Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

filter: add per rule statistics using label #3312

Closed
AdSchellevis opened this Issue Mar 11, 2019 · 1 comment

Comments

Projects
None yet
1 participant
@AdSchellevis
Copy link
Member

AdSchellevis commented Mar 11, 2019

If we create a hash for a rule, we should be able to track rules more easily. The descriptions can stay in the rule file, but won't be used for pf labels anymore.

@AdSchellevis AdSchellevis self-assigned this Mar 11, 2019

AdSchellevis added a commit that referenced this issue Mar 12, 2019

filter, work in progress rule statistics #3312
replace label with md5 hash of the rule and align live log

AdSchellevis added a commit that referenced this issue Mar 13, 2019

@AdSchellevis AdSchellevis added incomplete and removed incomplete labels Mar 13, 2019

AdSchellevis added a commit that referenced this issue Mar 14, 2019

AdSchellevis added a commit that referenced this issue Mar 14, 2019

filter: link rule hash to origin, related to #3312
Now we know where rules come from, we could use our live log to link to the place of origin.

This commit adds a couple of things:

- Extend plug to generate a rule hash for automatically generated (plugin) rules
- Support rule iteration in the rule framework, for easy access of registered rules
- Support #ref tag to point to place of origin (endpoint + field where option is set)
- Adds some examples in existing filter plugin code (more to add later)
- Adds a link to rid fields in livelog, which opens a new window with the original rule or setting.
@AdSchellevis

This comment has been minimized.

Copy link
Member Author

AdSchellevis commented Mar 15, 2019

list of autogenerated rules in core:

  • "Pass all loopback IPv6" system_advanced_firewall.php#ipv6allow

  • "Block all IPv6" system_advanced_firewall.php#ipv6allow

  • "Default deny rule" [always on]

  • "IPv6 requirements (ICMP)" [always on]

  • "block all targetting port 0" [always on]

  • "CARP defaults"

  • "Lockout rules" [always on]

  • "block all in alias " [always on]

  • "Block bogon IPv4 networks from ..."

  • "Block bogon IPv6 networks from ..."

  • "Block private networks from ..."

  • "allow dhcpv6 client in ..."

  • "allow PPTP client on ..."

  • "allow DHCP client on ..."

  • "allow access to DHCP server"

  • "allow access to DHCP failover"

  • "Allow 6in4 traffic out for 6rd on ..."

  • "Allow 6in4 traffic in for 6to4 on .."

  • "allow access to DHCPv6 server on ...." --> not consistent (multiple possible pages)

  • "pass loopback" [always on]

  • "let out anything from firewall host itself" [always on]

  • "IPsec internal host to host"

  • "'allow pptpd'" --> should be part of pptp server plugin

  • "let out anything from firewall host itself" (pf_disable_force_gw)

  • "Auto added VPN rules" (disablevpnrules)

AdSchellevis added a commit that referenced this issue Mar 15, 2019

filter, move code to highlight (point) selected option from system_ad…
…vanced_firewall.php to generic javascript legacy function and enable support on interfaces.php page as well, including a fix to firewall_rule_lookup.php for supporting ?if=<interface> lookups

for #3312

AdSchellevis added a commit that referenced this issue Mar 19, 2019

AdSchellevis added a commit that referenced this issue Mar 19, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.