From 0f4ea6c032de0d287d9a1620abbe32c59d557ab4 Mon Sep 17 00:00:00 2001
From: Ermal <eri@pfsense.org>
Date: Wed, 3 Aug 2011 18:21:20 +0000
Subject: Fixes for whitelists and suppress generation.

---
 config/snort/snort.inc                 |   4 +-
 config/snort/snort_interfaces_edit.php | 112 +++++++++++++--------------------
 2 files changed, 46 insertions(+), 70 deletions(-)

(limited to 'config/snort')

diff --git a/config/snort/snort.inc b/config/snort/snort.inc
index 7a5a4ffb..79d4cde8 100644
--- a/config/snort/snort.inc
+++ b/config/snort/snort.inc
@@ -520,7 +520,7 @@ function snort_postinstall()
 	if (!is_dir('/usr/local/etc/snort'))
 		exec('/bin/mkdir -p /usr/local/etc/snort/custom_rules');
 
-	if (!file_exists('/usr/local/etc/snort/whitelist'))
+	if (!is_dir('/usr/local/etc/snort/whitelist'))
 		exec('/bin/mkdir -p /usr/local/etc/snort/whitelist/');
 
 	if (!is_dir('/var/log/snort/run'))
@@ -1151,8 +1151,6 @@ function create_snort_suppress($id, $if_real) {
 
 	if ($config['installedpackages']['snortglobal']['rule'][$id]['suppresslistname'] != 'default') {
 		$whitelist_key_s = find_suppress_key($config['installedpackages']['snortglobal']['rule'][$id]['suppresslistname']);
-		if (empty($whitelist_key_s))
-			return "";
 
