X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?a=blobdiff_plain;ds=sidebyside;f=active-response%2Fwin%2Froute-null.cmd;fp=active-response%2Fwin%2Froute-null.cmd;h=9b656dce8e16d8240890a4dd9cb9f90d90485b1f;hb=3f728675941dc69d4e544d3a880a56240a6e394a;hp=6838c7aa7b77dec4e0aaa9691015bd49ce19b313;hpb=927951d1c1ad45ba9e7325f07d996154a91c911b;p=ossec-hids.git

diff --git a/active-response/win/route-null.cmd b/active-response/win/route-null.cmd
index 6838c7a..9b656dc 100644
--- a/active-response/win/route-null.cmd
+++ b/active-response/win/route-null.cmd
@@ -8,31 +8,41 @@ FOR /F "TOKENS=1-3 DELIMS=:" %%A IN ("%TIME%") DO SET TIM=%%A:%%B:%%C
 
 :: Check for required arguments
 IF /I "%1"=="" GOTO ERROR
+IF /I "%2"=="" GOTO ERROR
+IF /I "%3"=="" GOTO ERROR
+
+:: Check for a valid IP
+ECHO "%3" | %WINDIR%\system32\findstr.exe /R "\." >nul || GOTO ipv6
+
+set prefixlength=32
+set gateway=0.0.0.0
+goto x
+
+:ipv6
+set prefixlength=128
+set gateway=::
+
+:x
+
 IF /I "%1"=="add" GOTO ADD
 IF /I "%1"=="delete" GOTO DEL
 
 :ERROR
 ECHO Invalid argument(s).
-ECHO Usage: route-null.cmd ^(ADD^|DELETE^) IPv4 Address 
-ECHO Example: route-null.cmd ADD 1.2.3.4
+ECHO Usage: route-null.cmd ^(ADD^|DELETE^) user IP_Address
+ECHO Example: route-null.cmd ADD - 1.2.3.4
 EXIT /B 1
 
-
-:: Adding IP to be null-routed. IP will be routed to local machine IP
+:: Adding IP to be null-routed.
 
 :ADD
-:: Check for a valid IP
-ECHO "%2" | %WINDIR%\system32\findstr.exe /R "[0-2][0-9]*[0-9]*\.[0-2][0-9]*[0-9]*\.[0-2][0-9]*[0-9]*\.[0-2][0-9]*[0-9]*" >nul || ECHO Invalid IP && EXIT /B 2 
-:: Extracts last ip address from ipconfig and routes to this address. Windows will not allow routing to 127.0.0.1
-FOR /F "TOKENS=2* DELIMS=:" %%A IN ('%WINDIR%\system32\ipconfig.exe ^| %WINDIR%\system32\findstr.exe /R /C:"IPv*4* Address"') DO FOR %%B IN (%%A) DO SET IPADDR=%%B
-%WINDIR%\system32\route.exe ADD %2 MASK 255.255.255.255 %IPADDR%
+%WINDIR%\system32\route.exe ADD %3/%prefixlength% %gateway%
 :: Log it
-ECHO %DAT%%TIM% %~dp0%0 %1 - %2 >> "%OSSECPATH%active-response\active-responses.log"
+ECHO %DAT%%TIM% "%~f0" %1 %2 %3 >> "%OSSECPATH%active-response\active-responses.log"
 GOTO EXIT
 
 :DEL
-ECHO "%2" | %WINDIR%\system32\findstr.exe /R "[0-2][0-9]*[0-9]*\.[0-2][0-9]*[0-9]*\.[0-2][0-9]*[0-9]*\.[0-2][0-9]*[0-9]*" >nul || ECHO Invalid IP && EXIT /B 2
-%WINDIR%\system32\route.exe DELETE %2
-ECHO %DAT%%TIM% %~dp0%0 %1 - %2 >> "%OSSECPATH%active-response\active-responses.log"
+%WINDIR%\system32\route.exe DELETE %3/%prefixlength%
+ECHO %DAT%%TIM% "%~f0" %1 %2 %3 >> "%OSSECPATH%active-response\active-responses.log"
 
 :EXIT /B 0: