"VDEF:scanned_bytes_min=scanned_bytes,MINIMUM",
"VDEF:scanned_bytes_max=scanned_bytes,MAXIMUM",
+ # Read whitelisted packets
+ "DEF:whitelisted_bytes=$mainsettings{'RRDLOG'}/collectd/localhost/iptables-mangle-IPS/ipt_bytes-WHITELISTED.rrd:value:AVERAGE",
+ #"DEF:whitelisted_packets=$mainsettings{'RRDLOG'}/collectd/localhost/iptables-mangle-IPS/ipt_packets-WHITELISTED.rrd:value:AVERAGE",
+
+ "VDEF:whitelisted_bytes_avg=whitelisted_bytes,AVERAGE",
+ "VDEF:whitelisted_bytes_min=whitelisted_bytes,MINIMUM",
+ "VDEF:whitelisted_bytes_max=whitelisted_bytes,MAXIMUM",
+
# Total
- "CDEF:total_bytes=bypassed_bytes,scanned_bytes,+",
- #"CDEF:total_packets=bypassed_packets,scanned_packets,+",
+ "CDEF:total_bytes=bypassed_bytes,scanned_bytes,ADDNAN,whitelisted_bytes,ADDNAN",
+ #"CDEF:total_packets=bypassed_packets,scanned_packets,ADDNAN,whitelisted_packets,ADDNAN",
"VDEF:total_bytes_avg=total_bytes,AVERAGE",
"VDEF:total_bytes_min=total_bytes,MINIMUM",
"COMMENT:" . sprintf("%16s", $Lang::tr{'minimum'}),
"COMMENT:" . sprintf("%16s", $Lang::tr{'maximum'}) . "\\j",
+ # Whitelisted Packets
+ "AREA:whitelisted_bytes$color{'color12'}A0:" . sprintf("%-30s", $Lang::tr{'whitelisted'}),
+ "GPRINT:whitelisted_bytes_avg:%9.2lf %sbps",
+ "GPRINT:whitelisted_bytes_min:%9.2lf %sbps",
+ "GPRINT:whitelisted_bytes_max:%9.2lf %sbps\\j",
+
# Bypassed Packets
- "AREA:bypassed_bytes$color{'color12'}A0:" . sprintf("%-30s", $Lang::tr{'bypassed'}),
+ "STACK:bypassed_bytes$color{'color11'}A0:" . sprintf("%-30s", $Lang::tr{'bypassed'}),
"GPRINT:bypassed_bytes_avg:%9.2lf %sbps",
"GPRINT:bypassed_bytes_min:%9.2lf %sbps",
"GPRINT:bypassed_bytes_max:%9.2lf %sbps\\j",
# IPS
Chain mangle IPS BYPASSED
Chain mangle IPS SCANNED
+ Chain mangle IPS WHITELISTED
</Plugin>
#<Plugin logfile>
WARNING: untranslated string: website = Website
WARNING: untranslated string: wednesday = Wednesday
WARNING: untranslated string: weeks = Weeks
+WARNING: untranslated string: whitelisted = Whitelisted
WARNING: untranslated string: whois results from = WHOIS results from
WARNING: untranslated string: winbind daemon = Winbind Daemon
WARNING: untranslated string: wio = unknown string
WARNING: untranslated string: total = Total
WARNING: untranslated string: transport mode does not support vti = VTI is not support in transport mode
WARNING: untranslated string: warning = Warning
+WARNING: untranslated string: whitelisted = Whitelisted
WARNING: untranslated string: wio = unknown string
WARNING: untranslated string: wio checked = unknown string
WARNING: untranslated string: wio cron = unknown string
WARNING: untranslated string: timeformat = %Y-%m-%d at %H:%M:%S %Z
WARNING: untranslated string: total = Total
WARNING: untranslated string: warning = Warning
+WARNING: untranslated string: whitelisted = Whitelisted
WARNING: untranslated string: wio = unknown string
WARNING: untranslated string: wio checked = unknown string
WARNING: untranslated string: wio cron = unknown string
WARNING: untranslated string: vulnerability = Vulnerability
WARNING: untranslated string: vulnerable = Vulnerable
WARNING: untranslated string: warning = Warning
+WARNING: untranslated string: whitelisted = Whitelisted
WARNING: untranslated string: whois results from = WHOIS results from
WARNING: untranslated string: winbind daemon = Winbind Daemon
WARNING: untranslated string: wio = unknown string
WARNING: untranslated string: vulnerability = Vulnerability
WARNING: untranslated string: vulnerable = Vulnerable
WARNING: untranslated string: warning = Warning
