]> git.ipfire.org Git - ipfire-2.x.git/blame - html/cgi-bin/guardian.cgi
projects / ipfire-2.x.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
guardian.cgi: Show/Hide options using Java Script.
[ipfire-2.x.git] / html / cgi-bin / guardian.cgi
CommitLineData
01dbccb1
SS		 1#!/usr/bin/perl
2###############################################################################
3# #
4# IPFire.org - A linux based firewall #
b5f7d903 5# Copyright (C) 2016 IPFire Team <info@ipfire.org> #
01dbccb1
SS		 6# #
7# This program is free software: you can redistribute it and/or modify #
8# it under the terms of the GNU General Public License as published by #
9# the Free Software Foundation, either version 3 of the License, or #
10# (at your option) any later version. #
11# #
12# This program is distributed in the hope that it will be useful, #
13# but WITHOUT ANY WARRANTY; without even the implied warranty of #
14# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15# GNU General Public License for more details. #
16# #
17# You should have received a copy of the GNU General Public License #
18# along with this program. If not, see <http://www.gnu.org/licenses/>. #
19# #
20###############################################################################
21
22use strict;
b5f7d903 23use Locale::Codes::Country;
af6856af 24use Guardian::Socket;
01dbccb1
SS		 25
26# enable only the following on debugging purpose
eff1feb8
SS		 27#use warnings;
28#use CGI::Carp 'fatalsToBrowser';
01dbccb1
SS		 29
30require '/var/ipfire/general-functions.pl';
31require "${General::swroot}/lang.pl";
32require "${General::swroot}/header.pl";
33
34#workaround to suppress a warning when a variable is used only once
b1597f87
MF		 35my @dummy = (
36 ${Header::colourred},
37 ${Header::colourgreen}
38);
39
01dbccb1
SS		 40undef (@dummy);
41
42my $string=();
43my $memory=();
44my @memory=();
45my @pid=();
46my @guardian=();
01dbccb1
SS		 47
48# Path to the guardian.ignore file.
49my $ignorefile ='/var/ipfire/guardian/guardian.ignore';
50
52958991
SS		 51# Hash which contains the supported modules and the
52# file locations on IPFire systems.
53my %module_file_locations = (
54 "HTTPD" => "/var/log/httpd/error_log",
55 "OWNCLOUD" => "/var/owncloud/data/owncloud.log",
56 "SNORT" => "/var/log/snort.alert",
57 "SSH" => "/var/log/messages",
58);
59
01dbccb1
SS		 60our %netsettings = ();
61&General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
62
63our %color = ();
64our %mainsettings = ();
65&General::readhash("${General::swroot}/main/settings", \%mainsettings);
66&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
67
28981fac
SS		 68# Pakfire meta file for owncloud.
69# (File exists when the addon is installed.)
bfb860ce 70my $owncloud_meta = "/opt/pakfire/db/installed/meta-owncloud";
28981fac 71
7edbe063
SS		 72
73# File declarations.
74my $settingsfile = "${General::swroot}/guardian/settings";
75my $ignoredfile = "${General::swroot}/guardian/ignored";
76
77# Create empty settings and ignoredfile if they do not exist yet.
78unless (-e "$settingsfile") { system("touch $settingsfile"); }
79unless (-e "$ignoredfile") { system("touch $ignoredfile"); }
80
01dbccb1 81our %settings = ();
7edbe063 82our %ignored = ();
01dbccb1 83
28981fac
SS		 84$settings{'ACTION'} = '';
85
01dbccb1 86$settings{'GUARDIAN_ENABLED'} = 'off';
723648ac
SS		 87$settings{'GUARDIAN_MONITOR_SNORT'} = 'on';
88$settings{'GUARDIAN_MONITOR_SSH'} = 'on';
89$settings{'GUARDIAN_MONITOR_HTTPD'} = 'on';
90$settings{'GUARDIAN_MONITOR_OWNCLOUD'} = '';
52958991 91$settings{'GUARDIAN_LOG_FACILITY'} = 'syslog';
a35a0668
SS		 92$settings{'GUARDIAN_LOGLEVEL'} = 'info';
93$settings{'GUARDIAN_BLOCKCOUNT'} = '3';
01dbccb1 94$settings{'GUARDIAN_BLOCKTIME'} = '86400';
2d17c6e6 95$settings{'GUARDIAN_FIREWALL_ACTION'} = 'DROP';
01dbccb1 96$settings{'GUARDIAN_LOGFILE'} = '/var/log/guardian/guardian.log';
52958991 97$settings{'GUARDIAN_SNORT_PRIORITY_LEVEL'} = '3';
01dbccb1 98
28981fac
SS		 99# Default settings for owncloud if installed.
100if ( -e "$owncloud_meta") {
723648ac 101 $settings{'GUARDIAN_MONITOR_OWNCLOUD'} = 'off';
28981fac 102}
01dbccb1
SS		 103
104my $errormessage = '';
105
106&Header::showhttpheaders();
107
108# Get GUI values.
109&Header::getcgihash(\%settings);
01dbccb1 110
f8c3bfe0
SS		 111# Check if guardian is running and grab some stats.
112&daemonstats();
922ddf0e 113my $pid = $pid[0];
f8c3bfe0 114
01dbccb1
SS		 115## Perform input checks and save settings.
116#
117if ($settings{'ACTION'} eq $Lang::tr{'save'}) {
01dbccb1 118 # Check for valid blocktime.
96655fa6 119 unless(($settings{'GUARDIAN_BLOCKTIME'} =~ /^\d+$/) && ($settings{'GUARDIAN_BLOCKTIME'} ne "0")) {
01dbccb1 120 $errormessage = "$Lang::tr{'guardian invalid blocktime'}";
a35a0668
SS		 121 }
122
123 # Check if the bloccount is valid.
96655fa6 124 unless(($settings{'GUARDIAN_BLOCKCOUNT'} =~ /^\d+$/) && ($settings{'GUARDIAN_BLOCKCOUNT'} ne "0")) {
a35a0668 125 $errormessage = "$Lang::tr{'guardian invalid blockcount'}";
01dbccb1
SS		 126 }
127
128 # Check Logfile.
96655fa6 129 unless($settings{'GUARDIAN_LOGFILE'} =~ /^[a-zA-Z0-9\.\/]+$/) {
a35a0668 130 $errormessage = "$Lang::tr{'guardian invalid logfile'}";
01dbccb1
SS		 131 }
132
01dbccb1 133 # Only continue if no error message has been set.
