function delete_static_route($id) { global $config, $a_routes; if (!isset($a_routes[$id])) { return; } $targets = array(); if (is_alias($a_routes[$id]['network'])) { foreach (filter_expand_alias_array($a_routes[$id]['network']) as $tgt) { if (is_ipaddrv4($tgt)) { $tgt .= "/32"; } elseif (is_ipaddrv6($tgt)) { $tgt .= "/128"; } if (!is_subnet($tgt)) { continue; } $targets[] = $tgt; } } else { $targets[] = $a_routes[$id]['network']; } foreach ($targets as $tgt) { $family = is_subnetv6($tgt) ? "-inet6" : "-inet"; mwexec("/sbin/route delete {$family} " . escapeshellarg($tgt)); } unset($targets); }
$networkacl[$x]['acl_network'] = $pconfig["acl_network{$x}"]; $networkacl[$x]['mask'] = $pconfig["mask{$x}"]; $networkacl[$x]['description'] = $pconfig["description{$x}"]; if (!is_ipaddr($networkacl[$x]['acl_network'])) { $input_errors[] = gettext("You must enter a valid IP address for each row under Networks."); } if (is_ipaddr($networkacl[$x]['acl_network'])) { if (!is_subnet($networkacl[$x]['acl_network'] . "/" . $networkacl[$x]['mask'])) { $input_errors[] = gettext("You must enter a valid IPv4 netmask for each IPv4 row under Networks."); } } else { if (function_exists("is_ipaddrv6")) { if (!is_ipaddrv6($networkacl[$x]['acl_network'])) { $input_errors[] = gettext("You must enter a valid IPv6 address for {$networkacl[$x]['acl_network']}."); } else { if (!is_subnetv6($networkacl[$x]['acl_network'] . "/" . $networkacl[$x]['mask'])) { $input_errors[] = gettext("You must enter a valid IPv6 netmask for each IPv6 row under Networks."); } } } else { $input_errors[] = gettext("You must enter a valid IP address for each row under Networks."); } } } else { if (isset($networkacl[$x])) { unset($networkacl[$x]); } } } if (!$input_errors) { if (strtolower($pconfig['save']) == gettext("save")) {
$osn = gen_subnet($_POST['network'], $_POST['network_subnet']) . "/" . $_POST['network_subnet']; $new_targets[] = $osn; } } elseif (is_alias($_POST['network'])) { $osn = $_POST['network']; foreach (preg_split('/\\s+/', $aliastable[$osn]) as $tgt) { if (is_ipaddrv4($tgt)) { $tgt .= "/32"; } if (is_ipaddrv6($tgt)) { $tgt .= "/128"; } if (!is_subnet($tgt)) { continue; } if (!is_subnetv6($tgt)) { continue; } $new_targets[] = $tgt; } } if (!isset($id)) { $id = count($a_routes); } $oroute = $a_routes[$id]; $old_targets = array(); if (!empty($oroute)) { if (is_alias($oroute['network'])) { foreach (filter_expand_alias_array($oroute['network']) as $tgt) { if (is_ipaddrv4($tgt)) { $tgt .= "/32";
$suricatacfg['libhtp_policy']['item'] = array(); } if (empty($suricatacfg['libhtp_policy']['item'])) { $http_hosts_default_policy = "default-config:\n personality: IDS\n request-body-limit: 4096\n response-body-limit: 4096\n"; $http_hosts_default_policy .= " double-decode-path: no\n double-decode-query: no\n uri-include-all: no\n"; } else { foreach ($suricatacfg['libhtp_policy']['item'] as $k => $v) { if ($v['bind_to'] != "all") { $engine = "server-config:\n - {$v['name']}:\n"; $tmp = trim(filter_expand_alias($v['bind_to'])); if (!empty($tmp)) { $engine .= " address: ["; $tmp = preg_replace('/\\s+/', ',', $tmp); $list = explode(',', $tmp); foreach ($list as $addr) { if (is_ipaddrv6($addr) || is_subnetv6($addr)) { $engine .= "\"{$addr}\", "; } elseif (is_ipaddrv4($addr) || is_subnetv4($addr)) { $engine .= "{$addr}, "; } else { log_error("[suricata] WARNING: invalid IP address value '{$addr}' in Alias {$v['bind_to']} will be ignored."); continue; } } $engine = trim($engine, ' ,'); $engine .= "]\n"; $engine .= " personality: {$v['personality']}\n request-body-limit: {$v['request-body-limit']}\n"; $engine .= " response-body-limit: {$v['response-body-limit']}\n"; $engine .= " double-decode-path: {$v['double-decode-path']}\n"; $engine .= " double-decode-query: {$v['double-decode-query']}\n"; $engine .= " uri-include-all: {$v['uri-include-all']}\n";