function ipsec_idinfo_to_text(&$idinfo)
{
global $config;
switch ($idinfo['type']) {
case "address":
return $idinfo['address'];
break;
/* NOTREACHED */
/* NOTREACHED */
case "network":
return $idinfo['address'] . "/" . $idinfo['netbits'];
break;
/* NOTREACHED */
/* NOTREACHED */
case "mobile":
return gettext("Mobile Client");
break;
/* NOTREACHED */
/* NOTREACHED */
case "none":
return gettext("None");
break;
/* NOTREACHED */
/* NOTREACHED */
default:
if (!empty($config['interfaces'][$idinfo['type']])) {
return convert_friendly_interface_to_friendly_descr($idinfo['type']);
} else {
return strtoupper($idinfo['type']);
}
break;
/* NOTREACHED */
}
}
function get_interface_addr($if)
{
global $config;
$ifdescr = convert_friendly_interface_to_friendly_descr($if);
/* find out interface name */
if ($ifdescr == "wan") {
$if = get_real_wan_interface();
} else {
$if = $config['interfaces'][$ifdescr];
}
return $if;
}
unset($network, $subnet);
}
}
}
if ($_POST['ipaddrv6']) {
if (!is_ipaddrv6($_POST['ipaddrv6'])) {
$input_errors[] = gettext("A valid IPv6 address must be specified.");
} else {
if (ip_in_subnet($_POST['ipaddrv6'], "fe80::/10")) {
$input_errors[] = gettext("IPv6 link local addresses cannot be configured as an interface IP.");
}
$where_ipaddr_configured = where_is_ipaddr_configured($_POST['ipaddrv6'], $if, true, true, $_POST['subnetv6']);
if (count($where_ipaddr_configured)) {
$subnet_conflict_text = sprintf(gettext("IPv6 address %s is being used by or overlaps with:"), $_POST['ipaddrv6'] . "/" . $_POST['subnetv6']);
foreach ($where_ipaddr_configured as $subnet_conflict) {
$subnet_conflict_text .= " " . convert_friendly_interface_to_friendly_descr($subnet_conflict['if']) . " (" . $subnet_conflict['ip_or_subnet'] . ")";
}
$input_errors[] = $subnet_conflict_text;
}
foreach ($staticroutes as $route_subnet) {
list($network, $subnet) = explode("/", $route_subnet);
if ($_POST['subnetv6'] == $subnet && $network == gen_subnetv6($_POST['ipaddrv6'], $_POST['subnetv6'])) {
$input_errors[] = gettext("This IPv6 address conflicts with a Static Route.");
break;
}
unset($network, $subnet);
}
}
}
if ($_POST['subnet'] && !is_numeric($_POST['subnet'])) {
$input_errors[] = gettext("A valid subnet bit count must be specified.");
?>
<div class="content">
<table>
<tr>
<?php
echo '<td class="widgetsubheader" align="center">' . gettext("Computer / Device") . '</td>';
echo '<td class="widgetsubheader" align="center">' . gettext("Interface") . '</td>';
echo '<td class="widgetsubheader" align="center">' . gettext("Status") . '</td>';
?>
<td class="widgetsubheader"> </td>
</tr>
<?php
if (count($wolcomputers) > 0) {
foreach ($wolcomputers as $wolent) {
echo '<tr><td class="listlr">' . $wolent['descr'] . '<br />' . $wolent['mac'] . '</td>' . "\n";
echo '<td class="listr">' . convert_friendly_interface_to_friendly_descr($wolent['interface']) . '</td>' . "\n";
$is_active = exec("/usr/sbin/arp -an |/usr/bin/grep {$wolent['mac']}| /usr/bin/wc -l|/usr/bin/awk '{print \$1;}'");
$status = exec("/usr/sbin/arp -an | /usr/bin/awk '\$4 == \"{$wolent['mac']}\" { print \$7 }'");
if ($status == 'expires') {
echo '<td class="listr" align="center">' . "\n";
echo "<img src=\"/themes/" . $g["theme"] . "/images/icons/icon_pass.gif\" alt=\"pass\" /> " . gettext("Online") . "</td>\n";
} else {
if ($status == 'permanent') {
echo '<td class="listr" align="center">' . "\n";
echo "<img src=\"/themes/" . $g["theme"] . "/images/icons/icon_pass_d.gif\" alt=\"pass\" /> " . gettext("Static ARP") . "</td>\n";
} else {
echo '<td class="listbg" align="center">' . "\n";
echo "<img src=\"/themes/" . $g["theme"] . "/images/icons/icon_block.gif\" alt=\"block\" /> <font color=\"white\">" . gettext("Offline") . "</font></td>\n";
}
}
echo '<td valign="middle" class="list nowrap">';
<i class="fa fa-hand-paper-o text-danger" title="<?php
echo gettext("Negated: This rule excludes NAT from a later rule");
?>
"></i>
<?php
}
?>
</a>
</td>
<td>
<?php
echo $textss;
if (!$natent['interface']) {
echo htmlspecialchars(convert_friendly_interface_to_friendly_descr("wan"));
} else {
echo htmlspecialchars(convert_friendly_interface_to_friendly_descr($natent['interface']));
}
echo $textse;
?>
</td>
<td>
<?php
$source_net = pprint_address($natent['source']);
$source_cidr = strstr($source_net, '/');
echo $textss . $natent['external'] . $source_cidr . $textse;
?>
</td>
<td>
<?php
echo $textss . $source_net . $textse;
?>
?>
</th>
<th><?php
echo gettext("Actions");
?>
</th>
</tr>
</thead>
<tbody>
<?php
foreach ($a_gifs as $i => $gif) {
?>
<tr>
<td>
<?php
echo htmlspecialchars(convert_friendly_interface_to_friendly_descr($gif['if']));
?>
</td>
<td>
<?php
echo htmlspecialchars($gif['remote-addr']);
?>
</td>
<td>
<?php
echo htmlspecialchars($gif['descr']);
?>
</td>
<td>
<a class="fa fa-pencil" title="<?php
echo gettext('Edit GIF interface');
foreach ($config['virtualip']['vip'] as $carp) {
if ($carp['mode'] != "carp") {
continue;
}
$ipaddress = $carp['subnet'];
$password = $carp['password'];
$netmask = $carp['subnet_bits'];
$vhid = $carp['vhid'];
$advskew = $carp['advskew'];
$status = get_carp_interface_status("_vip{$carp['uniqid']}");
?>
<tr>
<td>
<a href="/system_hasync.php">
<?php
echo htmlspecialchars(convert_friendly_interface_to_friendly_descr($carp['interface']) . "@{$vhid}");
?>
</a>
</td>
<?php
if ($carp_enabled == false) {
$icon = 'times-circle';
$status = "DISABLED";
} else {
if ($status == "MASTER") {
$icon = 'play-circle text-success';
} else {
if ($status == "BACKUP") {
$icon = 'pause-circle text-warning';
} else {
if ($status == "INIT") {
$no_rules_footnote = false;
if ($id_gen == 0) {
$no_rules = false;
} else {
$no_rules = true;
}
foreach ($a_nat as $natent) {
?>
<tr valign="top" id="fr<?php
echo $nnats;
?>
">
<?php
/* convert fake interfaces to real and check if iface is up */
$if_real = get_real_interface($natent['interface']);
$natend_friendly = convert_friendly_interface_to_friendly_descr($natent['interface']);
$snort_uuid = $natent['uuid'];
if (!snort_is_running($snort_uuid, $if_real)) {
$iconfn = 'block';
$iconfn_msg1 = 'Snort is not running on ';
$iconfn_msg2 = '. Click to start.';
} else {
$iconfn = 'pass';
$iconfn_msg1 = 'Snort is running on ';
$iconfn_msg2 = '. Click to stop.';
}
if (!snort_is_running($snort_uuid, $if_real, 'barnyard2')) {
$biconfn = 'block';
$biconfn_msg1 = 'Barnyard2 is not running on ';
$biconfn_msg2 = '. Click to start.';
} else {
</td>
</tr>
<?php
}
// Show the anti-lockout rule if it's enabled, and we are on LAN with an if count > 1, or WAN with an if count of 1.
