From ffc45ec8be2950474f43e2a7d84590d7416cbfd0 Mon Sep 17 00:00:00 2001
From: bmeeks8 <bmeeks8@bellsouth.net>
Date: Wed, 2 Apr 2014 15:14:19 -0400
Subject: Add support for IP Reputation preprocessor.

---
 config/snort/snort_ip_list_mgmt.php       | 275 +++++++++++++++++
 config/snort/snort_ip_reputation.php      | 474 ++++++++++++++++++++++++++++++
 config/snort/snort_iprep_list_browser.php |  99 +++++++
 3 files changed, 848 insertions(+)
 create mode 100644 config/snort/snort_ip_list_mgmt.php
 create mode 100644 config/snort/snort_ip_reputation.php
 create mode 100644 config/snort/snort_iprep_list_browser.php

(limited to 'config/snort')

diff --git a/config/snort/snort_ip_list_mgmt.php b/config/snort/snort_ip_list_mgmt.php
new file mode 100644
index 00000000..ae4a1032
--- /dev/null
+++ b/config/snort/snort_ip_list_mgmt.php
@@ -0,0 +1,275 @@
+<?php
+/*
+ * Copyright (C) 2004 Scott Ullrich
+ * Copyright (C) 2011-2012 Ermal Luci
+ * All rights reserved.
+ *
+ * originially part of m0n0wall (http://m0n0.ch/wall)
+ * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ * All rights reserved.
+ *
+ * modified for the pfsense snort package
+ * Copyright (C) 2009-2010 Robert Zelaya.
+ * Copyright (C) 2014 Bill Meeks
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+require_once("guiconfig.inc");
+require_once("/usr/local/pkg/snort/snort.inc");
+
+if (!is_array($config['installedpackages']['snortglobal']['rule']))
+	$config['installedpackages']['snortglobal']['rule'] = array();
+
+// Hard-code the path where IP Lists are stored
+// and disregard any user-supplied path element.
+$iprep_path = IPREP_PATH;
+
+// Set default to not show IP List editor controls
+$iplist_edit_style = "display: none;";
+
+function snort_is_iplist_active($iplist) {
+
+	/***************************************************
+	 * This function checks all the configured Snort   *
+	 * interfaces to see if the passed IP List is used *
+	 * as a whitelist or blacklist by an interface.    *
+	 *                                                 *
+	 * Returns: TRUE  if IP List is in use             *
+	 *          FALSE if IP List is not in use         *
+	 ***************************************************/
+
+	global $g, $config;
+
+	if (!is_array($config['installedpackages']['snortglobal']['rule']))
+		return FALSE;
+
+	foreach ($config['installedpackages']['snortglobal']['rule'] as $rule) {
+		if (is_array($rule['wlist_files']['item'])) {
+			foreach ($rule['wlist_files']['item'] as $file) {
+				if ($file == $iplist)
+					return TRUE;
+			}
+		}
+		if (is_array($rule['blist_files']['item'])) {
+			foreach ($rule['blist_files']['item'] as $file) {
+				if ($file == $iplist)
+					return TRUE;
+			}
+		}
+	}
+	return FALSE;
+}
+
+
+if (isset($_POST['upload'])) {
+	if ($_FILES["iprep_fileup"]["error"] == UPLOAD_ERR_OK) {
+		$tmp_name = $_FILES["iprep_fileup"]["tmp_name"];
+		$name = $_FILES["iprep_fileup"]["name"];
+		move_uploaded_file($tmp_name, "{$iprep_path}{$name}");
+	}
+	else
+		$input_errors[] = gettext("Failed to upload file {$_FILES["iprep_fileup"]["name"]}");
+}
+
+if (isset($_POST['iplist_delete']) && isset($_POST['iplist_fname'])) {
+	if (!snort_is_iplist_active($_POST['iplist_fname']))
+		unlink_if_exists("{$iprep_path}{$_POST['iplist_fname']}");
+	else
+		$input_errors[] = gettext("This IP List is currently assigned as a Whitelist or Blackist for an interface and cannot be deleted.");
+}
+
+if (isset($_POST['iplist_edit']) && isset($_POST['iplist_fname'])) {
+	$file = $iprep_path . basename($_POST['iplist_fname']);
+	$data = file_get_contents($file);
+	if ($data !== FALSE) {
+		$iplist_data = htmlspecialchars($data);
+		$iplist_edit_style = "display: table-row-group;";
+		$iplist_name = basename($_POST['iplist_fname']);
+		unset($data);
+	}
+	else {
+		$input_errors[] = gettext("An error occurred reading the file.");
+	}
+}
+
+if (isset($_POST['save']) && isset($_POST['iplist_data'])) {
+	if (strlen(basename($_POST['iplist_name'])) > 0) {
+		$file = $iprep_path . basename($_POST['iplist_name']);
+		$data = str_replace("\r\n", "\n", $_POST['iplist_data']);
+		file_put_contents($file, $data);
+		unset($data);
+	}
+	else {
+		$input_errors[] = gettext("You must provide a valid filename for the IP List.");
+		$iplist_edit_style = "display: table-row-group;";
+	}
+}
+
+// Get all files in the IP Lists sub-directory as an array
+// Leave this as the last thing before spewing the page HTML
+// so we can pick up any changes made to files in code above.
