-#
-## Function to generate the file which contains the home net information.
-#
-sub generate_home_net_file() {
- my %netsettings;
-
- # Read-in network settings.
- &General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
-
- # Get available network zones.
- my @network_zones = &IDS::get_available_network_zones();
-
- # Temporary array to store network address and prefix of the configured
- # networks.
- my @networks;
-
- # Loop through the array of available network zones.
- foreach my $zone (@network_zones) {
- # Skip the red network - It never can be part to the home_net!
- next if($zone eq "red");
-
- # Convert current zone name into upper case.
- $zone = uc($zone);
-
- # Generate key to access the required data from the netsettings hash.
- my $zone_netaddress = $zone . "_NETADDRESS";
- my $zone_netmask = $zone . "_NETMASK";
-
- # Obtain the settings from the netsettings hash.
- my $netaddress = $netsettings{$zone_netaddress};
- my $netmask = $netsettings{$zone_netmask};
-
- # Convert the subnetmask into prefix notation.
- my $prefix = &Network::convert_netmask2prefix($netmask);
-
- # Generate full network string.
- my $network = join("/", $netaddress,$prefix);
-
- # Check if the network is valid.
- if(&Network::check_subnet($network)) {
- # Add the generated network to the array of networks.
- push(@networks, $network);
- }
- }
-
- # Format home net declaration.
- my $line = "\"\[";
-
- # Loop through the array of networks.
- foreach my $network (@networks) {
- # Add the network to the line.
- $line = "$line" . "$network";
-
- # Check if the current network was the last in the array.
- if ($network eq $networks[-1]) {
- # Close the line.
- $line = "$line" . "\]\"";
- } else {
- # Add "," for the next network.
- $line = "$line" . "\,";
- }
- }
-
- # Open file to store the addresses of the home net.
- open(FILE, ">$idshomenetfile") or die "Could not open $idshomenetfile. $!\n";
-
- # Print yaml header.
- print FILE "%YAML 1.1\n";
- print FILE "---\n\n";
-
- # Print notice about autogenerated file.
- print FILE "#Autogenerated file. Any custom changes will be overwritten!\n";
-
- # Print the generated and required HOME_NET declaration to the file.
- print FILE "HOME_NET:\t$line\n";
-
- # Close file handle.
- close(FILE);
-
-}
-
-#
-## Function to generate the rules file with whitelisted addresses.
-#
-sub GenerateIgnoreFile() {
- my %ignored = ();
-
- # SID range 1000000-1999999 Reserved for Local Use
- # Put your custom rules in this range to avoid conflicts
- my $sid = 1500000;
-
- # Read-in ignoredfile.
- &General::readhasharray($ignoredfile, \%ignored);
-
- # Open ignorefile for writing.
- open(FILE, ">$whitelistfile") or die "Could not write to $whitelistfile. $!\n";
-
- # Config file header.
- print FILE "# Autogenerated file.\n";
- print FILE "# All user modifications will be overwritten.\n\n";
-
- # Add all user defined addresses to the whitelist.
- #
- # Check if the hash contains any elements.
- if (keys (%ignored)) {
- # Loop through the entire hash and write the host/network
- # and remark to the ignore file.
- while ( (my $key) = each %ignored) {
- my $address = $ignored{$key}[0];
- my $remark = $ignored{$key}[1];
- my $status = $ignored{$key}[2];
-
- # Check if the status of the entry is "enabled".
- if ($status eq "enabled") {
- # Check if the address/network is valid.
- if ((&General::validip($address)) || (&General::validipandmask($address))) {
- # Write rule line to the file to pass any traffic from this IP
- print FILE "pass ip $address any -> any any (msg:\"pass all traffic from/to $address\"\; sid:$sid\;)\n";
-
- # Increment sid.
- $sid++;
- }
- }
- }
- }
-
- close(FILE);
-}
-