if (!isset($config['system']['webgui']['noantilockout']) && (count($config['interfaces']) > 1 && $selected_if == 'lan' || count($config['interfaces']) == 1 && $selected_if == 'wan')) {
$alports = implode('<br />', filter_get_antilockout_ports(true));
?>
<tr valign="top">
<td> </td>
<td><span class="glyphicon glyphicon-play text-success"></span></td>
<td>*</td>
<td>*</td>
<td class="hidden-xs hidden-sm">*</td>
<td class="hidden-xs hidden-sm"><?php
echo htmlspecialchars(convert_friendly_interface_to_friendly_descr($selected_if));
?>
Address</td>
<td class="hidden-xs hidden-sm"><?php
echo $alports;
?>
</td>
<td class="hidden-xs hidden-sm">*</td>
<td class="hidden-xs hidden-sm"> </td>
<td><?php
echo gettext("Anti-Lockout Rule");
?>
</td>
<td>
<a href="system_advanced_admin.php" title="<?php
echo gettext("edit rule");
$interface = "none";
$dnsgw = "dns{$dnscounter}gwint";
if ($pconfig[$dnsgw] == $interface) {
$selected = "selected";
} else {
$selected = "";
}
echo "<option value='{$interface}' {$selected}>" . ucwords($interface) . "</option>\n";
foreach ($interfaces as $interface) {
if (interface_has_gateway($interface)) {
if ($pconfig[$dnsgw] == $interface) {
$selected = "selected";
} else {
$selected = "";
}
$friendly_interface = convert_friendly_interface_to_friendly_descr($interface);
echo "<option value='{$interface}' {$selected}>" . ucwords($friendly_interface) . "</option>\n";
}
}
?>
</select>
<?php
}
?>
</td>
</tr>
<?php
}
?>
</table>
<br>
<th><?php
echo gettext("Description");
?>
</th>
<th></th>
</tr>
</thead>
<tbody>
<?php
$i = 0;
foreach ($a_igmpproxy as $igmpentry) {
?>
<tr>
<td>
<?php
echo htmlspecialchars(convert_friendly_interface_to_friendly_descr($igmpentry['ifname']));
?>
</td>
<td>
<?php
echo htmlspecialchars($igmpentry['type']);
?>
</td>
<td>
<?php
$addresses = implode(", ", array_slice(explode(" ", $igmpentry['address']), 0, 10));
print $addresses;
if (count($addresses) < 10) {
print ' ';
} else {
print '...';
conf_mount_rw();
suricata_generate_yaml($natent);
conf_mount_ro();
// Sync to configured CARP slaves if any are enabled
suricata_sync_on_changes();
}
header('Expires: Sat, 26 Jul 1997 05:00:00 GMT');
header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
header('Cache-Control: no-store, no-cache, must-revalidate');
header('Cache-Control: post-check=0, pre-check=0', false);
header('Pragma: no-cache');
header("Location: suricata_app_parsers.php?id={$id}");
exit;
}
}
$if_friendly = convert_friendly_interface_to_friendly_descr($pconfig['interface']);
$pgtitle = gettext("Suricata: Interface {$if_friendly} - Application Layer Parsers");
include_once "head.inc";
?>
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
<?php
include "fbegin.inc";
/* Display error message */
if ($input_errors) {
print_input_errors($input_errors);
}
?>
<form action="suricata_app_parsers.php" method="post" name="iform" id="iform">
<input name="id" type="hidden" value="<?php
}
if (!is_dir("{$snortdir}/snort_{$value['uuid']}_{$if_real}/rules")) {
safe_mkdir("{$snortdir}/snort_{$value['uuid']}_{$if_real}/rules");
}
if (!is_dir("{$snortdir}/snort_{$value['uuid']}_{$if_real}/preproc_rules")) {
safe_mkdir("{$snortdir}/snort_{$value['uuid']}_{$if_real}/preproc_rules");
}
if (!is_dir("{$snortdir}/snort_{$value['uuid']}_{$if_real}/snort_dynamicpreprocessor")) {
safe_mkdir("{$snortdir}/snort_{$value['uuid']}_{$if_real}/snort_dynamicpreprocessor");