96655fa6 134 if($errormessage eq '') {
01dbccb1
SS		 135 # Write configuration settings to file.
136 &General::writehash("${General::swroot}/guardian/settings", \%settings);
137
138 # Update configuration files.
139 &BuildConfiguration();
140 }
141
7edbe063 142## Add/edit an entry to the ignore file.
01dbccb1 143#
7edbe063 144} elsif (($settings{'ACTION'} eq $Lang::tr{'add'}) || ($settings{'ACTION'} eq $Lang::tr{'update'})) {
01dbccb1
SS		 145
146 # Check if any input has been performed.
7edbe063 147 if ($settings{'IGNORE_ENTRY_ADDRESS'} ne '') {
01dbccb1
SS		 148
149 # Check if the given input is no valid IP-address or IP-address with subnet, display an error message.
7edbe063 150 if ((!&General::validip($settings{'IGNORE_ENTRY_ADDRESS'})) && (!&General::validipandmask($settings{'IGNORE_ENTRY_ADDRESS'}))) {
01dbccb1
SS		 151 $errormessage = "$Lang::tr{'guardian invalid address or subnet'}";
152 }
153 } else {
154 $errormessage = "$Lang::tr{'guardian empty input'}";
155 }
156
157 # Go further if there was no error.
158 if ($errormessage eq '') {
7edbe063
SS		 159 my %ignored = ();
160 my $id;
161 my $status;
162
163 # Assign hash values.
164 my $new_entry_address = $settings{'IGNORE_ENTRY_ADDRESS'};
165 my $new_entry_remark = $settings{'IGNORE_ENTRY_REMARK'};
166
167 # Read-in ignoredfile.
168 &General::readhasharray($ignoredfile, \%ignored);
169
170 # Check if we should edit an existing entry and got an ID.
171 if (($settings{'ACTION'} eq $Lang::tr{'update'}) && ($settings{'ID'})) {
172 # Assin the provided id.
173 $id = $settings{'ID'};
174
175 # Undef the given ID.
176 undef($settings{'ID'});
177
178 # Grab the configured status of the corresponding entry.
179 $status = $ignored{$id}[2];
180 } else {
181 # Each newly added entry automatically should be enabled.
182 $status = "enabled";
01dbccb1 183
7edbe063
SS		 184 # Generate the ID for the new entry.
185 #
186 # Sort the keys by it's ID and store them in an array.
187 my @keys = sort { $a <=> $b } keys %ignored;
01dbccb1 188
7edbe063
SS		 189 # Reverse the key array.
190 my @reversed = reverse(@keys);
191
192 # Obtain the last used id.
193 my $last_id = @reversed[0];
194
195 # Increase the last id by one and use it as id for the new entry.
196 $id = ++$last_id;
197 }
198
199 # Add/Modify the entry to/in the ignored hash.
200 $ignored{$id} = ["$new_entry_address", "$new_entry_remark", "$status"];
201
202 # Write the changed ignored hash to the ignored file.
203 &General::writehasharray($ignoredfile, \%ignored);
204
205 # Regenerate the ignore file.
97849142 206 &GenerateIgnoreFile();
01dbccb1
SS		 207 }
208
f8c3bfe0
SS		 209 # Check if guardian is running.
210 if ($pid > 0) {
af6856af 211 # Send reload command through socket connection.
1cc65323 212 &Guardian::Socket::Client("reload-ignore-list");
f8c3bfe0
SS		 213 }
214
7edbe063 215## Toggle Enabled/Disabled for an existing entry on the ignore list.
01dbccb1 216#
7edbe063
SS		 217
218} elsif ($settings{'ACTION'} eq $Lang::tr{'toggle enable disable'}) {
219 my %ignored = ();
220
221 # Only go further, if an ID has been passed.
222 if ($settings{'ID'}) {
223 # Assign the given ID.
224 my $id = $settings{'ID'};
225
226 # Undef the given ID.
227 undef($settings{'ID'});
228
229 # Read-in ignoredfile.
230 &General::readhasharray($ignoredfile, \%ignored);
231
232 # Grab the configured status of the corresponding entry.
233 my $status = $ignored{$id}[2];
234
235 # Switch the status.
236 if ($status eq "disabled") {
237 $status = "enabled";
238 } else {
239 $status = "disabled";
240 }
241
242 # Modify the status of the existing entry.
243 $ignored{$id} = ["$ignored{$id}[0]", "$ignored{$id}[1]", "$status"];
244
245 # Write the changed ignored hash to the ignored file.
246 &General::writehasharray($ignoredfile, \%ignored);
247
248 # Regenerate the ignore file.
97849142 249 &GenerateIgnoreFile();
7edbe063
SS		 250
251 # Check if guardian is running.
252 if ($pid > 0) {
253 # Send reload command through socket connection.
1cc65323 254 &Guardian::Socket::Client("reload-ignore-list");
01dbccb1
SS		 255 }
256 }
7edbe063
SS		 257
258## Remove entry from ignore list.
259#
260} elsif ($settings{'ACTION'} eq $Lang::tr{'remove'}) {
261 my %ignored = ();
262
263 # Read-in ignoredfile.
264 &General::readhasharray($ignoredfile, \%ignored);
265
266 # Drop entry from the hash.
267 delete($ignored{$settings{'ID'}});
268
269 # Undef the given ID.
270 undef($settings{'ID'});
271
272 # Write the changed ignored hash to the ignored file.
273 &General::writehasharray($ignoredfile, \%ignored);
274
275 # Regenerate the ignore file.
97849142 276 &GenerateIgnoreFile();
01dbccb1 277
f8c3bfe0
SS		 278 # Check if guardian is running.
279 if ($pid > 0) {
af6856af 280 # Send reload command through socket connection.
1cc65323 281 &Guardian::Socket::Client("reload-ignore-list");
f8c3bfe0
SS		 282 }
283
01dbccb1
SS		 284## Block a user given address or subnet.
285#
286} elsif ($settings{'ACTION'} eq $Lang::tr{'block'}) {
287
c973d6da
SS		 288 # Assign some temporary variables used for input validation.
289 my $input = $settings{'ADDRESS_BLOCK'};
290 my $green = $netsettings{'GREEN_ADDRESS'};
291 my $blue = $netsettings{'BLUE_ADDRESS'};
292 my $orange = $netsettings{'ORANGE_ADDRESS'};
293 my $red = $netsettings{'RED_ADDRESS'};
01dbccb1 294
c232e348
SS		 295 # File declarations.
296 my $gatewayfile = "${General::swroot}/red/remote-ipaddress";
297 my $dns1file = "${General::swroot}/red/dns1";
298 my $dns2file = "${General::swroot}/red/dns2";
299
c973d6da 300 # Get gateway address.
c232e348
SS		 301 my $gateway = &_get_address_from_file($gatewayfile);
302
303 # Get addresses from the used dns servers.
304 my $dns1 = &_get_address_from_file($dns1file);
305 my $dns2 = &_get_address_from_file($dns2file);
01dbccb1 306
c973d6da
SS		 307 # Check if any input has been performed.
308 if ($input eq '') {
309 $errormessage = "$Lang::tr{'guardian empty input'}";
310 }
311
312 # Check if the given input is localhost (127.0.0.1).
313 elsif ($input eq "127.0.0.1") {
314 $errormessage = "$Lang::tr{'guardian blocking of this address is not allowed'}";
315 }
316
317 # Check if the given input is anywhere (0.0.0.0).
318 elsif ($input eq "0.0.0.0") {
319 $errormessage = "$Lang::tr{'guardian blocking of this address is not allowed'}";
320 }
321
322 # Check if the given input is one of the interface addresses or our gateway.
62fd0e6f 323 elsif ($input eq "$green" || $input eq "$blue" || $input eq "$orange" || $input eq "$red" || $input eq "$gateway" || $input eq "$dns1" || $input eq "$dns2") {
c973d6da
SS		 324 $errormessage = "$Lang::tr{'guardian blocking of this address is not allowed'}";
325 }
326
327 # Check if the given input is a valid IP address.
328 elsif (!&General::validip($input)) {
329 $errormessage = "$Lang::tr{'guardian invalid address or subnet'}";
330 }
01dbccb1
SS		 331
332 # Go further if there was no error.
333 if ($errormessage eq '') {
334 my $block = $settings{'ADDRESS_BLOCK'};
335
af6856af
SS		 336 # Send command to block the specified address through socket connection.
337 &Guardian::Socket::Client("block $block");
01dbccb1
SS		 338 }
339
340## Unblock address or subnet.
341#
342} elsif ($settings{'ACTION'} eq $Lang::tr{'unblock'}) {
343
344 # Check if no empty input has been performed.
345 if ($settings{'ADDRESS_UNBLOCK'} ne '') {
346
347 # Check if the given input is no valid IP-address or IP-address with subnet, display an error message.
348 if ((!&General::validip($settings{'ADDRESS_UNBLOCK'})) && (!&General::validipandmask($settings{'ADDRESS_UNBLOCK'}))) {
349 $errormessage = "$Lang::tr{'guardian invalid address or subnet'}";
350 }
351
352 } else {
353 $errormessage = "$Lang::tr{'guardian empty input'}";
354 }
355
356 # Go further if there was no error.
357 if ($errormessage eq '') {
358 my $unblock = $settings{'ADDRESS_UNBLOCK'};
359
af6856af
SS		 360 # Send command to unblock the given address through socket connection.
361 &Guardian::Socket::Client("unblock $unblock");
01dbccb1
SS		 362 }
363
364## Unblock all.
365#
366} elsif ($settings{'ACTION'} eq $Lang::tr{'unblock all'}) {
367
af6856af
SS		 368 # Send flush command through socket connection.
369 &Guardian::Socket::Client("flush");
01dbccb1
SS		 370}
371
7edbe063 372# Load settings from files.
36dbcf2e 373&General::readhash("${General::swroot}/guardian/settings", \%settings);
7edbe063 374&General::readhasharray("${General::swroot}/guardian/ignored", \%ignored);
01dbccb1
SS		 375
376# Call functions to generate whole page.
377&showMainBox();
378&showIgnoreBox();
379
380# Display area only if guardian is running.
f8c3bfe0 381if ( ($memory != 0) && ($pid > 0) ) {
01dbccb1
SS		 382 &showBlockedBox();
383}
384
385# Function to display the status of guardian and allow base configuration.
386sub showMainBox() {
387 my %checked = ();
7899718f 388 my %selected = ();
01dbccb1
SS		 389
390 $checked{'GUARDIAN_ENABLED'}{'on'} = '';
391 $checked{'GUARDIAN_ENABLED'}{'off'} = '';
392 $checked{'GUARDIAN_ENABLED'}{$settings{'GUARDIAN_ENABLED'}} = 'checked';
723648ac
SS		 393 $checked{'GUARDIAN_MONITOR_SNORT'}{'off'} = '';
394 $checked{'GUARDIAN_MONITOR_SNORT'}{'on'} = '';
395 $checked{'GUARDIAN_MONITOR_SNORT'}{$settings{'GUARDIAN_MONITOR_SNORT'}} = "checked='checked'";
396 $checked{'GUARDIAN_MONITOR_SSH'}{'off'} = '';
397 $checked{'GUARDIAN_MONITOR_SSH'}{'on'} = '';
398 $checked{'GUARDIAN_MONITOR_SSH'}{$settings{'GUARDIAN_MONITOR_SSH'}} = "checked='checked'";
399 $checked{'GUARDIAN_MONITOR_HTTPD'}{'off'} = '';
400 $checked{'GUARDIAN_MONITOR_HTTPD'}{'on'} = '';
401 $checked{'GUARDIAN_MONITOR_HTTPD'}{$settings{'GUARDIAN_MONITOR_HTTPD'}} = "checked='checked'";
402 $checked{'GUARDIAN_MONITOR_OWNCLOUD'}{'off'} = '';
403 $checked{'GUARDIAN_MONITOR_OWNCLOUD'}{'on'} = '';
404 $checked{'GUARDIAN_MONITOR_OWNCLOUD'}{$settings{'GUARDIAN_MONITOR_OWNCLOUD'}} = "checked='checked'";
01dbccb1 405
52958991 406 $selected{'GUARDIAN_LOG_FACILITY'}{$settings{'GUARDIAN_LOG_FACILITY'}} = 'selected';
4a7fc9f6 407 $selected{'GUARDIAN_LOGLEVEL'}{$settings{'GUARDIAN_LOGLEVEL'}} = 'selected';
52958991 408 $selected{'GUARDIAN_SNORT_PRIORITY_LEVEL'}{$settings{'GUARDIAN_SNORT_PRIORITY_LEVEL'}} = 'selected';
2d17c6e6 409 $selected{'GUARDIAN_FIREWALL_ACTION'}{$settings{'GUARDIAN_FIREWALL_ACTION'}} = 'selected';
7899718f 410
01dbccb1
SS		 411 &Header::openpage($Lang::tr{'guardian configuration'}, 1, '');
412 &Header::openbigbox('100%', 'left', '', $errormessage);
413
414 # Print errormessage if there is one.
415 if ($errormessage) {
416 &Header::openbox('100%', 'left', $Lang::tr{'error messages'});
417 print "<font class='base'>$errormessage&nbsp;</font>\n";
418 &Header::closebox();
419 }
420
2daa1f5b
SS		 421 ### Java Script ###
422 print<<END;
423 <script>
424 var update_logfacility = function() {
425
426 var logfacility = \$("#GUARDIAN_LOG_FACILITY").val();
427
428 if (logfacility === undefined)
429 return;
430
431 if (logfacility === "file") {
432 \$(".GUARDIAN_LOGFILE").show();
433 } else {
434 \$(".GUARDIAN_LOGFILE").hide();
435 }
436 };
437
438 \$(document).ready(function() {
439 \$("#GUARDIAN_LOG_FACILITY").change(update_logfacility);
440 update_logfacility();
441
442 // Show / Hide snort priority level option, based if
443 // snort is enabled / disabled.
444 if (\$('input[name=GUARDIAN_MONITOR_SNORT]:checked').val() == 'on') {
445 \$('.GUARDIAN_SNORT_PRIORITY_LEVEL').show();
446 } else {
447 \$('.GUARDIAN_SNORT_PRIORITY_LEVEL').hide();
448 }
449
450 // Show/Hide snort priority level when GUARDIAN_MONITOR_SNORT get changed.
451 \$('input[name=GUARDIAN_MONITOR_SNORT]').change(function() {
452 \$('.GUARDIAN_SNORT_PRIORITY_LEVEL').toggle();
453 });
454 });
455 </script>
456END
457
458
01dbccb1
SS		 459
460 # Draw current guardian state.
461 &Header::openbox('100%', 'center', $Lang::tr{'guardian'});
462
f8c3bfe0 463 # Get current status of guardian.
01dbccb1 464 &daemonstats();
922ddf0e 465 $pid = $pid[0];
01dbccb1
SS		 466
467 # Display some useful information related to guardian, if daemon is running.
f8c3bfe0 468 if ( ($memory != 0) && ($pid > 0) ){
01dbccb1
SS		 469 print <<END;
470 <table width='95%' cellspacing='0' class='tbl'>
471 <tr>
472 <th bgcolor='$color{'color20'}' colspan='3' align='left'><strong>$Lang::tr{'guardian service'}</strong></th>
473 </tr>
474 <tr>
475 <td class='base'>$Lang::tr{'guardian daemon'}</td>
476 <td align='center' colspan='2' width='75%' bgcolor='${Header::colourgreen}'><font color='white'><strong>$Lang::tr{'running'}</strong></font></td>
477 </tr>
478 <tr>
479 <td class='base'></td>
480 <td bgcolor='$color{'color20'}' align='center'><strong>PID</strong></td>
481 <td bgcolor='$color{'color20'}' align='center'><strong>$Lang::tr{'memory'}</strong></td>
482 </tr>
483 <tr>
484 <td class='base'></td>
922ddf0e 485 <td bgcolor='$color{'color22'}' align='center'>$pid</td>
01dbccb1
SS		 486 <td bgcolor='$color{'color22'}' align='center'>$memory KB</td>
487 </tr>
488 </table>
489END
490 } else {
491 # Otherwise display a hint that the service is not launched.
492 print <<END;
493 <table width='95%' cellspacing='0' class='tbl'>
494 <tr>
495 <th bgcolor='$color{'color20'}' colspan='3' align='left'><strong>$Lang::tr{'guardian service'}</strong></th>
496 </tr>
497 <tr>
498 <td class='base'>$Lang::tr{'guardian daemon'}</td>
499 <td align='center' width='75%' bgcolor='${Header::colourred}'><font color='white'><strong>$Lang::tr{'stopped'}</strong></font></td>
500 </tr>
501 </table>
502END
503 }
504
505 &Header::closebox();
506
507 # Draw elements for guardian configuration.
508 &Header::openbox('100%', 'center', $Lang::tr{'guardian configuration'});
509
510 print <<END;
511 <form method='post' action='$ENV{'SCRIPT_NAME'}'>
512
513 <table width='95%'>
514 <tr>
d2fea55e 515 <td colspan='2' class='base' bgcolor='$color{'color20'}'><b>$Lang::tr{'guardian common settings'}</b></td>
01dbccb1
SS		 516 </tr>
517 <tr>
518 <td width='20%' class='base'>$Lang::tr{'guardian enabled'}:</td>
d2fea55e 519 <td><input type='checkbox' name='GUARDIAN_ENABLED' $checked{'GUARDIAN_ENABLED'}{'on'} /></td>
01dbccb1 520 </tr>
26fcd31e
SS		 521 <tr>
522 <td colspan='2'><br></td>
523 </tr>
524 <tr>
06ff7e28 525 <td width='20%' class='base'>$Lang::tr{'guardian watch snort alertfile'}</td>
723648ac
SS		 526 <td align='left'>on <input type='radio' name='GUARDIAN_MONITOR_SNORT' value='on' $checked{'GUARDIAN_MONITOR_SNORT'}{'on'} /> /
527 <input type='radio' name='GUARDIAN_MONITOR_SNORT' value='off' $checked{'GUARDIAN_MONITOR_SNORT'}{'off'} /> off</td>
26fcd31e
SS		 528 </tr>
529 <tr>
06ff7e28 530 <td width='20%' class='base'>$Lang::tr{'guardian block ssh brute-force'}</td>
723648ac
SS		 531 <td align='left'>on <input type='radio' name='GUARDIAN_MONITOR_SSH' value='on' $checked{'GUARDIAN_MONITOR_SSH'}{'on'} /> /
532 <input type='radio' name='GUARDIAN_MONITOR_SSH' value='off' $checked{'GUARDIAN_MONITOR_SSH'}{'off'} /> off</td>
26fcd31e
SS		 533 </tr>
534 <tr>
06ff7e28 535 <td width='20%' class='base'>$Lang::tr{'guardian block httpd brute-force'}</td>
723648ac
SS		 536 <td align='left'>on <input type='radio' name='GUARDIAN_MONITOR_HTTPD' value='on' $checked{'GUARDIAN_MONITOR_HTTPD'}{'on'} /> /
537 <input type='radio' name='GUARDIAN_MONITOR_HTTPD' value='off' $checked{'GUARDIAN_MONITOR_HTTPD'}{'off'} /> off</td>
26fcd31e 538 </tr>
28981fac
SS		 539END
540 # Display owncloud checkbox when the addon is installed.
541 if ( -e "$owncloud_meta" ) {
542 print"<tr>\n";
543 print"<td width='20%' class='base'>$Lang::tr{'guardian block owncloud brute-force'}</td>\n";
723648ac
SS		 544 print"<td align='left'>on <input type='radio' name='GUARDIAN_MONITOR_OWNCLOUD' value='on' $checked{'GUARDIAN_MONITOR_OWNCLOUD'}{'on'} /> /\n";
545 print"<input type='radio' name='GUARDIAN_MONITOR_OWNCLOUD' value='off' $checked{'GUARDIAN_MONITOR_OWNCLOUD'}{'off'} /> off</td>\n";
28981fac
SS		 546 print"</tr>\n";
547 }
548 print <<END;
52958991
SS		 549 <tr>
550 <td colspan='2'><br></td>
551 </tr>
552 <tr>
553 <td align='left' width='20%'>$Lang::tr{'guardian logfacility'}:</td>
2daa1f5b 554 <td><select id='GUARDIAN_LOG_FACILITY' name='GUARDIAN_LOG_FACILITY'>
52958991
SS		 555 <option value='syslog' $selected{'GUARDIAN_LOG_FACILITY'}{'syslog'}>syslog</option>
556 <option value='file' $selected{'GUARDIAN_LOG_FACILITY'}{'file'}>file</option>
557 <option value='console' $selected{'GUARDIAN_LOG_FACILITY'}{'console'}>console</option>
558 </select></td>
559 </tr>
26fcd31e
SS		 560 <tr>
561 <td colspan='2'><br></td>
562 </tr>
7899718f 563 <tr>
a35a0668 564 <td align='left' width='20%'>$Lang::tr{'guardian loglevel'}:</td>
7899718f
SS		 565 <td><select name='GUARDIAN_LOGLEVEL'>
566 <option value='off' $selected{'GUARDIAN_LOGLEVEL'}{'off'}>off</option>
567 <option value='info' $selected{'GUARDIAN_LOGLEVEL'}{'info'}>info</option>
568 <option value='debug' $selected{'GUARDIAN_LOGLEVEL'}{'debug'}>debug</option>
569 </select></td>
570 </tr>
2daa1f5b 571 <tr class="GUARDIAN_SNORT_PRIORITY_LEVEL">
a35a0668
SS		 572 <td colspan='2'><br></td>
573 </tr>
2daa1f5b 574 <tr class="GUARDIAN_SNORT_PRIORITY_LEVEL">
4a7fc9f6 575 <td align='left' width='20%'>$Lang::tr{'guardian priority level'}:</td>
52958991
SS		 576 <td><select name='GUARDIAN_SNORT_PRIORITY_LEVEL'>
577 <option value='1' $selected{'GUARDIAN_SNORT_PRIORITY_LEVEL'}{'1'}>1</option>
578 <option value='2' $selected{'GUARDIAN_SNORT_PRIORITY_LEVEL'}{'2'}>2</option>
579 <option value='3' $selected{'GUARDIAN_SNORT_PRIORITY_LEVEL'}{'3'}>3</option>
580 <option value='4' $selected{'GUARDIAN_SNORT_PRIORITY_LEVEL'}{'4'}>4</option>
4a7fc9f6
SS		 581 </select></td>
582 </tr>
583 <tr>
584 <td colspan='2'><br></td>
585 </tr>
2d17c6e6
SS		 586 <tr>
587 <td width='20%' class='base'>$Lang::tr{'guardian firewallaction'}:</td>
588 <td><select name='GUARDIAN_FIREWALL_ACTION'>
589 <option value='DROP' $selected{'GUARDIAN_FIREWALL_ACTION'}{'DROP'}>Drop</option>
590 <option value='REJECT' $selected{'GUARDIAN_FIREWALL_ACTION'}{'REJECT'}>Reject</option>
591 </select></td>
592 </tr>
593 <tr>
594 <td colspan='2'><br></td>
595 </tr>
a35a0668
SS		 596 <tr>
597 <td width='20%' class='base'>$Lang::tr{'guardian blockcount'}:</td>
598 <td><input type='text' name='GUARDIAN_BLOCKCOUNT' value='$settings{'GUARDIAN_BLOCKCOUNT'}' size='5' /></td>
599 </tr>
01dbccb1
SS		 600 <tr>
601 <td width='20%' class='base'>$Lang::tr{'guardian blocktime'}:</td>
d2fea55e 602 <td><input type='text' name='GUARDIAN_BLOCKTIME' value='$settings{'GUARDIAN_BLOCKTIME'}' size='10' /></td>
01dbccb1 603 </tr>
2daa1f5b 604 <tr class="GUARDIAN_LOGFILE">
01dbccb1 605 <td width='20%' class='base'>$Lang::tr{'guardian logfile'}:</td>
d2fea55e 606 <td><input type='text' name='GUARDIAN_LOGFILE' value='$settings{'GUARDIAN_LOGFILE'}' size='30' /></td>
01dbccb1 607 </tr>
01dbccb1
SS		 608 </table>
609END
610
611 print <<END;
612 <hr>
613
614 <table width='95%'>
615 <tr>
616 <td>&nbsp;</td>
617 <td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' /></td>
618 <td>&nbsp;</td>
619 </tr>
620 </table>
621 </form>
622END
623
624 &Header::closebox();
625}
626
627# Function to show elements of the guardian ignorefile and allow to add or remove single members of it.
628sub showIgnoreBox() {
629 &Header::openbox('100%', 'center', $Lang::tr{'guardian ignored hosts'});
630
631 print <<END;
7edbe063 632 <table width='80%'>
01dbccb1 633 <tr>
7edbe063
SS		 634 <td class='base' bgcolor='$color{'color20'}'><b>$Lang::tr{'ip address'}</b></td>
635 <td class='base' bgcolor='$color{'color20'}'><b>$Lang::tr{'remark'}</b></td>
636 <td class='base' colspan='3' bgcolor='$color{'color20'}'></td>
01dbccb1
SS		 637 </tr>
638END
7edbe063
SS		 639 # Check if some hosts have been add to be ignored.
