[Completed] Checkboxes for block, and reverse DNS from firewall log. [$50]
-
Greetings,
I have been using pfsense for quite a while and I love it. I switched over from smoothwall because the VPN support actually works, and is actively supported. Thanks for the great work with openVPN.One feature I have missed from smoothwall is some of the extra options available from the firewall log. This is a link to how the smoothwall implementation works. http://smoothwall.org/images/promos/3.0/logs_firewall.png
This bounty has two components.
1. Check box to reverse DNS the address, IP location would be nice too.
2. Check box to explicitly drop all traffic from the selected IP.
This doesn't need to be two different checkboxes, just two different buttons like the linked pic, if you have a better design though go for it..Please let me know if your interested. Could be done as an package or integrated into pfSense?
Thanks!
You can PM or email me at Anathematician a-t globlu dawt com -
The reverse DNS option would be fairly simple, not sure about adding a rule.
Would this be a permanent rule, or some kind of temporary block?
I'm not too crazy about the checkboxes though, it looks sort of weird and doesn't really fit into the look of the page, which is pushing its width limit as it is. I suppose a couple small buttons might work, perhaps using AJAX instead of submitting a form.
If it made it into the base tree, it would be part of 2.0, not 1.2.x. For 1.2.x, it would be in a package. Most likely as a part of the dashboard package which already replaces the firewall log viewer with one that includes some new features and bug fixes.
-
In a small test I made it resolve for the whole page, and it was v-e-r-y slow, so it's probably best to do this one a one-by-one basis instead of a global option like I'd first thought.
How about a little button that brings up the DNS resolution in a popup window like the filter rule check does?
-
Something more like this… click the info icon for DNS
-
Looks good, I like the last screenshot. I am not particularly partial to the implementation that Smoothwall did. Would it be possible for the window to pop up with the info on that ip from a site like domaintools.com or something along those lines? Or if thats not possible, just the geographic location? I use it mainly to try and block the garbage coming from china..
As far as adding it to the firewall as a drop, I would prefer permanent so that I could create it and forget it.
I think both features are very useful, and I hope others will benefit from it if it makes it into the mainline pf. Thanks for your work so far!
If you want to keep working at it let me know where to send the $ for escrow.
-Anathematician
-
Looks good, I like the last screenshot. I am not particularly partial to the implementation that Smoothwall did. Would it be possible for the window to pop up with the info on that ip from a site like domaintools.com or something along those lines? Or if thats not possible, just the geographic location? I use it mainly to try and block the garbage coming from china..
Well ideally the firewall should be kept completely self-contained. I could make a version for you that linked to an IP lookup service like domaintools, but I don't think that would be good for the general distribution. I could, however, maybe make it open in a new window with links to other services to gather more information. Not ideal, perhaps, but it would still keep the basic functionality on the firewall.
As far as adding it to the firewall as a drop, I would prefer permanent so that I could create it and forget it.
My thought was something along the lines of just having one firewall rule for such blocks, and these IPs would be dropped into an alias. It would keep things much cleaner that way. Thoughts?
I think both features are very useful, and I hope others will benefit from it if it makes it into the mainline pf. Thanks for your work so far!
If you want to keep working at it let me know where to send the $ for escrow.
Let me look and see what it might take to add the firewall rules, I'll get back to you with an answer sometime tomorrow.
-
The firewall rule part looks doable, and if I'm feeling plucky I may also add a means to add a pass rule based on the traffic as well (passing along the source IP, destination IP/port, protocol, etc). To me, a way to pass traffic from that view would be a lot more useful than a means for blocking all traffic from that IP.
The finer details can be worked out shortly.
I'll PM you about payment details.
-
Adding the blocks to an alias would be fine, I agree it would make more sense in the long run. With adding them as an alias, will there be the ability to delete on address should it be added in error?
Opening in a new window, with the ability to link to a site like domain tools would be awesome, or perhaps selecting the reverse dns website as an option from an options menu? I am not certain how that would work, as different sites would want the info parsed differently, or some sort of api. I don't have the experience to make an informed decision so, I believe you will create the best implementation possible.
Thanks again
-
Adding the blocks to an alias would be fine, I agree it would make more sense in the long run. With adding them as an alias, will there be the ability to delete on address should it be added in error?
The way I'm thinking is that when it adds to the alias, it will also attempt to add an accompanying rule, though I'm trying to work out the best way to do that. Right now I have it assuming "wan" but I could pull the interface from the rule being used to trigger it.
Because it's in an alias, you can always go back and edit them. You could change the subnet mask from /32 to /24 to take out a whole class C or whatever you want, or delete them if they were added in error.
Opening in a new window, with the ability to link to a site like domain tools would be awesome, or perhaps selecting the reverse dns website as an option from an options menu? I am not certain how that would work, as different would want the info parsed differently, or some sort of api. I don't have the experience to make an informed decision so, I believe you will create the best implementation possible.
I have come up with what I believe to be a good compromise. I'm adding a page for general DNS resolution that will be at Diagnostics > DNS, where you could lookup addresses by hand, or be sent there automatically from the rule. On that page I could have a few links to sites like domaintools. I'd just need suggestions for sites that would be good to have on such a page.
It's coming along pretty well so far. It's still a work in progress though :)
-
I have this working, and I'm surprised at how easy this is to use. The blocking and passing works great, and the new DNS page is really handy.
I used links to DNS Tools on the DNS page when it sees an IP, and you can click for whois or IP info.
I can post some more screenshots later, but I figured I'd post an update first.
If it all works out, I may stick it in the dashboard package tomorrow. I'd like for it to live in its own package, but I think it depends too heavily on my filter log changes that go along with the dashboard package…
I'll check back in later, or maybe tomorrow morning
-
Had a couple minutes I didn't forsee… Here's some screencaps of it in action.
Any more ideas/suggestions?
-
Looks awesome so far, I like the way you implented the firewall block it looks much better than the checkbox idea.
-
Thanks for the feedback!
I hit a couple bugs with adding rules to OPT1 and IPsec lists, once I get past those I'll see about pushing a new Dashboard package with this included sometime this evening. I added a disclaimer to the easy rule confirmation dialog about it being in testing, so hopefully anyone brave enough to be a beta tester will make backups and report issues :)
-
What will this do to firewall logs which show IP's which are blocked based on the default rule 79 i think? If the default rule is blocking something will allowing the blocked rule by clicking on the button allow that rule?
-
What will this do to firewall logs which show IP's which are blocked based on the default rule 79 i think? If the default rule is blocking something will allowing the blocked rule by clicking on the button allow that rule?
The rule detection doesn't change at all in this. Your problem was something else entirely.. but I seem to have lost that thread. Post an update there and I'll have another look.
-
Looks awesome so far, I like the way you implented the firewall block it looks much better than the checkbox idea.
Ok, this seems to be ready for testing. I put it up in the Dashboard package, version 0.8.0.
Install that, or update to it, and you should have the Easy Rule code!
-
Do you really want to add this rule -> Do you really want to add this DENY rule? or if allowing Do you really want to add this ALLOW rule? I don't know if that would be very complicated but I can just see someone clicking and not paying attention…just a suggestion.
I will definitely test this as I see it as possibly being very useful.
-
Do you really want to add this rule -> Do you really want to add this DENY rule? or if allowing Do you really want to add this ALLOW rule? I don't know if that would be very complicated but I can just see someone clicking and not paying attention…just a suggestion.
I will definitely test this as I see it as possibly being very useful.
I had something a little more wordy in there but replaced it with that disclaimer during testing :)
I'll put the Block/Allow text back in.
-
Also if you have this update, be sure to check out Diagnostics > DNS.
:)
-
Looks awesome, works great if I run across any bugs I'll let you know. Thanks for getting it completed so quick. The community here is awesome and I hope everyone benefits from it.
Thanks again,
Anathematician
