This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, master has been updated via dc1c56ca781324b2ef9fe895e388075df74a018a (commit) via 057249ba530658f9565021df825d7d76545eb625 (commit) from 9c2941ee78c8462065a0b42e780f5042f27103c9 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit dc1c56ca781324b2ef9fe895e388075df74a018a Merge: 057249b 9c2941e Author: Christian Schmidt christian.schmidt@ipfire.org Date: Sun Oct 10 07:12:18 2010 +0200
Merge branch 'master' of git://git.ipfire.org/ipfire-2.x
commit 057249ba530658f9565021df825d7d76545eb625 Author: Christian Schmidt christian.schmidt@ipfire.org Date: Sun Oct 10 07:09:34 2010 +0200
guardian: Added interface and alias detection. Added Forward Chain.
-----------------------------------------------------------------------
Summary of changes: config/guardian/guardian.pl | 60 +++++++++++++++++----------------- config/guardian/guardian_block.sh | 5 ++- config/guardian/guardian_unblock.sh | 5 ++- lfs/guardian | 2 +- src/initscripts/init.d/firewall | 5 ++- 5 files changed, 40 insertions(+), 37 deletions(-)
Difference in files: diff --git a/config/guardian/guardian.pl b/config/guardian/guardian.pl index 0c37c34..c7fd5f8 100644 --- a/config/guardian/guardian.pl +++ b/config/guardian/guardian.pl @@ -50,6 +50,8 @@ print "My gatewayaddess is: $gatewayaddr\n"; # destination was found. "$hostipaddr" => 1);
+&get_aliases; + %sshhash = ();
if ( -e $targetfile ) { @@ -186,8 +188,8 @@ sub ipchain { my ($source, $dest, $type) = @_; &write_log ("$source\t$type\n"); if ($hash{$source} eq "") { - &write_log ("Running '$blockpath $source'\n"); - system ("$blockpath $source"); + &write_log ("Running '$blockpath $source $interface'\n"); + system ("$blockpath $source $interface"); $hash{$source} = time() + $TimeLimit; } else { # We have already blocked this one, but snort detected another attack. So @@ -244,6 +246,9 @@ sub load_conf { } if (/Interface\s+(.*)/) { $interface = $1; + if ( $interface eq "" ) { + $interface = `cat /var/ipfire/ethernet/settings | grep RED_DEV | cut -d"=" -f2`; + } } if (/AlertFile\s+(.*)/) { $alert_file = $1; @@ -265,16 +270,13 @@ sub load_conf { } }
- if ($interface eq "") { - die "Fatal! Interface is undefined.. Please define it in $opt_o with keyword Interface\n"; - } if ($alert_file eq "") { print "Warning! AlertFile is undefined.. Assuming /var/log/snort.alert\n"; $alert_file="/var/log/snort.alert"; } if ($hostipaddr eq "") { print "Warning! HostIpAddr is undefined! Attempting to guess..\n"; - $hostipaddr = &get_ip($interface); + $hostipaddr = `cat /var/ipfire/red/local-ipaddress`; print "Got it.. your HostIpAddr is $hostipaddr\n"; } if ($ignorefile eq "") { @@ -345,30 +347,9 @@ sub daemonize { } }
-sub get_ip { - my ($interface) = $_[0]; - my $ip; - open (IFCONFIG, "/bin/netstat -iee |grep $interface -A7 |"); - while (<IFCONFIG>) { - if ($OS eq "FreeBSD") { - if (/inet (\d+.\d+.\d+.\d+)/) { - $ip = $1; - } - } - if ($OS eq "Linux") { - if (/inet addr:(\d+.\d+.\d+.\d+)/) { - $ip = $1; - } - } - } - close (IFCONFIG); - - if ($ip eq "") { die "Couldn't figure out the ip address\n"; } - $ip; - } - sub sig_handler_setup { - $SIG{TERM} = &clean_up_and_exit; # kill + $SIG{INT} = &clean_up_and_exit; # kill -2 + $SIG{TERM} = &clean_up_and_exit; # kill -9 $SIG{QUIT} = &clean_up_and_exit; # kill -3 # $SIG{HUP} = &flush_and_reload; # kill -1 } @@ -387,7 +368,7 @@ sub remove_blocks { sub call_unblock { my ($source, $message) = @_; &write_log ("$message"); - system ("$unblockpath $source"); + system ("$unblockpath $source $interface"); }
