[Ipcop-svn] SF.net SVN: ipcop:[7534] ipcop/trunk

owes Wed, 14 May 2014 07:34:46 -0700

Revision: 7534
          http://sourceforge.net/p/ipcop/svn/7534
Author:   owes
Date:     2014-05-14 14:34:12 +0000 (Wed, 14 May 2014)
Log Message:
-----------
Add option to enable/disable logging of broadcast packets. Often rules are 
added to not log these packets, for example Windows netbios.
Default setting is to not log broadcasts. Could be changed if someone objects 
before the next update.
Adjust fwrulesadm to better match our style.


Modified Paths:
--------------
    ipcop/trunk/html/cgi-bin/fwrulesadm.cgi
    ipcop/trunk/src/libs/DataAccess.pl
    ipcop/trunk/src/scripts/puzzleFwRules.pl
    ipcop/trunk/updates/2.1.6/ROOTFILES.i486-2.1.6

Modified: ipcop/trunk/html/cgi-bin/fwrulesadm.cgi
===================================================================
--- ipcop/trunk/html/cgi-bin/fwrulesadm.cgi     2014-05-14 09:38:21 UTC (rev 
7533)
+++ ipcop/trunk/html/cgi-bin/fwrulesadm.cgi     2014-05-14 14:34:12 UTC (rev 
7534)
@@ -108,6 +108,7 @@
 
         $ifacePolicies{$cgiparams{'IFACE_NAME'}}{'POLICY'}         = 
$cgiparams{'POLICY'};
         $ifacePolicies{$cgiparams{'IFACE_NAME'}}{'DEFAULT_LOG'}    = 
$cgiparams{'DEFAULT_LOG'};
+        $ifacePolicies{$cgiparams{'IFACE_NAME'}}{'DEFAULT_LOGBC'}  = 
$cgiparams{'DEFAULT_LOGBC'};
         $ifacePolicies{$cgiparams{'IFACE_NAME'}}{'DEFAULT_ACTION'} = 
$cgiparams{'DEFAULT_ACTION'};
         $ifacePolicies{$cgiparams{'IFACE_NAME'}}{'ADDRESSFILTER'}  = 
$cgiparams{'ADDRESSFILTER'};
 
@@ -218,42 +219,44 @@
     my $blueblob = '&nbsp;';
 
     my %selected;
-    $selected{'DEFAULT_ACTION'}{'reject'}                                      
             = '';
-    $selected{'DEFAULT_ACTION'}{'drop'}                                        
             = '';
+    $selected{'DEFAULT_ACTION'}{'reject'} = '';
+    $selected{'DEFAULT_ACTION'}{'drop'}   = '';
     
$selected{'DEFAULT_ACTION'}{$ifacePolicies{$cgiparams{'IFACE_NAME'}}{'DEFAULT_ACTION'}}
 = "selected='selected'";
 
-    $selected{'POLICY'}{'open'}                                             = 
'';
-    $selected{'POLICY'}{'half-open'}                                        = 
'';
-    $selected{'POLICY'}{'addressfilter'}                                      
= '';
-    $selected{'POLICY'}{'closed'}                                           = 
'';
+    $selected{'POLICY'}{'open'}          = '';
+    $selected{'POLICY'}{'half-open'}     = '';
+    $selected{'POLICY'}{'addressfilter'} = '';
+    $selected{'POLICY'}{'closed'}        = '';
     $selected{'POLICY'}{$ifacePolicies{$cgiparams{'IFACE_NAME'}}{'POLICY'}} = 
"selected='selected'";
 
-    $checked{'DEFAULT_LOG'}{'off'}                                             
      = '';
-    $checked{'DEFAULT_LOG'}{'on'}                                              
      = '';
+    $checked{'DEFAULT_LOG'}{'off'} = '';
+    $checked{'DEFAULT_LOG'}{'on'}  = '';
     
$checked{'DEFAULT_LOG'}{$ifacePolicies{$cgiparams{'IFACE_NAME'}}{'DEFAULT_LOG'}}
 = "checked='checked'";
 
