From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH 13/20] suricata: Add option to scan WireGuard
Date: Tue, 10 Sep 2024 14:37:26 +0000 [thread overview]
Message-ID: <20240910143748.3469271-14-michael.tremer@ipfire.org> (raw)
In-Reply-To: <20240910143748.3469271-1-michael.tremer@ipfire.org>
[-- Attachment #1: Type: text/plain, Size: 3746 bytes --]
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
---
doc/language_missings | 8 ++++++++
html/cgi-bin/ids.cgi | 6 +++++-
langs/en/cgi-bin/en.pl | 1 +
src/initscripts/networking/functions.network | 6 ++++++
src/initscripts/system/suricata | 2 +-
5 files changed, 21 insertions(+), 2 deletions(-)
diff --git a/doc/language_missings b/doc/language_missings
index 98856b0e8..94adb28d8 100644
--- a/doc/language_missings
+++ b/doc/language_missings
@@ -103,6 +103,7 @@
< upload fcdsl.o
< user management
< vpn configuration main
+< wg
< winbind daemon
< wireguard
< wlanap 802.11w disabled
@@ -156,6 +157,7 @@
< timeformat
< transport mode does not support vti
< warning
+< wg
< wireguard
< wlanap
< wlanap psk
@@ -185,6 +187,7 @@
< timeformat
< upload fcdsl.o
< warning
+< wg
< wireguard
< wlanap psk
< wlanap wireless mode
@@ -668,6 +671,7 @@
< vulnerable
< warning
< Weekly
+< wg
< whois results from
< winbind daemon
< wireguard
@@ -1229,6 +1233,7 @@
< vulnerable
< warning
< Weekly
+< wg
< whois results from
< winbind daemon
< wireguard
@@ -2205,6 +2210,7 @@
< vulnerable
< warning
< Weekly
+< wg
< whois results from
< winbind daemon
< wireguard
@@ -3218,6 +3224,7 @@
< warning
< week-graph
< Weekly
+< wg
< whois results from
< winbind daemon
< wireguard
@@ -3608,6 +3615,7 @@
< vulnerable
< warning
< Weekly
+< wg
< whois results from
< winbind daemon
< wireguard
diff --git a/html/cgi-bin/ids.cgi b/html/cgi-bin/ids.cgi
index 502e2a125..00cc502f1 100644
--- a/html/cgi-bin/ids.cgi
+++ b/html/cgi-bin/ids.cgi
@@ -53,6 +53,9 @@ my %ignored=();
# the list of zones in an array.
my @network_zones = &Network::get_available_network_zones();
+# Always show Wireguard
+push(@network_zones, "wg");
+
# Check if openvpn is started and add it to the array of network zones.
if ( -e "/var/run/openvpn.pid") {
push(@network_zones, "ovpn");
@@ -69,7 +72,8 @@ my %colourhash = (
'green' => $Header::colourgreen,
'blue' => $Header::colourblue,
'orange' => $Header::colourorange,
- 'ovpn' => $Header::colourovpn
+ 'ovpn' => $Header::colourovpn,
+ 'wg' => $Header::colourwg,
);
&Header::showhttpheaders();
diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index dca9f1645..6a455ab6d 100644
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -3020,6 +3020,7 @@
'week-graph' => 'Week',
'weekly firewallhits' => 'weekly firewallhits',
'weeks' => 'Weeks',
+'wg' => 'WireGuard',
'whois results from' => 'WHOIS results from',
'wildcards' => 'Wildcards',
'winbind daemon' => 'Winbind Daemon',
diff --git a/src/initscripts/networking/functions.network b/src/initscripts/networking/functions.network
index c189c2fbc..02ac6b8fe 100644
--- a/src/initscripts/networking/functions.network
+++ b/src/initscripts/networking/functions.network
@@ -92,9 +92,15 @@ network_get_intf() {
fi
;;
+ WIREGUARD|WG)
+ echo "wg+"
+ return 0
+ ;;
+
OPENVPN|OVPN)
# OpenVPN is using all tun devices
echo "tun+"
+ return 0
;;
esac
diff --git a/src/initscripts/system/suricata b/src/initscripts/system/suricata
index 0447b7e8c..6990b79ca 100644
--- a/src/initscripts/system/suricata
+++ b/src/initscripts/system/suricata
@@ -41,7 +41,7 @@ IPS_SCAN_MARK="0x10000000"
IPS_SCAN_MASK="0x10000000"
# Supported network zones
-NETWORK_ZONES=( "RED" "GREEN" "ORANGE" "BLUE" "OVPN" )
+NETWORK_ZONES=( "RED" "GREEN" "ORANGE" "BLUE" "WG" "OVPN" )
# Optional options for the Netfilter queue.
NFQ_OPTS=(
--
2.39.2
next prev parent reply other threads:[~2024-09-10 14:37 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-09-10 14:37 Addressing #13764 Michael Tremer
2024-09-10 14:37 ` [PATCH 01/20] suricata: Move the IPS into the mangle table Michael Tremer
2024-09-10 14:37 ` [PATCH 02/20] initscripts: Fix bash function definitions in suricata Michael Tremer
2024-09-10 14:37 ` [PATCH 03/20] suricata: Use getconf to determine the number of processors Michael Tremer
2024-09-10 14:37 ` [PATCH 04/20] suricata: Remove some unused constants Michael Tremer
2024-09-10 14:37 ` [PATCH 05/20] suricata: Add whitelist to iptables Michael Tremer
2024-09-10 14:37 ` [PATCH 06/20] suricata: Replace removed CPU count function Michael Tremer
2024-09-10 14:37 ` [PATCH 07/20] suricata: Be more efficient with marks Michael Tremer
2024-09-10 14:37 ` [PATCH 08/20] suricata: Add a watcher to restart on unexpected termination Michael Tremer
2024-09-10 14:37 ` [PATCH 09/20] suricata: Start the new watcher in the background Michael Tremer
2024-09-10 14:37 ` [PATCH 10/20] suricata: Restore the interface selection Michael Tremer
2024-09-10 14:37 ` [PATCH 11/20] suricata: Remove superfluous bits from the initscript Michael Tremer
2024-09-10 14:37 ` [PATCH 12/20] suricata: Don't load /var/ipfire/ethernet/settings Michael Tremer
2024-09-10 14:37 ` Michael Tremer [this message]
2024-09-10 14:37 ` [PATCH 14/20] suricata: Fix broken spacing in the settings section Michael Tremer
2024-09-10 14:37 ` [PATCH 15/20] ids.cgi: Use new style tables for rulesets Michael Tremer
2024-09-10 14:37 ` [PATCH 16/20] ids.cgi: Use new-style table for whitelist entries Michael Tremer
2024-09-10 14:37 ` [PATCH 17/20] ids.cgi: Sort " Michael Tremer
2024-09-10 14:37 ` [PATCH 18/20] ids.cgi: Remove box from the top section Michael Tremer
2024-09-10 14:37 ` [PATCH 19/20] ids.cgi: Fix detection for the Suricata process Michael Tremer
2024-09-10 14:37 ` [PATCH 20/20] firewall: Move the IPS after the NAT marking Michael Tremer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240910143748.3469271-14-michael.tremer@ipfire.org \
--to=michael.tremer@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox