require '/var/ipfire/general-functions.pl'; # replace /var/ipcop with /var/ipcop in case of manual install
require "${General::swroot}/lang.pl";
require "${General::swroot}/header.pl";
+require "${General::swroot}/ids-functions.pl";
+require "${General::swroot}/network-functions.pl";
+
+my $configfwdfw = "${General::swroot}/firewall/config";
+my $configinput = "${General::swroot}/firewall/input";
+my $configoutgoing = "${General::swroot}/firewall/outgoing";
+my %input=();
+my %forward=();
+my %output=();
#workaround to suppress a warning when a variable is used only once
my @dummy = ( ${Header::colouryellow} );
my $setting = "${General::swroot}/ethernet/settings";
our $datafile = "${General::swroot}/ethernet/aliases";
+# Fetch the name of the main RED interface
+my $RED_INTERFACE = &General::get_red_interface();
+
+# Fetch all RED interfaces
+my @RED_INTERFACES = &Network::get_red_interfaces();
our %settings=();
#Settings1
$settings{'IP'} = '';
$settings{'ENABLED'} = 'off'; # Every check box must be set to off
$settings{'NAME'} = '';
-my @nosaved=('IP','ENABLED','NAME'); # List here ALL setting2 fields. Mandatory
-
+$settings{'INTERFACE'} = '';
+my @nosaved=('IP','ENABLED','NAME','INTERFACE'); # List here ALL setting2 fields. Mandatory
+
$settings{'ACTION'} = ''; # add/edit/remove
$settings{'KEY1'} = ''; # point record for ACTION
# Remove if no Setting1 needed
#
if ($settings{'ACTION'} eq $Lang::tr{'save'}) {
-
+
#
#Validate static Settings1 here
#
-
unless ($errormessage) { # Everything is ok, save settings
- #map (delete ($settings{$_}) ,(@nosaved,'ACTION','KEY1'));# Must never be saved
+ #map (delete ($settings{$_}) ,(@nosaved,'ACTION','KEY1'));# Must never be saved
#&General::writehash($setting, \%settings); # Save good settings
#$settings{'ACTION'} = $Lang::tr{'save'}; # Recreate 'ACTION'
#map ($settings{$_}= '',(@nosaved,'KEY1')); # and reinit var to empty
-
+
# Rebuild configuration file if needed
&BuildConfiguration;
+
+ # Handle suricata related actions.
+ &HandleSuricata();
}
ERROR: # Leave the faulty field untouched
$temp[2] = '' if ( $temp[2] eq '' );
@current[$settings{'KEY1'}] = join (',',@temp)."\n";
$settings{'KEY1'} = ''; # End edit mode
-
+
&General::log($Lang::tr{'ip alias changed'});
-
+
#Save current
open(FILE, ">$datafile") or die 'Unable to open aliases file.';
print FILE @current;
close(FILE);
-
+
# Rebuild configuration file
&BuildConfiguration;
+
+ # Handle Suricata related actions.
+ &HandleSuricata();
}
if ($settings{'ACTION'} eq $Lang::tr{'add'}) {
$errormessage = $Lang::tr{'duplicate ip'} . ' (RED)';
$spacer=" & ";
}
+ #Check if we have an emtpy name
+ if (!$settings{'NAME'}){
+ $errormessage=$Lang::tr{'fwhost err name1'};
+ }elsif(! &General::validfqdn($settings{'NAME'}) && ! &General::validhostname($settings{'NAME'})){
+ $errormessage=$Lang::tr{'invalid hostname'};
+ }
my $idx=0;
foreach my $line (@current) {
chomp ($line);
}
$idx++;
}
+ #Update firewallrules if aliasname is changed
+ if ($settings{'OLDNAME'} ne $settings {'NAME'}){
+ &General::readhasharray("$configfwdfw", \%forward);
+ &General::readhasharray("$configinput", \%input);
+ &General::readhasharray("$configoutgoing", \%output);
+ #Check FORWARD
+ foreach my $forwardkey (sort keys %forward){
+ if ($forward{$forwardkey}[29] eq $settings{'OLDNAME'}){
+ $forward{$forwardkey}[29] = $settings {'NAME'};
+ }
+ }
+ &General::writehasharray($configfwdfw, \%forward);
+ #Check INPUT
+ foreach my $inputkey (sort keys %input){
+ if ($input{$inputkey}[6] eq $settings{'OLDNAME'}){
+ $input{$inputkey}[6] = $settings {'NAME'};
+ }
+ }
+ &General::writehasharray($configinput, \%input);
+ #Check OUTPUT
+ foreach my $outputkey (sort keys %output){
+ if ($output{$outputkey}[4] eq $settings{'OLDNAME'}){
+ $output{$outputkey}[4] = $settings {'NAME'};
+ }
+ }
+ &General::writehasharray($configoutgoing, \%output);
+ &General::firewall_config_changed;
+ }
+ #If Alias IP has changed, set firewall_config_changed
+ if($settings{'OLDIP'} ne $settings{'IP'} && $settings{'OLDIP'}){
+ &General::firewall_config_changed;
+ }
unless ($errormessage) {
if ($settings{'KEY1'} eq '') { #add or edit ?
- unshift (@current, "$settings{'IP'},$settings{'ENABLED'},$settings{'NAME'}\n");
+ unshift (@current, "$settings{'IP'},$settings{'ENABLED'},$settings{'NAME'},$settings{'INTERFACE'}\n");
&General::log($Lang::tr{'ip alias added'});
} else {
- @current[$settings{'KEY1'}] = "$settings{'IP'},$settings{'ENABLED'},$settings{'NAME'}\n";
+ @current[$settings{'KEY1'}] = "$settings{'IP'},$settings{'ENABLED'},$settings{'NAME'},$settings{'INTERFACE'}\n";
$settings{'KEY1'} = ''; # End edit mode
&General::log($Lang::tr{'ip alias changed'});
}
&SortDataFile; # sort newly added/modified entry
&BuildConfiguration; # then re-build conf which use new data
-
+
+ # Handle Suricata related actions.
+ &HandleSuricata();
+
##
## if entering data line is repetitive, choose here to not erase fields between each addition
##
$settings{'IP'}=$temp[0]; # Prepare the screen for editing
$settings{'ENABLED'}=$temp[1];
$settings{'NAME'}=$temp[2];
+ $settings{'INTERFACE'}=$temp[3];
}
if ($settings{'ACTION'} eq $Lang::tr{'remove'}) {
- splice (@current,$settings{'KEY1'},1); # Delete line
+ splice (@current,$settings{'KEY1'},1); # Delete line
open(FILE, ">$datafile") or die 'Unable to open aliases file.';
print FILE @current;
close(FILE);
&General::log($Lang::tr{'ip alias removed'});
&BuildConfiguration; # then re-build conf which use new data
+
+ # Handle Suricata related actions.
+ &HandleSuricata();
}
if ($settings{'ACTION'} eq '' ) { # First launch from GUI
$settings{'ENABLED'} ='on';
}
-
+
&Header::openpage($Lang::tr{'external aliases configuration'}, 1, '');
&Header::openbigbox('100%', 'left', '', $errormessage);
my %checked =(); # Checkbox manipulations
+my %selected = ();
if ($errormessage) {
&Header::openbox('100%', 'left', $Lang::tr{'error messages'});
- print "<font class='base'>$errormessage </font>";
+ print "$errormessage ";
&Header::closebox();
}
unless (( $netsettings{'CONFIG_TYPE'} =~ /^(1|2|3|4)$/ ) && ($netsettings{'RED_TYPE'} eq 'STATIC'))
{
&Header::openbox('100%', 'left', $Lang::tr{'capswarning'});
print <<END
- <table width='100%'>
+ <table style='width:100%;'>
<tr>
- <td width='100%' class='boldbase' align='center'><font color='${Header::colourred}'><b>$Lang::tr{'aliases not active'}</b></font></td>
+ <td class='boldbase' style='color:${Header::colourred};'><b>$Lang::tr{'aliases not active'}</b></td>
</tr>
</table>
END
;
&Header::closebox();
}
-
+
#
# Second check box is for editing the list
#
$checked{'ENABLED'}{'on'} = ($settings{'ENABLED'} eq 'on') ? "checked='checked'" : '' ;
+$selected{'INTERFACE'} = ();
+foreach my $intf (@RED_INTERFACES) {
+ $selected{'INTERFACE'}{$intf} = ($settings{'INTERFACE'} eq $intf) ? "selected" : "";
+}
+
my $buttontext = $Lang::tr{'add'};
if ($settings{'KEY1'} ne '') {
$buttontext = $Lang::tr{'update'};
}
#Edited line number (KEY1) passed until cleared by 'save' or 'remove' or 'new sort order'
-print <<END
+print <<END;
<form method='post' action='$ENV{'SCRIPT_NAME'}'>
<input type='hidden' name='KEY1' value='$settings{'KEY1'}' />
-<table width='100%'>
+<input type='hidden' name='OLDNAME' value='$settings{'NAME'}' />
+<input type='hidden' name='OLDIP' value='$settings{'IP'}' />
+<table style='width:100%;'>
<tr>
-<td class='base'><font color='${Header::colourred}'>$Lang::tr{'name'}: <img src='/blob.gif' alt='*' /></font></td>
+<td class='base' style='color:${Header::colourred};'>$Lang::tr{'name'}:</td>
<td><input type='text' name='NAME' value='$settings{'NAME'}' size='32' /></td>
-<td class='base' align='right'><font color='${Header::colourred}'>$Lang::tr{'alias ip'}: </font></td>
+<td class='base' style='text-align:right; color:${Header::colourred};'>$Lang::tr{'alias ip'}: </td>
<td><input type='text' name='IP' value='$settings{'IP'}' size='16' /></td>
-<td class='base' align='right'>$Lang::tr{'enabled'} </td>
+END
+
+if (scalar @RED_INTERFACES >= 2) {
+ print <<END;
+ <td class='base' style='color:${Header::colourred};'>$Lang::tr{'interface'}:</td>
+ <td>
+ <select name="INTERFACE">
+ <option value="">$Lang::tr{'aliases default interface'}</option>
+END
+
+ # Print an option for each RED interface
+ foreach my $intf (@RED_INTERFACES) {
+ # Skip the default one
+ next if ($RED_INTERFACE eq $intf);
+
+ print <<END;
+ <option value="$intf" $selected{'INTERFACE'}{$intf}>$intf</option>
+END
+ }
+
+ print <<END;
+ </select>
+ </td>
+END
+}
+
+print <<END;
+<td class='base' style='text-align:right;'>$Lang::tr{'enabled'} </td>
<td><input type='checkbox' name='ENABLED' $checked{'ENABLED'}{'on'} /></td>
</tr>
</table>
+<br>
<hr />
-<table width='100%'>
+<table style='width:100%;'>
<tr>
- <td class='base' width='55%'><img src='/blob.gif' align='top' alt='*' /> $Lang::tr{'this field may be blank'}</td>
- <td width='40%' align='center'><input type='hidden' name='ACTION' value='$Lang::tr{'add'}' /><input type='submit' name='SUBMIT' value='$buttontext' /></td>
- <td width='5%' align='right'>
- </td>
+ <td style='text-align:right;'><input type='hidden' name='ACTION' value='$Lang::tr{'add'}' /><input type='submit' name='SUBMIT' value='$buttontext' /></td>
</tr>
</table>
</form>
END
-;
+
&Header::closebox();
# Add visual indicators to column headings to show sort order - EO
#
&Header::openbox('100%', 'left', $Lang::tr{'current aliases'});
print <<END
-<table width='100%' class='tbl'>
+<table class='tbl' style='width:100%;'>
<tr>
- <th width='50%' align='center'><a href='$ENV{'SCRIPT_NAME'}?NAME'><b>$Lang::tr{'name'}</b></a> $sortarrow1</th>
- <th width='45%' align='center'><a href='$ENV{'SCRIPT_NAME'}?IP'><b>$Lang::tr{'alias ip'}</b></a> $sortarrow2</th>
- <th width='5%' colspan='3' class='boldbase' align='center'><b>$Lang::tr{'action'}</b></th>
+ <th style='width:55%; text-align:center;'><a href='$ENV{'SCRIPT_NAME'}?NAME'><b>$Lang::tr{'name'}</b></a> $sortarrow1</th>
+ <th style='width:45%; text-align:center;'><a href='$ENV{'SCRIPT_NAME'}?IP'><b>$Lang::tr{'alias ip'}</b></a> $sortarrow2</th>
+ <th colspan='3' class='boldbase' style='width:5%; text-align:center;'><b>$Lang::tr{'action'}</b></th>
</tr>
END
;
$gdesc = $Lang::tr{'click to disable'};
} else {
$gif = 'off.gif';
- $gdesc = $Lang::tr{'click to enable'};
+ $gdesc = $Lang::tr{'click to enable'};
}
#Colorize each line
if ($settings{'KEY1'} eq $key) {
- print "<tr>";
- $col="bgcolor='${Header::colouryellow}'";
+ $col="background-color:${Header::colouryellow};";
} elsif ($key % 2) {
- print "<tr>";
- $col="bgcolor='${Header::table2colour}'";
+ $col="background-color:${Header::table2colour};";
} else {
- print "<tr>";
- $col="bgcolor='${Header::table1colour}'";
+ $col="background-color:${Header::table1colour};";
}
+ print "<tr style='$col'>";
+
+ my $address = $temp[0];
+
+ if ($temp[3] ne "") {
+ $address .= " @ $temp[3]";
+ }
print <<END
-<td align='center' $col>$temp[2]</td>
-<td align='center' $col>$temp[0]</td>
+<td style='text-align:center; $col'>$temp[2]</td>
+<td style='text-align:center; $col'>$address</td>
-<td align='center' $col>
+<td style='text-align:center; $col'>
<form method='post' action='$ENV{'SCRIPT_NAME'}'>
<input type='hidden' name='ACTION' value='$Lang::tr{'toggle enable disable'}' />
<input type='image' name='$Lang::tr{'toggle enable disable'}' src='/images/$gif' alt='$gdesc' title='$gdesc' />
</form>
</td>
-<td align='center' $col>
+<td style='text-align:center; $col'>
<form method='post' action='$ENV{'SCRIPT_NAME'}'>
<input type='hidden' name='ACTION' value='$Lang::tr{'edit'}' />
<input type='image' name='$Lang::tr{'edit'}' src='/images/edit.gif' alt='$Lang::tr{'edit'}' title='$Lang::tr{'edit'}' />
</form>
</td>
-<td align='center' $col>
+<td style='text-align:center; $col'>
<form method='post' action='$ENV{'SCRIPT_NAME'}'>
<input type='hidden' name='ACTION' value='$Lang::tr{'remove'}' />
<input type='image' name='$Lang::tr{'remove'}' src='/images/delete.gif' alt='$Lang::tr{'remove'}' title='$Lang::tr{'remove'}' />
sub SortDataFile
{
our %entries = ();
-
+
# Sort pair of record received in $a $b special vars.
# When IP is specified use numeric sort else alpha.
# If sortname ends with 'Rev', do reverse sort.
foreach my $line (@current) {
chomp( $line); #remove newline because can be on field 5 or 6 (addition of REMARK)
my @temp = split (',',$line);
-
+
# Build a pair 'Field Name',value for each of the data dataline.
# Each SORTABLE field must have is pair.
# Other data fields (non sortable) can be grouped in one
-
+
# Exemple
# F1,F2,F3,F4,F5 only F1 F2 for sorting
# my @record = ('KEY',$key++,
# 'F1',$temp[0],
# 'F2',$temp[1],
# 'DATA',join(',',@temp[2..4]) ); #group remainning values, with separator (,)
-
+
# The KEY,key record permits doublons. If removed, then F1 becomes the key without doublon permitted.
-
-
- my @record = ('KEY',$key++,'IP',$temp[0],'ENABLED',$temp[1],'NAME',$temp[2]);
+
+
+ my @record = ('KEY',$key++,'IP',$temp[0],'ENABLED',$temp[1],'NAME',$temp[2],'INTERFACE',$temp[3]);
my $record = {}; # create a reference to empty hash
%{$record} = @record; # populate that hash with @record
$entries{$record->{KEY}} = $record; # add this to a hash of hashes
}
-
+
open(FILE, ">$datafile") or die 'Unable to open aliases file.';
# Each field value is printed , with the newline ! Don't forget separator and order of them.
foreach my $entry (sort fixedleasesort keys %entries) {
- print FILE "$entries{$entry}->{IP},$entries{$entry}->{ENABLED},$entries{$entry}->{NAME}\n";
+ print FILE "$entries{$entry}->{IP},$entries{$entry}->{ENABLED},$entries{$entry}->{NAME},$entries{$entry}->{INTERFACE}\n";
}
close(FILE);
close (FILE);
}
-#
+#
# Build the configuration file for application aliases
#
sub BuildConfiguration {
# Restart service associated with this
- system '/usr/local/bin/setaliases';
+ &General::system('/usr/local/bin/setaliases');
+}
+
+#
+## Handle Suricata related actions.
+#
+sub HandleSuricata() {
+ # Check if suricata is running.
+ if(&IDS::ids_is_running()) {
+ # Re-generate file which contains the HOME_NET declaration.
+ &IDS::generate_home_net_file();
+
+ # Call suricatactrl to perform a restart of suricata.
+ &IDS::call_suricatactrl("restart");
+ }
}