function delete_static_route($id)
{
global $config, $a_routes;
if (!isset($a_routes[$id])) {
return;
}
$targets = array();
if (is_alias($a_routes[$id]['network'])) {
foreach (filter_expand_alias_array($a_routes[$id]['network']) as $tgt) {
if (is_ipaddrv4($tgt)) {
$tgt .= "/32";
} elseif (is_ipaddrv6($tgt)) {
$tgt .= "/128";
}
if (!is_subnet($tgt)) {
continue;
}
$targets[] = $tgt;
}
} else {
$targets[] = $a_routes[$id]['network'];
}
foreach ($targets as $tgt) {
$family = is_subnetv6($tgt) ? "-inet6" : "-inet";
mwexec("/sbin/route delete {$family} " . escapeshellarg($tgt));
}
unset($targets);
}
$networkacl[$x]['acl_network'] = $pconfig["acl_network{$x}"];
$networkacl[$x]['mask'] = $pconfig["mask{$x}"];
$networkacl[$x]['description'] = $pconfig["description{$x}"];
if (!is_ipaddr($networkacl[$x]['acl_network'])) {
$input_errors[] = gettext("You must enter a valid IP address for each row under Networks.");
}
if (is_ipaddr($networkacl[$x]['acl_network'])) {
if (!is_subnet($networkacl[$x]['acl_network'] . "/" . $networkacl[$x]['mask'])) {
$input_errors[] = gettext("You must enter a valid IPv4 netmask for each IPv4 row under Networks.");
}
} else {
if (function_exists("is_ipaddrv6")) {
if (!is_ipaddrv6($networkacl[$x]['acl_network'])) {
$input_errors[] = gettext("You must enter a valid IPv6 address for {$networkacl[$x]['acl_network']}.");
} else {
if (!is_subnetv6($networkacl[$x]['acl_network'] . "/" . $networkacl[$x]['mask'])) {
$input_errors[] = gettext("You must enter a valid IPv6 netmask for each IPv6 row under Networks.");
}
}
} else {
$input_errors[] = gettext("You must enter a valid IP address for each row under Networks.");
}
}
} else {
if (isset($networkacl[$x])) {
unset($networkacl[$x]);
}
}
}
if (!$input_errors) {
if (strtolower($pconfig['save']) == gettext("save")) {
$osn = gen_subnet($_POST['network'], $_POST['network_subnet']) . "/" . $_POST['network_subnet'];
$new_targets[] = $osn;
}
} elseif (is_alias($_POST['network'])) {
$osn = $_POST['network'];
foreach (preg_split('/\\s+/', $aliastable[$osn]) as $tgt) {
if (is_ipaddrv4($tgt)) {
$tgt .= "/32";
}
if (is_ipaddrv6($tgt)) {
$tgt .= "/128";
}
if (!is_subnet($tgt)) {
continue;
}
if (!is_subnetv6($tgt)) {
continue;
}
$new_targets[] = $tgt;
}
}
if (!isset($id)) {
$id = count($a_routes);
}
$oroute = $a_routes[$id];
$old_targets = array();
if (!empty($oroute)) {
if (is_alias($oroute['network'])) {
foreach (filter_expand_alias_array($oroute['network']) as $tgt) {
if (is_ipaddrv4($tgt)) {
$tgt .= "/32";
$suricatacfg['libhtp_policy']['item'] = array();
}
if (empty($suricatacfg['libhtp_policy']['item'])) {
$http_hosts_default_policy = "default-config:\n personality: IDS\n request-body-limit: 4096\n response-body-limit: 4096\n";
$http_hosts_default_policy .= " double-decode-path: no\n double-decode-query: no\n uri-include-all: no\n";
} else {
foreach ($suricatacfg['libhtp_policy']['item'] as $k => $v) {
if ($v['bind_to'] != "all") {
$engine = "server-config:\n - {$v['name']}:\n";
$tmp = trim(filter_expand_alias($v['bind_to']));
if (!empty($tmp)) {
$engine .= " address: [";
$tmp = preg_replace('/\\s+/', ',', $tmp);
$list = explode(',', $tmp);
foreach ($list as $addr) {
if (is_ipaddrv6($addr) || is_subnetv6($addr)) {
$engine .= "\"{$addr}\", ";
} elseif (is_ipaddrv4($addr) || is_subnetv4($addr)) {
$engine .= "{$addr}, ";
} else {
log_error("[suricata] WARNING: invalid IP address value '{$addr}' in Alias {$v['bind_to']} will be ignored.");
continue;
}
}
$engine = trim($engine, ' ,');
$engine .= "]\n";
$engine .= " personality: {$v['personality']}\n request-body-limit: {$v['request-body-limit']}\n";
$engine .= " response-body-limit: {$v['response-body-limit']}\n";
$engine .= " double-decode-path: {$v['double-decode-path']}\n";
$engine .= " double-decode-query: {$v['double-decode-query']}\n";
$engine .= " uri-include-all: {$v['uri-include-all']}\n";
