From e4c13a5752c5f7b4947edbc4227b005cd333566d Mon Sep 17 00:00:00 2001
From: Ermal <eri@pfsense.org>
Date: Wed, 25 Jan 2012 23:12:11 +0000
Subject: Expose the new options of spoink to the GUI

    Improve spoink code a lot:
    - Allow to block by src/dst/both on the packet that generated alert. Default to src to keep backward compatibility
    - Speedup whitelist search
    - Create an option that allows to kill states on pf for blocked hosts. This allows to remove all access to the blocked host.

    TODO:
    - More fine grained blocking options?
    - Make whiwhitelist hparsing less sucky and IPv6 compatible
---
 config/snort/snort_interfaces_edit.php | 46 +++++++++++++++++++++++++++++++---
 1 file changed, 43 insertions(+), 3 deletions(-)

(limited to 'config/snort/snort_interfaces_edit.php')

diff --git a/config/snort/snort_interfaces_edit.php b/config/snort/snort_interfaces_edit.php
index 3b4ae8b4..90f48a4b 100644
--- a/config/snort/snort_interfaces_edit.php
+++ b/config/snort/snort_interfaces_edit.php
@@ -128,6 +128,8 @@ if (isset($id) && $a_nat[$id]) {
 		$pconfig['descr'] = $a_nat[$id]['descr'];
 		$pconfig['performance'] = $a_nat[$id]['performance'];
 		$pconfig['blockoffenders7'] = $a_nat[$id]['blockoffenders7'];
+		$pconfig['blockoffenderskill'] = $a_nat[$id]['blockoffenderskill'];
+		$pconfig['blockoffendersip'] = $a_nat[$id]['blockoffendersip'];
 		$pconfig['whitelistname'] = $a_nat[$id]['whitelistname'];
 		$pconfig['homelistname'] = $a_nat[$id]['homelistname'];
 		$pconfig['externallistname'] = $a_nat[$id]['externallistname'];
@@ -204,6 +206,11 @@ if (isset($_GET['dup']))
 				$natent['blockoffenders7'] = 'on';
 			else
 				$natent['blockoffenders7'] = 'off';
+			if ($_POST['blockoffenderskill'] == "on")
+				$natent['blockoffenderskill'] = 'on';
+			if ($_POST['blockoffendersip'])
+				$natent['blockoffendersip'] = $_POST['blockoffendersip'];
+
 			$natent['whitelistname'] = $_POST['whitelistname'] ? $_POST['whitelistname'] : $pconfig['whitelistname'];
 			$natent['homelistname'] = $_POST['homelistname'] ? $_POST['homelistname'] : $pconfig['homelistname'];
 			$natent['externallistname'] = $_POST['externallistname'] ? $_POST['externallistname'] : $pconfig['externallistname'];
@@ -340,6 +347,12 @@ enable JavaScript to view this content</strong></div>
 <script language="JavaScript">
 <!--
 
+function enable_blockoffenders() {
+	var endis = !(document.iform.blockoffenders7.checked);
+	document.iform.blockoffenderskill.disabled=endis;
+	document.iform.blockoffendersip.disabled=endis;
+}
+
 function enable_change(enable_change) {
 	endis = !(document.iform.enable.checked || enable_change);
 	// make shure a default answer is called if this is envoked.
@@ -562,13 +575,39 @@ function enable_change(enable_change) {
 			</tr>
 			<tr>
 				<td width="22%" valign="top" class="vncell2">Block offenders</td>
-				<td width="78%" class="vtable"><input name="blockoffenders7"
-					type="checkbox" value="on"
+				<td width="78%" class="vtable">
+					<input name="blockoffenders7" id="blockoffenders7" type="checkbox" value="on"
 					<?php if ($pconfig['blockoffenders7'] == "on") echo "checked"; ?>
-					onClick="enable_change(false)"><br>
+					onClick="enable_blockoffenders()"><br>
 				Checking this option will automatically block hosts that generate a
 				Snort alert.</td>
 			</tr>
+			<tr>
+				<td width="22%" valign="top" class="vncell2">Kill states</td>
+				<td width="78%" class="vtable">
+					<input name="blockoffenderskill" id="blockoffenderskill" type="checkbox" value="on" <?php if ($pconfig['blockoffenderskill'] == "on") echo "checked"; ?>>
+					<br/>Should firewall states be killed for the blocked ip
+				</td>
+			</tr>
+			<tr>
+				<td width="22%" valign="top" class="vncell2">Which ip to block</td>
+				<td width="78%" class="vtable">
+					<select name="blockoffendersip" class="formfld" id="blockoffendersip">
+				<?php
+					foreach (array("src", "dst", "both") as $btype) {
+						if ($value['snortlisttype'] == 'whitelist') {
+							if ($btype == $pconfig['blockoffendersip'])
+								echo "<option value='{$btype}' selected>";
+							else
+								echo "<option value='{$btype}'>";
+							echo htmlspecialchars($btype) . '</option>';
+						}
+					}
+				?>
+					</select>
+				<br/> Which ip extracted from the packet you want to block
+				</td>
+			</tr>
 			<tr>
 				<td width="22%" valign="top" class="vncell2">Whitelist</td>
 				<td width="78%" class="vtable">
@@ -687,6 +726,7 @@ function enable_change(enable_change) {
 <script language="JavaScript">
 <!--
 enable_change(false);
+enable_blockoffenders();
 //-->
 </script>
 
-- 
cgit v1.2.3