$settings{'GUARDIAN_LOGLEVEL'} = 'info';
$settings{'GUARDIAN_BLOCKCOUNT'} = '3';
$settings{'GUARDIAN_BLOCKTIME'} = '86400';
+$settings{'GUARDIAN_FIREWALL_ACTION'} = 'DROP';
$settings{'GUARDIAN_LOGFILE'} = '/var/log/guardian/guardian.log';
$settings{'GUARDIAN_SNORT_PRIORITY_LEVEL'} = '3';
# Check if guardian is running.
if ($pid > 0) {
# Send reload command through socket connection.
- &Guardian::Socket::Client("reload");
+ &Guardian::Socket::Client("reload-ignore-list");
}
## Toggle Enabled/Disabled for an existing entry on the ignore list.
# Check if guardian is running.
if ($pid > 0) {
# Send reload command through socket connection.
- &Guardian::Socket::Client("reload");
+ &Guardian::Socket::Client("reload-ignore-list");
}
}
# Check if guardian is running.
if ($pid > 0) {
# Send reload command through socket connection.
- &Guardian::Socket::Client("reload");
+ &Guardian::Socket::Client("reload-ignore-list");
}
## Block a user given address or subnet.
$selected{'GUARDIAN_LOG_FACILITY'}{$settings{'GUARDIAN_LOG_FACILITY'}} = 'selected';
$selected{'GUARDIAN_LOGLEVEL'}{$settings{'GUARDIAN_LOGLEVEL'}} = 'selected';
$selected{'GUARDIAN_SNORT_PRIORITY_LEVEL'}{$settings{'GUARDIAN_SNORT_PRIORITY_LEVEL'}} = 'selected';
+ $selected{'GUARDIAN_FIREWALL_ACTION'}{$settings{'GUARDIAN_FIREWALL_ACTION'}} = 'selected';
&Header::openpage($Lang::tr{'guardian configuration'}, 1, '');
&Header::openbigbox('100%', 'left', '', $errormessage);
&Header::closebox();
}
+ ### Java Script ###
+ print<<END;
+ <script>
+ var update_logfacility = function() {
+
+ var logfacility = \$("#GUARDIAN_LOG_FACILITY").val();
+
+ if (logfacility === undefined)
+ return;
+
+ if (logfacility === "file") {
+ \$(".GUARDIAN_LOGFILE").show();
+ } else {
+ \$(".GUARDIAN_LOGFILE").hide();
+ }
+ };
+
+ \$(document).ready(function() {
+ \$("#GUARDIAN_LOG_FACILITY").change(update_logfacility);
+ update_logfacility();
+
+ // Show / Hide snort priority level option, based if
+ // snort is enabled / disabled.
+ if (\$('input[name=GUARDIAN_MONITOR_SNORT]:checked').val() == 'on') {
+ \$('.GUARDIAN_SNORT_PRIORITY_LEVEL').show();
+ } else {
+ \$('.GUARDIAN_SNORT_PRIORITY_LEVEL').hide();
+ }
+
+ // Show/Hide snort priority level when GUARDIAN_MONITOR_SNORT get changed.
+ \$('input[name=GUARDIAN_MONITOR_SNORT]').change(function() {
+ \$('.GUARDIAN_SNORT_PRIORITY_LEVEL').toggle();
+ });
+ });
