From 2d17c6e6b8d6b0f8bb9711ead293e3f6abc73ede Mon Sep 17 00:00:00 2001
From: Stefan Schantl <stefan.schantl@ipfire.org>
Date: Thu, 23 Jun 2016 15:54:19 +0200
Subject: [PATCH] guardian.cgi: Add support for selecting the used firewall
 action.

This will allow to choose between DROP and REJECT if guardian blocks an
attackers address.

Fixes #10xxx.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
---
 html/cgi-bin/guardian.cgi | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/html/cgi-bin/guardian.cgi b/html/cgi-bin/guardian.cgi
index 5152cbe672..7a71ebb51c 100644
--- a/html/cgi-bin/guardian.cgi
+++ b/html/cgi-bin/guardian.cgi
@@ -92,6 +92,7 @@ $settings{'GUARDIAN_LOG_FACILITY'} = 'syslog';
 $settings{'GUARDIAN_LOGLEVEL'} = 'info';
 $settings{'GUARDIAN_BLOCKCOUNT'} = '3';
 $settings{'GUARDIAN_BLOCKTIME'} = '86400';
+$settings{'GUARDIAN_FIREWALL_ACTION'} = 'DROP';
 $settings{'GUARDIAN_LOGFILE'} = '/var/log/guardian/guardian.log';
 $settings{'GUARDIAN_SNORT_PRIORITY_LEVEL'} = '3';
 
@@ -405,6 +406,7 @@ sub showMainBox() {
 	$selected{'GUARDIAN_LOG_FACILITY'}{$settings{'GUARDIAN_LOG_FACILITY'}} = 'selected';
 	$selected{'GUARDIAN_LOGLEVEL'}{$settings{'GUARDIAN_LOGLEVEL'}} = 'selected';
 	$selected{'GUARDIAN_SNORT_PRIORITY_LEVEL'}{$settings{'GUARDIAN_SNORT_PRIORITY_LEVEL'}} = 'selected';
+	$selected{'GUARDIAN_FIREWALL_ACTION'}{$settings{'GUARDIAN_FIREWALL_ACTION'}} = 'selected';
 
 	&Header::openpage($Lang::tr{'guardian configuration'}, 1, '');
 	&Header::openbigbox('100%', 'left', '', $errormessage);
@@ -543,6 +545,16 @@ END
 			<tr>
 				<td colspan='2'><br></td>
 			</tr>
+			<tr>
+				<td width='20%' class='base'>$Lang::tr{'guardian firewallaction'}:</td>
+				<td><select name='GUARDIAN_FIREWALL_ACTION'>
+					<option value='DROP' $selected{'GUARDIAN_FIREWALL_ACTION'}{'DROP'}>Drop</option>
+					<option value='REJECT' $selected{'GUARDIAN_FIREWALL_ACTION'}{'REJECT'}>Reject</option>
+				</select></td>
+			</tr>
+			<tr>
+				<td colspan='2'><br></td>
+			</tr>
 			<tr>
 				<td width='20%' class='base'>$Lang::tr{'guardian blockcount'}:</td>
 				<td><input type='text' name='GUARDIAN_BLOCKCOUNT' value='$settings{'GUARDIAN_BLOCKCOUNT'}' size='5' /></td>
@@ -896,9 +908,10 @@ sub BuildConfiguration() {
 	print FILE "IgnoreFile = $ignorefile\n\n";
 
 	# Configured block values.
-	print FILE "# Configured block values.\n";
+	print FILE "# Configured block settings.\n";
 	print FILE "BlockCount = $settings{'GUARDIAN_BLOCKCOUNT'}\n";
-	print FILE "BlockTime = $settings{'GUARDIAN_BLOCKTIME'}\n\n";
+	print FILE "BlockTime = $settings{'GUARDIAN_BLOCKTIME'}\n";
+	print FILE "FirewallAction = $settings{'GUARDIAN_FIREWALL_ACTION'}\n\n";
 
 	# Enabled modules.
 	# Loop through whole settings hash.
-- 
2.39.5