-    $checked{'ADDRESSFILTER'}{'off'}                                           
        = '';
-    $checked{'ADDRESSFILTER'}{'on'}                                            
        = '';
+    $checked{'DEFAULT_LOGBC'}{'off'} = '';
+    $checked{'DEFAULT_LOGBC'}{'on'}  = '';
+    
$checked{'DEFAULT_LOGBC'}{$ifacePolicies{$cgiparams{'IFACE_NAME'}}{'DEFAULT_LOGBC'}}
 = "checked='checked'";
+
+    $checked{'ADDRESSFILTER'}{'off'} = '';
+    $checked{'ADDRESSFILTER'}{'on'}  = '';
     
$checked{'ADDRESSFILTER'}{$ifacePolicies{$cgiparams{'IFACE_NAME'}}{'ADDRESSFILTER'}}
 = "checked='checked'";
 
     print <<END;
 <form method='post' action='$ENV{'SCRIPT_NAME'}'>
-<table width='100%' cellpadding='0' cellspacing='5' border='0'>
+<table width='100%'>
 <tr>
-    <td align='left' class='base' width='15%' nowrap='nowrap'>
+    <td align='left' class='base' width='25%' nowrap='nowrap'>
         $Lang::tr{'interface'}:
     </td>
-    <td align='left' class='base'>
+    <td align='left' class='base' width='25%'>
         <b>$tr_iface</b>
         <input type='hidden' name='IFACE_NAME' 
value='$cgiparams{'IFACE_NAME'}' />
     </td>
-</tr>
-</table>
-
-<table width='100%' cellpadding='0' cellspacing='5' border='0'>
-<tr>
-    <td width='15%'>$Lang::tr{'policy'}:</td>
-    <td align='left' width='85%'>
+    <td width='25%'>&nbsp;</td>
+    <td width='25%'>&nbsp;</td>
+</tr><tr>
+    <td width='25%'>$Lang::tr{'policy'}:</td>
+    <td align='left' colspan='3'>
 END
 
     # RED and Custom Interfaces (do not have COLOR defined) always have 
'Closed' policy
@@ -280,40 +283,43 @@
     }
     print <<END;
     </td>
-</tr>
-<tr>
-    <td class='base'><br/>$Lang::tr{'logging'}:</td>
-    <td align='left'>
+</tr><tr>
+    <td class='base'>$Lang::tr{'logging'}:</td>
+    <td align='left' colspan='3'>
         <input type="checkbox" name="DEFAULT_LOG" 
$checked{'DEFAULT_LOG'}{'on'} />&nbsp;
         $Lang::tr{'enable logging not matched packets'}
     </td>
-</tr>
-<tr>
-    <td class='base'><br/>$Lang::tr{'default action'}:</td>
-    <td align='left'>
+</tr><tr>
+    <td class='base'>&nbsp;</td>
+    <td align='left' colspan='3'>
+        <input type="checkbox" name="DEFAULT_LOGBC" 
$checked{'DEFAULT_LOGBC'}{'on'} />&nbsp;
+        $Lang::tr{'enable logging not matched broadcast packets'}
+    </td>
+</tr><tr>
+    <td class='base'>$Lang::tr{'default action'}:</td>
+    <td align='left' colspan='3'>
         <select name='DEFAULT_ACTION'>
             <option value='drop' 
$selected{'DEFAULT_ACTION'}{'drop'}>DROP</option>
             <option value='reject' 
$selected{'DEFAULT_ACTION'}{'reject'}>REJECT</option>
         </select>
         &nbsp;$Lang::tr{'default action not matched packets'}
     </td>
-</tr>
-<tr>
+</tr><tr>
 END
 