+ </script>
+END
+
+
# Draw current guardian state.
&Header::openbox('100%', 'center', $Lang::tr{'guardian'});
</tr>
<tr>
<td align='left' width='20%'>$Lang::tr{'guardian logfacility'}:</td>
- <td><select name='GUARDIAN_LOG_FACILITY'>
+ <td><select id='GUARDIAN_LOG_FACILITY' name='GUARDIAN_LOG_FACILITY'>
<option value='syslog' $selected{'GUARDIAN_LOG_FACILITY'}{'syslog'}>syslog</option>
<option value='file' $selected{'GUARDIAN_LOG_FACILITY'}{'file'}>file</option>
<option value='console' $selected{'GUARDIAN_LOG_FACILITY'}{'console'}>console</option>
<option value='debug' $selected{'GUARDIAN_LOGLEVEL'}{'debug'}>debug</option>
</select></td>
</tr>
- <tr>
+ <tr class="GUARDIAN_SNORT_PRIORITY_LEVEL">
<td colspan='2'><br></td>
</tr>
- <tr>
+ <tr class="GUARDIAN_SNORT_PRIORITY_LEVEL">
<td align='left' width='20%'>$Lang::tr{'guardian priority level'}:</td>
<td><select name='GUARDIAN_SNORT_PRIORITY_LEVEL'>
<option value='1' $selected{'GUARDIAN_SNORT_PRIORITY_LEVEL'}{'1'}>1</option>
<tr>
<td colspan='2'><br></td>
</tr>
+ <tr>
+ <td width='20%' class='base'>$Lang::tr{'guardian firewallaction'}:</td>
+ <td><select name='GUARDIAN_FIREWALL_ACTION'>
+ <option value='DROP' $selected{'GUARDIAN_FIREWALL_ACTION'}{'DROP'}>Drop</option>
+ <option value='REJECT' $selected{'GUARDIAN_FIREWALL_ACTION'}{'REJECT'}>Reject</option>
+ </select></td>
+ </tr>
+ <tr>
+ <td colspan='2'><br></td>
+ </tr>
<tr>
<td width='20%' class='base'>$Lang::tr{'guardian blockcount'}:</td>
<td><input type='text' name='GUARDIAN_BLOCKCOUNT' value='$settings{'GUARDIAN_BLOCKCOUNT'}' size='5' /></td>
<td width='20%' class='base'>$Lang::tr{'guardian blocktime'}:</td>
<td><input type='text' name='GUARDIAN_BLOCKTIME' value='$settings{'GUARDIAN_BLOCKTIME'}' size='10' /></td>
</tr>
- <tr>
+ <tr class="GUARDIAN_LOGFILE">
<td width='20%' class='base'>$Lang::tr{'guardian logfile'}:</td>
<td><input type='text' name='GUARDIAN_LOGFILE' value='$settings{'GUARDIAN_LOGFILE'}' size='30' /></td>
</tr>
print FILE "IgnoreFile = $ignorefile\n\n";
# Configured block values.
- print FILE "# Configured block values.\n";
+ print FILE "# Configured block settings.\n";
print FILE "BlockCount = $settings{'GUARDIAN_BLOCKCOUNT'}\n";
- print FILE "BlockTime = $settings{'GUARDIAN_BLOCKTIME'}\n\n";
+ print FILE "BlockTime = $settings{'GUARDIAN_BLOCKTIME'}\n";
+ print FILE "FirewallAction = $settings{'GUARDIAN_FIREWALL_ACTION'}\n\n";
# Enabled modules.
# Loop through whole settings hash.
my $green = $netsettings{'GREEN_ADDRESS'};
my $blue = $netsettings{'BLUE_ADDRESS'};
my $orange = $netsettings{'ORANGE_ADDRESS'};
- my $red = $netsettings{'RED_ADDRESS'};
# File declarations.
+ my $public_address_file = "${General::swroot}/red/local-ipaddress";
my $gatewayfile = "${General::swroot}/red/remote-ipaddress";
my $dns1file = "${General::swroot}/red/dns1";
my $dns2file = "${General::swroot}/red/dns2";
- # Get gateway address.
- my $gateway = &_get_address_from_file($gatewayfile);
-
- # Get addresses from the used dns servers.
- my $dns1 = &_get_address_from_file($dns1file);
- my $dns2 = &_get_address_from_file($dns2file);
-
# Write the obtained addresses to the ignore file.
print FILE "# IPFire local interfaces.\n";
print FILE "$green\n";
}
print FILE "\n# IPFire red interface, gateway and used DNS-servers.\n";
- print FILE "$red\n";
- print FILE "$gateway\n";
- print FILE "$dns1\n";
- print FILE "$dns2\n";
+ print FILE "# Include the corresponding files to obtain the addresses.\n";
+ print FILE "Include_File = $public_address_file\n";
+ print FILE "Include_File = $gatewayfile\n";
+ print FILE "Include_File = $dns1file\n";
+ print FILE "Include_File = $dns2file\n";
# Add all user defined hosts and networks to the ignore file.
#
# Check if the hash contains any elements.
if (keys (%ignored)) {
# Write headline.
- print FILE "# User defined hosts/networks.\n";
+ print FILE "\n# User defined hosts/networks.\n";
# Loop through the entire hash and write the host/network
# and remark to the ignore file.