# HG changeset patch # User Matti Hamalainen # Date 1250359568 -10800 # Node ID b0017a3240408ea787e2d8d7e64765e976ab61f2 # Parent fe220b5a975a2204f226a07ed0c3abccbf4269ee Cleanups; Disable weeding in report mode again; Don't display redundant IPTABLES reasons in blocklist report. diff -r fe220b5a975a -r b0017a324040 maltfilter --- a/maltfilter Sat Aug 15 20:42:16 2009 +0300 +++ b/maltfilter Sat Aug 15 21:06:08 2009 +0300 @@ -261,8 +261,9 @@ my @reasons = (); foreach my $class (sort keys %{$table->{$mip}{"reason"}}) { my $msgs; + if ($class ne "IPTABLES") { if ($reportmode) { - my @tmp = @{$table->{$mip}{"reason"}{$class}{"msg"}}; + my @tmp = reverse(@{$table->{$mip}{"reason"}{$class}{"msg"}}); if ($#tmp > 5) { $#tmp = 5; } foreach (@tmp) { $_ = htmlentities($_); } $msgs = join(" ".bb($m)."|".eb($m)." ", @tmp); @@ -271,6 +272,7 @@ } push(@reasons, bb($m).$class.eb($m)." #".$table->{$mip}{"reason"}{$class}{"hits"}. " ( ".$msgs." )"); + } } printTD($m, $f, join(", ", @reasons)); printElem($m, $f, "\n", "\n"); @@ -309,8 +311,10 @@ my $kmax = $nkeys / 2; for (my $i = 0; $i <= $kmax; $i++) { printElem($m, $f, " "); - if ($i < $kmax) { $printEntry->($mkeys[$i]); } - printElem($m, $f, " ", " || "); + if ($i < $kmax) { + $printEntry->($mkeys[$i]); + printElem($m, $f, " ", " || "); + } if ($i + $kmax + 1 < $nkeys) { $printEntry->($mkeys[$i + $kmax + 1]); } printElem($m, $f, "\n", "\n"); } @@ -378,13 +382,17 @@ printP($m, $f, "Generated ".bb($m).$mtime.eb($m).". Data computed from ". ($reportmode ? "complete logfile scan" : "a period of last $period").".\n"); + printP($m, $f, "The hit classes marked as 'IPTABLES' are a pseudo-class meaning an\n". + "blocked IP that was in Netfilter before Maltfilter was started.\n"); printH($m, $f, 2, "Currently blocked entries"); - printP($m, $f, "List of IPs that are currently blocked (or would be, if this is a report-only mode)."); + printP($m, $f, "List of IPs that are currently blocked (or would be, if this is\n". + "a report-only mode)."); printTable1($m, $f, \%statlist, \%blocklist, \&cmp_hits); printH($m, $f, 2, "Summary of non-ignored entries"); - printP($m, $f, "List of 'hits' of suspicious activity noticed by Maltfilter, but not necessarily acted upon.\n"); + printP($m, $f, "List of 'hits' of suspicious activity noticed by Maltfilter, but not\n". + "necessarily acted upon. Sorted by descending IP address.\n"); printTable2($m, $f, \%statlist, \%statlist, \&cmp_ips); printH($m, $f, 2, "Ignored entries"); @@ -451,10 +459,10 @@ if (/^\s*(\d+)\s+\d+\s+$settings{"ACTION"}\s+all\s+--\s+\*\s+\*\s+(\d+\.\d+\.\d+\.\d+)\s+0\.0\.0\.0\/0\s*$/) { my $mip = $2; if (!defined($blocklist{$mip}) && $mdate > 0) { - mlog(2, "* $mip appeared in iptables."); + mlog(2, "* $mip appeared in iptables.\n"); } $blocklist{$2} = $mdate; - update_entry(\%statlist, $mip, $mdate, "?", "From iptables."); + update_entry(\%statlist, $mip, $mdate, "IPTABLES", ""); } } close(STATUS); @@ -481,7 +489,7 @@ sub weed_entries() { # Don't weed in report mode. -# return if ($reportmode); + return if ($reportmode); my @mips = keys %blocklist; foreach my $mip (@mips) {