Smoothwall Enhanced Firewall Log Module

I really love my Smoothwall firewall. It offers good security using an older computer and it is infinitely customizable. One of the big strengths of Smoothwall is that with a little bit of Perl you can make it do almost whatever you want. There is a large ecosystem of third party modules that allow you to customize the functionality of your Smoothwall box.

One of the modules that I use is the enhanced firewall log. It is currently at version 1.4.3 and it enhances the normal log viewer and allows you to sort on different values and adds color coding to the entries.

This module has worked fine for me up until today. I was having some issues reaching some sites on the Internet and it appeared the firewall was the issue. I logged into the Smoothwall and it was slow to respond. The box had an uptime of a little over 9 months so I decided to reboot it. After the reboot was complete the firewall log was giving me an HTTP 500 error. Every other page was fine.

The error log showed:

Premature end of script headers: firewalllog.dat,
 at /httpd/cgi-bin/logs.cgi/firewalllog.dat line 409

After some Internet searching I found the following link in the Smoothwall communities.

Copy and paste of relevant information that fixed my problem.

he enhanced firewall logs mod with the CIDR capabilities assumes that all of the data the first field of the ipblock file will be numeric but it doesn't test it... my fix adds two lines and gets us around this problem... at least at the stage of reading the data from the ipblock file

 in /httpd/cgi-bin/logs.cgi/firewalllog.dat, near line 57, you should find

# Added by fwlogmod

use Socket;

use Net::CIDR;

# END added by fwlogmod

right after that, add

use Scalar::Util qw(looks_like_number);

so the block looks like this (until the maintainer possibly adds this to their released code)

# Added by fwlogmod

use Socket;

use Net::CIDR;

# END added by fwlogmod

use Scalar::Util qw(looks_like_number);

then down near line 217 you should find

open (ACTIVEBLOCKFILE, "/var/smoothwall/ipblock/config");

@ll=;
close(ACTIVEBLOCKFILE);
foreach $lll (@ll) {
            chomp($lll);
            @ittt=split(/,/,$lll);
            $cidrstr= $ittt[0];

between those last two lines, add

next if !looks_like_number($ittt[0]);  ## make sure it is a number!

so the whole block now looks like this

open (ACTIVEBLOCKFILE, "/var/smoothwall/ipblock/config");

@ll=;
close(ACTIVEBLOCKFILE);
foreach $lll (@ll) {
            chomp($lll);
            @ittt=split(/,/,$lll);
            next if !looks_like_number($ittt[0]);  ## make sure it is a number!
            $cidrstr= $ittt[0];

save and done... now if the first field of the ipblock file is not numeric, your firewall log viewer won't blow up on you.