Hi
Based on the existing firewalllogip.dat and firewalllogport.dat, I want a similair function to show which countries gets blocked, to see which country is mainly targeting my servers.
I've made a preliminary prototype, you can see it here : https://github.com/alfh/ipfire-2.x/commit/a99ee9ce4fcdc9e41bfdfd7bd169324d1a...
This works on my existing 2.13 Core75. There is no right menu, it is just a preliminary prototype as of now.
What I basically have done, is to copy firewalllogip.dat and showrequestfromip.dat, and modified them so they work on "country for ip address" rather than inidividual ip address.
This raises a few questions in my mind :
1. Code duplication. By just copying the firewalllogip.dat, I duplicate a lot of code. To me, this also seems to be the case already, where firewalllogip.dat and firewalllogport.dat containing a lot of duplicated code. Any ideas how to avoid this ? Has it been discussed to try to minimze the existing code duplication in the cgi-bin files ?
2. Do think "local ip addresses" should turn up in firewalllogcounty.dat ?
Here is the main part of my code : my $gi = Geo::IP::PurePerl->new(); ....
if($_ =~ /SRC=([\d.]+)/){ my $srcaddr=$1; my $ccode = $gi->country_code_by_name($srcaddr); my $fcode;
# TODO: should local IP adresses be include as unknown, or excluded from the statistics totally ? # TODO: it would be nice to be able to group local IPs into "red", "green", "blue" etc if( $ccode eq "") { $ccode = "unknown"; } else { $tabjc{$ccode} = $tabjc{$ccode} + 1 ; if(($tabjc{$ccode} == 1) && ($lines < $pienumber)) { $lines = $lines + 1; } $linesjc++; } }
As you can see, I now decide to not include the local ip addresses. I also currently do not differentiate between local ip addresses and ip addresses where country code is actually unknown. I'll have to check if Geo::IP has some functionality to tell me if the address is part of "non routable addresses", like 192.168.x.y.
3. Is there functionality existing in ipfire cgi-bin code to check if an ip address is part of the netmask of the "green", "red", "blue", "yellow" interface ? If so, I think I would like to treat them like "countries".
4. Do other people find this functionality useful ?
Regards Alf
Hi,
On Wed, 2014-02-12 at 18:21 +0100, Alf Høgemark wrote:
Hi
Based on the existing firewalllogip.dat and firewalllogport.dat, I want a similair function to show which countries gets blocked, to see which country is mainly targeting my servers.
I've made a preliminary prototype, you can see it here : https://github.com/alfh/ipfire-2.x/commit/a99ee9ce4fcdc9e41bfdfd7bd169324d1a...
This works on my existing 2.13 Core75. There is no right menu, it is just a preliminary prototype as of now.
What I basically have done, is to copy firewalllogip.dat and showrequestfromip.dat, and modified them so they work on "country for ip address" rather than inidividual ip address.
This raises a few questions in my mind :
Code duplication. By just copying the firewalllogip.dat, I duplicate a lot of code. To me, this also seems to be the case already, where firewalllogip.dat and firewalllogport.dat containing a lot of duplicated code. Any ideas how to avoid this ? Has it been discussed to try to minimze the existing code duplication in the cgi-bin files ?
You may create a perl file that will be included which provides functions for both scripts.
Do think "local ip addresses" should turn up in firewalllogcounty.dat ?
No.
Here is the main part of my code : my $gi = Geo::IP::PurePerl->new(); ....
if($_ =~ /SRC=([\d.]+)/){ my $srcaddr=$1; my $ccode = $gi->country_code_by_name($srcaddr); my $fcode;
# TODO: should local IP adresses be include as unknown, or excludedfrom the statistics totally ? # TODO: it would be nice to be able to group local IPs into "red", "green", "blue" etc if( $ccode eq "") { $ccode = "unknown"; } else { $tabjc{$ccode} = $tabjc{$ccode} + 1 ; if(($tabjc{$ccode} == 1) && ($lines < $pienumber)) { $lines = $lines + 1; } $linesjc++; } }
As you can see, I now decide to not include the local ip addresses. I also currently do not differentiate between local ip addresses and ip addresses where country code is actually unknown. I'll have to check if Geo::IP has some functionality to tell me if the address is part of "non routable addresses", like 192.168.x.y.
There certainly is a perl module (like this http://search.cpan.org/~neely/Data-Validate-IP-0.11/lib/Data/Validate/IP.pm), but we also have got some simple checks in setddns.pl for example.
Is there functionality existing in ipfire cgi-bin code to check if an ip address is part of the netmask of the "green", "red", "blue", "yellow" interface ? If so, I think I would like to treat them like "countries".
Yes. Have a look at /var/ipfire/general-functions.pl
Do other people find this functionality useful ?
