Feedback wanted on feature to show blocked IPs per country

alf at i100.no alf at i100.no
Sun Feb 16 07:24:12 CET 2014





Hi

I preliminary version is available at :
https://github.com/alfh/ipfire-2.x/tree/feature_firewalllogcountry

Currently I am struggling at getting the new functionality available in
the menu, so I am asking if anyone has a tip on how to do that ?
I've tried to edit the file :
--- a/config/menu/70-log.menu
+++ b/config/menu/70-log.menu
@@ -33,6 +33,11 @@
                   
             'title' =>
"$Lang::tr{'firewall logs port'}",
                   
             'enabled' =>
1
                   
             };
+    $sublogs->{'43.firewallcountry'} =
{'caption' => $Lang::tr{'firewall logs country'},
+                    
           'uri' =>
'/cgi-bin/logs.cgi/firewalllogcountry.dat',
+                    
           'title' =>
"$Lang::tr{'firewall logs country'}",
+                    
           'enabled' => 1
+                    
           };

but that does not seem to be enough.

Regards
Alf


Den ons, februar 12, 2014, 20:41 skrev Michael Tremer:
> Hi,
>
> On Wed, 2014-02-12 at 18:21 +0100, Alf Høgemark wrote:
>> Hi
>>
>> Based on the existing firewalllogip.dat and firewalllogport.dat,
I want
>> a similair function to show
>> which countries gets blocked, to see which country is mainly
targeting
>> my servers.
>>
>> I've made a preliminary prototype, you can see it here :
>>
https://github.com/alfh/ipfire-2.x/commit/a99ee9ce4fcdc9e41bfdfd7bd169324d1a0dcee0
>>
>> This works on my existing 2.13 Core75.
>> There is no right menu, it is just a preliminary prototype as of
now.
>>
>>
>> What I basically have done, is to copy firewalllogip.dat and
>> showrequestfromip.dat, and modified them
>> so they work on "country for ip address" rather than
inidividual ip
>> address.
>>
>> This raises a few questions in my mind :
>>
>> 1.
>> Code duplication. By just copying the firewalllogip.dat, I
duplicate a
>> lot of code.
>> To me, this also seems to be the case already, where
firewalllogip.dat
>> and firewalllogport.dat containing
>> a lot of duplicated code.
>> Any ideas how to avoid this ?
>> Has it been discussed to try to minimze the existing code
duplication in
>> the cgi-bin files ?
>
> You may create a perl file that will be included which provides
> functions for both scripts.
>
>> 2.
>> Do think "local ip addresses" should turn up in
firewalllogcounty.dat ?
>
> No.
>
>> Here is the main part of my code :
>> my $gi = Geo::IP::PurePerl->new();
>> ....
>>
>> if($_ =~ /SRC\=([\d\.]+)/){
>> my $srcaddr=$1;
>> my $ccode = $gi->country_code_by_name($srcaddr);
>> my $fcode;
>>
>> # TODO: should local IP adresses be include as unknown, or
excluded
>> from the statistics totally ?
>> # TODO: it would be nice to be able to group local IPs into
"red",
>> "green", "blue" etc
>> if( $ccode eq "") {
>> $ccode = "unknown";
>> }
>> else {
>> $tabjc{$ccode} = $tabjc{$ccode} + 1 ;
>> if(($tabjc{$ccode} == 1) && ($lines < $pienumber)) {
$lines =
>> $lines + 1; }
>> $linesjc++;
>> }
>> }
>>
>> As you can see, I now decide to not include the local ip
addresses.
>> I also currently do not differentiate between local ip addresses
and ip
>> addresses where country code is actually unknown.
>> I'll have to check if Geo::IP has some functionality to tell
me if the
>> address is part of "non routable addresses", like
192.168.x.y.
>
> There certainly is a perl module (like this
>
http://search.cpan.org/~neely/Data-Validate-IP-0.11/lib/Data/Validate/IP.pm),
> but we also have got some simple checks in setddns.pl for example.
>
>> 3.
>> Is there functionality existing in ipfire cgi-bin code to check
if an ip
>> address is part of the netmask of the "green",
"red", "blue", "yellow"
>> interface ?
>> If so, I think I would like to treat them like
"countries".
>
> Yes. Have a look at /var/ipfire/general-functions.pl
>
>> 4.
>> Do other people find this functionality useful ?
>
> Why not?
>
>>
>> Regards
>> Alf
>>
>> _______________________________________________
>> Development mailing list
>> Development at lists.ipfire.org
>> http://lists.ipfire.org/mailman/listinfo/development
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ipfire.org/pipermail/development/attachments/20140216/e2f83474/attachment.html>


More information about the Development mailing list