mirror of
https://github.com/vincentmli/bpfire.git
synced 2026-04-28 11:43:25 +02:00
Merge remote-tracking branch 'pmueller/temp-c164-development' into next
This commit is contained in:
Michael Tremer
@@ -5,6 +5,7 @@ etc/rc.d/init.d/partresize
|
|||||||
etc/rc.d/init.d/squid
|
etc/rc.d/init.d/squid
|
||||||
etc/suricata/suricata.yaml
|
etc/suricata/suricata.yaml
|
||||||
etc/sysctl.conf
|
etc/sysctl.conf
|
||||||
|
opt/pakfire/lib/functions.pl
|
||||||
srv/web/ipfire/cgi-bin/ids.cgi
|
srv/web/ipfire/cgi-bin/ids.cgi
|
||||||
srv/web/ipfire/cgi-bin/logs.cgi/log.dat
|
srv/web/ipfire/cgi-bin/logs.cgi/log.dat
|
||||||
srv/web/ipfire/cgi-bin/optionsfw.cgi
|
srv/web/ipfire/cgi-bin/optionsfw.cgi
|
||||||
|
|||||||
@@ -1019,7 +1019,7 @@ if ($cgiparams{'RULESET'} eq $Lang::tr{'ids apply'}) {
|
|||||||
&IDS::call_suricatactrl("stop");
|
&IDS::call_suricatactrl("stop");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
# Undefine providers flag.
|
# Undefine providers flag.
|
||||||
undef($cgiparams{'PROVIDERS'});
|
undef($cgiparams{'PROVIDERS'});
|
||||||
|
|
||||||
@@ -1468,7 +1468,7 @@ print <<END;
|
|||||||
<br>
|
<br>
|
||||||
<hr>
|
<hr>
|
||||||
<br>
|
<br>
|
||||||
|
|
||||||
<div align='center'>
|
<div align='center'>
|
||||||
<table width='100%'>
|
<table width='100%'>
|
||||||
END
|
END
|
||||||
@@ -1522,7 +1522,7 @@ sub show_customize_ruleset() {
|
|||||||
print"var hide = \"$Lang::tr{'ids hide'}\"\;\n";
|
print"var hide = \"$Lang::tr{'ids hide'}\"\;\n";
|
||||||
|
|
||||||
print <<END
|
print <<END
|
||||||
// Tiny java script function to show/hide the rules
|
// Tiny javascript function to show/hide the rules
|
||||||
// of a given category.
|
// of a given category.
|
||||||
function showhide(tblname) {
|
function showhide(tblname) {
|
||||||
\$("#" + tblname).toggle();
|
\$("#" + tblname).toggle();
|
||||||
@@ -1540,97 +1540,97 @@ print <<END
|
|||||||
END
|
END
|
||||||
;
|
;
|
||||||
&Header::openbox('100%', 'LEFT', "$Lang::tr{'intrusion detection system rules'}" );
|
&Header::openbox('100%', 'LEFT', "$Lang::tr{'intrusion detection system rules'}" );
|
||||||
print"<form method='POST' action='$ENV{'SCRIPT_NAME'}'>\n";
|
print"<form method='POST' action='$ENV{'SCRIPT_NAME'}'>\n";
|
||||||
|
|
||||||
# Output display table for rule files
|
# Output display table for rule files
|
||||||
|
print "<table width='100%'>\n";
|
||||||
|
|
||||||
|
# Loop over each rule file
|
||||||
|
foreach my $rulefile (sort keys(%idsrules)) {
|
||||||
|
my $rulechecked = '';
|
||||||
|
|
||||||
|
# Check if rule file is enabled
|
||||||
|
if ($idsrules{$rulefile}{'Rulefile'}{'State'} eq 'on') {
|
||||||
|
$rulechecked = 'CHECKED';
|
||||||
|
}
|
||||||
|
|
||||||
|
# Convert rulefile name into category name.
|
||||||
|
my $categoryname = &_rulefile_to_category($rulefile);
|
||||||
|
|
||||||
|
# Table and rows for the rule files.
|
||||||
|
print"<tr>\n";
|
||||||
|
print"<td class='base' width='5%'>\n";
|
||||||
|
print"<input type='checkbox' name='$rulefile' $rulechecked>\n";
|
||||||
|
print"</td>\n";
|
||||||
|
print"<td class='base' width='90%'><b>$rulefile</b></td>\n";
|
||||||
|
print"<td class='base' width='5%' align='right'>\n";
|
||||||
|
print"<a href=\"javascript:showhide('$categoryname')\"><span id='span_$categoryname'>$Lang::tr{'ids show'}</span></a>\n";
|
||||||
|
print"</td>\n";
|
||||||
|
print"</tr>\n";
|
||||||
|
|
||||||
|
# Rows which will be hidden per default and will contain the single rules.
|
||||||
|
print"<tr style='display:none' id='$categoryname'>\n";
|
||||||
|
print"<td colspan='3'>\n";
|
||||||
|
|
||||||
|
# Local vars
|
||||||
|
my $lines;
|
||||||
|
my $rows;
|
||||||
|
my $col;
|
||||||
|
|
||||||
|
# New table for the single rules.
|
||||||
print "<table width='100%'>\n";
|
print "<table width='100%'>\n";
|
||||||
|
|
||||||
# Loop over each rule file
|
# Loop over rule file rules
|
||||||
foreach my $rulefile (sort keys(%idsrules)) {
|
foreach my $sid (sort {$a <=> $b} keys(%{$idsrules{$rulefile}})) {
|
||||||
my $rulechecked = '';
|
|
||||||
|
|
||||||
# Check if rule file is enabled
|
|
||||||
if ($idsrules{$rulefile}{'Rulefile'}{'State'} eq 'on') {
|
|
||||||
$rulechecked = 'CHECKED';
|
|
||||||
}
|
|
||||||
|
|
||||||
# Convert rulefile name into category name.
|
|
||||||
my $categoryname = &_rulefile_to_category($rulefile);
|
|
||||||
|
|
||||||
# Table and rows for the rule files.
|
|
||||||
print"<tr>\n";
|
|
||||||
print"<td class='base' width='5%'>\n";
|
|
||||||
print"<input type='checkbox' name='$rulefile' $rulechecked>\n";
|
|
||||||
print"</td>\n";
|
|
||||||
print"<td class='base' width='90%'><b>$rulefile</b></td>\n";
|
|
||||||
print"<td class='base' width='5%' align='right'>\n";
|
|
||||||
print"<a href=\"javascript:showhide('$categoryname')\"><span id='span_$categoryname'>$Lang::tr{'ids show'}</span></a>\n";
|
|
||||||
print"</td>\n";
|
|
||||||
print"</tr>\n";
|
|
||||||
|
|
||||||
# Rows which will be hidden per default and will contain the single rules.
|
|
||||||
print"<tr style='display:none' id='$categoryname'>\n";
|
|
||||||
print"<td colspan='3'>\n";
|
|
||||||
|
|
||||||
# Local vars
|
# Local vars
|
||||||
my $lines;
|
my $ruledefchecked = '';
|
||||||
my $rows;
|
|
||||||
my $col;
|
|
||||||
|
|
||||||
# New table for the single rules.
|
# Skip rulefile itself.
|
||||||
print "<table width='100%'>\n";
|
next if ($sid eq "Rulefile");
|
||||||
|
|
||||||
# Loop over rule file rules
|
# If 2 rules have been displayed, start a new row
|
||||||
foreach my $sid (sort {$a <=> $b} keys(%{$idsrules{$rulefile}})) {
|
if (($lines % 2) == 0) {
|
||||||
# Local vars
|
print "</tr><tr>\n";
|
||||||
my $ruledefchecked = '';
