "Match" => $pfb['matchdir']) as $type => $pfbfolder ) { - switch($type) { - case "Deny": - $rtype = "block"; - $pfbentries = "{$pfbdenycnt}"; - break; - case "Permit": - $rtype = "pass"; - $pfbentries = "{$pfbpermitcnt}"; - break; - case "Match": - if ($pfb['pfsenseversion'] >= '2.2') { - $rtype = "unkn(%u)"; - } else { - $rtype = "unkn(11)"; - } - $pfbentries = "{$pfbmatchcnt}"; - break; - } - -?> -
  -   -   -
- - ', ''); ?> - - ', ''); ?> - - ', ''); ?> - -   />  - -   />    -
- -        - ', '');?> -
- - - - -
- = '2.2') { ?> -    - -    - -
- - - - - - - - - - - - - - - - - - - - - - - - -= '2.2') { - $pfblines = exec("/usr/bin/grep -c ^ {$filter_logfile}"); - } else { - $pfblines = (exec("/usr/bin/grep -c ^ {$filter_logfile}") /2 ); - } - $fields_array = conv_log_filter($filter_logfile, $pfblines, $pfblines); - - $continents = array('pfB_Africa','pfB_Antartica','pfB_Asia','pfB_Europe','pfB_NAmerica','pfB_Oceania','pfB_SAmerica','pfB_Top'); - - $supp_ip_txt .= "Clicking this Suppression Icon, will immediately remove the Block.\n\nSuppressing a /32 CIDR is better than Suppressing the full /24"; - $supp_ip_txt .= " CIDR.\nThe Host will be added to the pfBlockerNG Suppress Alias Table.\n\nOnly 32 or 24 CIDR IPs can be Suppressed with the '+' Icon."; - $supp_ip_txt .= "\nTo manually add Host(s), edit the 'pfBlockerNGSuppress' Alias in the Alias Tab.\nManual entries will not remove existing Blocked Hosts"; - - // Array of all Local IPs for Alert Analysis - $pfb_local = array(); - - // Collect Gateway IP Addresses for Inbound/Outbound List matching - $int_gateway = get_interfaces_with_gateway(); - if (is_array($int_gateway)) { - foreach ($int_gateway as $gateway) { - $convert = get_interface_ip($gateway); - $pfb_local[] = $convert; - } - } - - // Collect Virtual IP Aliases for Inbound/Outbound List Matching - if (is_array($config['virtualip']['vip'])) { - foreach ($config['virtualip']['vip'] as $list) { - $pfb_local[] = $list['subnet']; - } - } - // Collect NAT IP Addresses for Inbound/Outbound List Matching - if (is_array($config['nat']['rule'])) { - foreach ($config['nat']['rule'] as $natent) { - $pfb_local[] = $natent['target']; - } - } - - // Collect 1:1 NAT IP Addresses for Inbound/Outbound List Matching - if(is_array($config['nat']['onetoone'])) { - foreach ($config['nat']['onetoone'] as $onetoone) { - $pfb_local[] = $onetoone['source']['address']; - } - } - - // Convert any 'Firewall Aliases' to IP Address Format - if (is_array($config['aliases']['alias'])) { - for ($cnt = 0; $cnt <= count($pfb_local); $cnt++) { - foreach ($config['aliases']['alias'] as $i=> $alias) { - if (isset($alias['name']) && isset($pfb_local[$cnt])) { - if ($alias['name'] == $pfb_local[$cnt]) { - $pfb_local[$cnt] = $alias['address']; - } - } - } - } - } - // Remove any Duplicate IPs - $pfb_local = array_unique($pfb_local); - - // Determine Lan IP Address and Mask - if (is_array($config['interfaces']['lan'])) { - $lan_ip = $config['interfaces']['lan']['ipaddr']; - $lan_mask = $config['interfaces']['lan']['subnet']; - } -} - -$counter = 0; -// Process Fields_array and generate Output -if (isset($fields_array)) { - foreach ($fields_array as $fields) { - $rulenum = ""; - $alert_ip = ""; - $supp_ip = ""; - $pfb_query = ""; - - $rulenum = $fields['rulenum']; - if ($fields['act'] == $rtype && !empty($rule_list) && in_array($rulenum, $rule_list['id']) && $counter < $pfbentries) { - - // Skip Repeated Events - if (($fields['dstip'] . $fields['dstport']) == $previous_dstip || ($fields['srcip'] . $fields['srcport']) == $previous_srcip) { - continue; - } - - $proto = str_replace("TCP", "TCP-", $fields['proto']) . $fields['tcpflags']; - - // Cleanup Port Output - if ($fields['proto'] == "ICMP") { - $srcport = $fields['srcport']; - $dstport = $fields['dstport']; - } else { - $srcport = " :" . $fields['srcport']; - $dstport = " :" . $fields['dstport']; - } - - // Don't add Suppress Icon to Country Block Lines - if (in_array(substr($rule_list[$rulenum]['name'], 0, -3), $continents)) { - $pfb_query = "Country"; - } - - // Add DNS Resolve and Suppression Icons to External IPs only. GeoIP Code to External IPs only. - if (in_array($fields['dstip'], $pfb_local) || check_lan_dest($lan_ip,$lan_mask,$fields['dstip'],"32")) { - // Destination is Gateway/NAT/VIP - $rule = $rule_list[$rulenum]['name'] . "
(" . $rulenum .")"; - $host = $fields['srcip']; - - if (is_ipaddrv4($host)) { - $country = substr(exec("$pathgeoip -f $pathgeoipdat $host"),23,2); - } else { - $country = substr(exec("$pathgeoip6 -f $pathgeoipdat6 $host"),26,2); - } - - $alert_ip .= " "; - - if ($pfb_query != "Country" && $rtype == "block" && $pfb['supp'] == "on") { - $supp_ip .= ""; - } - - if ($pfb_query != "Country" && $rtype == "block" && $hostlookup == "on") { - $hostname = getpfbhostname('src', $fields['srcip'], $counter); - } else { - $hostname = ""; - } - - $src_icons = $alert_ip . " " . $supp_ip . " "; - $dst_icons = ""; - $scc = $country; - $dcc = ""; - } else { - // Outbound - $rule = $rule_list[$rulenum]['name'] . "
(" . $rulenum .")"; - $host = $fields['dstip']; - - if (is_ipaddrv4($host)) { - $country = substr(exec("$pathgeoip -f $pathgeoipdat $host"),23,2); - } else { - $country = substr(exec("$pathgeoip6 -f $pathgeoipdat6 $host"),26,2); - } - - $alert_ip .= " "; - - if ($pfb_query != "Country" && $rtype == "block" && $pfb['supp'] == "on") { - $supp_ip .= ""; - } - - if ($pfb_query != "Country" && $rtype == "block" && $hostlookup == "on") { - $hostname = getpfbhostname('dst', $fields['dstip'], $counter); - } else { - $hostname = ""; - } - - $src_icons = ""; - $dst_icons = $alert_ip . " " . $supp_ip . " "; - $scc = ""; - $dcc = $country; - } - - # IP Query Grep Exclusion - $pfb_ex1 = "grep -v 'pfB\_\|\_v6\.txt'"; - $pfb_ex2 = "grep -v 'pfB\_\|/32\|/24\|\_v6\.txt' | grep -m1 '/'"; - - // Find List which contains Blocked IP Host - if ($pfb_query == "Country") { - # Skip - } else { - // Search for exact IP Match - $host1 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '\'$1\.$2\.$3\.$4\'', $host); - $pfb_query = exec("grep -Hm1 {$host1} {$pfbfolder}/* | sed -e 's/^.*[a-zA-Z]\///' -e 's/:.*//' -e 's/\..*/ /' | {$pfb_ex1}"); - // Search for IP in /24 CIDR - if (empty($pfb_query)) { - $host1 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '\'$1\.$2\.$3\.0/24\'', $host); - $pfb_query = exec("grep -Hm1 {$host1} {$pfbfolder}/* | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex1}"); - } - // Search for First Two IP Octets in CIDR Matches Only. Skip any pfB (Country Lists) or /32,/24 Addresses. - if (empty($pfb_query)) { - $host1 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '\'^$1\.$2\.\'', $host); - $pfb_query = exec("grep -H {$host1} {$pfbfolder}/* | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex2}"); - } - // Search for First Two IP Octets in CIDR Matches Only (Subtract 1 from second Octet on each loop). - // Skip (Country Lists) or /32,/24 Addresses. - if (empty($pfb_query)) { - $host1 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '\'^$1\.', $host); - $host2 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '$2', $host); - for ($cnt = 1; $cnt <= 5; $cnt++) { - $host3 = $host2 - $cnt . '\''; - $pfb_query = exec("grep -H {$host1}{$host3} {$pfbfolder}/* | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex2}"); - if (!empty($pfb_query)) - $cnt = 6; - } - } - // Search for First Three Octets - if (empty($pfb_query)) { - $host1 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '\'^$1\.$2\.$3\.\'', $host); - $pfb_query = exec("grep -H {$host1} {$pfbfolder}/* | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex2}"); - } - // Search for First Two Octets - if (empty($pfb_query)) { - $host1 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '\'^$1\.$2\.\'', $host); - $pfb_query = exec("grep -H {$host1} {$pfbfolder}/* | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex2}"); - } - // Report Specific ET IQRisk Details - if ($pfb['et_header'] && preg_match("/{$et_header}/", $pfb_query)) { - $host1 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '\'$1\.$2\.$3\.$4\'', $host); - $pfb_query = exec("grep -Hm1 {$host1} {$pfb['etdir']}/* | sed -e 's/^.*[a-zA-Z]\///' -e 's/:.*//' -e 's/\..*/ /' -e 's/ET_/ET IPrep /' "); - if (empty($pfb_query)) { - $host1 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '\'$1.$2.$3.0/24\'', $host); - $pfb_query = exec("grep -Hm1 {$host1} {$pfbfolder}/* | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex1}"); - } - } - if (empty($pfb_query)) - $pfb_query = "No Match"; - } - - # Split List Column into Two lines. - unset ($pfb_match); - if ($pfb_query == "No Match") { - $pfb_match[1] = "{$pfb_query}"; - $pfb_match[2] = ""; - } else { - preg_match ("/(.*)\s(.*)/", $pfb_query, $pfb_match); - if ($pfb_match[1] == "") { - $pfb_match[1] = "{$pfb_query}"; - $pfb_match[2] = ""; - } - } - - // Print Alternating Line Shading - if ($pfb['pfsenseversion'] > '2.0') { - $alertRowEvenClass = "listMReven"; - $alertRowOddClass = "listMRodd"; - } else { - $alertRowEvenClass = "listr"; - $alertRowOddClass = "listr"; - } - - // Collect Details for Repeated Alert Comparison - $previous_srcip = $fields['srcip'] . $fields['srcport']; - $previous_dstip = $fields['dstip'] . $fields['dstport']; - $countrycode = trim($scc . $dcc); - - $alertRowClass = $counter % 2 ? $alertRowEvenClass : $alertRowOddClass; - echo " - - - - - - - - "; - $counter++; - if ($counter > 0 && $rtype == "block") { - $mycounter = $counter; - } - } - } -} -?> - -
{$fields['time']}{$fields['interface']}{$rule}{$proto}{$src_icons}{$fields['srcip']}{$srcport}
{$hostname['src']}		{$dst_icons}{$fields['dstip']}{$dstport}
{$hostname['dst']}		{$countrycode}{$pfb_match[1]}
{$pfb_match[2]}
-
- -
- - - -
- - - \ No newline at end of file -- cgit v1.2.3