sub clean_up_and_exit { @@ -412,3 +393,22 @@ sub load_targetfile { close (TARG); print "Loaded $count addresses from $targetfile\n"; } + +sub get_aliases { + my $ip; + print "Scanning for aliases on $interface and add them to the target hash..."; + + open (IFCONFIG, "/sbin/ip addr show $interface |"); + my @lines = <IFCONFIG>; + close(IFCONFIG); + + foreach $line (@lines) { + if ( $line =~ /inet (\d+.\d+.\d+.\d+)/) { + $ip = $1; + print " got $ip on $interface ... "; + $targethash{'$ip'} = "1"; + } + } + + print "done \n"; +} \ No newline at end of file diff --git a/config/guardian/guardian_block.sh b/config/guardian/guardian_block.sh index 0a44325..a8331fa 100644 --- a/config/guardian/guardian_block.sh +++ b/config/guardian/guardian_block.sh @@ -2,10 +2,11 @@
# this is a sample block script for guardian. This should work with ipchains. # This command gets called by guardian as such: -# guardian_block.sh <source_ip> +# guardian_block.sh <source_ip> <interface> # and the script will issue a command to block all traffic from that source ip # address. The logic of weither or not it is safe to block that address is # done inside guardian itself. source=$1 +interface=$2
-/sbin/iptables -I GUARDIANINPUT -s $source -j DROP +/sbin/iptables -I GUARDIAN -s $source -i $interface -j DROP diff --git a/config/guardian/guardian_unblock.sh b/config/guardian/guardian_unblock.sh index e0d3b5d..315d771 100644 --- a/config/guardian/guardian_unblock.sh +++ b/config/guardian/guardian_unblock.sh @@ -2,8 +2,9 @@
# this is a sample unblock script for guardian. This should work with ipchains. # This command gets called by guardian as such: -# unblock.sh <source_ip> +# unblock.sh <source_ip> <interface> # and the script will issue a command to remove the block that was created with # block.sh address. source=$1 +interface=$2
-/sbin/iptables -D GUARDIANINPUT -s $source -j DROP +/sbin/iptables -D GUARDIAN -s $source -i $interface -j DROP diff --git a/lfs/guardian b/lfs/guardian index 6cec09b..251a56f 100644 --- a/lfs/guardian +++ b/lfs/guardian @@ -30,7 +30,7 @@ THISAPP = guardian-$(VER) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = guardian -PAK_VER = 6 +PAK_VER = 7
DEPS = ""
diff --git a/src/initscripts/init.d/firewall b/src/initscripts/init.d/firewall index 366ae07..f4d5611 100644 --- a/src/initscripts/init.d/firewall +++ b/src/initscripts/init.d/firewall @@ -140,8 +140,9 @@ case "$1" in # CUSTOM chains, can be used by the users themselves /sbin/iptables -N CUSTOMINPUT /sbin/iptables -A INPUT -j CUSTOMINPUT - /sbin/iptables -N GUARDIANINPUT - /sbin/iptables -A INPUT -j GUARDIANINPUT + /sbin/iptables -N GUARDIAN + /sbin/iptables -A INPUT -j GUARDIAN + /sbin/iptables -A FORWARD -j GUARDIAN /sbin/iptables -N CUSTOMFORWARD /sbin/iptables -A FORWARD -j CUSTOMFORWARD /sbin/iptables -N CUSTOMOUTPUT
hooks/post-receive -- IPFire 2.x development tree