1. Detect for each IP the network it belongs and change background of that IP according to the network (Green, Red, Blue, Orange) 2. For each IP detect the country it belongs to and display country flag near IP
This is my second attempt to use GIT.
Signed-off-by: Horace Michael horace.michael@gmx.com --- html/cgi-bin/guardian.cgi | 687 +++++++++++++++++++++++++++++++--------------- 1 file changed, 470 insertions(+), 217 deletions(-) mode change 100644 => 100755 html/cgi-bin/guardian.cgi
diff --git a/html/cgi-bin/guardian.cgi b/html/cgi-bin/guardian.cgi old mode 100644 new mode 100755 index 963a56430768..b05d4f7f7bad --- a/html/cgi-bin/guardian.cgi +++ b/html/cgi-bin/guardian.cgi @@ -22,6 +22,9 @@ use strict; use Locale::Codes::Country; use Guardian::Socket; +use Net::IPv4Addr qw( :all ); +use Geo::IP::PurePerl; +use Switch;
# enable only the following on debugging purpose #use warnings; @@ -45,6 +48,16 @@ my @memory=(); my @pid=(); my @guardian=();
+my @colour=(); +my @network=(); +my @masklen=(); +my $colour_multicast = "#A0A0A0"; +#needed for the country flag +my @key; +my @value; +my $color=0; + + # Path to the guardian.ignore file. my $ignorefile ='/var/ipfire/guardian/guardian.ignore';
@@ -56,6 +69,9 @@ my %module_file_locations = ( "SNORT" => "/var/log/snort/alert", "SSH" => "/var/log/messages", ); +my %netsettings=(); +&General::readhash("${General::swroot}/ethernet/settings", %netsettings); +
our %netsettings = (); &General::readhash("${General::swroot}/ethernet/settings", %netsettings); @@ -65,6 +81,193 @@ our %mainsettings = (); &General::readhash("${General::swroot}/main/settings", %mainsettings); &General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", %color);
+# ##################################################### +# Collect data for the @network array. + +# Add Firewall Localhost 127.0.0.1 +push(@network, '127.0.0.1'); +push(@masklen, '255.255.255.255'); +push(@colour, ${Header::colourfw}); + + + +if (open(IP, "${General::swroot}/red/local-ipaddress")) { + my $redip = <IP>; + close(IP); + chomp $redip; + push(@network, $redip); + push(@masklen, '255.255.255.255'); + push(@colour, ${Header::colourfw}); +} + +# Add STATIC RED aliases +if ($netsettings{'RED_DEV'}) { + my $aliasfile = "${General::swroot}/ethernet/aliases"; + open(ALIASES, $aliasfile) or die 'Unable to open aliases file.'; + my @aliases = <ALIASES>; + close(ALIASES); + +# We have a RED eth iface +if ($netsettings{'RED_TYPE'} eq 'STATIC') { + +#We have a STATIC RED eth iface + foreach my $line (@aliases) { + chomp($line); + my @temp = split(/,/,$line); + if ($temp[0]) { + push(@network, $temp[0]); + push(@masklen, $netsettings{'RED_NETMASK'} ); + push(@colour, ${Header::colourfw} ); + } + } + } +} + +# Add Green Firewall Interface + push(@network, $netsettings{'GREEN_ADDRESS'}); + push(@masklen, "255.255.255.255" ); + push(@colour, ${Header::colourfw} ); + +# Add Green Network to Array + push(@network, $netsettings{'GREEN_NETADDRESS'}); + push(@masklen, $netsettings{'GREEN_NETMASK'} ); + push(@colour, ${Header::colourgreen} ); + +# Add Green Routes to Array + my @routes = `/sbin/route -n | /bin/grep $netsettings{'GREEN_DEV'}`; + foreach my $route (@routes) { + chomp($route); + my @temp = split(/[\t ]+/, $route); + push(@network, $temp[0]); + push(@masklen, $temp[2]); + push(@colour, ${Header::colourgreen} ); + } + +# Add Blue Firewall Interface + push(@network, $netsettings{'BLUE_ADDRESS'}); + push(@masklen, "255.255.255.255" ); + push(@colour, ${Header::colourfw} ); + +# Add Blue Network + if ($netsettings{'BLUE_DEV'}) { + push(@network, $netsettings{'BLUE_NETADDRESS'}); + push(@masklen, $netsettings{'BLUE_NETMASK'} ); + push(@colour, ${Header::colourblue} ); + +# Add Blue Routes to Array + @routes = `/sbin/route -n | /bin/grep $netsettings{'BLUE_DEV'}`; + foreach my $route (@routes) { + chomp($route); + my @temp = split(/[\t ]+/, $route); + push(@network, $temp[0]); + push(@masklen, $temp[2]); + push(@colour, ${Header::colourblue} ); + } +} + +# Add Orange Firewall Interface + push(@network, $netsettings{'ORANGE_ADDRESS'}); + push(@masklen, "255.255.255.255" ); + push(@colour, ${Header::colourfw} ); + +# Add Orange Network + if ($netsettings{'ORANGE_DEV'}) { + push(@network, $netsettings{'ORANGE_NETADDRESS'}); + push(@masklen, $netsettings{'ORANGE_NETMASK'} ); + push(@colour, ${Header::colourorange} ); + # Add Orange Routes to Array + @routes = `/sbin/route -n | /bin/grep $netsettings{'ORANGE_DEV'}`; + foreach my $route (@routes) { + chomp($route); + my @temp = split(/[\t ]+/, $route); + push(@network, $temp[0]); + push(@masklen, $temp[2]); + push(@colour, ${Header::colourorange} ); + + } +} + +# Highlight multicast connections. + push(@network, "224.0.0.0"); + push(@masklen, "239.0.0.0"); + push(@colour, $colour_multicast); + +# Add OpenVPN net and RED/BLUE/ORANGE entry (when appropriate) + if (-e "${General::swroot}/ovpn/settings") { + my %ovpnsettings = (); + &General::readhash("${General::swroot}/ovpn/settings", %ovpnsettings); + my @tempovpnsubnet = split("/",$ovpnsettings{'DOVPN_SUBNET'}); + +# add OpenVPN net + push(@network, $tempovpnsubnet[0]); + push(@masklen, $tempovpnsubnet[1]); + push(@colour, ${Header::colourovpn} ); + +# add BLUE:port / proto + if (($ovpnsettings{'ENABLED_BLUE'} eq 'on') && $netsettings{'BLUE_DEV'}) { + push(@network, $netsettings{'BLUE_ADDRESS'} ); + push(@masklen, '255.255.255.255' ); + push(@colour, ${Header::colourovpn}); +} + +# add ORANGE:port / proto + if (($ovpnsettings{'ENABLED_ORANGE'} eq 'on') && $netsettings{'ORANGE_DEV'}) { + push(@network, $netsettings{'ORANGE_ADDRESS'} ); + push(@masklen, '255.255.255.255' ); + push(@colour, ${Header::colourovpn} ); + } +} + +# Add OpenVPN net for custom OVPNs + if (-e "${General::swroot}/ovpn/ccd.conf") { + open(OVPNSUB, "${General::swroot}/ovpn/ccd.conf"); + my @ovpnsub = <OVPNSUB>; + close(OVPNSUB); + foreach (@ovpnsub) { + my ($network, $mask) = split '/', (split ',', $_)[2]; + $mask = ipv4_cidr2msk($mask) unless &General::validip($mask); + push(@network, $network); + push(@masklen, $mask); + push(@colour, ${Header::colourovpn}); + } +} + +open(IPSEC, "${General::swroot}/vpn/config"); + my @ipsec = <IPSEC>; + close(IPSEC); + foreach my $line (@ipsec) { + my @vpn = split(',', $line); + my ($network, $mask) = split("/", $vpn[12]); + if (!