}
snort_apply_customizations($value, $if_real);
/* Log a message in Update Log if protecting customized preprocessor rules. */
$tmp = "\t" . $tmp . "\n";
if ($value['protect_preproc_rules'] == 'on') {
$tmp .= gettext("\tPreprocessor text rules flagged as protected and not updated for ");
$tmp .= convert_friendly_interface_to_friendly_descr($value['interface']) . "...\n";
}
error_log($tmp, 3, SNORT_RULES_UPD_LOGFILE);
}
} else {
if ($pkg_interface != "console") {
update_output_window(gettext("Warning: No interfaces configured for Snort were found..."));
update_output_window(gettext("No interfaces currently have Snort configured and enabled on them..."));
}
error_log(gettext("\tWarning: No interfaces configured for Snort were found...\n"), 3, SNORT_RULES_UPD_LOGFILE);
}
/* Clear the rebuild rules flag. */
$rebuild_rules = false;
/* Restart snort if running, and not in post-install, so as to pick up the new rules. */
if (!$g['snort_postinstall'] && is_service_running("snort") && count($config['installedpackages']['snortglobal']['rule']) > 0) {
if ($pkg_interface != "console") {
echo $textse;
?>
</td>
<td class="listr" onclick="fr_toggle(<?php
echo $i;
?>
)" id="frd<?php
echo $i;
?>
" ondblclick="document.location='system_gateways_edit.php?id=<?php
echo $i;
?>
';">
<?php
echo $textss;
echo htmlspecialchars(convert_friendly_interface_to_friendly_descr($gateway['friendlyiface']));
echo $textse;
?>
</td>
<td class="listr" onclick="fr_toggle(<?php
echo $i;
?>
)" id="frd<?php
echo $i;
?>
" ondblclick="document.location='system_gateways_edit.php?id=<?php
echo $i;
?>
';">
<?php
echo $textss;
<tr>
<td class="listtopic" colspan="2">Graph Settings</td>
</tr>
<tr>
<td width="20%" class="listhdr">
<?php
echo gettext("Graphs:");
?>
</td>
<td width="80%" class="listhdr">
<select name="graph" class="formselect" style="z-index: -10;">
<?php
foreach ($custom_databases as $db => $database) {
$optionc = explode("-", $database);
$optionc[1] = str_replace(".rrd", "", $optionc[1]);
$friendly = convert_friendly_interface_to_friendly_descr(strtolower($optionc[0]));
if (!empty($friendly)) {
$optionc[0] = $friendly;
}
$prettyprint = ucwords(implode(" :: ", $optionc));
echo "<option value=\"{$database}\"";
if ($pconfig['graph'] == $database) {
echo " selected";
}
echo ">" . htmlspecialchars($prettyprint) . "</option>\n";
}
?>
</select>
</td>
</tr>
<tr>
</td>
<td class="listr" onclick="fr_toggle(<?php
echo $i;
?>
)" id="frd<?php
echo $i;
?>
" ondblclick="document.location='system_routes_edit.php?id=<?php
echo $i;
?>
';">
<?php
echo $textss;
?>
<?php
echo convert_friendly_interface_to_friendly_descr($a_gateways[$route['gateway']]['friendlyiface']) . " ";
?>
<?php
echo $textse;
?>
</td>
<td class="listbg" onclick="fr_toggle(<?php
echo $i;
?>
)" ondblclick="document.location='system_routes_edit.php?id=<?php
echo $i;
?>
';">
<?php
echo $textss;
echo htmlspecialchars($route['descr']);
/* Clear the rebuild rules flag. */
$rebuild_rules = false;
/* Restart Suricata if already running and we are not in post-install, so as to pick up the new rules. */
if (is_process_running("suricata") && !$g['suricata_postinstall'] && count($config['installedpackages']['suricata']['rule']) > 0) {
// See if "Live Reload" is configured and signal each Suricata instance
// if enabled, else just do a hard restart of all the instances.
if ($config['installedpackages']['suricata']['config'][0]['live_swap_updates'] == 'on') {
if ($pkg_interface != "console") {
update_status(gettext('Signaling Suricata to live-load the new set of rules...'));
update_output_window(gettext("Please wait ... the process should complete in a few seconds..."));
}
log_error(gettext("[Suricata] Live-Reload of rules from auto-update is enabled..."));
error_log(gettext("\tLive-Reload of updated rules is enabled...\n"), 3, SURICATA_RULES_UPD_LOGFILE);
foreach ($config['installedpackages']['suricata']['rule'] as $value) {
suricata_reload_config($value);
error_log(gettext("\tLive swap of updated rules requested for " . convert_friendly_interface_to_friendly_descr($value['interface']) . ".\n"), 3, SURICATA_RULES_UPD_LOGFILE);
}
log_error(gettext("[Suricata] Live-Reload of updated rules completed..."));
error_log(gettext("\tLive-Reload of the updated rules is complete.\n"), 3, SURICATA_RULES_UPD_LOGFILE);
} else {
if ($pkg_interface != "console") {
update_status(gettext('Restarting Suricata to activate the new set of rules...'));
update_output_window(gettext("Please wait ... restarting Suricata will take some time..."));
}
error_log(gettext("\tRestarting Suricata to activate the new set of rules...\n"), 3, SURICATA_RULES_UPD_LOGFILE);
restart_service("suricata");
if ($pkg_interface != "console") {
update_output_window(gettext("Suricata has restarted with your new set of rules..."));
}
log_error(gettext("[Suricata] Suricata has restarted with your new set of rules..."));
error_log(gettext("\tSuricata has restarted with your new set of rules.\n"), 3, SURICATA_RULES_UPD_LOGFILE);
if (!$pconfig['localid_address'] || !is_ipaddr($pconfig['localid_address'])) {
$input_errors[] = gettext("A valid local network IP address must be specified.");
} elseif (is_ipaddrv4($pconfig['localid_address']) && $pconfig['mode'] != "tunnel") {
$input_errors[] = gettext("A valid local network IPv4 address must be specified or you need to change Mode to IPv6");
} elseif (is_ipaddrv6($pconfig['localid_address']) && $pconfig['mode'] != "tunnel6") {
$input_errors[] = gettext("A valid local network IPv6 address must be specified or you need to change Mode to IPv4");
}
break;
}
/* Check if the localid_type is an interface, to confirm if it has a valid subnet. */
if (isset($config['interfaces'][$pconfig['localid_type']])) {
// Don't let an empty subnet into racoon.conf, it can cause parse errors. Ticket #2201.
$address = get_interface_ip($pconfig['localid_type']);
$netbits = get_interface_subnet($pconfig['localid_type']);
if (empty($address) || empty($netbits)) {
$input_errors[] = gettext("Invalid Local Network.") . " " . convert_friendly_interface_to_friendly_descr($pconfig['localid_type']) . " " . gettext("has no subnet.");
}
}
if (!empty($pconfig['natlocalid_address'])) {
switch ($pconfig['natlocalid_type']) {
case "network":
if ($pconfig['natlocalid_netbits'] != 0 && !$pconfig['natlocalid_netbits'] || !is_numeric($pconfig['natlocalid_netbits'])) {
$input_errors[] = gettext("A valid NAT local network bit count must be specified.");
}
if ($pconfig['localid_type'] == "address") {
$input_errors[] = gettext("You cannot configure a network type address for NAT while only an address type is selected for local source.");
}
// address rules also apply to network type (hence, no break)
// address rules also apply to network type (hence, no break)
case "address":
if (!empty($pconfig['natlocalid_address']) && !is_ipaddr($pconfig['natlocalid_address'])) {
update_output_window($static_output);
log_error(gettext("[Suricata] Downloading and updating configured rule types..."));
if ($pkg_interface != "console") {
$suricata_gui_include = true;
}
include '/usr/local/pkg/suricata/suricata_check_for_rule_updates.php';
update_status(gettext("Generating suricata.yaml configuration file from saved settings..."));
$rebuild_rules = true;
conf_mount_rw();
// Create the suricata.yaml files for each enabled interface
$suriconf = $config['installedpackages']['suricata']['rule'];
foreach ($suriconf as $suricatacfg) {
$if_real = get_real_interface($suricatacfg['interface']);
$suricata_uuid = $suricatacfg['uuid'];
$suricatacfgdir = "{$suricatadir}suricata_{$suricata_uuid}_{$if_real}";
$static_output .= gettext("Generating YAML configuration file for " . convert_friendly_interface_to_friendly_descr($suricatacfg['interface']) . "...");
update_output_window($static_output);
// Pull in the PHP code that generates the suricata.yaml file
// variables that will be substituted further down below.
include "/usr/local/pkg/suricata/suricata_generate_yaml.php";
// Pull in the boilerplate template for the suricata.yaml
// configuration file. The contents of the template along
// with substituted variables are stored in $suricata_conf_text
// (which is defined in the included file).
include "/usr/local/pkg/suricata/suricata_yaml_template.inc";
// Now write out the conf file using $suricata_conf_text contents
@file_put_contents("{$suricatacfgdir}/suricata.yaml", $suricata_conf_text);
unset($suricata_conf_text);
// create barnyard2.conf file for interface
if ($suricatacfg['barnyard_enable'] == 'on') {
suricata_generate_barnyard2_conf($suricatacfg, $if_real);
/images/icons/icon_plus.gif" width="17" height="17" border="0" alt="add" /></a></td>
</tr>
</table>
</td>
</tr>
<?php
$i = 0;
foreach ($a_wol as $wolent) {
?>
<tr>
<td class="listlr" ondblclick="document.location='services_wol_edit.php?id=<?php
echo $i;
?>
';">
<?php
echo convert_friendly_interface_to_friendly_descr($wolent['interface']);
?>
</td>
<td class="listr" ondblclick="document.location='services_wol_edit.php?id=<?php
echo $i;
?>
';">
<a href="?mac=<?php
echo $wolent['mac'];
?>
&if=<?php
echo $wolent['interface'];
?>
"><?php
echo strtolower($wolent['mac']);
?>
foreach ($portlist as $portname => $portinfo) {
$portifmap[$portname] = array();
}
/* Go through the list of ports selected by the user,
build a list of port-to-interface mappings in portifmap */
foreach ($_POST as $ifname => $ifport) {
if ($ifname == 'lan' || $ifname == 'wan' || substr($ifname, 0, 3) == 'opt') {
$portifmap[$ifport][] = strtoupper($ifname);
}
}
/* Deliver error message for any port with more than one assignment */
foreach ($portifmap as $portname => $ifnames) {
if (count($ifnames) > 1) {
$errstr = sprintf(gettext('Port %1$s ' . ' was assigned to %2$s' . ' interfaces:'), $portname, count($ifnames));
foreach ($portifmap[$portname] as $ifn) {
$errstr .= " " . convert_friendly_interface_to_friendly_descr(strtolower($ifn)) . " (" . $ifn . ")";
}
$input_errors[] = $errstr;
} else {
if (count($ifnames) == 1 && preg_match('/^bridge[0-9]/', $portname) && is_array($config['bridges']['bridged']) && count($config['bridges']['bridged'])) {
foreach ($config['bridges']['bridged'] as $bridge) {
if ($bridge['bridgeif'] != $portname) {
continue;
}
$members = explode(",", strtoupper($bridge['members']));
foreach ($members as $member) {
if ($member == $ifnames[0]) {
$input_errors[] = sprintf(gettext("You cannot set port %s to interface %s because this interface is a member of %s."), $portname, $member, $portname);
break;
}
}
if ($archivestart <= $start) {
$average = $rra * 60;
break;
}
}
foreach ($scales as $scalelength => $value) {
if ($scalelength >= $seconds) {
$scale = $value;
break;
}
}
// log_error("start $start, end $end, archivestart $archivestart, average $average, scale $scale, seconds $seconds");
/* Deduce a interface if possible and use the description */
$curif = explode("-", $curdatabase);
$curif = "{$curif['0']}";
$friendly = convert_friendly_interface_to_friendly_descr(strtolower($curif));
if ($friendly == "") {
$friendly = $curif;
}
$search = array("-", ".rrd", $curif);
$replace = array(" :: ", "", $friendly);
$prettydb = ucwords(str_replace($search, $replace, $curdatabase));
$rrdtool = "/usr/bin/nice -n20 /usr/local/bin/rrdtool";
$uptime = "/usr/bin/uptime";
$sed = "/usr/bin/sed";
$havg = timeDiff($average, $defOptions);
$hperiod = timeDiff($seconds, $defOptions);
$data = true;
/* Don't leave it up to RRD Tool to select the RRA and resolution to use. */
/* Specify the RRA and resolution to use per the graph havg value. */
switch ($havg) {
} else {
if (isset($broadcast_addr) && $_POST['subnet'] == $broadcast_addr) {
$input_errors[] = gettext("You cannot use the broadcast address for this VIP");
}
}
}
/* make sure new ip is within the subnet of a valid ip
* on one of our interfaces (wan, lan optX)
*/
switch ($_POST['mode']) {
case 'carp':
/* verify against reusage of vhids */
$idtracker = 0;
foreach ($config['virtualip']['vip'] as $vip) {
if ($vip['vhid'] == $_POST['vhid'] && $vip['interface'] == $_POST['interface'] && $idtracker != $id) {
$input_errors[] = sprintf(gettext("VHID %s is already in use on interface %s. Pick a unique number on this interface."), $_POST['vhid'], convert_friendly_interface_to_friendly_descr($_POST['interface']));
}
$idtracker++;
}
if (empty($_POST['password'])) {
$input_errors[] = gettext("You must specify a CARP password that is shared between the two VHID members.");
}
if ($_POST['interface'] == 'lo0') {
$input_errors[] = gettext("For this type of vip localhost is not allowed.");
} else {
if (strpos($_POST['interface'], '_vip')) {
$input_errors[] = gettext("A CARP parent interface can only be used with IP Alias type Virtual IPs.");
}
}
break;
case 'ipalias':
?>
</td>
<td class="hidden-xs hidden-sm">
<?php
echo !empty($natent['protocol']) ? $natent['protocol'] . '/' : "";
?>
<?php
echo empty($natent['dstport']) ? "*" : $natent['dstport'];
?>
</td>
<td class="hidden-xs hidden-sm">
<?php
if (isset($natent['nonat'])) {
$nat_address = '<I>NO NAT</I>';
} elseif (empty($natent['target'])) {
$nat_address = htmlspecialchars(convert_friendly_interface_to_friendly_descr($natent['interface'])) . " address";
} elseif ($natent['target'] == "other-subnet") {
$nat_address = $natent['targetip'] . '/' . $natent['targetip_subnet'];
} else {
$nat_address = $natent['target'];
}
?>
<?php
echo $nat_address;
?>
</td>
<td class="hidden-xs hidden-sm">
<?php
echo empty($natent['natport']) ? "*" : $natent['natport'];
?>
</td>
<td class="listlr" ondblclick="document.location='services_captiveportal.php?zone=<?php
echo $cpzone;
?>
';">
<?php
echo htmlspecialchars($cpitem['zone']);
?>
</td>
<td class="listlr" ondblclick="document.location='services_captiveportal.php?zone=<?php
echo $cpzone;
?>
';">
<?php
$cpifaces = explode(",", $cpitem['interface']);
foreach ($cpifaces as $cpiface) {
echo convert_friendly_interface_to_friendly_descr($cpiface) . " ";
}
?>
</td>
<td class="listr" ondblclick="document.location='services_captiveportal.php?zone=<?php
echo $cpzone;
?>
';">
<?php
$cpdb = new OPNsense\CaptivePortal\DB($cpzone);
echo $cpdb->countClients();
?>
</td>
<td class="listbg" ondblclick="document.location='services_captiveportal.php?zone=<?php
echo $cpzone;
?>
suricata_barnyard_stop($a_nat[$id], get_real_interface($a_nat[$id]['interface']));
} elseif ($a_nat[$id]['barnyard_enable'] == "on") {
if (suricata_is_running($a_nat[$id]['uuid'], get_real_interface($a_nat[$id]['interface']), "barnyard2")) {
suricata_barnyard_reload_config($a_nat[$id], "HUP");
} else {
// Notify user a Suricata restart is required if enabling Barnyard2 for the first time
$savemsg = gettext("NOTE: you must restart Suricata on this interface to activate unified2 logging for Barnyard2.");
}
}
$pconfig = $natent;
} else {
// We had errors, so save previous field data to prevent retyping
$pconfig = $_POST;
}
}
$if_friendly = convert_friendly_interface_to_friendly_descr($a_nat[$id]['interface']);
$pgtitle = gettext("Suricata: Interface {$if_friendly} - Barnyard2 Settings");
include_once "head.inc";
?>
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
<?php
include "fbegin.inc";
?>
<form action="suricata_barnyard.php" method="post" name="iform" id="iform">
<?php
/* Display Alert message */
if ($input_errors) {
print_input_errors($input_errors);
}
/* Only relocate the entry if we */
/* found it, and it's not already */
/* at the end. */
if ($i > -1 && $i < count($a_nat) - 1) {
$tmp = $a_nat[$i];
unset($a_nat[$i]);
$a_nat[] = $tmp;
}
}
/* Now write the new engine array to conf */
write_config("Snort pkg: modified ftp_telnet_client engine settings.");
header("Location: /snort/snort_preprocessors.php?id={$id}#ftp_telnet_row_ftp_proto_opts");
exit;
}
}
$if_friendly = convert_friendly_interface_to_friendly_descr($config['installedpackages']['snortglobal']['rule'][$id]['interface']);
$pgtitle = gettext("Snort: Interface {$if_friendly} - FTP Preprocessor Client Engine");
include_once "head.inc";
?>
<body link="#0000CC" vlink="#0000CC" alink="#0000CC" >
<?php
include "fbegin.inc";
if ($input_errors) {
print_input_errors($input_errors);
}
if ($savemsg) {
print_info_box($savemsg);
}
?>
function build_options()
{
global $curcat, $custom_databases, $ui_databases;
$optionslist = array();
if ($curcat == "custom") {
foreach ($custom_databases as $db => $database) {
$optionc = explode("-", $database);
$friendly = convert_friendly_interface_to_friendly_descr(strtolower($optionc[0]));
if (empty($friendly)) {
$friendly = $optionc[0];
}
$search = array("-", ".rrd", $optionc[0]);
$replace = array(" :: ", "", $friendly);
$prettyprint = ucwords(str_replace($search, $replace, $database));
$optionslist[$database] = htmlspecialchars($prettyprint);
}
}
foreach ($ui_databases as $db => $database) {
if (!preg_match("/({$curcat})/i", $database)) {
continue;
}
if ($curcat == "captiveportal" && !empty($curzone) && !preg_match("/captiveportal-{$curzone}/i", $database)) {
continue;
}
$optionc = explode("-", $database);
$search = array("-", ".rrd", $optionc);
$replace = array(" :: ", "", $friendly);
switch ($curcat) {
case "captiveportal":
$optionc = str_replace($search, $replace, $optionc[2]);
$prettyprint = ucwords(str_replace($search, $replace, $optionc));
$optionslist[$optionc] = htmlspecialchars($prettyprint);
break;
case "system":
$optionc = str_replace($search, $replace, $optionc[1]);
$prettyprint = ucwords(str_replace($search, $replace, $optionc));
$optionslist[$optionc] = htmlspecialchars($prettyprint);
break;
default:
/* Deduce an interface if possible and use the description */
$optionc = "{$optionc['0']}";
$friendly = convert_friendly_interface_to_friendly_descr(strtolower($optionc));
if (empty($friendly)) {
$friendly = $optionc;
}
$search = array("-", ".rrd", $optionc);
$replace = array(" :: ", "", $friendly);
$prettyprint = ucwords(str_replace($search, $replace, $friendly));
$optionslist[$optionc] = htmlspecialchars($prettyprint);
}
}
return $optionslist;
}
if (!is_array($config['dhcpd'][$if])) {
$config['dhcpd'][$if] = array();
}
if (!is_array($config['dhcpd'][$if]['staticmap'])) {
$config['dhcpd'][$if]['staticmap'] = array();
}
if (!is_array($config['dhcpd'][$if]['pool'])) {
$config['dhcpd'][$if]['pool'] = array();
}
$a_pools =& $config['dhcpd'][$if]['pool'];
$static_arp_enabled = isset($config['dhcpd'][$if]['staticarp']);
$netboot_enabled = isset($config['dhcpd'][$if]['netboot']);
$a_maps =& $config['dhcpd'][$if]['staticmap'];
$ifcfgip = get_interface_ip($if);
$ifcfgsn = get_interface_subnet($if);
$ifcfgdescr = convert_friendly_interface_to_friendly_descr($if);
if (is_numericint($_GET['id'])) {
$id = $_GET['id'];
}
if (isset($_POST['id']) && is_numericint($_POST['id'])) {
$id = $_POST['id'];
}
if (isset($id) && $a_maps[$id]) {
$pconfig['mac'] = $a_maps[$id]['mac'];
$pconfig['cid'] = $a_maps[$id]['cid'];
$pconfig['hostname'] = $a_maps[$id]['hostname'];
$pconfig['ipaddr'] = $a_maps[$id]['ipaddr'];
$pconfig['filename'] = $a_maps[$id]['filename'];
$pconfig['rootpath'] = $a_maps[$id]['rootpath'];
$pconfig['descr'] = $a_maps[$id]['descr'];
$pconfig['arp_table_static_entry'] = isset($a_maps[$id]['arp_table_static_entry']);
<?php
$i = 0;
foreach ($a_ppps as $id => $ppp) {
?>
<tr>
<td>
<?php
echo htmlspecialchars($ppp['if']);
?>
</td>
<td>
<?php
$portlist = explode(",", $ppp['ports']);
foreach ($portlist as $portid => $port) {
if ($port != get_real_interface($port) && $ppp['type'] != "ppp") {
$portlist[$portid] = convert_friendly_interface_to_friendly_descr($port);
}
}
echo htmlspecialchars(implode(",", $portlist));
?>
</td>
<td>
<?php
echo htmlspecialchars($ppp['descr']);
?>
</td>
<td>
<a class="fa fa-pencil" title="<?php
echo gettext('Edit PPP interface');
?>
" href="interfaces_ppps_edit.php?id=<?php