+$ipfiles = return_dir_as_array($iprep_path);
+
+$pgtitle = gettext("Snort: IP Reputation Lists");
+include_once("head.inc");
+
+?>
+
+<body link="#000000" vlink="#000000" alink="#000000">
+
+<?php
+include_once("fbegin.inc");
+if ($input_errors) {
+	print_input_errors($input_errors);
+}
+
+if ($savemsg)
+	print_info_box($savemsg);
+?>
+
+<form action="/snort/snort_ip_list_mgmt.php" enctype="multipart/form-data" method="post">
+<input type="hidden" name="MAX_FILE_SIZE" value="100000000" />
+<input type="hidden" name="iplist_fname" id="iplist_fname" value=""/>
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+<tr><td>
+<?php
+        $tab_array = array();
+        $tab_array[0] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php");
+        $tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php");
+        $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php");
+        $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php");
+        $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php");
+	$tab_array[5] = array(gettext("Pass Lists"), false, "/snort/snort_passlist.php");
+        $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php");
+        $tab_array[7] = array(gettext("IP Lists"), true, "/snort/snort_ip_list_mgmt.php");
+        $tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
+        display_top_tabs($tab_array, true);
+?>
+</td>
+</tr>
+<tbody id="uploader" style="display: none;" class="tabcont">
+	<tr>
+		<td colspan="4" class="list"><br/><?php echo gettext("Click BROWSE to select a file to import, and then click UPLOAD.  Click CLOSE to quit."); ?></td>
+	</tr>
+	<tr>
+		<td colspan="4" class="list"><input type="file" name="iprep_fileup" id="iprep_fileup" class="formfld file" size="50" />
+			&nbsp;&nbsp;<input type="submit" name="upload" id="upload" value="<?=gettext("Upload");?>" 
+			title="<?=gettext("Upload selected IP list to firewall");?>"/>&nbsp;&nbsp;<input type="button" 
+			value="<?=gettext("Close");?>" onClick="document.getElementById('uploader').style.display='none';" /><br/></td>
+		<td class="list"></td>
+	</tr>
+</tbody>
+<tr>
+	<td>
+	<div id="mainarea">
+		<table id="maintable" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
+			<colgroup>
+				<col style="width: 50%;">
+				<col style="width: 25%;">
+				<col style="width: 15%;">
+				<col style="width: 10%;">
+			</colgroup>
+			<thead>
+				<tr>
+					<th class="listhdrr"><?php echo gettext("IP List File Name"); ?></th>
+					<th class="listhdrr"><?php echo gettext("Last Modified Time"); ?></th>
+					<th class="listhdrr"><?php echo gettext("File Size"); ?></th>
+					<th class="list" align="left"><img style="cursor:pointer;" name="iplist_new" id="iplist_new" 
+					src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" 
+					height="17" border="0" title="<?php echo gettext('Create a new IP List');?>" 
+					onClick="document.getElementById('iplist_data').value=''; document.getElementById('iplist_name').value=''; document.getElementById('iplist_editor').style.display='table-row-group'; document.getElementById('iplist_name').focus();" />
+					<img style="cursor:pointer;" name="iplist_import" id="iplist_import" 
+					onClick="document.getElementById('uploader').style.display='table-row-group';" 
+					src="../themes/<?= $g['theme']; ?>/images/icons/icon_import_alias.gif" width="17" 
+					height="17" border="0" title="<?php echo gettext('Import/Upload an IP List');?>"/></th>
+				</tr>
+			</thead>
+		<?php foreach ($ipfiles as $file): ?>
+			<tr>
+				<td class="listr"><?php echo gettext($file); ?></td>
+				<td class="listr"><?=date('M-d Y g:i a', filemtime("{$iprep_path}{$file}")); ?></td>
+				<td class="listr"><?=format_bytes(filesize("{$iprep_path}{$file}")); ?> </td>
+				<td class="list"><input type="image" name="iplist_edit[]" id="iplist_edit[]" 
+				onClick="document.getElementById('iplist_fname').value='<?=$file;?>';" 
+				src="../themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" 
+				height="17" border="0" title="<?php echo gettext('Edit this IP List');?>"/>
+				<input type="image" name="iplist_delete[]" id="iplist_delete[]" 
+				onClick="document.getElementById('iplist_fname').value='<?=$file;?>'; 
+				return confirm('<?=gettext("Are you sure you want to permanently delete this IP List file?  Click OK to continue or CANCEL to quit.");?>');" 
+				src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" 
+				height="17" border="0" title="<?php echo gettext('Delete this IP List');?>"/></td>
+			</tr>
+		<?php endforeach; ?>
+			<tbody id="iplist_editor" style="<?=$iplist_edit_style;?>">
+			<tr>
+				<td colspan="4">&nbsp;</td>
+			</tr>
+			<tr>
+				<td colspan="4"><strong><?=gettext("File Name: ");?></strong><input type="text" size="45" class="formfld file" id="iplist_name" name="iplist_name" value="<?=$iplist_name;?>" />
+				&nbsp;&nbsp;<input type="submit" id="save" name="save" value="<?=gettext(" Save ");?>" title="<?=gettext("Save changes and close editor");?>" />
+				&nbsp;&nbsp;<input type="button" id="cancel" name="cancel" value="<?=gettext("Cancel");?>" onClick="document.getElementById('iplist_editor').style.display='none';"  
+				title="<?=gettext("Abandon changes and quit editor");?>" /></td>
+			</tr>
+			<tr>
+				<td colspan="4">&nbsp;</td>
+			</tr>
+			<tr>
+				<td colspan="4"><textarea wrap="off" cols="80" rows="20" name="iplist_data" id="iplist_data" 
+				style="width:95%; height:100%;"><?=$iplist_data;?></textarea>
+				</td>
+			</tr>
+			</tbody>
+
+			<tr>
+				<td colspan="3" class="vexpl"><br/><span class="red"><strong><?php echo gettext("Notes:"); ?></strong></span>
+				<br/><?php echo gettext("1. IP Lists are used by the IP Reputation Preprocessor and are text files formatted " . 
+				"with one IP address (or CIDR network) per line."); ?></td>
+				<td class="list"></td>
+			</tr>
+			<tr>
+				<td colspan="3" class="vexpl" style="height: 20px; vertical-align: middle;"><?php echo gettext("2. IP Lists are stored as local files on the firewall and their contents are " . 
+				"not saved as part of the firewall configuration file."); ?></td>
+				<td class="list"></td>
+			</tr>
+			<tr>
+				<td colspan="3" class="vexpl"><br/><strong><?php echo gettext("IP List Controls:"); ?></strong><br/><br/>
+				&nbsp;&nbsp;<img src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" />
+				&nbsp;<?=gettext("Opens the editor window to create a new IP List.  You must provide a valid filename before saving.");?><br/>
+				&nbsp;&nbsp;<img src="../themes/<?= $g['theme']; ?>/images/icons/icon_import_alias.gif" width="17" height="17" border="0" />
+				&nbsp;<?=gettext("Opens the file upload control for uploading a new IP List from your local machine.");?><br/>
+				&nbsp;&nbsp;<img src="../themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" />
+				&nbsp;<?=gettext("Opens the IP List in a text edit control for viewing or editing its contents.");?><br/>
+				&nbsp;&nbsp;<img src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" />
+				&nbsp;<?=gettext("Deletes the IP List from the file system after confirmation.");?></td>
+				<td class="list"></td>
+			</tr>
+		</table>
+	</div>
+	</td>
+</tr>
+</table>
+</form>
+<?php include("fend.inc"); ?>
+</body>
+</html>
diff --git a/config/snort/snort_ip_reputation.php b/config/snort/snort_ip_reputation.php
new file mode 100644
index 00000000..a59021db
--- /dev/null
+++ b/config/snort/snort_ip_reputation.php
@@ -0,0 +1,474 @@
+<?php
+/*
+ * snort_ip_reputation.php
+ * part of pfSense
+ *
+ * Copyright (C) 2014 Bill Meeks
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+require_once("guiconfig.inc");
+require_once("/usr/local/pkg/snort/snort.inc");
+
+global $g, $rebuild_rules;
+
+if (isset($_POST['id']) && is_numericint($_POST['id']))
+	$id = $_POST['id'];
+elseif (isset($_GET['id']) && is_numericint($_GET['id']))
+	$id = htmlspecialchars($_GET['id']);
+
+if (is_null($id)) {
+	header("Location: /snort/snort_interfaces.php");
+	exit;
+}
+
+if (!is_array($config['installedpackages']['snortglobal']['rule'])) {
+	$config['installedpackages']['snortglobal']['rule'] = array();
+}