Why not?
Regards Alf
Development mailing list Development@lists.ipfire.org http://lists.ipfire.org/mailman/listinfo/development
Hi
I preliminary version is available at : https://github.com/alfh/ipfire-2.x/tree/feature_firewalllogcountry
Currently I am struggling at getting the new functionality available in the menu, so I am asking if anyone has a tip on how to do that ? I've tried to edit the file : --- a/config/menu/70-log.menu +++ b/config/menu/70-log.menu @@ -33,6 +33,11 @@ 'title' => "$Lang::tr{'firewall logs port'}", 'enabled' => 1 }; + $sublogs->{'43.firewallcountry'} = {'caption' => $Lang::tr{'firewall logs country'}, + 'uri' => '/cgi-bin/logs.cgi/firewalllogcountry.dat', + 'title' => "$Lang::tr{'firewall logs country'}", + 'enabled' => 1 + };
but that does not seem to be enough.
Regards Alf
Den ons, februar 12, 2014, 20:41 skrev Michael Tremer:
Hi,
On Wed, 2014-02-12 at 18:21 +0100, Alf Høgemark wrote:
Hi
Based on the existing firewalllogip.dat and firewalllogport.dat,
I want
a similair function to show which countries gets blocked, to see which country is mainly
targeting
my servers.
I've made a preliminary prototype, you can see it here :
https://github.com/alfh/ipfire-2.x/commit/a99ee9ce4fcdc9e41bfdfd7bd169324d1a...
This works on my existing 2.13 Core75. There is no right menu, it is just a preliminary prototype as of
now.
What I basically have done, is to copy firewalllogip.dat and showrequestfromip.dat, and modified them so they work on "country for ip address" rather than
inidividual ip
address.
This raises a few questions in my mind :
Code duplication. By just copying the firewalllogip.dat, I
duplicate a
lot of code. To me, this also seems to be the case already, where
firewalllogip.dat
and firewalllogport.dat containing a lot of duplicated code. Any ideas how to avoid this ? Has it been discussed to try to minimze the existing code
duplication in
the cgi-bin files ?
You may create a perl file that will be included which provides functions for both scripts.
Do think "local ip addresses" should turn up in
firewalllogcounty.dat ?
No.
Here is the main part of my code : my $gi = Geo::IP::PurePerl->new(); ....
if($_ =~ /SRC=([\d.]+)/){ my $srcaddr=$1; my $ccode = $gi->country_code_by_name($srcaddr); my $fcode;
# TODO: should local IP adresses be include as unknown, or
excluded
from the statistics totally ? # TODO: it would be nice to be able to group local IPs into
"red",
"green", "blue" etc if( $ccode eq "") { $ccode = "unknown"; } else { $tabjc{$ccode} = $tabjc{$ccode} + 1 ; if(($tabjc{$ccode} == 1) && ($lines < $pienumber)) {
$lines =
$lines + 1; } $linesjc++; } }
As you can see, I now decide to not include the local ip
addresses.
I also currently do not differentiate between local ip addresses
and ip
addresses where country code is actually unknown. I'll have to check if Geo::IP has some functionality to tell
me if the
address is part of "non routable addresses", like
192.168.x.y.
There certainly is a perl module (like this
http://search.cpan.org/~neely/Data-Validate-IP-0.11/lib/Data/Validate/IP.pm),
but we also have got some simple checks in setddns.pl for example.
Is there functionality existing in ipfire cgi-bin code to check
if an ip
address is part of the netmask of the "green",
"red", "blue", "yellow"
interface ? If so, I think I would like to treat them like
"countries".
Yes. Have a look at /var/ipfire/general-functions.pl
Do other people find this functionality useful ?
Why not?
Regards Alf
Development mailing list Development@lists.ipfire.org http://lists.ipfire.org/mailman/listinfo/development
Hi,
On Sun, 2014-02-16 at 07:24 +0100, alf@i100.no wrote:
Hi
I preliminary version is available at : https://github.com/alfh/ipfire-2.x/tree/feature_firewalllogcountry
Currently I am struggling at getting the new functionality available in the menu, so I am asking if anyone has a tip on how to do that ? I've tried to edit the file : --- a/config/menu/70-log.menu +++ b/config/menu/70-log.menu @@ -33,6 +33,11 @@ 'title' => "$Lang::tr{'firewall logs port'}", 'enabled' => 1 };
- $sublogs->{'43.firewallcountry'} = {'caption' =>
$Lang::tr{'firewall logs country'},
'uri' =>'/cgi-bin/logs.cgi/firewalllogcountry.dat',
'title' => "$Lang::tr{'firewall logscountry'}",
'enabled' => 1};but that does not seem to be enough.
Basically, that's it.
The CGI script must be there and be executable and you are fine.
-Michael
Regards Alf
Den ons, februar 12, 2014, 20:41 skrev Michael Tremer:
Hi,
On Wed, 2014-02-12 at 18:21 +0100, Alf Høgemark wrote:
Hi
Based on the existing firewalllogip.dat and firewalllogport.dat, I
want
a similair function to show which countries gets blocked, to see which country is mainly
targeting
my servers.
I've made a preliminary prototype, you can see it here :
https://github.com/alfh/ipfire-2.x/commit/a99ee9ce4fcdc9e41bfdfd7bd169324d1a...
This works on my existing 2.13 Core75. There is no right menu, it is just a preliminary prototype as of
now.
What I basically have done, is to copy firewalllogip.dat and showrequestfromip.dat, and modified them so they work on "country for ip address" rather than inidividual ip address.
This raises a few questions in my mind :
Code duplication. By just copying the firewalllogip.dat, I
duplicate a
lot of code. To me, this also seems to be the case already, where
firewalllogip.dat
and firewalllogport.dat containing a lot of duplicated code. Any ideas how to avoid this ? Has it been discussed to try to minimze the existing code
duplication in
the cgi-bin files ?
You may create a perl file that will be included which provides functions for both scripts.
Do think "local ip addresses" should turn up in
firewalllogcounty.dat ?
No.
Here is the main part of my code : my $gi = Geo::IP::PurePerl->new(); ....
if($_ =~ /SRC=([\d.]+)/){ my $srcaddr=$1; my $ccode = $gi->country_code_by_name($srcaddr); my $fcode;
# TODO: should local IP adresses be include as unknown, or excluded from the statistics totally ? # TODO: it would be nice to be able to group local IPs into "red", "green", "blue" etc if( $ccode eq "") { $ccode = "unknown"; } else { $tabjc{$ccode} = $tabjc{$ccode} + 1 ; if(($tabjc{$ccode} == 1) && ($lines < $pienumber)) { $lines = $lines + 1; } $linesjc++; } }
As you can see, I now decide to not include the local ip addresses. I also currently do not differentiate between local ip addresses
and ip
addresses where country code is actually unknown. I'll have to check if Geo::IP has some functionality to tell me if
the
address is part of "non routable addresses", like 192.168.x.y.
There certainly is a perl module (like this
http://search.cpan.org/~neely/Data-Validate-IP-0.11/lib/Data/Validate/IP.pm),
but we also have got some simple checks in setddns.pl for example.
Is there functionality existing in ipfire cgi-bin code to check if
an ip
address is part of the netmask of the "green", "red", "blue",
"yellow"
interface ? If so, I think I would like to treat them like "countries".
Yes. Have a look at /var/ipfire/general-functions.pl
Do other people find this functionality useful ?
Why not?
Regards Alf
Development mailing list Development@lists.ipfire.org http://lists.ipfire.org/mailman/listinfo/development
Hi
It was the cache file for the language file at /var/ipfire/langs that was playing me a trick. I removed it, and then the menu option was available.
I've now made a pull request for this https://github.com/ipfire/ipfire-2.x/pull/12 The code is very much based on firewalllogip.dat and showrequestfromip.dat.
Those two files does not look too nice, and therefore my files does not look too nice. I was thinking about doing some major restructuringing, by having one "showrequestfrom.dat" file which could handle taking a contraint on source ip, source ip country or destination port, but it would require some major work, especially since it seems the code is using "comma separated query string" when handling a HTTP GET, instead of individual URL parameters.
So since I understand that the major web GUI code overhaul will happen in 3.x, I decided to not do any major changes now.
Regards Alf
On 02/17/2014 05:29 PM, Michael Tremer wrote:
Hi,
On Sun, 2014-02-16 at 07:24 +0100, alf@i100.no wrote:
Hi
I preliminary version is available at : https://github.com/alfh/ipfire-2.x/tree/feature_firewalllogcountry
Currently I am struggling at getting the new functionality available in the menu, so I am asking if anyone has a tip on how to do that ? I've tried to edit the file : --- a/config/menu/70-log.menu +++ b/config/menu/70-log.menu @@ -33,6 +33,11 @@ 'title' => "$Lang::tr{'firewall logs port'}", 'enabled' => 1 };
- $sublogs->{'43.firewallcountry'} = {'caption' =>
$Lang::tr{'firewall logs country'},
'uri' =>'/cgi-bin/logs.cgi/firewalllogcountry.dat',
'title' => "$Lang::tr{'firewall logscountry'}",
'enabled' => 1};but that does not seem to be enough.
Basically, that's it.
The CGI script must be there and be executable and you are fine.
-Michael
-
Alf Høgemark -
alf@i100.no
-
Michael Tremer