require '/var/ipfire/general-functions.pl'; # replace /var/ipcop with /var/ipcop in case of manual install
require "${General::swroot}/lang.pl";
require "${General::swroot}/header.pl";
+require "${General::swroot}/ids-functions.pl";
+
+my $configfwdfw = "${General::swroot}/firewall/config";
+my $configinput = "${General::swroot}/firewall/input";
+my $configoutgoing = "${General::swroot}/firewall/outgoing";
+my %input=();
+my %forward=();
+my %output=();
#workaround to suppress a warning when a variable is used only once
my @dummy = ( ${Header::colouryellow} );
#
#Validate static Settings1 here
#
-
unless ($errormessage) { # Everything is ok, save settings
#map (delete ($settings{$_}) ,(@nosaved,'ACTION','KEY1'));# Must never be saved
#&General::writehash($setting, \%settings); # Save good settings
# Rebuild configuration file if needed
&BuildConfiguration;
+
+ # Handle suricata related actions.
+ &HandleSuricata();
}
ERROR: # Leave the faulty field untouched
# Rebuild configuration file
&BuildConfiguration;
+
+ # Handle Suricata related actions.
+ &HandleSuricata();
}
if ($settings{'ACTION'} eq $Lang::tr{'add'}) {
$errormessage = $Lang::tr{'duplicate ip'} . ' (RED)';
$spacer=" & ";
}
+ #Check if we have an emtpy name
+ if (!$settings{'NAME'}){
+ $errormessage=$Lang::tr{'fwhost err name1'};
+ }elsif(! &General::validfqdn($settings{'NAME'}) && ! &General::validhostname($settings{'NAME'})){
+ $errormessage=$Lang::tr{'invalid hostname'};
+ }
my $idx=0;
foreach my $line (@current) {
chomp ($line);
}
$idx++;
}
+ #Update firewallrules if aliasname is changed
+ if ($settings{'OLDNAME'} ne $settings {'NAME'}){
+ &General::readhasharray("$configfwdfw", \%forward);
+ &General::readhasharray("$configinput", \%input);
+ &General::readhasharray("$configoutgoing", \%output);
+ #Check FORWARD
+ foreach my $forwardkey (sort keys %forward){
+ if ($forward{$forwardkey}[29] eq $settings{'OLDNAME'}){
+ $forward{$forwardkey}[29] = $settings {'NAME'};
+ }
+ }
+ &General::writehasharray($configfwdfw, \%forward);
+ #Check INPUT
+ foreach my $inputkey (sort keys %input){
+ if ($input{$inputkey}[6] eq $settings{'OLDNAME'}){
+ $input{$inputkey}[6] = $settings {'NAME'};
+ }
+ }
+ &General::writehasharray($configinput, \%input);
+ #Check OUTPUT
+ foreach my $outputkey (sort keys %output){
+ if ($output{$outputkey}[4] eq $settings{'OLDNAME'}){
+ $output{$outputkey}[4] = $settings {'NAME'};
+ }
+ }
+ &General::writehasharray($configoutgoing, \%output);
+ &General::firewall_config_changed;
+ }
+ #If Alias IP has changed, set firewall_config_changed
+ if($settings{'OLDIP'} ne $settings{'IP'} && $settings{'OLDIP'}){
+ &General::firewall_config_changed;
+ }
unless ($errormessage) {
if ($settings{'KEY1'} eq '') { #add or edit ?
unshift (@current, "$settings{'IP'},$settings{'ENABLED'},$settings{'NAME'}\n");
&SortDataFile; # sort newly added/modified entry
&BuildConfiguration; # then re-build conf which use new data
+
+ # Handle Suricata related actions.
+ &HandleSuricata();
##
## if entering data line is repetitive, choose here to not erase fields between each addition
&General::log($Lang::tr{'ip alias removed'});
&BuildConfiguration; # then re-build conf which use new data
+
+ # Handle Suricata related actions.
+ &HandleSuricata();
}
print <<END
<form method='post' action='$ENV{'SCRIPT_NAME'}'>
<input type='hidden' name='KEY1' value='$settings{'KEY1'}' />
+<input type='hidden' name='OLDNAME' value='$settings{'NAME'}' />
+<input type='hidden' name='OLDIP' value='$settings{'IP'}' />
<table style='width:100%;'>
<tr>
-<td class='base' style='color:${Header::colourred};'>$Lang::tr{'name'}: <img src='/blob.gif' alt='*' /></td>
+<td class='base' style='color:${Header::colourred};'>$Lang::tr{'name'}:</td>
<td><input type='text' name='NAME' value='$settings{'NAME'}' size='32' /></td>
<td class='base' style='text-align:right; color:${Header::colourred};'>$Lang::tr{'alias ip'}: </td>
<td><input type='text' name='IP' value='$settings{'IP'}' size='16' /></td>
<hr />
<table style='width:100%;'>
<tr>
- <td><img src='/blob.gif' alt='*' /> $Lang::tr{'this field may be blank'}</td>
<td style='text-align:right;'><input type='hidden' name='ACTION' value='$Lang::tr{'add'}' /><input type='submit' name='SUBMIT' value='$buttontext' /></td>
</tr>
</table>
#
sub BuildConfiguration {
# Restart service associated with this
- system '/usr/local/bin/setaliases';
+ &General::system('/usr/local/bin/setaliases');
}
+#
+## Handle Suricata related actions.
+#
+sub HandleSuricata() {
+ # Check if suricata is running.
+ if(&IDS::ids_is_running()) {
+ # Re-generate file which contains the HOME_NET declaration.
+ &IDS::generate_home_net_file();
+
+ # Call suricatactrl to perform a restart of suricata.
+ &IDS::call_suricatactrl("restart");
+ }
+}