'WAN', 'lan' => 'LAN'); for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) $interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr']; } // See if interface is already configured, and use its values if (isset($id) && $a_rule[$id]) { /* old options */ $pconfig = $a_rule[$id]; if (!empty($pconfig['configpassthru'])) $pconfig['configpassthru'] = base64_decode($pconfig['configpassthru']); if (empty($pconfig['uuid'])) $pconfig['uuid'] = $snort_uuid; } // Must be a new interface, so try to pick next available physical interface to use elseif (isset($id) && !isset($a_rule[$id])) { $ifaces = get_configured_interface_list(); $ifrules = array(); foreach($a_rule as $r) $ifrules[] = $r['interface']; foreach ($ifaces as $i) { if (!in_array($i, $ifrules)) { $pconfig['interface'] = $i; break; } } if (count($ifrules) == count($ifaces)) { $input_errors[] = "No more available interfaces to configure for Snort!"; $interfaces = array(); $pconfig = array(); } } if (isset($_GET['dup'])) unset($id); if ($_POST["Submit"]) { if (!$_POST['interface']) $input_errors[] = "Interface is mandatory"; /* if no errors write to conf */ if (!$input_errors) { $natent = $a_rule[$id]; $natent['interface'] = $_POST['interface']; $natent['enable'] = $_POST['enable'] ? 'on' : 'off'; $natent['uuid'] = $pconfig['uuid']; /* See if the HOME_NET, EXTERNAL_NET, WHITELIST or SUPPRESS LIST values were changed */ $snort_reload = false; if ($_POST['homelistname'] && ($_POST['homelistname'] <> $natent['homelistname'])) $snort_reload = true; if ($_POST['externallistname'] && ($_POST['externallistname'] <> $natent['externallistname'])) $snort_reload = true; if ($_POST['suppresslistname'] && ($_POST['suppresslistname'] <> $natent['suppresslistname'])) $snort_reload = true; if ($_POST['whitelistname'] && ($_POST['whitelistname'] <> $natent['whitelistname'])) $snort_reload = true; if ($_POST['descr']) $natent['descr'] = $_POST['descr']; else $natent['descr'] = strtoupper($natent['interface']); if ($_POST['performance']) $natent['performance'] = $_POST['performance']; else unset($natent['performance']); /* if post = on use on off or rewrite the conf */ if ($_POST['blockoffenders7'] == "on") $natent['blockoffenders7'] = 'on'; else $natent['blockoffenders7'] = 'off'; if ($_POST['blockoffenderskill'] == "on") $natent['blockoffenderskill'] = 'on'; else unset($natent['blockoffenderskill']); if ($_POST['blockoffendersip']) $natent['blockoffendersip'] = $_POST['blockoffendersip']; else unset($natent['blockoffendersip']); if ($_POST['whitelistname']) $natent['whitelistname'] = $_POST['whitelistname']; else unset($natent['whitelistname']); if ($_POST['homelistname']) $natent['homelistname'] = $_POST['homelistname']; else unset($natent['homelistname']); if ($_POST['externallistname']) $natent['externallistname'] = $_POST['externallistname']; else unset($natent['externallistname']); if ($_POST['suppresslistname']) $natent['suppresslistname'] = $_POST['suppresslistname']; else unset($natent['suppresslistname']); if ($_POST['alertsystemlog'] == "on") { $natent['alertsystemlog'] = 'on'; }else{ $natent['alertsystemlog'] = 'off'; } if ($_POST['configpassthru']) $natent['configpassthru'] = base64_encode($_POST['configpassthru']); else unset($natent['configpassthru']); if ($_POST['cksumcheck']) $natent['cksumcheck'] = 'on'; else $natent['cksumcheck'] = 'off'; $if_real = snort_get_real_interface($natent['interface']); if (isset($id) && $a_rule[$id]) { if ($natent['interface'] != $a_rule[$id]['interface']) { $oif_real = snort_get_real_interface($a_rule[$id]['interface']); snort_stop($a_rule[$id], $oif_real); exec("rm -r /var/log/snort_{$oif_real}" . $a_rule[$id]['uuid']); exec("mv -f {$snortdir}/snort_" . $a_rule[$id]['uuid'] . "_{$oif_real} {$snortdir}/snort_" . $a_rule[$id]['uuid'] . "_{$if_real}"); } $a_rule[$id] = $natent; } else $a_rule[] = $natent; /* If Snort is disabled on this interface, stop any running instance */ if ($natent['enable'] != 'on') snort_stop($natent, $if_real); /* Save configuration changes */ write_config(); /* Most changes don't require a rules rebuild, so default to "off" */ $rebuild_rules = "off"; /* Update snort.conf and snort.sh files for this interface */ sync_snort_package_config(); /*******************************************************/ /* Signal Snort to reload configuration if we changed */ /* HOME_NET, the Whitelist, EXTERNAL_NET or Suppress */ /* list values. The function only signals a running */ /* Snort instance to safely reload these parameters. */ /*******************************************************/ if ($snort_reload == true) snort_reload_config($natent, $if_real); header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); header( 'Cache-Control: no-store, no-cache, must-revalidate' ); header( 'Cache-Control: post-check=0, pre-check=0', false ); header( 'Pragma: no-cache' ); header("Location: /snort/snort_interfaces.php"); exit; } else $pconfig = $_POST; } $if_friendly = snort_get_friendly_interface($pconfig['interface']); $pgtitle = "Snort: Interface Edit: {$if_friendly}"; include_once("head.inc"); ?> ' . $pgtitle . '

';}?>
" method="post" name="iform" id="iform"> '; echo '
'; $tab_array = array(); $menu_iface=($if_friendly?substr($if_friendly,0,5)." ":"Iface "); $tab_array[] = array($menu_iface . gettext("Settings"), true, "/snort/snort_interfaces_edit.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Rules"), false, "/snort/snort_rules.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Variables"), false, "/snort/snort_define_servers.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}"); display_top_tabs($tab_array); ?>
    " . gettext("Enable or Disable") . "\n"; ?>
  



onClick="enable_change(false)">
onClick="enable_blockoffenders()">
>
  
  

>
" . gettext("Most of this is already done at the firewall/filter level, so it is usually safe to check this box."); ?>
     "/>


 
 
    

 
 
     "/>

 
 
 
     "/>

 
" . gettext("Default option disables suppression and filtering."); ?>
"/>
  " . gettext("Please save your settings before you attempt to start Snort."); ?>