+if (!is_array($config['installedpackages']['snortglobal']['rule'][$id]['wlist_files']['item'])) {
+	$config['installedpackages']['snortglobal']['rule'][$id]['wlist_files']['item'] = array();
+}
+if (!is_array($config['installedpackages']['snortglobal']['rule'][$id]['blist_files']['item'])) {
+	$config['installedpackages']['snortglobal']['rule'][$id]['blist_files']['item'] = array();
+}
+
+$a_nat = &$config['installedpackages']['snortglobal']['rule'];
+
+$pconfig = $a_nat[$id];
+$iprep_path = IPREP_PATH;
+$if_real = get_real_interface($a_nat[$id]['interface']);
+$snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid'];
+
+// Set sensible defaults for any empty parameters
+if (empty($pconfig['iprep_memcap']))
+	$pconfig['iprep_memcap'] = '500';
+if (empty($pconfig['iprep_priority']))
+	$pconfig['iprep_priority'] = 'whitelist';
+if (empty($pconfig['iprep_nested_ip']))
+	$pconfig['iprep_nested_ip'] = 'inner';
+if (empty($pconfig['iprep_white']))
+	$pconfig['iprep_white'] = 'unblack';
+
+if ($_POST['mode'] == 'blist_add' && isset($_POST['iplist'])) {
+	$pconfig = $_POST;
+
+	// Test the supplied IP List file to see if it exists
+	if (file_exists($_POST['iplist'])) {
+		$a_nat[$id]['blist_files']['item'][] = basename($_POST['iplist']);
+		write_config();
+		$pconfig['blist_files'] = $a_nat[$id]['blist_files'];
+		$pconfig['wlist_files'] = $a_nat[$id]['wlist_files'];
+	}
+	else
+		$input_errors[] = gettext("The file '{$_POST['iplist']}' could not be found.");
+}
+
+if ($_POST['mode'] == 'wlist_add' && isset($_POST['iplist'])) {
+	$pconfig = $_POST;
+
+	// Test the supplied IP List file to see if it exists
+	if (file_exists($_POST['iplist'])) {
+		$a_nat[$id]['wlist_files']['item'][] = basename($_POST['iplist']);
+		write_config();
+		$pconfig['wlist_files'] = $a_nat[$id]['wlist_files'];
+		$pconfig['blist_files'] = $a_nat[$id]['blist_files'];
+	}
+	else
+		$input_errors[] = gettext("The file '{$_POST['iplist']}' could not be found.");
+}
+
+if ($_POST['blist_del'] && is_numericint($_POST['list_id'])) {
+	$pconfig = $_POST;
+	unset($a_nat[$id]['blist_files']['item'][$_POST['list_id']]);
+	write_config();
+	$pconfig['blist_files'] = $a_nat[$id]['blist_files'];
+	$pconfig['wlist_files'] = $a_nat[$id]['wlist_files'];
+}
+
+if ($_POST['wlist_del'] && is_numericint($_POST['list_id'])) {
+	$pconfig = $_POST;
+	unset($a_nat[$id]['wlist_files']['item'][$_POST['list_id']]);
+	write_config();
+	$pconfig['wlist_files'] = $a_nat[$id]['wlist_files'];
+	$pconfig['blist_files'] = $a_nat[$id]['blist_files'];
+}
+
+if ($_POST['save']) {
+
+	$natent = array();
+	$natent = $pconfig;
+
+	if (!is_numericint($_POST['iprep_memcap']) || strval($_POST['iprep_memcap']) < 1 || strval($_POST['iprep_memcap']) > 4095)
+		$input_errors[] = gettext("The value for Memory Cap must be an integer between 1 and 4095.");
+
+	// if no errors write to conf
+	if (!$input_errors) {
+
+		$natent['reputation_preproc'] = $_POST['reputation_preproc'] ? 'on' : 'off';
+		$natent['iprep_scan_local'] = $_POST['iprep_scan_local'] ? 'on' : 'off';
+		$natent['iprep_memcap'] = $_POST['iprep_memcap'];
+		$natent['iprep_priority'] = $_POST['iprep_priority'];
+		$natent['iprep_nested_ip'] = $_POST['iprep_nested_ip'];
+		$natent['iprep_white'] = $_POST['iprep_white'];
+
+		$a_nat[$id] = $natent;
+
+		write_config();
+
+		// Update the snort conf file for this interface
+		$rebuild_rules = false;
+		snort_generate_conf($a_nat[$id]);
+
+		// Soft-restart Snort to live-load new variables
+		snort_reload_config($a_nat[$id]);
+		$pconfig = $natent;
+	}
+	else
+		$pconfig = $_POST;
+}
+
+$if_friendly = convert_friendly_interface_to_friendly_descr($a_nat[$id]['interface']);
+$pgtitle = gettext("Snort: Interface {$if_friendly} IP Reputation Preprocessor");
+include_once("head.inc");
+
+?>
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+
+<?php 
+include("fbegin.inc"); 
+/* Display Alert message */
+if ($input_errors)
+	print_input_errors($input_errors);
+if ($savemsg)
+	print_info_box($savemsg);
+?>
+
+<form action="snort_ip_reputation.php" method="post" name="iform" id="iform" >
