suricata: Add option to scan WireGuard

author Michael Tremer <michael.tremer@ipfire.org>

Tue, 10 Sep 2024 08:50:15 +0000 (10:50 +0200)

committer Michael Tremer <michael.tremer@ipfire.org>

Tue, 24 Sep 2024 08:42:59 +0000 (08:42 +0000)
author Michael Tremer <michael.tremer@ipfire.org>
Tue, 10 Sep 2024 08:50:15 +0000 (10:50 +0200)
committer Michael Tremer <michael.tremer@ipfire.org>
Tue, 24 Sep 2024 08:42:59 +0000 (08:42 +0000)
diff --git a/doc/language_missings b/doc/language_missings

index 98856b0e8a0eca0fd04f53ef10e74899222cd332..94adb28d8bd65657c5de63d0afeb78498f6f714c 100644 (file)
--- a/doc/language_missings
+++ b/doc/language_missings
@@ -103,6 +103,7 @@
  < upload fcdsl.o
  < user management
  < vpn configuration main
+< wg
  < winbind daemon
  < wireguard
  < wlanap 802.11w disabled
@@ -156,6 +157,7 @@
  < timeformat
  < transport mode does not support vti
  < warning
+< wg
  < wireguard
  < wlanap
  < wlanap psk
@@ -185,6 +187,7 @@
  < timeformat
  < upload fcdsl.o
  < warning
+< wg
  < wireguard
  < wlanap psk
  < wlanap wireless mode
@@ -668,6 +671,7 @@
  < vulnerable
  < warning
  < Weekly
+< wg
  < whois results from
  < winbind daemon
  < wireguard
@@ -1229,6 +1233,7 @@
  < vulnerable
  < warning
  < Weekly
+< wg
  < whois results from
  < winbind daemon
  < wireguard
@@ -2205,6 +2210,7 @@
  < vulnerable
  < warning
  < Weekly
+< wg
  < whois results from
  < winbind daemon
  < wireguard
@@ -3218,6 +3224,7 @@
  < warning
  < week-graph
  < Weekly
+< wg
  < whois results from
  < winbind daemon
  < wireguard
@@ -3608,6 +3615,7 @@
  < vulnerable
  < warning
  < Weekly
+< wg
  < whois results from
  < winbind daemon
  < wireguard
diff --git a/html/cgi-bin/ids.cgi b/html/cgi-bin/ids.cgi

index 502e2a125be2c958444ea27831c5b291682dc27e..00cc502f1d7078bc2ac7a1996d0b102072a7c4cd 100644 (file)
--- a/html/cgi-bin/ids.cgi
+++ b/html/cgi-bin/ids.cgi
@@ -53,6 +53,9 @@ my %ignored=();
  # the list of zones in an array.
  my @network_zones = &Network::get_available_network_zones();
  
+# Always show Wireguard
+push(@network_zones, "wg");
+
  # Check if openvpn is started and add it to the array of network zones.
  if ( -e "/var/run/openvpn.pid") {
         push(@network_zones, "ovpn");
@@ -69,7 +72,8 @@ my %colourhash = (
         'green' => $Header::colourgreen,
         'blue' => $Header::colourblue,
         'orange' => $Header::colourorange,
-       'ovpn' => $Header::colourovpn
+       'ovpn' => $Header::colourovpn,
+       'wg' => $Header::colourwg,
  );
  
  &Header::showhttpheaders();
diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl

index dca9f16457e817dc7845305697308f880b085719..6a455ab6dd9a31b98047334fe3393575bef61df2 100644 (file)
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -3020,6 +3020,7 @@
  'week-graph' => 'Week',
  'weekly firewallhits' => 'weekly firewallhits',
  'weeks' => 'Weeks',
+'wg' => 'WireGuard',
  'whois results from' => 'WHOIS results from',
  'wildcards' => 'Wildcards',
  'winbind daemon' => 'Winbind Daemon',
diff --git a/src/initscripts/networking/functions.network b/src/initscripts/networking/functions.network

index c189c2fbcd1ab74527492997ce81a9386d4cd5e9..02ac6b8fe695d7717457b09dba0961acd43af3ed 100644 (file)
--- a/src/initscripts/networking/functions.network
+++ b/src/initscripts/networking/functions.network
@@ -92,9 +92,15 @@ network_get_intf() {
                         fi
                         ;;
  
+               WIREGUARD|WG)
+                       echo "wg+"
+                       return 0
+                       ;;
+
                 OPENVPN|OVPN)
                         # OpenVPN is using all tun devices
                         echo "tun+"
+                       return 0
                         ;;
         esac
  
diff --git a/src/initscripts/system/suricata b/src/initscripts/system/suricata

index 0447b7e8cebdf6e9a040a6d14564f1fd94eebf93..6990b79cad8515da6d5bbd9c3161481d5d0c8337 100644 (file)
--- a/src/initscripts/system/suricata
+++ b/src/initscripts/system/suricata
@@ -41,7 +41,7 @@ IPS_SCAN_MARK="0x10000000"
  IPS_SCAN_MASK="0x10000000"
  
  # Supported network zones
-NETWORK_ZONES=( "RED" "GREEN" "ORANGE" "BLUE" "OVPN" )
+NETWORK_ZONES=( "RED" "GREEN" "ORANGE" "BLUE" "WG" "OVPN" )
  
  # Optional options for the Netfilter queue.
  NFQ_OPTS=(
author	Michael Tremer <michael.tremer@ipfire.org>
	Tue, 10 Sep 2024 08:50:15 +0000 (10:50 +0200)
committer	Michael Tremer <michael.tremer@ipfire.org>
	Tue, 24 Sep 2024 08:42:59 +0000 (08:42 +0000)
doc/language_missings		patch \| blob \| blame \| history
html/cgi-bin/ids.cgi		patch \| blob \| blame \| history
langs/en/cgi-bin/en.pl		patch \| blob \| blame \| history
src/initscripts/networking/functions.network		patch \| blob \| blame \| history
src/initscripts/system/suricata		patch \| blob \| blame \| history