aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authormarcelloc <marcellocoutinho@gmail.com>2011-10-29 03:49:09 -0200
committermarcelloc <marcellocoutinho@gmail.com>2011-10-29 03:49:09 -0200
commita5f75afdd34f4d3938adc7acd924f06f3a7f3aef (patch)
tree0144d0aab87a90b05c46b1ac26df4037c596eebf
parentb08d625e4e6ac8670cd1d4b3b7ff74b8271a7247 (diff)
downloadpfsense-packages-a5f75afdd34f4d3938adc7acd924f06f3a7f3aef.tar.gz
pfsense-packages-a5f75afdd34f4d3938adc7acd924f06f3a7f3aef.tar.bz2
pfsense-packages-a5f75afdd34f4d3938adc7acd924f06f3a7f3aef.zip
pfBlocker - include table-entries size validation check
-rwxr-xr-xconfig/pf-blocker/pfblocker.inc43
-rw-r--r--config/pf-blocker/pfblocker.php4
-rwxr-xr-xconfig/pf-blocker/pfblocker.xml4
-rw-r--r--pkg_config.8.xml2
-rw-r--r--pkg_config.8.xml.amd642
5 files changed, 43 insertions, 12 deletions
diff --git a/config/pf-blocker/pfblocker.inc b/config/pf-blocker/pfblocker.inc
index 578ed75d..1aa8a410 100755
--- a/config/pf-blocker/pfblocker.inc
+++ b/config/pf-blocker/pfblocker.inc
@@ -348,11 +348,44 @@ function sync_package_pfblocker() {
}
$config['filter']['rule']=$new_rules;
- #save and apply all changes
- write_config();
- filter_configure();
-
- pfblocker_sync_on_changes();
+ #check aliastable size
+ preg_match("/(\d+)/",exec("/usr/bin/wc -l /usr/local/pkg/pfb_in.txt"),$matches);
+ $count_ips_in = $matches[1];
+ preg_match("/(\d+)/",exec("/usr/bin/wc -l /usr/local/pkg/pfb_out.txt"),$matches);
+ $count_ips_out = $matches[1];
+ preg_match("/(\d+)/",exec("/usr/bin/wc -l /usr/local/pkg/pfb_w.txt"),$matches);
+ $count_ips_w = $matches[1];
+
+ #get higher value
+ $max=$count_ips_in;
+ if ($max < $count_ips_out)
+ $max = $count_ips_out;
+ if ($max < $count_ips_w)
+ $max = $count_ips_w;
+ $sum=($count_ips_in + $count_ips_out + $count_ips_w);
+ #check table size client option
+ $table_limit =($config['system']['maximumtableentries']!= ""?$config['system']['maximumtableentries']:"100000");
+
+ #check for possible table size erros
+ $error_message="";
+ if ($count_ips_in >= $table_limit )
+ $message='pfBlockerInbound alias table is too large. Reduce Inbound list or increase "Firewall Maximum Table Entries" value to at least '.($sum +1000).' in "system - advanced - Firewall/NAT".';
+ if ($count_ips_out >= $table_limit )
+ $message='pfBlockerOutbound alias table is too large. Reduce Outbound List or increase "Firewall Maximum Table Entries" value to at least '.($sum +1000).' in "system - advanced - Firewall/NAT".';
+ if ($count_ips_w >= $table_limit )
+ $message='pfBlockerWL alias table is too large. Reduce whitelist or increase "Firewall Maximum Table Entries" value to at least '.($sum +1000).' in "system - advanced - Firewall/NAT ".';
+
+ if ($message == ""){
+ #save and apply all changes*/
+ write_config();
+ #load filter file after editing
+ filter_configure();
+ pfblocker_sync_on_changes();
+ }
+ else{
+ log_error("[pfBlocker] ".$message);
+ file_notice("pfBlocker", $message, "pfblocker rule apply", "");
+ }
}
function pfblocker_validate_input($post, &$input_errors) {
diff --git a/config/pf-blocker/pfblocker.php b/config/pf-blocker/pfblocker.php
index 4eb07634..f1dd85f5 100644
--- a/config/pf-blocker/pfblocker.php
+++ b/config/pf-blocker/pfblocker.php
@@ -52,8 +52,8 @@ foreach ($files as $cont => $file){
${preg_replace("/\s/","",$matches[1])}=$matches[2];
}
else{
- if (${$ISOcount}==0){
- ${$ISOCount}++;
+ if (${$ISOCode."c"}==""){
+ ${$ISOCode."c"}="ok";
$options.= '<option><name>'.$Country .'-'.$ISOCode.' ('.$TotalNetworks.') '.' </name><value>'.$ISOCode.'</value></option>'."\n";
}
${$ISOCode}.=$line."\n";
diff --git a/config/pf-blocker/pfblocker.xml b/config/pf-blocker/pfblocker.xml
index c8a1facf..77a81e24 100755
--- a/config/pf-blocker/pfblocker.xml
+++ b/config/pf-blocker/pfblocker.xml
@@ -230,7 +230,7 @@
<option><name>None</name><value>none</value></option>
</options>
</field>
- <field>
+ <field>
<fielddescr>Update frequency</fielddescr>
<fieldname>update</fieldname>
<description><![CDATA[Default:<strong>Never</strong><br>
@@ -238,14 +238,12 @@
<type>select</type>
<options>
<option><name>Never</name><value>never</value></option>
- <option><name>Every Hour</name><value>hour</value></option>
<option><name>Every 4 Hours</name><value>4hours</value></option>
<option><name>Every 12 Hours</name><value>12hours</value></option>
<option><name>Once a day</name><value>day</value></option>
<option><name>Once a week</name><value>week</value></option>
</options>
</field>
-
<field>
<fielddescr><![CDATA[Lists]]></fielddescr>
<fieldname>none</fieldname>
diff --git a/pkg_config.8.xml b/pkg_config.8.xml
index 871ab83e..a2c8d8b3 100644
--- a/pkg_config.8.xml
+++ b/pkg_config.8.xml
@@ -66,7 +66,7 @@
<pkginfolink>http://forum.pfsense.org/index.php/topic,25732.0.html</pkginfolink>
<config_file>http://pfsense.org/packages/config/pf-blocker/pfblocker.xml</config_file>
<depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url>
- <version>0.1.2</version>
+ <version>0.1.3</version>
<status>Beta</status>
<required_version>2.0</required_version>
<maintainer>tom@tomschaefer.org marcellocoutinho@gmail.com</maintainer>
diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64
index c596f3f2..6db67733 100644
--- a/pkg_config.8.xml.amd64
+++ b/pkg_config.8.xml.amd64
@@ -140,7 +140,7 @@
<pkginfolink>http://forum.pfsense.org/index.php/topic,25732.0.html</pkginfolink>
<config_file>http://pfsense.org/packages/config/pf-blocker/pfblocker.xml</config_file>
<depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url>
- <version>0.1.2</version>
+ <version>0.1.3</version>
<status>Beta</status>
<required_version>2.0</required_version>
<maintainer>tom@tomschaefer.org marcellocoutinho@gmail.com</maintainer>