+WARNING: untranslated string: whitelisted = Whitelisted
WARNING: untranslated string: whois results from = WHOIS results from
WARNING: untranslated string: winbind daemon = Winbind Daemon
WARNING: untranslated string: wio = unknown string
WARNING: untranslated string: vulnerability = Vulnerability
WARNING: untranslated string: vulnerable = Vulnerable
WARNING: untranslated string: warning = Warning
+WARNING: untranslated string: whitelisted = Whitelisted
WARNING: untranslated string: whois results from = WHOIS results from
WARNING: untranslated string: winbind daemon = Winbind Daemon
WARNING: untranslated string: wio = unknown string
WARNING: untranslated string: vulnerability = Vulnerability
WARNING: untranslated string: vulnerable = Vulnerable
WARNING: untranslated string: warning = Warning
+WARNING: untranslated string: whitelisted = Whitelisted
WARNING: untranslated string: whois results from = WHOIS results from
WARNING: untranslated string: winbind daemon = Winbind Daemon
WARNING: untranslated string: wio = unknown string
WARNING: untranslated string: vulnerability = Vulnerability
WARNING: untranslated string: vulnerable = Vulnerable
WARNING: untranslated string: warning = Warning
+WARNING: untranslated string: whitelisted = Whitelisted
WARNING: untranslated string: whois results from = WHOIS results from
WARNING: untranslated string: winbind daemon = Winbind Daemon
WARNING: untranslated string: wio = unknown string
< transport mode does not support vti
< warning
< wg
+< whitelisted
< wireguard
< wlanap
< wlanap psk
< upload fcdsl.o
< warning
< wg
+< whitelisted
< wireguard
< wlanap psk
< wlanap wireless mode
< warning
< Weekly
< wg
+< whitelisted
< whois results from
< winbind daemon
< wireguard
< warning
< Weekly
< wg
+< whitelisted
< whois results from
< winbind daemon
< wireguard
< warning
< Weekly
< wg
+< whitelisted
< whois results from
< winbind daemon
< wireguard
< week-graph
< Weekly
< wg
+< whitelisted
< whois results from
< winbind daemon
< wireguard
< warning
< Weekly
< wg
+< whitelisted
< whois results from
< winbind daemon
< wireguard
'week-graph' => 'Woche',
'weekly firewallhits' => 'wöchentliche Firewalltreffer',
'weeks' => 'Wochen',
+'whitelisted' => 'Ausgenommen',
'whois results from' => 'WHOIS-Ergebnisse von',
'wildcards' => 'Wildcards',
'wins server' => 'WINS-Server',
'weekly firewallhits' => 'weekly firewallhits',
'weeks' => 'Weeks',
'wg' => 'WireGuard',
+'whitelisted' => 'Whitelisted',
'whois results from' => 'WHOIS results from',
'wildcards' => 'Wildcards',
'winbind daemon' => 'Winbind Daemon',
IPS_SCAN_MARK="0x10000000"
IPS_SCAN_MASK="0x10000000"
+# Set if a packet has been whitelisted
+IPS_WHITELISTED_MARK="0x08000000"
+IPS_WHITELISTED_MASK="0x08000000"
+
# Supported network zones
NETWORK_ZONES=( "RED" "GREEN" "ORANGE" "BLUE" "WG" "OVPN" )
# Skip disabled entries
[ "${enabled}" = "enabled" ] || continue
- iptables -w -t mangle -A IPS -s "${network}" -j RETURN
- iptables -w -t mangle -A IPS -d "${network}" -j RETURN
+ iptables -w -t mangle -A IPS -s "${network}" -j MARK --set-mark "$(( IPS_WHITELISTED_MARK ))/$(( IPS_WHITELISTED_MASK ))"
+ iptables -w -t mangle -A IPS -d "${network}" -j MARK --set-mark "$(( IPS_WHITELISTED_MARK ))/$(( IPS_WHITELISTED_MASK ))"
done < "/var/ipfire/suricata/ignored"
+
+ # Count and skip the whitelisted packets
+ iptables -w -t mangle -A IPS \
+ -m comment --comment "WHITELISTED" \
+ -m mark --mark "$(( IPS_WHITELISTED_MARK ))/$(( IPS_WHITELISTED_MASK ))" -j RETURN
fi
# Send packets to suricata
projects / ipfire-2.x.git / commitdiff