|
|
||||||
|
|
||||||
# Skip rulefile itself.
|
# Increase rows by once.
|
||||||
next if ($sid eq "Rulefile");
|
$rows++;
|
||||||
|
|
||||||
# If 2 rules have been displayed, start a new row
|
|
||||||
if (($lines % 2) == 0) {
|
|
||||||
print "</tr><tr>\n";
|
|
||||||
|
|
||||||
# Increase rows by once.
|
|
||||||
$rows++;
|
|
||||||
}
|
|
||||||
|
|
||||||
# Colour lines.
|
|
||||||
if ($rows % 2) {
|
|
||||||
$col="bgcolor='$color{'color20'}'";
|
|
||||||
} else {
|
|
||||||
$col="bgcolor='$color{'color22'}'";
|
|
||||||
}
|
|
||||||
|
|
||||||
# Set rule state
|
|
||||||
if ($idsrules{$rulefile}{$sid}{'State'} eq 'on') {
|
|
||||||
$ruledefchecked = 'CHECKED';
|
|
||||||
}
|
|
||||||
|
|
||||||
# Create rule checkbox and display rule description
|
|
||||||
print "<td class='base' width='5%' align='right' $col>\n";
|
|
||||||
print "<input type='checkbox' NAME='$sid' $ruledefchecked>\n";
|
|
||||||
print "</td>\n";
|
|
||||||
print "<td class='base' width='45%' $col>$idsrules{$rulefile}{$sid}{'Description'}</td>";
|
|
||||||
|
|
||||||
# Increment rule count
|
|
||||||
$lines++;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
# If do not have a second rule for row, create empty cell
|
# Colour lines.
|
||||||
if (($lines % 2) != 0) {
|
if ($rows % 2) {
|
||||||
print "<td class='base'></td>";
|
$col="bgcolor='$color{'color20'}'";
|
||||||
|
} else {
|
||||||
|
$col="bgcolor='$color{'color22'}'";
|
||||||
}
|
}
|
||||||
|
|
||||||
# Close display table
|
# Set rule state
|
||||||
print "</tr></table></td></tr>";
|
if ($idsrules{$rulefile}{$sid}{'State'} eq 'on') {
|
||||||
|
$ruledefchecked = 'CHECKED';
|
||||||
|
}
|
||||||
|
|
||||||
|
# Create rule checkbox and display rule description
|
||||||
|
print "<td class='base' width='5%' align='right' $col>\n";
|
||||||
|
print "<input type='checkbox' NAME='$sid' $ruledefchecked>\n";
|
||||||
|
print "</td>\n";
|
||||||
|
print "<td class='base' width='45%' $col>$idsrules{$rulefile}{$sid}{'Description'}</td>";
|
||||||
|
|
||||||
|
# Increment rule count
|
||||||
|
$lines++;
|
||||||
|
}
|
||||||
|
|
||||||
|
# If do not have a second rule for row, create empty cell
|
||||||
|
if (($lines % 2) != 0) {
|
||||||
|
print "<td class='base'></td>";
|
||||||
}
|
}
|
||||||
|
|
||||||
# Close display table
|
# Close display table
|
||||||
print "</table>";
|
print "</tr></table></td></tr>";
|
||||||
|
}
|
||||||
|
|
||||||
print <<END
|
# Close display table
|
||||||
|
print "</table>";
|
||||||
|
|
||||||
|
print <<END
|
||||||
<table width='100%'>
|
<table width='100%'>
|
||||||
<tr>
|
<tr>
|
||||||
<td width='100%' align='right'>
|
<td width='100%' align='right'>
|
||||||
@@ -1642,8 +1642,7 @@ END
|
|||||||
</form>
|
</form>
|
||||||
END
|
END
|
||||||
;
|
;
|
||||||
&Header::closebox();
|
&Header::closebox();
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
#
|
#
|
||||||
@@ -1905,7 +1904,7 @@ sub show_additional_provider_actions() {
|
|||||||
</td>
|
</td>
|
||||||
</tr>
|
</tr>
|
||||||
</table>
|
</table>
|
||||||
</form>
|
</form>
|
||||||
END
|
END
|
||||||
;
|
;
|
||||||
&Header::closebox();
|
&Header::closebox();
