Hi,
On Wed, 2014-02-12 at 18:21 +0100, Alf Høgemark wrote:
Hi
Based on the existing firewalllogip.dat and firewalllogport.dat, I want a similair function to show which countries gets blocked, to see which country is mainly targeting my servers.
I've made a preliminary prototype, you can see it here : https://github.com/alfh/ipfire-2.x/commit/a99ee9ce4fcdc9e41bfdfd7bd169324d1a...
This works on my existing 2.13 Core75. There is no right menu, it is just a preliminary prototype as of now.
What I basically have done, is to copy firewalllogip.dat and showrequestfromip.dat, and modified them so they work on "country for ip address" rather than inidividual ip address.
This raises a few questions in my mind :
Code duplication. By just copying the firewalllogip.dat, I duplicate a lot of code. To me, this also seems to be the case already, where firewalllogip.dat and firewalllogport.dat containing a lot of duplicated code. Any ideas how to avoid this ? Has it been discussed to try to minimze the existing code duplication in the cgi-bin files ?
You may create a perl file that will be included which provides functions for both scripts.
Do think "local ip addresses" should turn up in firewalllogcounty.dat ?
No.
Here is the main part of my code : my $gi = Geo::IP::PurePerl->new(); ....
if($_ =~ /SRC=([\d.]+)/){ my $srcaddr=$1; my $ccode = $gi->country_code_by_name($srcaddr); my $fcode;
# TODO: should local IP adresses be include as unknown, or excludedfrom the statistics totally ? # TODO: it would be nice to be able to group local IPs into "red", "green", "blue" etc if( $ccode eq "") { $ccode = "unknown"; } else { $tabjc{$ccode} = $tabjc{$ccode} + 1 ; if(($tabjc{$ccode} == 1) && ($lines < $pienumber)) { $lines = $lines + 1; } $linesjc++; } }
As you can see, I now decide to not include the local ip addresses. I also currently do not differentiate between local ip addresses and ip addresses where country code is actually unknown. I'll have to check if Geo::IP has some functionality to tell me if the address is part of "non routable addresses", like 192.168.x.y.
There certainly is a perl module (like this http://search.cpan.org/~neely/Data-Validate-IP-0.11/lib/Data/Validate/IP.pm), but we also have got some simple checks in setddns.pl for example.
Is there functionality existing in ipfire cgi-bin code to check if an ip address is part of the netmask of the "green", "red", "blue", "yellow" interface ? If so, I think I would like to treat them like "countries".
Yes. Have a look at /var/ipfire/general-functions.pl
Do other people find this functionality useful ?
Why not?
Regards Alf
Development mailing list Development@lists.ipfire.org http://lists.ipfire.org/mailman/listinfo/development