+<input name="id" type="hidden" value="<?=$id;?>" />
+<input type="hidden" id="mode" name="mode" value="" />
+<input name="iplist" id="iplist" type="hidden" value="" />
+<input name="list_id" id="list_id" type="hidden" value="" />
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+	<tr>
+		<td>
+		<?php
+		$tab_array = array();
+		$tab_array[0] = array(gettext("Snort Interfaces"), true, "/snort/snort_interfaces.php");
+		$tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php");
+		$tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php");
+		$tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php?instance={$id}");
+		$tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php");
+		$tab_array[5] = array(gettext("Pass Lists"), false, "/snort/snort_passlist.php");
+		$tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php");
+		$tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php");
+		$tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
+		display_top_tabs($tab_array, true);
+		echo '</td></tr>';
+		echo '<tr><td class="tabnavtbl">';
+		$menu_iface=($if_friendly?substr($if_friendly,0,5)." ":"Iface ");
+		$tab_array = array();
+        	$tab_array[] = array($menu_iface . gettext(" Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}");
+		$tab_array[] = array($menu_iface . gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}");
+		$tab_array[] = array($menu_iface . gettext("Rules"), false, "/snort/snort_rules.php?id={$id}");
+		$tab_array[] = array($menu_iface . gettext("Variables"), false, "/snort/snort_define_servers.php?id={$id}");
+		$tab_array[] = array($menu_iface . gettext("Preprocs"), false, "/snort/snort_preprocessors.php?id={$id}");
+		$tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}");
+		$tab_array[] = array($menu_iface . gettext("IP Rep"), true, "/snort/snort_ip_reputation.php?id={$id}");
+		display_top_tabs($tab_array, true);
+		?>
+		</td>
+	</tr>
+	<tr>
+		<td><div id="mainarea">
+			<table id="maintable" class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0">
+				<tr>
+					<td colspan="2" valign="top" class="listtopic"><?php echo gettext("IP Reputation Preprocessor Configuration"); ?></td>
+				</tr>
+				<tr>
+					<td width="22%" valign='top' class='vncell'><?php echo gettext("Enable"); ?>
+					</td>
+					<td width="78%" class="vtable"><input name="reputation_preproc" type="checkbox" value="on" <?php if ($pconfig['reputation_preproc'] == "on") echo "checked"; ?>/>
+					<?php echo gettext("Use IP Reputation Lists on this interface.  Default is ") . "<strong>" . gettext("Not Checked.") . "</strong>"; ?>
+					</td>
+				</tr>
+				<tr>
+					<td valign="top" class="vncell"><?php echo gettext("Memory Cap"); ?></td>
+					<td class="vtable"><input name="iprep_memcap" type="text" class="formfld unknown"
+					id="http_inspect_memcap" size="9"
+					value="<?=htmlspecialchars($pconfig['iprep_memcap']);?>">&nbsp;
+					<?php echo gettext("Maximum memory in megabytes (MB) supported for IP Reputation Lists. Default is ") . "<strong>" . 
+					gettext("500.") . "</strong><br/>" . gettext("The Minimum value is ") . 
+					"<strong>" . gettext("1 MB") . "</strong>" . gettext(" and the Maximum is ") . "<strong>" . 
+					gettext("4095 MB.") . "</strong>&nbsp;" . gettext("Enter an integer value between 1 and 4095."); ?><br/>
+					</td>
+				</tr>
+				<tr>
+					<td width="22%" valign='top' class='vncell'><?php echo gettext("Scan Local"); ?>
+					</td>
+					<td width="78%" class="vtable"><input name="iprep_scan_local" type="checkbox" value="on" <?php if ($pconfig['iprep_scan_local'] == "on") echo "checked"; ?>/>
+					<?php echo gettext("Scan RFC 1918 addresses on this interface.  Default is ") . "<strong>" . gettext("Not Checked.") . "</strong>"; ?><br/>
+					<?php echo gettext("When checked, Snort will inspect addresses in the 10/8, 172.16/12 and 192.168/16 ranges defined in RFC 1918.");?><br/><br/>
+					<span class="red"><strong><?=gettext("Hint: ");?></strong></span><?=gettext("if these address ranges are used in your internal network, and this instance ") . 
+					gettext("is on an internal interface, this option should usually be enabled (checked).");?>
+					</td>
+				</tr>
+				<tr>
+					<td width="22%" valign="top" class="vncell"><?php echo gettext("Nested IP"); ?></td>
+					<td width="78%" class="vtable">
+					<input name="iprep_nested_ip" type="radio" id="iprep_nested_ip_inner"  
+					value="inner" <?php if ($pconfig['iprep_nested_ip'] == 'inner') echo "checked";?>/>
+					<?php echo gettext("Inner"); ?>&nbsp;<input name="iprep_nested_ip" type="radio" id="iprep_nested_ip_outer" 
+					value="outer" <?php if ($pconfig['iprep_nested_ip'] == 'outer') echo "checked";?>/>
+					<?php echo gettext("Outer"); ?>&nbsp;<input name="iprep_nested_ip" type="radio" id="iprep_nested_ip_both" 
+					value="both" <?php if ($pconfig['iprep_nested_ip'] == 'both') echo "checked";?>/>
+					<?php echo gettext("Both"); ?><br/>
+					<?php echo gettext("Specify which IP address to use for whitelist/blacklist matching when there is IP encapsulation. Default is ") . "<strong>" . gettext("Inner") . "</strong>."; ?>
+					</td>
+				</tr>
+				<tr>
+					<td width="22%" valign="top" class="vncell"><?php echo gettext("Priority"); ?></td>
+					<td width="78%" class="vtable">
+					<input name="iprep_priority" type="radio" id="iprep_priority_blacklist"  
+					value="blacklist" <?php if ($pconfig['iprep_priority'] == 'blacklist') echo "checked";?>/>
+					<?php echo gettext("Blacklist"); ?>&nbsp;<input name="iprep_priority" type="radio" id="iprep_priority" 
+					value="whitelist" <?php if ($pconfig['iprep_priority'] == 'whitelist') echo "checked";?>/>
+					<?php echo gettext("Whitelist"); ?><br/>
+					<?php echo gettext("Specify which list has priority when source/destination is on blacklist while destination/source is on whitelist.") . 
+					"<br/>" . gettext("Default is ") . "<strong>" . gettext("Whitelist") . "</strong>."; ?>
+					</td>
+				</tr>
+				<tr>
+					<td width="22%" valign="top" class="vncell"><?php echo gettext("Whitelist Meaning"); ?></td>
+					<td width="78%" class="vtable">
+					<input name="iprep_white" type="radio" id="iprep_white_unblack"  
+					value="unblack" <?php if ($pconfig['iprep_white'] == 'unblack') echo "checked";?>/>
+					<?php echo gettext("Unblack"); ?>&nbsp;<input name="iprep_white" type="radio" id="iprep_white_trust" 
+					value="trust" <?php if ($pconfig['iprep_white'] == 'trust') echo "checked";?>/>
+					<?php echo gettext("Trust"); ?><br/>
+					<?php echo gettext("Specify the meaning of whitelist. \"Unblack\" unblacks blacklisted IP addresses and routes them for further inspection.  \"Trust\" means the packet bypasses all further Snort detection. ") . 
+					gettext("Default is ") . "<strong>" . gettext("Unblack") . "</strong>."; ?>
+					</td>
+				</tr>
+				<tr>
+					<td width="22%" valign="top" class="vncell">&nbsp;</td>
+					<td width="78%" class="vtable">
+					<input name="save" type="submit" class="formbtn" value="Save" title="<?=gettext("Save IP Reputation configuration");?>" />
+					&nbsp;&nbsp;<?=gettext("Click to save configuration settings and live-reload the running Snort configuration.");?>
+					</td>
+				</tr>
+				<tr>
+					<td colspan="2" valign="top" class="listtopic"><?php echo gettext("Assign Blacklists/Whitelists to IP Reputation Preprocessor"); ?></td>
+				</tr>
+				<tr>
+					<td width="22%" valign='top' class='vncell'><?php echo gettext("Blacklist Files"); ?>
+					</td>
+					<td width="78%" class="vtable">
+					<!-- blist_chooser -->
+					<div id="blistChooser" name="blistChooser" style="display:none; border:1px dashed gray; width:98%;"></div>
+						<table width="95%" border="0" cellpadding="2" cellspacing="0">
+							<colgroup>
+								<col style="text-align:left;">
+								<col style="width: 30%; text-align:left;">
+								<col style="width: 17px;">
+							</colgroup>
+							<thead>
+								<tr>
+									<th class="listhdrr"><?php echo gettext("Blacklist Filename"); ?></th>
+									<th class="listhdrr"><?php echo gettext("Modification Time"); ?></th>
+									<th class="list" align="left" valign="middle"><img style="cursor:pointer;" name="blist_add" id="blist_add" 
+									src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" 
+									height="17" border="0" title="<?php echo gettext('Assign a blacklist file');?>"/></th>
+								</tr>
+							</thead>
+							<tbody>
+							<?php foreach($pconfig['blist_files']['item'] as $k => $f):
+									$class = "listr";
+									if (!file_exists("{$iprep_path}{$f}")) {
+										$filedate = gettext("Unknown -- file missing");
+										$class .= " red";
+									}
+									else
+										$filedate = date('M-d Y   g:i a', filemtime("{$iprep_path}{$f}"));
+							 ?>
+								<tr>
+									<td class="<?=$class;?>"><?=htmlspecialchars($f);?></td>
+									<td class="<?=$class;?>" align="center"><?=$filedate;?></td>
+									<td class="list"><input type="image" name="blist_del[]" id="blist_del[]" onClick="document.getElementById('list_id').value='<?=$k;?>';" 
+									src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" 
+									border="0" title="<?php echo gettext('Remove this blacklist file');?>"/></td>
+								</tr>
+							<?php endforeach; ?>
+								<tr>
+									<td colspan="2" class="vexpl"><span class="red"><strong><?=gettext("Note: ");?></strong></span>
+									<?=gettext("changes to blacklist assignments are immediately saved.");?></td>
+								</tr>
+							</tbody>
+						</table>
+					</td>
+				</tr>
+				<tr>
+					<td width="22%" valign='top' class='vncell'><?php echo gettext("Whitelist Files"); ?>
+					</td>
+					<td width="78%" class="vtable">
+						<table width="95%" border="0" cellpadding="2" cellspacing="0">
+					<!-- wlist_chooser -->
+					<div id="wlistChooser" name="wlistChooser" style="display:none; border:1px dashed gray; width:98%;"></div>
+							<colgroup>
+								<col style="text-align:left;">
+								<col style="width: 30%; text-align:left;">
+								<col style="width: 17px;">
+							</colgroup>
+							<thead>
+								<tr>
+									<th class="listhdrr"><?php echo gettext("Whitelist Filename"); ?></th>
+									<th class="listhdrr"><?php echo gettext("Modification Time"); ?></th>
+									<th class="list" align="left" valign="middle"><img style="cursor:pointer;" name="wlist_add" id="wlist_add" 
+									src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" 
+									border="0" title="<?php echo gettext('Assign a whitelist file');?>"/></th>
+								</tr>
+							</thead>
+							<tbody>
+							<?php foreach($pconfig['wlist_files']['item'] as $k => $f):
+									$class = "listr";
+									if (!file_exists("{$iprep_path}{$f}")) {
+										$filedate = gettext("Unknown -- file missing");
+										$class .= " red";
+									}
+									else
+										$filedate = date('M-d Y   g:i a', filemtime("{$iprep_path}{$f}"));
+							 ?>
+								<tr>
+									<td class="<?=$class;?>"><?=htmlspecialchars($f);?></td>
+									<td class="<?=$class;?>" align="center"><?=$filedate;?></td>
+									<td class="list"><input type="image" name="wlist_del[]" id="wlist_del[]" onClick="document.getElementById('list_id').value='<?=$k;?>';" 
+									src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" 
+									border="0" title="<?php echo gettext('Remove this whitelist file');?>"/></td>
+								</tr>
+							<?php endforeach; ?>
+								<tr>
+									<td colspan="2" class="vexpl"><span class="red"><strong><?=gettext("Note: ");?></strong></span>
+									<?=gettext("changes to whitelist assignments are immediately saved.");?></td>
+								</tr>
+							</tbody>
+						</table>
+					</td>
+				</tr>
+			</table>
+		</div>
+		</td>
+	</tr>
+</table>
+</form>
+
+<script type="text/javascript">
+Event.observe(
+	window, "load",
+	function() {
+		Event.observe(
+			"blist_add", "click",
+			function() {
+				Effect.Appear("blistChooser", { duration: 0.25 });
+				blistChoose();
+			}
+		);
+
+		Event.observe(
+			"wlist_add", "click",
+			function() {
+				Effect.Appear("wlistChooser", { duration: 0.25 });
+				wlistChoose();
+			}
+		);
+	}
+);
+
+function blistChoose() {
+	Effect.Appear("blistChooser", { duration: 0.25 });
+	if($("fbCurrentDir"))
+		$("fbCurrentDir").innerHTML = "Loading ...";
+
+	new Ajax.Request(
+		"/snort/snort_iprep_list_browser.php?container=blistChooser&target=iplist&val=" + new Date().getTime(),
+		{ method: "get", onComplete: blistComplete }
+	);
+}
+
+function wlistChoose() {
+	Effect.Appear("wlistChooser", { duration: 0.25 });
+	if($("fbCurrentDir"))
+		$("fbCurrentDir").innerHTML = "Loading ...";
+
+	new Ajax.Request(
+		"/snort/snort_iprep_list_browser.php?container=wlistChooser&target=iplist&val=" + new Date().getTime(),
+		{ method: "get", onComplete: wlistComplete }
+	);
+}
+
+function blistComplete(req) {
+	$("blistChooser").innerHTML = req.responseText;
+
+	var actions = {
+		fbClose: function() { $("blistChooser").hide();                    },
+		fbFile:  function() { $("iplist").value = this.id;
+				      $("mode").value = 'blist_add';
+				      document.getElementById('iform').submit();
+				    }
+	}
+
+	for(var type in actions) {
+		var elem = $("blistChooser");
+		var list = elem.getElementsByClassName(type);
+		for (var i=0; i<list.length; i++) {
+			Event.observe(list[i], "click", actions[type]);
+			list[i].style.cursor = "pointer";
+		}
+	}
+}
+
+function wlistComplete(req) {
+	$("wlistChooser").innerHTML = req.responseText;
+
+	var actions = {
+		fbClose: function() { $("wlistChooser").hide();                    },
+		fbFile:  function() { $("iplist").value = this.id;
+				      $("mode").value = 'wlist_add';
+				      document.getElementById('iform').submit();
+				    }
+	}
+
+	for(var type in actions) {
+		var elem = $("wlistChooser");
+		var list = elem.getElementsByClassName(type);
+		for (var i=0; i<list.length; i++) {
+			Event.observe(list[i], "click", actions[type]);
+			list[i].style.cursor = "pointer";
+		}
+	}
+}
+
+</script>
+
+<?php include("fend.inc"); ?>
+</body>
+</html>
diff --git a/config/snort/snort_iprep_list_browser.php b/config/snort/snort_iprep_list_browser.php
new file mode 100644
index 00000000..3e4d6b6a
--- /dev/null
+++ b/config/snort/snort_iprep_list_browser.php
@@ -0,0 +1,99 @@
+<?php
+
+require_once("guiconfig.inc");
+require_once("/usr/local/pkg/snort/snort.inc");
+
+// Fetch a list of files inside a given directory
+function get_content($dir) {
+	$files = array();
+
+	clearstatcache();
+	$fd = @opendir($dir);
+	while($entry = @readdir($fd)) {
+		if($entry == ".")  continue;
+		if($entry == "..") continue;
+
+		if(is_dir("{$dir}/{$entry}"))
+			continue;
+		else
+			array_push($files, $entry);
+	}
+	@closedir($fd);
+	natsort($files);
+	return $files;
+}
+
+$path = IPREP_PATH;
+$container = htmlspecialchars($_GET['container']);
+$target = htmlspecialchars($_GET['target']);
+
+// ----- header -----
+?>
+<table width="100%">
+	<tr>
+		<td width="25px" align="left">
+			<img src="/filebrowser/images/icon_home.gif" alt="Home" title="Home" />
+		</td>
+		<td><b><?=$path;?></b></td>
+		<td class="fbClose" align="right">
+			<img onClick="$('<?=$container;?>').hide();" border="0" src="/filebrowser/images/icon_cancel.gif" alt="Close" title="Close" />
+		</td>
+	</tr>
+	<tr>
+		<td id="fbCurrentDir" colspan="3" class="vexpl" align="left">
+		</td>
+	</tr>
+<?php
+$files = get_content($path);
+
+// ----- files -----
+foreach($files as $file):
+	$ext = strrchr($file, ".");
+
+	if($ext == ".css" ) $type = "code";
+	elseif($ext == ".html") $type = "code";
+	elseif($ext == ".xml" ) $type = "code";
+	elseif($ext == ".rrd" ) $type = "database";
+	elseif($ext == ".gif" ) $type = "image";
+	elseif($ext == ".jpg" ) $type = "image";
+	elseif($ext == ".png" ) $type = "image";
+	elseif($ext == ".js"  ) $type = "js";
+	elseif($ext == ".pdf" ) $type = "pdf";
+	elseif($ext == ".inc" ) $type = "php";
+	elseif($ext == ".php" ) $type = "php";
+	elseif($ext == ".conf") $type = "system";
+	elseif($ext == ".pid" ) $type = "system";
+	elseif($ext == ".sh"  ) $type = "system";
+	elseif($ext == ".bz2" ) $type = "zip";
+	elseif($ext == ".gz"  ) $type = "zip";
+	elseif($ext == ".tgz" ) $type = "zip";
+	elseif($ext == ".zip" ) $type = "zip";
+	else                    $type = "generic";
+
+	$fqpn = "{$path}/{$file}";
+
+	if(is_file($fqpn)) {
+		$fqpn = realpath($fqpn);
+		$size = sprintf("%.2f KiB", filesize($fqpn) / 1024);
+	}
+	else
+		$size = "";
+?>
+	<tr>
+		<td></td>
+		<td class="fbFile vexpl" id="<?=$fqpn;?>" align="left">
+			<?php $filename = str_replace("//","/", "{$path}/{$file}"); ?>
+			<div onClick="$('<?=$target;?>').value='<?=$filename?>'; $('<?=$container;?>').hide();">
+				<img src="/filebrowser/images/file_<?=$type;?>.gif" alt="" title="">
+				&nbsp;<?=$file;?>
+			</div>
+		</td>
+		<td align="right" class="vexpl">
+			<?=$size;?>
+		</td>
+	</tr>
+<?php
+endforeach;
+?>
+</table>
+
-- 
cgit v1.2.3