Cool little snort blocked list mod I tweaked



  • After manually copying the ips from the blocked list and pasting them a few hundred times I came up with this easy mod that is borrowed from Diagnostics: System logs: Firewall or diag_logs_filter.php in pfSense.

    This is for people familiar with shells and simple file editing ONLY! That being said USE AT YOUR OWN RISK! Maybe it can be committed to the package one day.

    Replace

     {$alert_block_ip}
    

    on line 398 and 423

    with

       [![](\"/themes/nervecenter/images/icons/icon_log.gif\")](../diag_dns.php?host={$alert_block_ip}) {$alert_block_ip}
    

    This will place an icon referencing the diag_dns.php page into the snort blocked ip list. This is already used in the firewall logs so it was a simple yet very useful little mod.

    I also changed line 99 and 100 in /usr/local/www/diag_dns.php to open new windows for the hyperlinks. Been a pet peeve of mine for a while.  ::)

                                    [IP WHOIS @ DNS Stuff](http://private.dnsstuff.com/tools/whois.ch?ip=<?php echo $ipaddr; ?>)
    
                                    [IP Info @ DNS Stuff](http://private.dnsstuff.com/tools/ipall.ch?ip=<?php echo $ipaddr; ?>)
    
    

    Let me know if you like it!


  • Rebel Alliance Developer Netgate

    re: Open in new window, that's what your middle mouse button is for. :-)

    They are already target=_new on 2.0 though.

    You might want to specify that diag_dns.php is only present on 2.0 and in the Dashboard package, so it won't be there for everybody.



  • Hey that is an extra click too many!  ;D

    I just forget that it doesn't do it sometimes and it frustrates me that I forget that it doesn't.  :'(


  • Rebel Alliance Developer Netgate

    @g4m3c4ck:

    Hey that is an extra click too many!  ;D

    Same number of clicks, just involves moving your finger a centimeter or two to the right :-)


Log in to reply