     if (defined($FW::interfaces{$cgiparams{'IFACE_NAME'}}{'COLOR'}) &&
         ($FW::interfaces{$cgiparams{'IFACE_NAME'}}{'COLOR'} eq 'BLUE_COLOR')) {
         $blueblob = "<img src='/blob.gif' align='top' alt='*' 
/>&nbsp;$Lang::tr{'use addressfilter for this interface'}";
         print <<END;
-    <td class='base'><br/>$Lang::tr{'addressfilter'}:&nbsp;<img 
src='/blob.gif' alt='*' /></td>
-    <td align='left'>
+    <td class='base'>$Lang::tr{'addressfilter'}:&nbsp;<img src='/blob.gif' 
alt='*' /></td>
+    <td align='left' colspan='3'>
         <input type="checkbox" name="ADDRESSFILTER" 
$checked{'ADDRESSFILTER'}{'on'} />
     </td>
 END
     }
     else {
         print <<END;
-    <td class='base' colspan='2'>
+    <td class='base' colspan='4'>
         <input type='hidden' name='ADDRESSFILTER' value='-' />
     </td>
 END
@@ -414,7 +420,7 @@
     <td align='left' class='base' nowrap='nowrap'>
         &nbsp;
         <input type="checkbox" name="SHOW_COLORS" 
$checked{'SHOW_COLORS'}{'on'} />
-        &nbsp;$Lang::tr{'show interface colors'} <br />
+        &nbsp;$Lang::tr{'show interface colors'}
     </td>
 </tr>
 </table>

Modified: ipcop/trunk/src/libs/DataAccess.pl
===================================================================
--- ipcop/trunk/src/libs/DataAccess.pl  2014-05-14 09:38:21 UTC (rev 7533)
+++ ipcop/trunk/src/libs/DataAccess.pl  2014-05-14 14:34:12 UTC (rev 7534)
@@ -16,7 +16,7 @@
 # along with IPCop.  If not, see <http://www.gnu.org/licenses/>.
 #
 # Copyright (C) 2005 Achim Weber <dotzb...@users.sourceforge.net>
-# (c) 2007-2012, the IPCop team
+# (c) 2007-2014, the IPCop team
 #
 # $Id$
 #
@@ -909,7 +909,8 @@
         $policygRef->{$iface}{'POLICY'}         = $policy;
         $policygRef->{$iface}{'DEFAULT_LOG'}    = 'on';
         $policygRef->{$iface}{'DEFAULT_ACTION'} = $action;
-        $policygRef->{$iface}{'ADDRESSFILTER'} = $addressfilter;
+        $policygRef->{$iface}{'ADDRESSFILTER'}  = $addressfilter;
+        $policygRef->{$iface}{'DEFAULT_LOGBC'}  = 'off';
     }
 
     my %custIfaces = ();
@@ -919,7 +920,8 @@
         $policygRef->{$iface}{'POLICY'}         = 'closed';
         $policygRef->{$iface}{'DEFAULT_LOG'}    = 'on';
         $policygRef->{$iface}{'DEFAULT_ACTION'} = 'drop';
-        $policygRef->{$iface}{'ADDRESSFILTER'}    = '-';
+        $policygRef->{$iface}{'ADDRESSFILTER'}  = '-';
+        $policygRef->{$iface}{'DEFAULT_LOGBC'}  = 'off';
     }
 
     open(FILE, $DATA::policyFile) or die 'Unable to open policy file.';
@@ -933,7 +935,8 @@
         $policygRef->{$tmp[0]}{'POLICY'}         = $tmp[1];
         $policygRef->{$tmp[0]}{'DEFAULT_LOG'}    = $tmp[2];
         $policygRef->{$tmp[0]}{'DEFAULT_ACTION'} = $tmp[3];
-        $policygRef->{$tmp[0]}{'ADDRESSFILTER'} = $tmp[4];
+        $policygRef->{$tmp[0]}{'ADDRESSFILTER'}  = $tmp[4];
+        $policygRef->{$tmp[0]}{'DEFAULT_LOGBC'}  = $tmp[5] if 
(defined($tmp[5]));
     }
 }
 
@@ -949,7 +952,8 @@
         print FILE "$policygRef->{$iface}{'POLICY'},";
         print FILE "$policygRef->{$iface}{'DEFAULT_LOG'},";
         print FILE "$policygRef->{$iface}{'DEFAULT_ACTION'},";
-        print FILE "$policygRef->{$iface}{'ADDRESSFILTER'}\n";
+        print FILE "$policygRef->{$iface}{'ADDRESSFILTER'},";
+        print FILE "$policygRef->{$iface}{'DEFAULT_LOGBC'}\n";
     }
 
     close(FILE);

Modified: ipcop/trunk/src/scripts/puzzleFwRules.pl
===================================================================
--- ipcop/trunk/src/scripts/puzzleFwRules.pl    2014-05-14 09:38:21 UTC (rev 
7533)
+++ ipcop/trunk/src/scripts/puzzleFwRules.pl    2014-05-14 14:34:12 UTC (rev 
7534)
@@ -59,6 +59,7 @@
 # Init these settings, so we do not get a warning when settings are bad
 $FW::fwSettings{'ADV_MODE_ENABLE'} = 'off';
 $FW::fwSettings{'DEFAULT_LOG'}     = 'off';
+$FW::fwSettings{'DEFAULT_LOGBC'}   = 'off';
 $FW::fwSettings{'CON_STATE'}       = 'off';
 
 &FW::readValidSettings();
@@ -1097,13 +1098,19 @@
         }    #  if ($ifacePolicies{$inIface}{'POLICY'} eq 'open') {
 
         # default Logging (if enabled) + DROP/REJECT rules per interface
-        $defaultRule = "-A FW_LOG -i $FW::interfaces{$inIface}{'IFACE'} -j";
+        $defaultRule = "-A FW_LOG -i $FW::interfaces{$inIface}{'IFACE'}";
         my $defaultAction = 'DROP';
         $defaultAction = 'REJECT' if 
($ifacePolicies{$inIface}{'DEFAULT_ACTION'} eq 'reject');
         if ($ifacePolicies{$inIface}{'DEFAULT_LOG'} eq 'on') {
-            &prepareRule("$defaultRule LOG --log-prefix \"\U$inIface\E 
$defaultAction \" ");
+            if ($ifacePolicies{$inIface}{'DEFAULT_LOGBC'} eq 'on') {
+                &prepareRule("$defaultRule -j LOG --log-prefix \"\U$inIface\E 
$defaultAction \" ");
+            }
+            else {
+                # do not log broadcasts
+                &prepareRule("$defaultRule -m pkttype ! --pkt-type broadcast 
-j LOG --log-prefix \"\U$inIface\E $defaultAction \" ");
+            }
         }
-        &prepareRule("$defaultRule $defaultAction");
+        &prepareRule("$defaultRule -j $defaultAction");
 
     }    # foreach (source) interface END
 

Modified: ipcop/trunk/updates/2.1.6/ROOTFILES.i486-2.1.6
===================================================================
--- ipcop/trunk/updates/2.1.6/ROOTFILES.i486-2.1.6      2014-05-14 09:38:21 UTC 
(rev 7533)
+++ ipcop/trunk/updates/2.1.6/ROOTFILES.i486-2.1.6      2014-05-14 14:34:12 UTC 
(rev 7534)
@@ -4,8 +4,11 @@
 /etc/rc.d/rc.sysinit
 /etc/ssl/openssl.cnf
 /home/httpd/cgi-bin/changepw.cgi
+/home/httpd/cgi-bin/fwrulesadm.cgi
 /home/httpd/cgi-bin/proxy.cgi
 /home/httpd/cgi-bin/vpnca.cgi
+/usr/lib/ipcop/DataAccess.pl
+/usr/local/bin/puzzleFwRules.pl
 /usr/local/bin/restarthttpd
 /usr/local/bin/setreservedports.pl
 ##

This was sent by the SourceForge.net collaborative development platform, the 
world's largest Open Source development site.


------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos.
Get unparalleled scalability from the best Selenium testing platform available
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs
_______________________________________________
Ipcop-svn mailing list
Ipcop-svn@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ipcop-svn

[Ipcop-svn] SF.net SVN: ipcop:[7534] ipcop/trunk

Reply via email to