&General::validip($mask)) { + $mask = ipv4_cidr2msk($mask); + } + push(@network, $network); + push(@masklen, $mask); + push(@colour, ${Header::colourvpn}); +} + +if (-e "${General::swroot}/ovpn/n2nconf") { + open(OVPNN2N, "${General::swroot}/ovpn/ovpnconfig"); + my @ovpnn2n = <OVPNN2N>; + close(OVPNN2N); + foreach my $line (@ovpnn2n) { + my @ovpn = split(',', $line); + next if ($ovpn[4] ne 'net'); + my ($network, $mask) = split("/", $ovpn[12]); + if (!&General::validip($mask)) { + $mask = ipv4_cidr2msk($mask); + } + push(@network, $network); + push(@masklen, $mask); + push(@colour, ${Header::colourovpn}); + } +} + + +# ##################################################### + + + # Pakfire meta file for owncloud. # (File exists when the addon is installed.) my $owncloud_meta = "/opt/pakfire/db/installed/meta-owncloud"; @@ -475,8 +678,6 @@ sub showMainBox() { </script> END
- - # Draw current guardian state. &Header::openbox('100%', 'center', $Lang::tr{'guardian'});
@@ -563,14 +764,14 @@ END </tr> END
- # Display owncloud checkbox when the addon is installed. - if ( -e "$owncloud_meta" ) { - print"<tr>\n"; - print"<td width='25%' class='base'>$Lang::tr{'guardian block owncloud brute-force'}</td>\n"; - print"<td align='left'>on <input type='radio' name='GUARDIAN_MONITOR_OWNCLOUD' value='on' $checked{'GUARDIAN_MONITOR_OWNCLOUD'}{'on'} /> /\n"; - print"<input type='radio' name='GUARDIAN_MONITOR_OWNCLOUD' value='off' $checked{'GUARDIAN_MONITOR_OWNCLOUD'}{'off'} /> off</td>\n"; - print"</tr>\n"; - } + # Display owncloud checkbox when the addon is installed. + if ( -e "$owncloud_meta" ) { + print"<tr>\n"; + print"<td width='25%' class='base'>$Lang::tr{'guardian block owncloud brute-force'}</td>\n"; + print"<td align='left'>on <input type='radio' name='GUARDIAN_MONITOR_OWNCLOUD' value='on' $checked{'GUARDIAN_MONITOR_OWNCLOUD'}{'on'} /> /\n"; + print"<input type='radio' name='GUARDIAN_MONITOR_OWNCLOUD' value='off' $checked{'GUARDIAN_MONITOR_OWNCLOUD'}{'off'} /> off</td>\n"; + print"</tr>\n"; + } print <<END; <tr> <td colspan='2'><br></td> @@ -657,128 +858,140 @@ sub showIgnoreBox() { &Header::openbox('100%', 'center', $Lang::tr{'guardian ignored hosts'});
print <<END; - <table width='80%'> + <table width='60%'> <tr> <td class='base' bgcolor='$color{'color20'}'><b>$Lang::tr{'ip address'}</b></td> + <td width='10%' class='base' align='center' bgcolor='$color{'color20'}'><b>$Lang::tr{'country'}</b></td> <td class='base' bgcolor='$color{'color20'}'><b>$Lang::tr{'remark'}</b></td> - <td class='base' colspan='3' bgcolor='$color{'color20'}'></td> + <td class='base' align='center' colspan='3' bgcolor='$color{'color20'}'><b>$Lang::tr{'action'}</b></td> </tr> END - # Check if some hosts have been add to be ignored. - if (keys (%ignored)) { - my $col = ""; - - # Loop through all entries of the hash.. - while( (my $key) = each %ignored) { - # Assign data array positions to some nice variable names. - my $address = $ignored{$key}[0]; - my $remark = $ignored{$key}[1]; - my $status = $ignored{$key}[2]; - - # Check if the key (id) number is even or not. - if ($settings{'ID'} eq $key) { - $col="bgcolor='${Header::colouryellow}'"; - } elsif ($key % 2) { - $col="bgcolor='$color{'color22'}'"; - } else { - $col="bgcolor='$color{'color20'}'"; - } - - # Choose icon for the checkbox. - my $gif; - my $gdesc; - - # Check if the status is enabled and select the correct image and description. - if ($status eq 'enabled' ) { - $gif = 'on.gif'; - $gdesc = $Lang::tr{'click to disable'}; - } else { - $gif = 'off.gif'; - $gdesc = $Lang::tr{'click to enable'}; - } - - print <<END; - <tr> - <td width='20%' class='base' $col>$address</td> - <td width='65%' class='base' $col>$remark</td> - - <td align='center' $col> - <form method='post' action='$ENV{'SCRIPT_NAME'}'> - <input type='hidden' name='ACTION' value='$Lang::tr{'toggle enable disable'}' /> - <input type='image' name='$Lang::tr{'toggle enable disable'}' src='/images/$gif' alt='$gdesc' title='$gdesc' /> - <input type='hidden' name='ID' value='$key' /> - </form> - </td> - - <td align='center' $col> - <form method='post' action='$ENV{'SCRIPT_NAME'}'> - <input type='hidden' name='ACTION' value='$Lang::tr{'edit'}' /> - <input type='image' name='$Lang::tr{'edit'}' src='/images/edit.gif' alt='$Lang::tr{'edit'}' title='$Lang::tr{'edit'}' /> - <input type='hidden' name='ID' value='$key' /> - </form> - </td> - - <td align='center' $col> - <form method='post' name='$key' action='$ENV{'SCRIPT_NAME'}'> - <input type='image' name='$Lang::tr{'remove'}' src='/images/delete.gif' title='$Lang::tr{'remove'}' alt='$Lang::tr{'remove'}'> - <input type='hidden' name='ID' value='$key'> - <input type='hidden' name='ACTION' value='$Lang::tr{'remove'}'> - </form> - </td> - </tr> -END - } - } else { - # Print notice that currently no hosts are ignored. - print "<tr>\n"; - print "<td class='base' colspan='2'>$Lang::tr{'guardian no entries'}</td>\n"; - print "</tr>\n"; - } +# Check if some hosts have been add to be ignored. + if (keys (%ignored)) { + my $col = ""; + my $col1 = "";
- print "</table>\n"; +# Loop through all entries of the hash.. + while( (my $key) = each %ignored) { + # Assign data array positions to some nice variable names. + my $address = $ignored{$key}[0]; + my $remark = $ignored{$key}[1]; + my $status = $ignored{$key}[2];
- # Section to add new elements or edit existing ones. - print <<END; - <br> - <hr> - <br> + # geoip lookup + my $gi = Geo::IP::PurePerl->new(); + my $ccode = $gi->country_code_by_name($address); + my $fcode = uc($ccode);
- <div align='center'> - <table width='100%'> -END + # Detect the network in which the IP belongs and set the color for that network. + $col1=ipcolour($address);
- # Assign correct headline and button text. - my $buttontext; - my $entry_address; - my $entry_remark; + # Check if the key (id) number is even or not. + if ($settings{'ID'} eq $key) { + $col="bgcolor='${Header::colouryellow}'"; + } elsif ($key % 2) { + $col="bgcolor='$color{'color22'}'"; + } else { + $col="bgcolor='$color{'color20'}'"; + }
- # Check if an ID (key) has been given, in this case an existing entry should be edited. - if ($settings{'ID'} ne '') { - $buttontext = $Lang::tr{'update'}; - print "<tr><td class='boldbase' colspan='3'><b>$Lang::tr{'update'}</b></td></tr>\n"; +# Choose icon for the checkbox. +my $gif; +my $gdesc; + +# Check if the status is enabled and select the correct image and description. +if ($status eq 'enabled' ) { + $gif = 'on.gif'; + $gdesc = $Lang::tr{'click to disable'}; +} else { + $gif = 'off.gif'; + $gdesc = $Lang::tr{'click to enable'}; +}
