* Feedback wanted on feature to show blocked IPs per country
@ 2014-02-12 17:21 Alf Høgemark
2014-02-12 19:41 ` Michael Tremer
0 siblings, 1 reply; 4+ messages in thread
From: Alf Høgemark @ 2014-02-12 17:21 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 2412 bytes --]
Hi
Based on the existing firewalllogip.dat and firewalllogport.dat, I want
a similair function to show
which countries gets blocked, to see which country is mainly targeting
my servers.
I've made a preliminary prototype, you can see it here :
https://github.com/alfh/ipfire-2.x/commit/a99ee9ce4fcdc9e41bfdfd7bd169324d1a0dcee0
This works on my existing 2.13 Core75.
There is no right menu, it is just a preliminary prototype as of now.
What I basically have done, is to copy firewalllogip.dat and
showrequestfromip.dat, and modified them
so they work on "country for ip address" rather than inidividual ip address.
This raises a few questions in my mind :
1.
Code duplication. By just copying the firewalllogip.dat, I duplicate a
lot of code.
To me, this also seems to be the case already, where firewalllogip.dat
and firewalllogport.dat containing
a lot of duplicated code.
Any ideas how to avoid this ?
Has it been discussed to try to minimze the existing code duplication in
the cgi-bin files ?
2.
Do think "local ip addresses" should turn up in firewalllogcounty.dat ?
Here is the main part of my code :
my $gi = Geo::IP::PurePerl->new();
....
if($_ =~ /SRC\=([\d\.]+)/){
my $srcaddr=$1;
my $ccode = $gi->country_code_by_name($srcaddr);
my $fcode;
# TODO: should local IP adresses be include as unknown, or excluded
from the statistics totally ?
# TODO: it would be nice to be able to group local IPs into "red",
"green", "blue" etc
if( $ccode eq "") {
$ccode = "unknown";
}
else {
$tabjc{$ccode} = $tabjc{$ccode} + 1 ;
if(($tabjc{$ccode} == 1) && ($lines < $pienumber)) { $lines =
$lines + 1; }
$linesjc++;
}
}
As you can see, I now decide to not include the local ip addresses.
I also currently do not differentiate between local ip addresses and ip
addresses where country code is actually unknown.
I'll have to check if Geo::IP has some functionality to tell me if the
address is part of "non routable addresses", like 192.168.x.y.
3.
Is there functionality existing in ipfire cgi-bin code to check if an ip
address is part of the netmask of the "green", "red", "blue", "yellow"
interface ?
If so, I think I would like to treat them like "countries".
4.
Do other people find this functionality useful ?
Regards
Alf
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Feedback wanted on feature to show blocked IPs per country
2014-02-12 17:21 Feedback wanted on feature to show blocked IPs per country Alf Høgemark
@ 2014-02-12 19:41 ` Michael Tremer
0 siblings, 0 replies; 4+ messages in thread
From: Michael Tremer @ 2014-02-12 19:41 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 3154 bytes --]
Hi,
On Wed, 2014-02-12 at 18:21 +0100, Alf Høgemark wrote:
> Hi
>
> Based on the existing firewalllogip.dat and firewalllogport.dat, I want
> a similair function to show
> which countries gets blocked, to see which country is mainly targeting
> my servers.
>
> I've made a preliminary prototype, you can see it here :
> https://github.com/alfh/ipfire-2.x/commit/a99ee9ce4fcdc9e41bfdfd7bd169324d1a0dcee0
>
> This works on my existing 2.13 Core75.
> There is no right menu, it is just a preliminary prototype as of now.
>
>
> What I basically have done, is to copy firewalllogip.dat and
> showrequestfromip.dat, and modified them
> so they work on "country for ip address" rather than inidividual ip address.
>
> This raises a few questions in my mind :
>
> 1.
> Code duplication. By just copying the firewalllogip.dat, I duplicate a
> lot of code.
> To me, this also seems to be the case already, where firewalllogip.dat
> and firewalllogport.dat containing
> a lot of duplicated code.
> Any ideas how to avoid this ?
> Has it been discussed to try to minimze the existing code duplication in
> the cgi-bin files ?
You may create a perl file that will be included which provides
functions for both scripts.
> 2.
> Do think "local ip addresses" should turn up in firewalllogcounty.dat ?
No.
> Here is the main part of my code :
> my $gi = Geo::IP::PurePerl->new();
> ....
>
> if($_ =~ /SRC\=([\d\.]+)/){
> my $srcaddr=$1;
> my $ccode = $gi->country_code_by_name($srcaddr);
> my $fcode;
>
> # TODO: should local IP adresses be include as unknown, or excluded
> from the statistics totally ?
> # TODO: it would be nice to be able to group local IPs into "red",
> "green", "blue" etc
> if( $ccode eq "") {
> $ccode = "unknown";
> }
> else {
> $tabjc{$ccode} = $tabjc{$ccode} + 1 ;
> if(($tabjc{$ccode} == 1) && ($lines < $pienumber)) { $lines =
> $lines + 1; }
> $linesjc++;
> }
> }
>
> As you can see, I now decide to not include the local ip addresses.
> I also currently do not differentiate between local ip addresses and ip
> addresses where country code is actually unknown.
> I'll have to check if Geo::IP has some functionality to tell me if the
> address is part of "non routable addresses", like 192.168.x.y.
There certainly is a perl module (like this
http://search.cpan.org/~neely/Data-Validate-IP-0.11/lib/Data/Validate/IP.pm),
but we also have got some simple checks in setddns.pl for example.
> 3.
> Is there functionality existing in ipfire cgi-bin code to check if an ip
> address is part of the netmask of the "green", "red", "blue", "yellow"
> interface ?
> If so, I think I would like to treat them like "countries".
Yes. Have a look at /var/ipfire/general-functions.pl
> 4.
> Do other people find this functionality useful ?
Why not?
>
> Regards
> Alf
>
> _______________________________________________
> Development mailing list
> Development(a)lists.ipfire.org
> http://lists.ipfire.org/mailman/listinfo/development
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Feedback wanted on feature to show blocked IPs per country
2014-02-17 16:29 ` Michael Tremer
@ 2014-02-17 19:18 ` Alf Høgemark
0 siblings, 0 replies; 4+ messages in thread
From: Alf Høgemark @ 2014-02-17 19:18 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 2104 bytes --]
Hi
It was the cache file for the language file at /var/ipfire/langs that
was playing me a trick.
I removed it, and then the menu option was available.
I've now made a pull request for this
https://github.com/ipfire/ipfire-2.x/pull/12
The code is very much based on firewalllogip.dat and showrequestfromip.dat.
Those two files does not look too nice, and therefore my files does not
look too nice.
I was thinking about doing some major restructuringing, by having one
"showrequestfrom.dat" file
which could handle taking a contraint on source ip, source ip country or
destination port, but it would require
some major work, especially since it seems the code is using "comma
separated query string" when handling a HTTP GET,
instead of individual URL parameters.
So since I understand that the major web GUI code overhaul will happen
in 3.x, I decided to not do any major changes now.
Regards
Alf
On 02/17/2014 05:29 PM, Michael Tremer wrote:
> Hi,
>
> On Sun, 2014-02-16 at 07:24 +0100, alf(a)i100.no wrote:
>> Hi
>>
>> I preliminary version is available at :
>> https://github.com/alfh/ipfire-2.x/tree/feature_firewalllogcountry
>>
>> Currently I am struggling at getting the new functionality available
>> in the menu, so I am asking if anyone has a tip on how to do that ?
>> I've tried to edit the file :
>> --- a/config/menu/70-log.menu
>> +++ b/config/menu/70-log.menu
>> @@ -33,6 +33,11 @@
>> 'title' => "$Lang::tr{'firewall logs
>> port'}",
>> 'enabled' => 1
>> };
>> + $sublogs->{'43.firewallcountry'} = {'caption' =>
>> $Lang::tr{'firewall logs country'},
>> + 'uri' =>
>> '/cgi-bin/logs.cgi/firewalllogcountry.dat',
>> + 'title' => "$Lang::tr{'firewall logs
>> country'}",
>> + 'enabled' => 1
>> + };
>>
>> but that does not seem to be enough.
> Basically, that's it.
>
> The CGI script must be there and be executable and you are fine.
>
> -Michael
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Feedback wanted on feature to show blocked IPs per country
[not found] <6480d856603853637dd7193bf88a3d36.squirrel@webmail.mailadmin.no>
@ 2014-02-17 16:29 ` Michael Tremer
2014-02-17 19:18 ` Alf Høgemark
0 siblings, 1 reply; 4+ messages in thread
From: Michael Tremer @ 2014-02-17 16:29 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 4633 bytes --]
Hi,
On Sun, 2014-02-16 at 07:24 +0100, alf(a)i100.no wrote:
> Hi
>
> I preliminary version is available at :
> https://github.com/alfh/ipfire-2.x/tree/feature_firewalllogcountry
>
> Currently I am struggling at getting the new functionality available
> in the menu, so I am asking if anyone has a tip on how to do that ?
> I've tried to edit the file :
> --- a/config/menu/70-log.menu
> +++ b/config/menu/70-log.menu
> @@ -33,6 +33,11 @@
> 'title' => "$Lang::tr{'firewall logs
> port'}",
> 'enabled' => 1
> };
> + $sublogs->{'43.firewallcountry'} = {'caption' =>
> $Lang::tr{'firewall logs country'},
> + 'uri' =>
> '/cgi-bin/logs.cgi/firewalllogcountry.dat',
> + 'title' => "$Lang::tr{'firewall logs
> country'}",
> + 'enabled' => 1
> + };
>
> but that does not seem to be enough.
Basically, that's it.
The CGI script must be there and be executable and you are fine.
-Michael
>
> Regards
> Alf
>
>
> Den ons, februar 12, 2014, 20:41 skrev Michael Tremer:
> > Hi,
> >
> > On Wed, 2014-02-12 at 18:21 +0100, Alf Høgemark wrote:
> >> Hi
> >>
> >> Based on the existing firewalllogip.dat and firewalllogport.dat, I
> want
> >> a similair function to show
> >> which countries gets blocked, to see which country is mainly
> targeting
> >> my servers.
> >>
> >> I've made a preliminary prototype, you can see it here :
> >>
> https://github.com/alfh/ipfire-2.x/commit/a99ee9ce4fcdc9e41bfdfd7bd169324d1a0dcee0
> >>
> >> This works on my existing 2.13 Core75.
> >> There is no right menu, it is just a preliminary prototype as of
> now.
> >>
> >>
> >> What I basically have done, is to copy firewalllogip.dat and
> >> showrequestfromip.dat, and modified them
> >> so they work on "country for ip address" rather than inidividual ip
> >> address.
> >>
> >> This raises a few questions in my mind :
> >>
> >> 1.
> >> Code duplication. By just copying the firewalllogip.dat, I
> duplicate a
> >> lot of code.
> >> To me, this also seems to be the case already, where
> firewalllogip.dat
> >> and firewalllogport.dat containing
> >> a lot of duplicated code.
> >> Any ideas how to avoid this ?
> >> Has it been discussed to try to minimze the existing code
> duplication in
> >> the cgi-bin files ?
> >
> > You may create a perl file that will be included which provides
> > functions for both scripts.
> >
> >> 2.
> >> Do think "local ip addresses" should turn up in
> firewalllogcounty.dat ?
> >
> > No.
> >
> >> Here is the main part of my code :
> >> my $gi = Geo::IP::PurePerl->new();
> >> ....
> >>
> >> if($_ =~ /SRC\=([\d\.]+)/){
> >> my $srcaddr=$1;
> >> my $ccode = $gi->country_code_by_name($srcaddr);
> >> my $fcode;
> >>
> >> # TODO: should local IP adresses be include as unknown, or excluded
> >> from the statistics totally ?
> >> # TODO: it would be nice to be able to group local IPs into "red",
> >> "green", "blue" etc
> >> if( $ccode eq "") {
> >> $ccode = "unknown";
> >> }
> >> else {
> >> $tabjc{$ccode} = $tabjc{$ccode} + 1 ;
> >> if(($tabjc{$ccode} == 1) && ($lines < $pienumber)) { $lines =
> >> $lines + 1; }
> >> $linesjc++;
> >> }
> >> }
> >>
> >> As you can see, I now decide to not include the local ip addresses.
> >> I also currently do not differentiate between local ip addresses
> and ip
> >> addresses where country code is actually unknown.
> >> I'll have to check if Geo::IP has some functionality to tell me if
> the
> >> address is part of "non routable addresses", like 192.168.x.y.
> >
> > There certainly is a perl module (like this
> >
> http://search.cpan.org/~neely/Data-Validate-IP-0.11/lib/Data/Validate/IP.pm),
> > but we also have got some simple checks in setddns.pl for example.
> >
> >> 3.
> >> Is there functionality existing in ipfire cgi-bin code to check if
> an ip
> >> address is part of the netmask of the "green", "red", "blue",
> "yellow"
> >> interface ?
> >> If so, I think I would like to treat them like "countries".
> >
> > Yes. Have a look at /var/ipfire/general-functions.pl
> >
> >> 4.
> >> Do other people find this functionality useful ?
> >
> > Why not?
> >
> >>
> >> Regards
> >> Alf
> >>
> >> _______________________________________________
> >> Development mailing list
> >> Development(a)lists.ipfire.org
> >> http://lists.ipfire.org/mailman/listinfo/development
> >
> >
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2014-02-17 19:18 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-02-12 17:21 Feedback wanted on feature to show blocked IPs per country Alf Høgemark
2014-02-12 19:41 ` Michael Tremer
[not found] <6480d856603853637dd7193bf88a3d36.squirrel@webmail.mailadmin.no>
2014-02-17 16:29 ` Michael Tremer
2014-02-17 19:18 ` Alf Høgemark
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox