public inbox for development@lists.ipfire.org
 help / color / mirror / Atom feed
* Re: Feedback wanted on feature to show blocked IPs per country
       [not found] <6480d856603853637dd7193bf88a3d36.squirrel@webmail.mailadmin.no>
@ 2014-02-17 16:29 ` Michael Tremer
  2014-02-17 19:18   ` Alf Høgemark
  0 siblings, 1 reply; 4+ messages in thread
From: Michael Tremer @ 2014-02-17 16:29 UTC (permalink / raw)
  To: development

[-- Attachment #1: Type: text/plain, Size: 4633 bytes --]

Hi,

On Sun, 2014-02-16 at 07:24 +0100, alf(a)i100.no wrote:
> Hi
> 
> I preliminary version is available at :
> https://github.com/alfh/ipfire-2.x/tree/feature_firewalllogcountry
> 
> Currently I am struggling at getting the new functionality available
> in the menu, so I am asking if anyone has a tip on how to do that ?
> I've tried to edit the file :
> --- a/config/menu/70-log.menu
> +++ b/config/menu/70-log.menu
> @@ -33,6 +33,11 @@
>                                  'title' => "$Lang::tr{'firewall logs
> port'}",
>                                  'enabled' => 1
>                                  };
> +    $sublogs->{'43.firewallcountry'} = {'caption' =>
> $Lang::tr{'firewall logs country'},
> +                                'uri' =>
> '/cgi-bin/logs.cgi/firewalllogcountry.dat',
> +                                'title' => "$Lang::tr{'firewall logs
> country'}",
> +                                'enabled' => 1
> +                                };
> 
> but that does not seem to be enough.

Basically, that's it.

The CGI script must be there and be executable and you are fine.

-Michael

> 
> Regards
> Alf
> 
> 
> Den ons, februar 12, 2014, 20:41 skrev Michael Tremer:
> > Hi,
> >
> > On Wed, 2014-02-12 at 18:21 +0100, Alf Høgemark wrote:
> >> Hi
> >>
> >> Based on the existing firewalllogip.dat and firewalllogport.dat, I
> want
> >> a similair function to show
> >> which countries gets blocked, to see which country is mainly
> targeting
> >> my servers.
> >>
> >> I've made a preliminary prototype, you can see it here :
> >>
> https://github.com/alfh/ipfire-2.x/commit/a99ee9ce4fcdc9e41bfdfd7bd169324d1a0dcee0
> >>
> >> This works on my existing 2.13 Core75.
> >> There is no right menu, it is just a preliminary prototype as of
> now.
> >>
> >>
> >> What I basically have done, is to copy firewalllogip.dat and
> >> showrequestfromip.dat, and modified them
> >> so they work on "country for ip address" rather than inidividual ip
> >> address.
> >>
> >> This raises a few questions in my mind :
> >>
> >> 1.
> >> Code duplication. By just copying the firewalllogip.dat, I
> duplicate a
> >> lot of code.
> >> To me, this also seems to be the case already, where
> firewalllogip.dat
> >> and firewalllogport.dat containing
> >> a lot of duplicated code.
> >> Any ideas how to avoid this ?
> >> Has it been discussed to try to minimze the existing code
> duplication in
> >> the cgi-bin files ?
> >
> > You may create a perl file that will be included which provides
> > functions for both scripts.
> >
> >> 2.
> >> Do think "local ip addresses" should turn up in
> firewalllogcounty.dat ?
> >
> > No.
> >
> >> Here is the main part of my code :
> >> my $gi = Geo::IP::PurePerl->new();
> >> ....
> >>
> >> if($_ =~ /SRC\=([\d\.]+)/){
> >> my $srcaddr=$1;
> >> my $ccode = $gi->country_code_by_name($srcaddr);
> >> my $fcode;
> >>
> >> # TODO: should local IP adresses be include as unknown, or excluded
> >> from the statistics totally ?
> >> # TODO: it would be nice to be able to group local IPs into "red",
> >> "green", "blue" etc
> >> if( $ccode eq "") {
> >> $ccode = "unknown";
> >> }
> >> else {
> >> $tabjc{$ccode} = $tabjc{$ccode} + 1 ;
> >> if(($tabjc{$ccode} == 1) && ($lines < $pienumber)) { $lines =
> >> $lines + 1; }
> >> $linesjc++;
> >> }
> >> }
> >>
> >> As you can see, I now decide to not include the local ip addresses.
> >> I also currently do not differentiate between local ip addresses
> and ip
> >> addresses where country code is actually unknown.
> >> I'll have to check if Geo::IP has some functionality to tell me if
> the
> >> address is part of "non routable addresses", like 192.168.x.y.
> >
> > There certainly is a perl module (like this
> >
> http://search.cpan.org/~neely/Data-Validate-IP-0.11/lib/Data/Validate/IP.pm),
> > but we also have got some simple checks in setddns.pl for example.
> >
> >> 3.
> >> Is there functionality existing in ipfire cgi-bin code to check if
> an ip
> >> address is part of the netmask of the "green", "red", "blue",
> "yellow"
> >> interface ?
> >> If so, I think I would like to treat them like "countries".
> >
> > Yes. Have a look at /var/ipfire/general-functions.pl
> >
> >> 4.
> >> Do other people find this functionality useful ?
> >
> > Why not?
> >
> >>
> >> Regards
> >> Alf
> >>
> >> _______________________________________________
> >> Development mailing list
> >> Development(a)lists.ipfire.org
> >> http://lists.ipfire.org/mailman/listinfo/development
> >
> >


^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: Feedback wanted on feature to show blocked IPs per country
  2014-02-17 16:29 ` Feedback wanted on feature to show blocked IPs per country Michael Tremer
@ 2014-02-17 19:18   ` Alf Høgemark
  0 siblings, 0 replies; 4+ messages in thread
From: Alf Høgemark @ 2014-02-17 19:18 UTC (permalink / raw)
  To: development

[-- Attachment #1: Type: text/plain, Size: 2104 bytes --]

Hi

It was the cache file for the language file at /var/ipfire/langs that 
was playing me a trick.
I removed it, and then the menu option was available.

I've now made a pull request for this 
https://github.com/ipfire/ipfire-2.x/pull/12
The code is very much based on firewalllogip.dat and showrequestfromip.dat.

Those two files does not look too nice, and therefore my files does not 
look too nice.
I was thinking about doing some major restructuringing, by having one 
"showrequestfrom.dat" file
which could handle taking a contraint on source ip, source ip country or 
destination port, but it would require
some major work, especially since it seems the code is using "comma 
separated query string" when handling a HTTP GET,
instead of individual URL parameters.

So since I understand that the major web GUI code overhaul will happen 
in 3.x, I decided to not do any major changes now.

Regards
Alf

On 02/17/2014 05:29 PM, Michael Tremer wrote:
> Hi,
>
> On Sun, 2014-02-16 at 07:24 +0100, alf(a)i100.no wrote:
>> Hi
>>
>> I preliminary version is available at :
>> https://github.com/alfh/ipfire-2.x/tree/feature_firewalllogcountry
>>
>> Currently I am struggling at getting the new functionality available
>> in the menu, so I am asking if anyone has a tip on how to do that ?
>> I've tried to edit the file :
>> --- a/config/menu/70-log.menu
>> +++ b/config/menu/70-log.menu
>> @@ -33,6 +33,11 @@
>>                                   'title' => "$Lang::tr{'firewall logs
>> port'}",
>>                                   'enabled' => 1
>>                                   };
>> +    $sublogs->{'43.firewallcountry'} = {'caption' =>
>> $Lang::tr{'firewall logs country'},
>> +                                'uri' =>
>> '/cgi-bin/logs.cgi/firewalllogcountry.dat',
>> +                                'title' => "$Lang::tr{'firewall logs
>> country'}",
>> +                                'enabled' => 1
>> +                                };
>>
>> but that does not seem to be enough.
> Basically, that's it.
>
> The CGI script must be there and be executable and you are fine.
>
> -Michael


^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: Feedback wanted on feature to show blocked IPs per country
  2014-02-12 17:21 Alf Høgemark
@ 2014-02-12 19:41 ` Michael Tremer
  0 siblings, 0 replies; 4+ messages in thread
From: Michael Tremer @ 2014-02-12 19:41 UTC (permalink / raw)
  To: development

[-- Attachment #1: Type: text/plain, Size: 3154 bytes --]

Hi,

On Wed, 2014-02-12 at 18:21 +0100, Alf Høgemark wrote:
> Hi
> 
> Based on the existing firewalllogip.dat and firewalllogport.dat, I want 
> a similair function to show
> which countries gets blocked, to see which country is mainly targeting 
> my servers.
> 
> I've made a preliminary prototype, you can see it here :
> https://github.com/alfh/ipfire-2.x/commit/a99ee9ce4fcdc9e41bfdfd7bd169324d1a0dcee0
> 
> This works on my existing 2.13 Core75.
> There is no right menu, it is just a preliminary prototype as of now.
> 
> 
> What I basically have done, is to copy firewalllogip.dat and 
> showrequestfromip.dat, and modified them
> so they work on "country for ip address" rather than inidividual ip address.
> 
> This raises a few questions in my mind :
> 
> 1.
> Code duplication. By just copying the firewalllogip.dat, I duplicate a 
> lot of code.
> To me, this also seems to be the case already, where firewalllogip.dat 
> and firewalllogport.dat containing
> a lot of duplicated code.
> Any ideas how to avoid this ?
> Has it been discussed to try to minimze the existing code duplication in 
> the cgi-bin files ?

You may create a perl file that will be included which provides
functions for both scripts.

> 2.
> Do think "local ip addresses" should turn up in firewalllogcounty.dat ?

No.

> Here is the main part of my code :
> my $gi = Geo::IP::PurePerl->new();
> ....
> 
>    if($_ =~  /SRC\=([\d\.]+)/){
>      my $srcaddr=$1;
>      my $ccode = $gi->country_code_by_name($srcaddr);
>      my $fcode;
> 
>      # TODO: should local IP adresses be include as unknown, or excluded 
> from the statistics totally ?
>      # TODO: it would be nice to be able to group local IPs into "red", 
> "green", "blue" etc
>      if( $ccode eq "") {
>          $ccode = "unknown";
>      }
>      else {
>         $tabjc{$ccode} = $tabjc{$ccode} + 1 ;
>         if(($tabjc{$ccode} == 1) && ($lines < $pienumber)) { $lines = 
> $lines + 1; }
>         $linesjc++;
>      }
>    }
> 
> As you can see, I now decide to not include the local ip addresses.
> I also currently do not differentiate between local ip addresses and ip 
> addresses where country code is actually unknown.
> I'll have to check if Geo::IP has some functionality to tell me if the 
> address is part of "non routable addresses", like 192.168.x.y.

There certainly is a perl module (like this
http://search.cpan.org/~neely/Data-Validate-IP-0.11/lib/Data/Validate/IP.pm),
but we also have got some simple checks in setddns.pl for example.

> 3.
> Is there functionality existing in ipfire cgi-bin code to check if an ip 
> address is part of the netmask of the "green", "red", "blue", "yellow"
> interface ?
> If so, I think I would like to treat them like "countries".

Yes. Have a look at /var/ipfire/general-functions.pl

> 4.
> Do other people find this functionality useful ?

Why not?

> 
> Regards
> Alf
> 
> _______________________________________________
> Development mailing list
> Development(a)lists.ipfire.org
> http://lists.ipfire.org/mailman/listinfo/development


^ permalink raw reply	[flat|nested] 4+ messages in thread
* Feedback wanted on feature to show blocked IPs per country
@ 2014-02-12 17:21 Alf Høgemark
  2014-02-12 19:41 ` Michael Tremer
  0 siblings, 1 reply; 4+ messages in thread
From: Alf Høgemark @ 2014-02-12 17:21 UTC (permalink / raw)
  To: development

[-- Attachment #1: Type: text/plain, Size: 2412 bytes --]

Hi

Based on the existing firewalllogip.dat and firewalllogport.dat, I want 
a similair function to show
which countries gets blocked, to see which country is mainly targeting 
my servers.

I've made a preliminary prototype, you can see it here :
https://github.com/alfh/ipfire-2.x/commit/a99ee9ce4fcdc9e41bfdfd7bd169324d1a0dcee0

This works on my existing 2.13 Core75.
There is no right menu, it is just a preliminary prototype as of now.


What I basically have done, is to copy firewalllogip.dat and 
showrequestfromip.dat, and modified them
so they work on "country for ip address" rather than inidividual ip address.

This raises a few questions in my mind :

1.
Code duplication. By just copying the firewalllogip.dat, I duplicate a 
lot of code.
To me, this also seems to be the case already, where firewalllogip.dat 
and firewalllogport.dat containing
a lot of duplicated code.
Any ideas how to avoid this ?
Has it been discussed to try to minimze the existing code duplication in 
the cgi-bin files ?

2.
Do think "local ip addresses" should turn up in firewalllogcounty.dat ?


Here is the main part of my code :
my $gi = Geo::IP::PurePerl->new();
....

   if($_ =~  /SRC\=([\d\.]+)/){
     my $srcaddr=$1;
     my $ccode = $gi->country_code_by_name($srcaddr);
     my $fcode;

     # TODO: should local IP adresses be include as unknown, or excluded 
from the statistics totally ?
     # TODO: it would be nice to be able to group local IPs into "red", 
"green", "blue" etc
     if( $ccode eq "") {
         $ccode = "unknown";
     }
     else {
        $tabjc{$ccode} = $tabjc{$ccode} + 1 ;
        if(($tabjc{$ccode} == 1) && ($lines < $pienumber)) { $lines = 
$lines + 1; }
        $linesjc++;
     }
   }

As you can see, I now decide to not include the local ip addresses.
I also currently do not differentiate between local ip addresses and ip 
addresses where country code is actually unknown.
I'll have to check if Geo::IP has some functionality to tell me if the 
address is part of "non routable addresses", like 192.168.x.y.

3.
Is there functionality existing in ipfire cgi-bin code to check if an ip 
address is part of the netmask of the "green", "red", "blue", "yellow"
interface ?
If so, I think I would like to treat them like "countries".

4.
Do other people find this functionality useful ?

Regards
Alf


^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2014-02-17 19:18 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
     [not found] <6480d856603853637dd7193bf88a3d36.squirrel@webmail.mailadmin.no>
2014-02-17 16:29 ` Feedback wanted on feature to show blocked IPs per country Michael Tremer
2014-02-17 19:18   ` Alf Høgemark
2014-02-12 17:21 Alf Høgemark
2014-02-12 19:41 ` Michael Tremer

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox