Improve Threat Shield UI

gsanchietti commented 1 month ago

Description:

We can no longer postpone the improvement of the banIP UI, or half of the reporting becomes ineffective. To enhance the utility of the Threat Shield reporting, the following improvements must be made to both the UI and backend functionalities:

To-Do List:

Modify Dashboard Counter:
- Display a warning message if logging is disabled.
Settings Page:

Logging options (all options are enabled/disabled):
- Log packets blocked in pre-routing chain, ban_logprerouting: Log suspicious packets in the prerouting chain.
- Log packets blocked in input chain, ban_loginput: Log suspicious packets in the WAN-input chain.
- Log packets blocked in forward chain chain, ban_logforwardwan: Log suspicious packets in the WAN-forward chain.
- Log packets blocked in forwarded from lan ban_logforwardlan: Log suspicious packets in the LAN-forward chain.
Prevent brute attacks:
- Block brute force attack, ban_loglimit (enabled/disabled): Enable or disable monitoring for brute-force attacks.
- Ban after x failed access, ban_logcount (text, number): Specify how many times an IP must appear in the log to be considered suspicious.
- Pattern to search for attacks, ban_logterm (list): Display regex for logfile parsing (visible only if ban_loglimit is enabled).
- Prevent ICMP DoS, ban_icmplimit (enabled/disabled): Detect ICMP DoS in prerouting chain
- Prevent SYN DoS, ban_synlimit (enabled/disabled): Detect SYN DoS in prerouting chain
- Prevent UDP DoS, ban_udplimit (enabled/disabled): Detect UDP DoS in prerouting chain
- ~~Add to the description that attacker IP will be blocked for 30 minutes~~
- Ban time (combobox): Select ban time from a list of predefined values

Notes:

Ensure that both the UI and backend modifications improve the overall functionality and effectiveness of the Threat Shield reports and provide clear user feedback on logging and list management features.

Resources: