#
} elsif ($settings{'ACTION'} eq $Lang::tr{'block'}) {
- # Check if no empty input has been performed.
- if ($settings{'ADDRESS_BLOCK'} ne '') {
+ # Assign some temporary variables used for input validation.
+ my $input = $settings{'ADDRESS_BLOCK'};
+ my $green = $netsettings{'GREEN_ADDRESS'};
+ my $blue = $netsettings{'BLUE_ADDRESS'};
+ my $orange = $netsettings{'ORANGE_ADDRESS'};
+ my $red = $netsettings{'RED_ADDRESS'};
- # Check if the given input is no valid IP-address or IP-address with subnet, display an error message.
- if ((!&General::validip($settings{'ADDRESS_BLOCK'})) && (!&General::validipandmask($settings{'ADDRESS_BLOCK'}))) {
- $errormessage = "$Lang::tr{'guardian invalid address or subnet'}";
- }
+ # Get gateway address.
+ my $gateway = &General::get_gateway();
- } else {
- $errormessage = "$Lang::tr{'guardian empty input'}";
- }
+ # Check if any input has been performed.
+ if ($input eq '') {
+ $errormessage = "$Lang::tr{'guardian empty input'}";
+ }
+
+ # Check if the given input is localhost (127.0.0.1).
+ elsif ($input eq "127.0.0.1") {
+ $errormessage = "$Lang::tr{'guardian blocking of this address is not allowed'}";
+ }
+
+ # Check if the given input is anywhere (0.0.0.0).
+ elsif ($input eq "0.0.0.0") {
+ $errormessage = "$Lang::tr{'guardian blocking of this address is not allowed'}";
+ }
+
+ # Check if the given input is one of the interface addresses or our gateway.
+ elsif ($input eq "$green" || $input eq "$blue" || $input eq "$orange" || $input eq "$red" || $input eq "$gateway") {
+ $errormessage = "$Lang::tr{'guardian blocking of this address is not allowed'}";
+ }
+
+ # Check if the given input is a valid IP address.
+ elsif (!&General::validip($input)) {
+ $errormessage = "$Lang::tr{'guardian invalid address or subnet'}";
+ }
# Go further if there was no error.
if ($errormessage eq '') {
'guardian block a host' => 'Block host',
'guardian blocked hosts' => 'Currently blocked hosts',
'guardian blocktime' => 'Blocktime',
+'guardian blocking of this address is not allowed' => 'Blocking of the given address is not allowed.',
'guardian configuration' => 'Guardian Configuration',
'guardian daemon' => 'Daemon',
'guardian enabled' => 'Enable guardian',
'guardian priority level' => 'Prioritylevel',
'guardian service' => 'Guardian Service',
'guardian snort alertfile' => 'Alertfile from Snort',
+'guardian watch snort alertfile' => 'Monitor Snort alertfile',
+'guardian block ssh brute-force' => 'SSH Brute-force detection',
+'guardian block httpd brute-force' => 'HTTPD Brute-force detection',
'guest ok' => 'allow guests to access',
'gui settings' => 'GUI Settings',
'gz with key' => 'Only an encrypted archive can be restored on this machine.',