- # Grab address and remark for the given key. - $entry_address = $ignored{$settings{'ID'}}[0]; - $entry_remark = $ignored{$settings{'ID'}}[1]; +print "<tr>"; + print "<td width='20%' class='base' bgcolor=$col1 ><a href='/cgi-bin/ipinfo.cgi?ip=$address'><span style='color:#FFFFFF;'>$address</span></a></td>"; + if ( $fcode ne "" ){ + print "<td width='10%' align='center' $col><a href='/cgi-bin/country.cgi#$fcode'><img src='/images/flags/$fcode.png' border='0' align='absmiddle' alt='$ccode' title='$ccode' /></a></td>"; + } + else { + print "<td align='center' $col></td>"; + } + print "<td width='65%' class='base' $col>$remark</td>"; +print <<END; + <td align='center' $col> + <form method='post' action='$ENV{'SCRIPT_NAME'}'> + <input type='hidden' name='ACTION' value='$Lang::tr{'toggle enable disable'}' /> + <input type='image' name='$Lang::tr{'toggle enable disable'}' src='/images/$gif' alt='$gdesc' title='$gdesc' /> + <input type='hidden' name='ID' value='$key' /> + </form> + </td> + <td align='center' $col> + <form method='post' action='$ENV{'SCRIPT_NAME'}'> + <input type='hidden' name='ACTION' value='$Lang::tr{'edit'}' /> + <input type='image' name='$Lang::tr{'edit'}' src='/images/edit.gif' alt='$Lang::tr{'edit'}' title='$Lang::tr{'edit'}' /> + <input type='hidden' name='ID' value='$key' /> + </form> + </td> + <td align='center' $col> + <form method='post' name='$key' action='$ENV{'SCRIPT_NAME'}'> + <input type='image' name='$Lang::tr{'remove'}' src='/images/delete.gif' title='$Lang::tr{'remove'}' alt='$Lang::tr{'remove'}'> + <input type='hidden' name='ID' value='$key'> + <input type='hidden' name='ACTION' value='$Lang::tr{'remove'}'> + </form> + </td> +</tr> +END + } } else { - $buttontext = $Lang::tr{'add'}; - print "<tr><td class='boldbase' colspan='3'><b>$Lang::tr{'dnsforward add a new entry'}</b></td></tr>\n"; + # Print notice that currently no hosts are ignored. + print "<tr>\n"; + print "<td class='base' colspan='2'>$Lang::tr{'guardian no entries'}</td>\n"; + print "</tr>\n"; }
- print <<END; - <form method='post' action='$ENV{'SCRIPT_NAME'}'> - <input type='hidden' name='ID' value='$settings{'ID'}'> - <tr> - <td width='30%'>$Lang::tr{'ip address'}: </td> - <td width='50%'><input type='text' name='IGNORE_ENTRY_ADDRESS' value='$entry_address' size='24' /></td> + print "</table>\n";
- <td width='30%'>$Lang::tr{'remark'}: </td> - <td wicth='50%'><input type='text' name=IGNORE_ENTRY_REMARK value='$entry_remark' size='24' /></td> - <td align='center' width='20%'><input type='submit' name='ACTION' value='$buttontext' /></td> - </tr> - </form> - </table> - </div> +# Section to add new elements or edit existing ones. +print <<END; +<br> +<hr> +<br> + +<div align='center'> + <table width='100%'> +END + +# Assign correct headline and button text. +my $buttontext; +my $entry_address; +my $entry_remark; + +# Check if an ID (key) has been given, in this case an existing entry should be edited. +if ($settings{'ID'} ne '') { + $buttontext = $Lang::tr{'update'}; + print "<tr><td class='boldbase' colspan='3'><b>$Lang::tr{'update'}</b></td></tr>\n"; + + # Grab address and remark for the given key. + $entry_address = $ignored{$settings{'ID'}}[0]; + $entry_remark = $ignored{$settings{'ID'}}[1]; +} else { + $buttontext = $Lang::tr{'add'}; + print "<tr><td class='boldbase' colspan='3'><b>$Lang::tr{'dnsforward add a new entry'}</b></td></tr>\n"; +} + +print <<END; + <form method='post' action='$ENV{'SCRIPT_NAME'}'> + <input type='hidden' name='ID' value='$settings{'ID'}'> + <tr> + <td width='30%'>$Lang::tr{'ip address'}: </td> + <td width='50%'><input type='text' name='IGNORE_ENTRY_ADDRESS' value='$entry_address' size='24' /></td> + <td width='30%'>$Lang::tr{'remark'}: </td> + <td wicth='50%'><input type='text' name=IGNORE_ENTRY_REMARK value='$entry_remark' size='24' /></td> + <td align='center' width='20%'><input type='submit' name='ACTION' value='$buttontext' /></td> + </tr> + </form> + </table> +</div> END
&Header::closebox(); @@ -788,73 +1001,91 @@ END sub showBlockedBox() { &Header::openbox('100%', 'center', $Lang::tr{'guardian blocked hosts'});
- print <<END; - <table width='60%'> - <tr> - <td colspan='2' class='base' bgcolor='$color{'color20'}'><b>$Lang::tr{'guardian blocked hosts'}</b></td> - </tr> + # <td width='15%' class='base' align='center' bgcolor='$color{'color15'}'><b>VirusTotal</b></td> + # <td width='15%' class='base' align='center' bgcolor='$color{'color15'}'><b>DomainTools</b></td> + # <td width='10%' class='base' align='center' bgcolor='$color{'color15'}'><b>MultiRBL</b></td> + # <td width='10%' class='base' align='center' bgcolor='$color{'color15'}'><b>IPVoid</b></td> + +print <<END; +<table width='60%'> + <tr> + <td width='30%' class='base' bgcolor='$color{'color20'}'><b>$Lang::tr{'guardian blocked hosts'}</b></td> + <td width='10%' class='base' align='center' bgcolor='$color{'color15'}'><b>$Lang::tr{'country'}</b></td> + <td width='80%' class='base' align='right' bgcolor='$color{'color15'}'><b>$Lang::tr{'action'}</b></td> + </tr> END
- # Lauch function to get the currently blocked hosts. - my @blocked_hosts = &GetBlockedHosts(); +# Launch function to get the currently blocked hosts. +my @blocked_hosts = &GetBlockedHosts();
- my $id = 0; - my $col = ""; +my $id = 0; +my $col = ""; +my $col1 = "";
- # Loop through our blocked hosts array. - foreach my $blocked_host (@blocked_hosts) { +# Loop through our blocked hosts array. +foreach my $blocked_host (@blocked_hosts) { + # geoip lookup + my $gi = Geo::IP::PurePerl->new(); + my $ccode = $gi->country_code_by_name($blocked_host); + my $fcode = uc($ccode);
- # Increase id number for each element in the ignore file. - $id++; + # Detect the network in which the IP belongs and set the color for that network. + $col1=ipcolour($blocked_host);
- # Check if the id number is even or not. - if ($id % 2) { - $col="bgcolor='$color{'color22'}'"; - } else { - $col="bgcolor='$color{'color20'}'"; - } + # Increase id number for each element in the ignore file. + $id++;
- print <<END; - <tr> - <td width='80%' class='base' $col><a href='/cgi-bin/ipinfo.cgi?ip=$blocked_host'>$blocked_host</a></td> - <td width='20%' align='center' $col> - <form method='post' name='frmb$id' action='$ENV{'SCRIPT_NAME'}'> - <input type='image' name='$Lang::tr{'unblock'}' src='/images/delete.gif' title='$Lang::tr{'unblock'}' alt='$Lang::tr{'unblock'}'> - <input type='hidden' name='ADDRESS_UNBLOCK' value='$blocked_host'> - <input type='hidden' name='ACTION' value='$Lang::tr{'unblock'}'> - </form> - </td> - </tr> + # Check if the id number is even or not. + if ($id % 2) { + $col="bgcolor='$color{'color22'}'"; + } else { + $col="bgcolor='$color{'color20'}'"; + } + print "<tr>"; + print "<td width='30%' class='base' align='left' bgcolor=$col1><a href='/cgi-bin/ipinfo.cgi?ip=$blocked_host' target=_blank> <span style='color:#FFFFFF;'>$blocked_host</span></a></td>"; + if ( $fcode ne "" ){ + print "<td width='10%' align='center' $col><a href='/cgi-bin/country.cgi#$fcode'><img src='/images/flags/$fcode.png' border='0' align='absmiddle' alt='$ccode' title='$ccode' /></a></td>";} + else { + print "<td align='center' $col>$fcode</td>";} + print <<END; + <td width='70%' align='right' $col> + <form method='post' name='frmb$id' action='$ENV{'SCRIPT_NAME'}'> + <input type='image' name='$Lang::tr{'unblock'}' src='/images/delete.gif' title='$Lang::tr{'unblock'}' alt='$Lang::tr{'unblock'}'> + <input type='hidden' name='ADDRESS_UNBLOCK' value='$blocked_host'> + <input type='hidden' name='ACTION' value='$Lang::tr{'unblock'}'> + </form> + </td> + </tr> END - } + }
- # If the loop only has been runs once the id still is "0", which means there are no - # additional entries (blocked hosts) in the iptables chain. - if ($id == 0) { +# If the loop only has been runs once the id still is "0", which means there are no +# additional entries (blocked hosts) in the iptables chain. +if ($id == 0) {
- # Print notice that currently no hosts are blocked. - print "<tr>\n"; - print "<td class='base' colspan='2'>$Lang::tr{'guardian no entries'}</td>\n"; - print "</tr>\n"; - } + # Print notice that currently no hosts are blocked. + print "<tr>\n"; + print "<td class='base' colspan='2'>$Lang::tr{'guardian no entries'}</td>\n"; + print "</tr>\n"; +}
print "</table>\n";
# Section for a manual block of an IP-address. - print <<END; - <br> - <div align='center'> - <table width='60%' border='0'> - <form method='post' action='$ENV{'SCRIPT_NAME'}'> - <tr> - <td width='30%'>$Lang::tr{'guardian block a host'}: </td> - <td width='40%'><input type='text' name='ADDRESS_BLOCK' value='' size='24' /></td> - <td align='center' width='15%'><input type='submit' name='ACTION' value='$Lang::tr{'block'}'></td> - <td align='center' width='15%'><input type='submit' name='ACTION' value='$Lang::tr{'unblock all'}'></td> - </tr> - </form> - </table> - </div> +print <<END; +<br> +<div align='center'> + <table width='60%' border='0'> + <form method='post' action='$ENV{'SCRIPT_NAME'}'> + <tr> + <td width='30%'>$Lang::tr{'guardian block a host'}: </td> + <td width='40%'><input type='text' name='ADDRESS_BLOCK' value='' size='24' /></td> + <td align='center' width='15%'><input type='submit' name='ACTION' value='$Lang::tr{'block'}'></td> + <td align='center' width='15%'><input type='submit' name='ACTION' value='$Lang::tr{'unblock all'}'></td> + </tr> + </form> + </table> +</div> END
&Header::closebox(); @@ -887,58 +1118,58 @@ sub daemonstats() { }
sub GetBlockedHosts() { - # Create new, empty array. - my @hosts; - - # Lauch helper to get chains from iptables. - system('/usr/local/bin/getipstat'); - - # Open temporary file which contains the chains and rules. - open (FILE, '/srv/web/ipfire/html/iptables.txt'); - - # Loop through the entire file. - while (<FILE>) { - my $line = $_; - - # Search for the guardian chain and extract - # the lines between it and the next empty line - # which is placed before the next firewall - # chain starts. - if ($line =~ /^Chain GUARDIAN/ .. /^\s*$/) { - # Skip descriptive lines. - next if ($line =~ /^Chain/); - next if ($line =~ /^ pkts/); - - # Generate array, based on the line content (seperator is a single or multiple space's) - my @comps = split(/\s{1,}/, $line); - my ($lead, $pkts, $bytes, $target, $prot, $opt, $in, $out, $source, $destination) = @comps; - - # Assign different variable names. - my $blocked_host = $source; - - # Add host to our hosts array. - if ($blocked_host) { - push(@hosts, $blocked_host); - } +# Create new, empty array. +my @hosts; + +# Lauch helper to get chains from iptables. +system('/usr/local/bin/getipstat'); + +# Open temporary file which contains the chains and rules. +open (FILE, '/srv/web/ipfire/html/iptables.txt'); + +# Loop through the entire file. +while (<FILE>) { + my $line = $_; + + # Search for the guardian chain and extract + # the lines between it and the next empty line + # which is placed before the next firewall + # chain starts. + if ($line =~ /^Chain GUARDIAN/ .. /^\s*$/) { + # Skip descriptive lines. + next if ($line =~ /^Chain/); + next if ($line =~ /^ pkts/); + + # Generate array, based on the line content (seperator is a single or multiple space's) + my @comps = split(/\s{1,}/, $line); + my ($lead, $pkts, $bytes, $target, $prot, $opt, $in, $out, $source, $destination) = @comps; + + # Assign different variable names. + my $blocked_host = $source; + + # Add host to our hosts array. + if ($blocked_host) { + push(@hosts, $blocked_host); } } +}
- # Close filehandle. - close(FILE); +# Close filehandle. +close(FILE);
- # Remove recently created temporary files of the "getipstat" binary. - system(rm -f "/srv/web/ipfire/html/iptables.txt"); - system(rm -f "/srv/web/ipfire/html/iptablesmangle.txt"); - system(rm -f "/srv/web/ipfire/html/iptablesnat.txt"); +# Remove recently created temporary files of the "getipstat" binary. +system(rm -f "/srv/web/ipfire/html/iptables.txt"); +system(rm -f "/srv/web/ipfire/html/iptablesmangle.txt"); +system(rm -f "/srv/web/ipfire/html/iptablesnat.txt");
- # Convert entries, sort them, write back and store the sorted entries into new array. - my @sorted = map { $_->[0] } - sort { $a->[1] <=> $b->[1] } - map { [$_, int sprintf("%03.f%03.f%03.f%03.f", split(/./, $_))] } - @hosts; +# Convert entries, sort them, write back and store the sorted entries into new array. +my @sorted = map { $_->[0] } + sort { $a->[1] <=> $b->[1] } + map { [$_, int sprintf("%03.f%03.f%03.f%03.f", split(/./, $_))] } + @hosts;
- # Return our sorted list. - return @sorted +# Return our sorted list. +return @sorted }
sub BuildConfiguration() { @@ -1100,7 +1331,7 @@ sub GenerateIgnoreFile() { print FILE "$address\n\n"; } } - } + } }
close(FILE); @@ -1135,3 +1366,25 @@ sub _get_address_from_file ($) { # Return nothing. return; } + + +sub ipcolour($) { + my $id = 0; + my $colour = ${Header::colourred}; + my ($ip) = $_[0]; + my $found = 0; + + foreach my $line (@network) { + if ($network[$id] eq '') { + $id++; + } else { + if (!$found && ipv4_in_network($network[$id], $masklen[$id], $ip) ) { + $found = 1; + $colour = $colour[$id]; + } + $id++; + } + } + + return $colour; +}