|
||||||
|
|||||||
@@ -141,17 +141,15 @@ iptables_init() {
|
|||||||
|
|
||||||
# Log and drop any traffic from and to networks known as being hostile, posing
|
# Log and drop any traffic from and to networks known as being hostile, posing
|
||||||
# a technical threat to our users (i. e. listed at Spamhaus DROP et al.)
|
# a technical threat to our users (i. e. listed at Spamhaus DROP et al.)
|
||||||
|
iptables -N HOSTILE
|
||||||
if [ "$DROPHOSTILE" == "on" ]; then
|
if [ "$DROPHOSTILE" == "on" ]; then
|
||||||
iptables -N DROP_HOSTILE
|
iptables -A HOSTILE -m limit --limit 10/second -j LOG --log-prefix "DROP_HOSTILE "
|
||||||
iptables -A DROP_HOSTILE -m limit --limit 10/second -j LOG --log-prefix "DROP_HOSTILE "
|
iptables -A INPUT -i $IFACE -m geoip --src-cc XD -j HOSTILE
|
||||||
|
iptables -A FORWARD -i $IFACE -m geoip --src-cc XD -j HOSTILE
|
||||||
iptables -A INPUT -i $IFACE -m geoip --src-cc XD -j DROP_HOSTILE
|
iptables -A FORWARD -o $IFACE -m geoip --dst-cc XD -j HOSTILE
|
||||||
iptables -A FORWARD -i $IFACE -m geoip --src-cc XD -j DROP_HOSTILE
|
iptables -A OUTPUT -o $IFACE -m geoip --src-cc XD -j HOSTILE
|
||||||
iptables -A FORWARD -o $IFACE -m geoip --dst-cc XD -j DROP_HOSTILE
|
|
||||||
iptables -A OUTPUT -o $IFACE -m geoip --src-cc XD -j DROP_HOSTILE
|
|
||||||
|
|
||||||
iptables -A DROP_HOSTILE -j DROP -m comment --comment "DROP_HOSTILE"
|
|
||||||
fi
|
fi
|
||||||
|
iptables -A HOSTILE -j DROP -m comment --comment "DROP_HOSTILE"
|
||||||
|
|
||||||
# P2PBLOCK
|
# P2PBLOCK
|
||||||
iptables -N P2PBLOCK
|
iptables -N P2PBLOCK
|
||||||
|
|||||||
@@ -524,13 +524,13 @@ sub dblist {
|
|||||||
foreach $line (sort @db) {
|
foreach $line (sort @db) {
|
||||||
next unless ($line =~ /.*;.*;.*;/ );
|
next unless ($line =~ /.*;.*;.*;/ );
|
||||||
$use_color = "";
|
$use_color = "";
|
||||||
$count++;
|
|
||||||
@templine = split(/\;/,$line);
|
@templine = split(/\;/,$line);
|
||||||
if ("$filter" eq "notinstalled") {
|
if ("$filter" eq "notinstalled") {
|
||||||
next if ( -e "$Conf::dbdir/installed/meta-$templine[0]" );
|
next if ( -e "$Conf::dbdir/installed/meta-$templine[0]" );
|
||||||
} elsif ("$filter" eq "installed") {
|
} elsif ("$filter" eq "installed") {
|
||||||
next unless ( -e "$Conf::dbdir/installed/meta-$templine[0]" );
|
next unless ( -e "$Conf::dbdir/installed/meta-$templine[0]" );
|
||||||
}
|
}
|
||||||
|
$count++;
|
||||||
if ("$forweb" eq "forweb")
|
if ("$forweb" eq "forweb")
|
||||||
{
|
{
|
||||||
if ("$filter" eq "notinstalled") {
|
if ("$filter" eq "notinstalled") {
|
||||||
|
|||||||
Reference in New Issue
Block a user