640 if (keys (%ignored)) {
01dbccb1
SS		 641 my $col = "";
642
7edbe063
SS		 643 # Loop through all entries of the hash..
644 while( (my $key) = each %ignored) {
645 # Assign data array positions to some nice variable names.
646 my $address = $ignored{$key}[0];
647 my $remark = $ignored{$key}[1];
648 my $status = $ignored{$key}[2];
649
650 # Check if the key (id) number is even or not.
651 if ($settings{'ID'} eq $key) {
652 $col="bgcolor='${Header::colouryellow}'";
653 } elsif ($key % 2) {
01dbccb1
SS		 654 $col="bgcolor='$color{'color22'}'";
655 } else {
656 $col="bgcolor='$color{'color20'}'";
657 }
658
7edbe063
SS		 659 # Choose icon for the checkbox.
660 my $gif;
661 my $gdesc;
662
663 # Check if the status is enabled and select the correct image and description.
664 if ($status eq 'enabled' ) {
665 $gif = 'on.gif';
666 $gdesc = $Lang::tr{'click to disable'};
667 } else {
668 $gif = 'off.gif';
669 $gdesc = $Lang::tr{'click to enable'};
670 }
671
01dbccb1
SS		 672 print <<END;
673 <tr>
7edbe063
SS		 674 <td width='20%' class='base' $col>$address</td>
675 <td width='65%' class='base' $col>$remark</td>
676
677 <td align='center' $col>
678 <form method='post' action='$ENV{'SCRIPT_NAME'}'>
679 <input type='hidden' name='ACTION' value='$Lang::tr{'toggle enable disable'}' />
680 <input type='image' name='$Lang::tr{'toggle enable disable'}' src='/images/$gif' alt='$gdesc' title='$gdesc' />
681 <input type='hidden' name='ID' value='$key' />
682 </form>
683 </td>
684
685 <td align='center' $col>
686 <form method='post' action='$ENV{'SCRIPT_NAME'}'>
687 <input type='hidden' name='ACTION' value='$Lang::tr{'edit'}' />
688 <input type='image' name='$Lang::tr{'edit'}' src='/images/edit.gif' alt='$Lang::tr{'edit'}' title='$Lang::tr{'edit'}' />
689 <input type='hidden' name='ID' value='$key' />
690 </form>
691 </td>
692
693 <td align='center' $col>
694 <form method='post' name='$key' action='$ENV{'SCRIPT_NAME'}'>
01dbccb1 695 <input type='image' name='$Lang::tr{'remove'}' src='/images/delete.gif' title='$Lang::tr{'remove'}' alt='$Lang::tr{'remove'}'>
7edbe063 696 <input type='hidden' name='ID' value='$key'>
01dbccb1
SS		 697 <input type='hidden' name='ACTION' value='$Lang::tr{'remove'}'>
698 </form>
699 </td>
700 </tr>
701END
702 }
01dbccb1 703 } else {
7edbe063 704 # Print notice that currently no hosts are ignored.
01dbccb1
SS		 705 print "<tr>\n";
706 print "<td class='base' colspan='2'>$Lang::tr{'guardian no entries'}</td>\n";
707 print "</tr>\n";
708 }
709
710 print "</table>\n";
711
7edbe063 712 # Section to add new elements or edit existing ones.
01dbccb1 713 print <<END;
1d5702a7 714 <br>
7edbe063
SS		 715 <hr>
716 <br>
717
1d5702a7 718 <div align='center'>
7edbe063
SS		 719 <table width='100%'>
720END
721
722 # Assign correct headline and button text.
723 my $buttontext;
724 my $entry_address;
725 my $entry_remark;
726
727 # Check if an ID (key) has been given, in this case an existing entry should be edited.
728 if ($settings{'ID'} ne '') {
729 $buttontext = $Lang::tr{'update'};
730 print "<tr><td class='boldbase' colspan='3'><b>$Lang::tr{'update'}</b></td></tr>\n";
731
732 # Grab address and remark for the given key.
733 $entry_address = $ignored{$settings{'ID'}}[0];
734 $entry_remark = $ignored{$settings{'ID'}}[1];
735 } else {
736 $buttontext = $Lang::tr{'add'};
737 print "<tr><td class='boldbase' colspan='3'><b>$Lang::tr{'dnsforward add a new entry'}</b></td></tr>\n";
738 }
739
740 print <<END;
01dbccb1 741 <form method='post' action='$ENV{'SCRIPT_NAME'}'>
7edbe063 742 <input type='hidden' name='ID' value='$settings{'ID'}'>
01dbccb1 743 <tr>
7edbe063
SS		 744 <td width='30%'>$Lang::tr{'ip address'}: </td>
745 <td width='50%'><input type='text' name='IGNORE_ENTRY_ADDRESS' value='$entry_address' size='24' /></td>
746
747 <td width='30%'>$Lang::tr{'remark'}: </td>
748 <td wicth='50%'><input type='text' name=IGNORE_ENTRY_REMARK value='$entry_remark' size='24' /></td>
749 <td align='center' width='20%'><input type='submit' name='ACTION' value='$buttontext' /></td>
01dbccb1
SS		 750 </tr>
751 </form>
752 </table>
753 </div>
754END
1d5702a7
SS		 755
756 &Header::closebox();
01dbccb1
SS		 757}
758
759# Function to list currently bocked addresses from guardian and unblock them or add custom entries to block.
760sub showBlockedBox() {
761 &Header::openbox('100%', 'center', $Lang::tr{'guardian blocked hosts'});
762
01dbccb1
SS		 763 print <<END;
764 <table width='60%'>
765 <tr>
766 <td colspan='2' class='base' bgcolor='$color{'color20'}'><b>$Lang::tr{'guardian blocked hosts'}</b></td>
767 </tr>
768END
769
5f462919
SS		 770 # Lauch function to get the currently blocked hosts.
771 my @blocked_hosts = &GetBlockedHosts();
772
01dbccb1 773 my $id = 0;
01dbccb1 774 my $col = "";
01dbccb1 775
5f462919
SS		 776 # Loop through our blocked hosts array.
777 foreach my $blocked_host (@blocked_hosts) {
01dbccb1
SS		 778
779 # Increase id number for each element in the ignore file.
780 $id++;
781
782 # Check if the id number is even or not.
783 if ($id % 2) {
784 $col="bgcolor='$color{'color22'}'";
785 } else {
786 $col="bgcolor='$color{'color20'}'";
787 }
788
789 print <<END;
790 <tr>
8b8413e5 791 <td width='80%' class='base' $col><a href='/cgi-bin/ipinfo.cgi?ip=$blocked_host'>$blocked_host</a></td>
01dbccb1
SS		 792 <td width='20%' align='center' $col>
793 <form method='post' name='frmb$id' action='$ENV{'SCRIPT_NAME'}'>
794 <input type='image' name='$Lang::tr{'unblock'}' src='/images/delete.gif' title='$Lang::tr{'unblock'}' alt='$Lang::tr{'unblock'}'>
795 <input type='hidden' name='ADDRESS_UNBLOCK' value='$blocked_host'>
796 <input type='hidden' name='ACTION' value='$Lang::tr{'unblock'}'>
797 </form>
798 </td>
799 </tr>
800END
801 }
802
01dbccb1
SS		 803 # If the loop only has been runs once the id still is "0", which means there are no
804 # additional entries (blocked hosts) in the iptables chain.
805 if ($id == 0) {
806
807 # Print notice that currently no hosts are blocked.
808 print "<tr>\n";
809 print "<td class='base' colspan='2'>$Lang::tr{'guardian no entries'}</td>\n";
810 print "</tr>\n";
811 }
812
813 print "</table>\n";
814
01dbccb1
SS		 815 # Section for a manual block of an IP-address.
816 print <<END;
1d5702a7
SS		 817 <br>
818 <div align='center'>
819 <table width='60%' border='0'>
01dbccb1
SS		 820 <form method='post' action='$ENV{'SCRIPT_NAME'}'>
821 <tr>
822 <td width='30%'>$Lang::tr{'guardian block a host'}: </td>
823 <td width='40%'><input type='text' name='ADDRESS_BLOCK' value='' size='24' /></td>
824 <td align='center' width='15%'><input type='submit' name='ACTION' value='$Lang::tr{'block'}'></td>
825 <td align='center' width='15%'><input type='submit' name='ACTION' value='$Lang::tr{'unblock all'}'></td>
826 </tr>
827 </form>
828 </table>
829 </div>
830END
1d5702a7
SS		 831
832 &Header::closebox();
01dbccb1
SS		 833}
834
835&Header::closebigbox();
836&Header::closepage();
837
838# Function to check if guardian has been started.
839# Grab process id and consumed memory if the daemon is running.
840sub daemonstats() {
841 $memory = 0;
842 # for pid and memory
843 open(FILE, '/usr/local/bin/addonctrl guardian status | ');
844 @guardian = <FILE>;
845 close(FILE);
846 $string = join("", @guardian);
847 $string =~ s/[a-z_]//gi;
848 $string =~ s/\[[0-1]\;[0-9]+//gi;
849 $string =~ s/[\(\)\.]//gi;
850 $string =~ s/ //gi;
851 $string =~ s/\e//gi;
852 @pid = split(/\s/,$string);
853 if (open(FILE, "/proc/$pid[0]/statm")){
854 my $temp = <FILE>;
855 @memory = split(/ /,$temp);
856 close(FILE);
857 }
858 $memory+=$memory[0];
859}
860
5f462919 861sub GetBlockedHosts() {
5f462919
SS		 862 # Create new, empty array.
863 my @hosts;
864
865 # Lauch helper to get chains from iptables.
891ba055
SS		 866 system('/usr/local/bin/getipstat');
867
868 # Open temporary file which contains the chains and rules.
869 open (FILE, '/srv/web/ipfire/html/iptables.txt');
870
871 # Loop through the entire file.
872 while (<FILE>) {
873 my $line = $_;
874
875 # Search for the guardian chain and extract
876 # the lines between it and the next empty line
877 # which is placed before the next firewall
878 # chain starts.
879 if ($line =~ /^Chain GUARDIAN/ .. /^\s*$/) {
880 # Skip descriptive lines.
881 next if ($line =~ /^Chain/);
882 next if ($line =~ /^ pkts/);
883
884 # Generate array, based on the line content (seperator is a single or multiple space's)
885 my @comps = split(/\s{1,}/, $line);
886 my ($lead, $pkts, $bytes, $target, $prot, $opt, $in, $out, $source, $destination) = @comps;
887
888 # Assign different variable names.
889 my $blocked_host = $source;
890
891 # Add host to our hosts array.
892 if ($blocked_host) {
893 push(@hosts, $blocked_host);
894 }
895 }
896 }
5f462919 897
891ba055
SS		 898 # Close filehandle.
899 close(FILE);
5f462919 900
891ba055
SS		 901 # Remove recently created temporary files of the "getipstat" binary.
902 system(rm -f "/srv/web/ipfire/html/iptables.txt");
903 system(rm -f "/srv/web/ipfire/html/iptablesmangle.txt");
904 system(rm -f "/srv/web/ipfire/html/iptablesnat.txt");
5f462919
SS		 905
906 # Convert entries, sort them, write back and store the sorted entries into new array.
907 my @sorted = map { $_->[0] }
908 sort { $a->[1] <=> $b->[1] }
909 map { [$_, int sprintf("%03.f%03.f%03.f%03.f", split(/\./, $_))] }
910 @hosts;
911
912 # Return our sorted list.
913 return @sorted
914}
915
01dbccb1
SS		 916sub BuildConfiguration() {
917 my %settings = ();
918 &General::readhash("${General::swroot}/guardian/settings", \%settings);
919
920 my $configfile = "${General::swroot}/guardian/guardian.conf";
921
c880c2cb
SS		 922 # Create the configfile if not exist yet.
923 unless (-e "$configfile") { system("touch $configfile"); }
924
7f728591 925 # Open configfile for writing.
01dbccb1
SS		 926 open(FILE, ">$configfile");
927
52958991
SS		 928 # Config file header.
929 print FILE "# Autogenerated configuration file.\n";
930 print FILE "# All user modifications will be overwritten.\n\n";
28981fac 931
52958991
SS		 932 # Settings for the logging mechanism.
933 print FILE "# Log settings.\n";
934 print FILE "LogFacility = $settings{'GUARDIAN_LOG_FACILITY'}\n";
935
936 if ($settings{'GUARDIAN_LOG_FACILITY'} eq "file") {
937 print FILE "LogFile = $settings{'GUARDIAN_LOGFILE'}\n";
28981fac
SS		 938 }
939
52958991
SS		 940 print FILE "LogLevel = $settings{'GUARDIAN_LOGLEVEL'}\n\n";
941
942 # IPFire related static settings.
943 print FILE "# IPFire related settings.\n";
944 print FILE "FirewallEngine = IPtables\n";
945 print FILE "SocketOwner = nobody:nobody\n";
946 print FILE "IgnoreFile = $ignorefile\n\n";
947
948 # Configured block values.
2d17c6e6 949 print FILE "# Configured block settings.\n";
52958991 950 print FILE "BlockCount = $settings{'GUARDIAN_BLOCKCOUNT'}\n";
2d17c6e6
SS		 951 print FILE "BlockTime = $settings{'GUARDIAN_BLOCKTIME'}\n";
952 print FILE "FirewallAction = $settings{'GUARDIAN_FIREWALL_ACTION'}\n\n";
52958991
SS		 953
954 # Enabled modules.
955 # Loop through whole settings hash.
956 print FILE "# Enabled modules.\n";
957 foreach my $option (keys %settings) {
958 # Search for enabled modules.
959 if ($option =~ /GUARDIAN_MONITOR_(.*)/) {
960 # Skip if module is not enabled.
961 next unless($settings{$option} eq "on");
962
963 # Skip module if no file location is available.
964 next unless(exists($module_file_locations{$1}));
965
966 # Add enabled module and defined path to the config file.
967 print FILE "Monitor_$1 = $module_file_locations{$1}\n";
968 }
969 }
970
971 # Module settings.
972 print FILE "\n# Module settings.\n";
973 # Check if SNORT is enabled and add snort priority.
974 if ($settings{'GUARDIAN_MONITOR_SNORT'} eq "on") {
975 print FILE "SnortPriorityLevel = $settings{'GUARDIAN_SNORT_PRIORITY_LEVEL'}\n";
976 }
01dbccb1
SS		 977
978 close(FILE);
979
f8c3bfe0
SS		 980 # Check if guardian should be started or stopped.
981 if($settings{'GUARDIAN_ENABLED'} eq 'on') {
982 if($pid > 0) {
af6856af
SS		 983 # Send reload command through socket connection.
984 &Guardian::Socket::Client("reload");
f8c3bfe0
SS		 985 } else {
986 # Launch guardian.
af6856af 987 system("/usr/local/bin/addonctrl guardian start &>/dev/null");
f8c3bfe0 988 }
01dbccb1 989 } else {
f8c3bfe0 990 # Stop the daemon.
af6856af 991 system("/usr/local/bin/addonctrl guardian stop &>/dev/null");
01dbccb1
SS		 992 }
993}
97849142
SS		 994
995sub GenerateIgnoreFile() {
996 my %ignored = ();
997
998 # Read-in ignoredfile.
999 &General::readhasharray($ignoredfile, \%ignored);
1000
c880c2cb
SS		 1001 # Create the guardian.ignore file if not exist yet.
1002 unless (-e "$ignorefile") { system("touch $ignorefile"); }
1003
97849142
SS		 1004 # Open ignorefile for writing.
1005 open(FILE, ">$ignorefile");
1006
1007 # Config file header.
1008 print FILE "# Autogenerated configuration file.\n";
1009 print FILE "# All user modifications will be overwritten.\n\n";
1010
1011 # Add IFPire interfaces and gateway to the ignore file.
1012 #
1013 # Assign some temporary variables for the IPFire interfaces.
1014 my $green = $netsettings{'GREEN_ADDRESS'};
1015 my $blue = $netsettings{'BLUE_ADDRESS'};
1016 my $orange = $netsettings{'ORANGE_ADDRESS'};
97849142
SS		 1017
1018 # File declarations.
1cc65323 1019 my $public_address_file = "${General::swroot}/red/local-ipaddress";
97849142
SS		 1020 my $gatewayfile = "${General::swroot}/red/remote-ipaddress";
1021 my $dns1file = "${General::swroot}/red/dns1";
1022 my $dns2file = "${General::swroot}/red/dns2";
1023
97849142
SS		 1024 # Write the obtained addresses to the ignore file.
1025 print FILE "# IPFire local interfaces.\n";
1026 print FILE "$green\n";
1027
1028 # Check if a blue interface exists.
1029 if ($blue) {
1030 # Add blue address.
1031 print FILE "$blue\n";
1032 }
1033
1034 # Check if an orange interface exists.
1035 if ($orange) {
1036 # Add orange address.
1037 print FILE "$orange\n";
1038 }
1039
1040 print FILE "\n# IPFire red interface, gateway and used DNS-servers.\n";
1cc65323
SS		 1041 print FILE "# Include the corresponding files to obtain the addresses.\n";
1042 print FILE "Include_File = $public_address_file\n";
1043 print FILE "Include_File = $gatewayfile\n";
1044 print FILE "Include_File = $dns1file\n";
1045 print FILE "Include_File = $dns2file\n";
97849142
SS		 1046
1047 # Add all user defined hosts and networks to the ignore file.
1048 #
1049 # Check if the hash contains any elements.
1050 if (keys (%ignored)) {
1051 # Write headline.
1cc65323 1052 print FILE "\n# User defined hosts/networks.\n";
97849142
SS		 1053
1054 # Loop through the entire hash and write the host/network
1055 # and remark to the ignore file.
1056 while ( (my $key) = each %ignored) {
1057 my $address = $ignored{$key}[0];
1058 my $remark = $ignored{$key}[1];
1059 my $status = $ignored{$key}[2];
1060
1061 # Check if the status of the entry is "enabled".
1062 if ($status eq "enabled") {
1063 # Check if the address/network is valid.
1064 if ((&General::validip($address)) || (&General::validipandmask($address))) {
1065 # Write the remark to the file.
1066 print FILE "# $remark\n";
1067
1068 # Write the address/network to the ignore file.
1069 print FILE "$address\n\n";
1070 }
1071 }
1072 }
1073 }
1074
1075 close(FILE);
1076}
1077
1078# Private subfunction to obtain IP-addresses from given file names.
1079#
1080sub _get_address_from_file ($) {
1081 my $file = shift;
1082
1083 # Check if the file exists.
1084 if (-e $file) {
1085 # Open the given file.
1086 open(FILE, "$file") or die "Could not open $file.";
1087
1088 # Obtain the address from the first line of the file.
1089 my $address = <FILE>;
1090
1091 # Close filehandle
1092 close(FILE);
1093
1094 # Remove newlines.
1095 chomp $address;
1096
1097 # Check if the grabbed address is valid.
1098 if (&General::validip($address)) {
1099 # Return the address.
1100 return $address;
1101 }
1102 }
1103
1104 # Return nothing.
1105 return;
1106}
IPFire 2.x development tree