 		/* file name */
 		$suppress_file_name = $config['installedpackages']['snortglobal']['suppress']['item'][$whitelist_key_s]['name'];
diff --git a/config/snort/snort_interfaces_edit.php b/config/snort/snort_interfaces_edit.php
index 019a8af0..667f3571 100644
--- a/config/snort/snort_interfaces_edit.php
+++ b/config/snort/snort_interfaces_edit.php
@@ -537,30 +537,24 @@ function enable_change(enable_change) {
 				<td width="78%" class="vtable"><select name="homelistname"
 					class="formfld" id="homelistname">
 				<?php
+					echo "<option value='default' >default</option>";
 					/* find whitelist names and filter by type */
-					$hlist_select = $config['installedpackages']['snortglobal']['whitelist']['item'];
-					$hid = -1;
-					if ($pconfig['homelistname'] == 'default'){ $selected  = 'selected'; }
-					$wlist_sub2 = preg_match('/^([a-zA-z0-9]+)/', $pconfig['homelistname'], $hlist_sub);
-					echo "<option value=\"default\" $selected>default</option>
-							";
-					foreach ($hlist_select as $value):
-					$hid += 1;
-					if ($config['installedpackages']['snortglobal']['whitelist']['item'][$hid]['snortlisttype'] == 'netlist') {
-						$ilistname = $config['installedpackages']['snortglobal']['whitelist']['item'][$hid]['name'];
-						$whitelist_uuid = $config['installedpackages']['snortglobal']['whitelist']['item'][$hid]['uuid'];
-						if ($ilistname == $hlist_sub[0]){
-							echo "<option value=\"$ilistname $whitelist_uuid\" selected>";
-						}else{
-							echo "<option value=\"$ilistname $whitelist_uuid\">";
+					if (is_array($config['installedpackages']['snortglobal']['whitelist']['item'])) {
+						foreach ($config['installedpackages']['snortglobal']['whitelist']['item'] as $value) {
+							if ($value['snortlisttype'] == 'netlist') {
+								$ilistname = $value['name'];
+								if ($ilistname == $pconfig['homelistname'])
+									echo "<option value='$ilistname' selected>";
+								else
+									echo "<option value='$ilistname'>";
+								echo htmlspecialchars($ilistname) . '</option>';
+							}
 						}
-						echo htmlspecialchars($ilistname) . '</option>';
 					}
-					endforeach;
 				?>
 				</select><br>
 				<span class="vexpl">Choose the home net you will like this rule to
-				use. </span>&nbsp;<span class="red">Note:</span>&nbsp;Default home
+				use. </span>&nbsp;<br/><span class="red">Note:</span>&nbsp;Default home
 				net adds only local networks.<br>
 				<span class="red">Hint:</span>&nbsp;Most users add a list of
 				friendly ips that the firewall cant see.</td>
@@ -570,31 +564,24 @@ function enable_change(enable_change) {
 				<td width="78%" class="vtable"><select name="externallistname"
 					class="formfld" id="externallistname">
 				<?php
+					echo "<option value='default' >default</option>";
 					/* find whitelist names and filter by type */
-					$exlist_select = $config['installedpackages']['snortglobal']['whitelist']['item'];
-					$exid = -1;
-					if ($pconfig['externallistname'] == 'default'){ $selected  = 'selected'; }
-					preg_match('/^([a-zA-z0-9]+)/', $pconfig['externallistname'], $exlist_sub);
-					echo "<option value=\"default\" $selected>default</option>
-							";
-					foreach ($exlist_select as $value):
-					$exid += 1;
-					if ($config['installedpackages']['snortglobal']['whitelist']['item'][$exid]['snortlisttype'] == 'netlist') {
-						$ilistname = $config['installedpackages']['snortglobal']['whitelist']['item'][$exid]['name'];
-						$whitelist_uuid = $config['installedpackages']['snortglobal']['whitelist']['item'][$exid]['uuid'];
-						if ($ilistname == $exlist_sub[0]){
-							echo "<option value=\"$ilistname $whitelist_uuid\" selected>";
-						}else{
-							echo "<option value=\"$ilistname $whitelist_uuid\">";
+					if (is_array($config['installedpackages']['snortglobal']['whitelist']['item'])) {
+						foreach ($config['installedpackages']['snortglobal']['whitelist']['item'] as $value) {
+							if ($value['snortlisttype'] == 'netlist') {
+								$ilistname = $value['name'];
+								if ($ilistname == $pconfig['externallistname'])
+									echo "<option value='$ilistname' selected>";
+								else
+									echo "<option value='$ilistname'>";
+								echo htmlspecialchars($ilistname) . '</option>';
+							}
 						}
-						echo htmlspecialchars($ilistname) . '</option>
-								';
 					}
-					endforeach;
 				?>
-				</select><br>
+				</select><br/>
 				<span class="vexpl">Choose the external net you will like this rule
-				to use. </span>&nbsp;<span class="red">Note:</span>&nbsp;Default
+				to use. </span>&nbsp;<br/><span class="red">Note:</span>&nbsp;Default
 				external net, networks that are not home net.<br>
 				<span class="red">Hint:</span>&nbsp;Most users should leave this
 				setting at default.</td>
@@ -610,46 +597,37 @@ function enable_change(enable_change) {
 			</tr>
 			<tr>
 				<td width="22%" valign="top" class="vncell2">Whitelist</td>
-				<td width="78%" class="vtable"><select name="whitelistname"
-					class="formfld" id="whitelistname">
+				<td width="78%" class="vtable">
+					<select name="whitelist" class="formfld" id="whitelistname">
 				<?php
 					/* find whitelist names and filter by type, make sure to track by uuid */
-					$wlist_select = $config['installedpackages']['snortglobal']['whitelist']['item'];
-					$wid = -1;
-					if ($pconfig['whitelistname'] == 'default'){ $selected  = 'selected'; }
-					preg_match('/^([a-zA-z0-9]+)/', $pconfig['whitelistname'], $wlist_sub);
-					echo "<option value=\"default\" $selected>default</option>
-							";
-					foreach ($wlist_select as $value):
-					$wid += 1;
-					if ($config['installedpackages']['snortglobal']['whitelist']['item'][$wid]['snortlisttype'] == 'whitelist') {
-						$ilistname = $config['installedpackages']['snortglobal']['whitelist']['item'][$wid]['name'];
-						$whitelist_uuid = $config['installedpackages']['snortglobal']['whitelist']['item'][$wid]['uuid'];
-						if ($ilistname == $wlist_sub[0]){
-							echo "<option value=\"$ilistname $whitelist_uuid\" selected>";
-						}else{
-							echo "<option value=\"$ilistname $whitelist_uuid\">";
+					echo "<option value='default' >default</option>\n";
+					if (is_array($config['installedpackages']['snortglobal']['whitelist']['item'])) {
+						foreach ($config['installedpackages']['snortglobal']['whitelist']['item'] as $value) {
+							if ($value['snortlisttype'] == 'whitelist') {
+								if ($value['name'] == $pconfig['whitelist'])
+									echo "<option value='{$value['name']}' selected>";
+								else
+									echo "<option value='{$value['name']}'>";
+								echo htmlspecialchars($value['name']) . '</option>';
+							}
 						}
-						echo htmlspecialchars($ilistname) . '</option>
-								';
 					}
-					endforeach;
 				?>
 				</select><br>
 				<span class="vexpl">Choose the whitelist you will like this rule to
-				use. </span>&nbsp;<span class="red">Note:</span>&nbsp;Default
-				whitelist adds only local networks.</td>
+				use. </span>&nbsp;<br/><span class="red">Note:</span>&nbsp;Default
+				whitelist adds only local networks.<br/>
+				<span class="red">Note:</span>&nbsp;This option will only be used when block offenders is on.
+				</td>
 			</tr>
-
 			<tr>
 				<td width="22%" valign="top" class="vncell2">Suppression and
 				filtering</td>
-				<td width="78%" class="vtable"><select name="suppresslistname"
-					class="formfld" id="suppresslistname">
+				<td width="78%" class="vtable">
+					<select name="suppresslistname" class="formfld" id="suppresslistname">
 				<?php
-					/* find whitelist names and filter by type, make sure to track by uuid */
-					if ($pconfig['suppresslistname'] == 'default'){ $selected  = 'selected'; }
-						echo "<option value=\"default\" $selected>default</option>";
+					echo "<option value='default' >default</option>\n";
 					if (is_array($config['installedpackages']['snortglobal']['suppress']['item'])) {
 						$slist_select = $config['installedpackages']['snortglobal']['suppress']['item'];
 						foreach ($slist_select as $value) {
@@ -664,7 +642,7 @@ function enable_change(enable_change) {
 				?>
 				</select><br>
 				<span class="vexpl">Choose the suppression or filtering file you
-				will like this rule to use. </span>&nbsp;<span class="red">Note:</span>&nbsp;Default
+				will like this rule to use. </span>&nbsp;<br/><span class="red">Note:</span>&nbsp;Default
 				option disables suppression and filtering.</td>
 			</tr>
 
-- 
cgit v1.2.3