diff options
author | marcelloc <marcellocoutinho@gmail.com> | 2011-10-29 03:49:09 -0200 |
---|---|---|
committer | marcelloc <marcellocoutinho@gmail.com> | 2011-10-29 03:49:09 -0200 |
commit | a5f75afdd34f4d3938adc7acd924f06f3a7f3aef (patch) | |
tree | 0144d0aab87a90b05c46b1ac26df4037c596eebf | |
parent | b08d625e4e6ac8670cd1d4b3b7ff74b8271a7247 (diff) | |
download | pfsense-packages-a5f75afdd34f4d3938adc7acd924f06f3a7f3aef.tar.gz pfsense-packages-a5f75afdd34f4d3938adc7acd924f06f3a7f3aef.tar.bz2 pfsense-packages-a5f75afdd34f4d3938adc7acd924f06f3a7f3aef.zip |
pfBlocker - include table-entries size validation check
-rwxr-xr-x | config/pf-blocker/pfblocker.inc | 43 | ||||
-rw-r--r-- | config/pf-blocker/pfblocker.php | 4 | ||||
-rwxr-xr-x | config/pf-blocker/pfblocker.xml | 4 | ||||
-rw-r--r-- | pkg_config.8.xml | 2 | ||||
-rw-r--r-- | pkg_config.8.xml.amd64 | 2 |
5 files changed, 43 insertions, 12 deletions
diff --git a/config/pf-blocker/pfblocker.inc b/config/pf-blocker/pfblocker.inc index 578ed75d..1aa8a410 100755 --- a/config/pf-blocker/pfblocker.inc +++ b/config/pf-blocker/pfblocker.inc @@ -348,11 +348,44 @@ function sync_package_pfblocker() { } $config['filter']['rule']=$new_rules; - #save and apply all changes - write_config(); - filter_configure(); - - pfblocker_sync_on_changes(); + #check aliastable size + preg_match("/(\d+)/",exec("/usr/bin/wc -l /usr/local/pkg/pfb_in.txt"),$matches); + $count_ips_in = $matches[1]; + preg_match("/(\d+)/",exec("/usr/bin/wc -l /usr/local/pkg/pfb_out.txt"),$matches); + $count_ips_out = $matches[1]; + preg_match("/(\d+)/",exec("/usr/bin/wc -l /usr/local/pkg/pfb_w.txt"),$matches); + $count_ips_w = $matches[1]; + + #get higher value + $max=$count_ips_in; + if ($max < $count_ips_out) + $max = $count_ips_out; + if ($max < $count_ips_w) + $max = $count_ips_w; + $sum=($count_ips_in + $count_ips_out + $count_ips_w); + #check table size client option + $table_limit =($config['system']['maximumtableentries']!= ""?$config['system']['maximumtableentries']:"100000"); + + #check for possible table size erros + $error_message=""; + if ($count_ips_in >= $table_limit ) + $message='pfBlockerInbound alias table is too large. Reduce Inbound list or increase "Firewall Maximum Table Entries" value to at least '.($sum +1000).' in "system - advanced - Firewall/NAT".'; + if ($count_ips_out >= $table_limit ) + $message='pfBlockerOutbound alias table is too large. Reduce Outbound List or increase "Firewall Maximum Table Entries" value to at least '.($sum +1000).' in "system - advanced - Firewall/NAT".'; + if ($count_ips_w >= $table_limit ) + $message='pfBlockerWL alias table is too large. Reduce whitelist or increase "Firewall Maximum Table Entries" value to at least '.($sum +1000).' in "system - advanced - Firewall/NAT ".'; + + if ($message == ""){ + #save and apply all changes*/ + write_config(); + #load filter file after editing + filter_configure(); + pfblocker_sync_on_changes(); + } + else{ + log_error("[pfBlocker] ".$message); + file_notice("pfBlocker", $message, "pfblocker rule apply", ""); + } } function pfblocker_validate_input($post, &$input_errors) { diff --git a/config/pf-blocker/pfblocker.php b/config/pf-blocker/pfblocker.php index 4eb07634..f1dd85f5 100644 --- a/config/pf-blocker/pfblocker.php +++ b/config/pf-blocker/pfblocker.php @@ -52,8 +52,8 @@ foreach ($files as $cont => $file){ ${preg_replace("/\s/","",$matches[1])}=$matches[2]; } else{ - if (${$ISOcount}==0){ - ${$ISOCount}++; + if (${$ISOCode."c"}==""){ + ${$ISOCode."c"}="ok"; $options.= '<option><name>'.$Country .'-'.$ISOCode.' ('.$TotalNetworks.') '.' </name><value>'.$ISOCode.'</value></option>'."\n"; } ${$ISOCode}.=$line."\n"; diff --git a/config/pf-blocker/pfblocker.xml b/config/pf-blocker/pfblocker.xml index c8a1facf..77a81e24 100755 --- a/config/pf-blocker/pfblocker.xml +++ b/config/pf-blocker/pfblocker.xml @@ -230,7 +230,7 @@ <option><name>None</name><value>none</value></option> </options> </field> - <field> + <field> <fielddescr>Update frequency</fielddescr> <fieldname>update</fieldname> <description><![CDATA[Default:<strong>Never</strong><br> @@ -238,14 +238,12 @@ <type>select</type> <options> <option><name>Never</name><value>never</value></option> - <option><name>Every Hour</name><value>hour</value></option> <option><name>Every 4 Hours</name><value>4hours</value></option> <option><name>Every 12 Hours</name><value>12hours</value></option> <option><name>Once a day</name><value>day</value></option> <option><name>Once a week</name><value>week</value></option> </options> </field> - <field> <fielddescr><![CDATA[Lists]]></fielddescr> <fieldname>none</fieldname> diff --git a/pkg_config.8.xml b/pkg_config.8.xml index 871ab83e..a2c8d8b3 100644 --- a/pkg_config.8.xml +++ b/pkg_config.8.xml @@ -66,7 +66,7 @@ <pkginfolink>http://forum.pfsense.org/index.php/topic,25732.0.html</pkginfolink> <config_file>http://pfsense.org/packages/config/pf-blocker/pfblocker.xml</config_file> <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> - <version>0.1.2</version> + <version>0.1.3</version> <status>Beta</status> <required_version>2.0</required_version> <maintainer>tom@tomschaefer.org marcellocoutinho@gmail.com</maintainer> diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64 index c596f3f2..6db67733 100644 --- a/pkg_config.8.xml.amd64 +++ b/pkg_config.8.xml.amd64 @@ -140,7 +140,7 @@ <pkginfolink>http://forum.pfsense.org/index.php/topic,25732.0.html</pkginfolink> <config_file>http://pfsense.org/packages/config/pf-blocker/pfblocker.xml</config_file> <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> - <version>0.1.2</version> + <version>0.1.3</version> <status>Beta</status> <required_version>2.0</required_version> <maintainer>tom@tomschaefer.org marcellocoutinho@gmail.com</maintainer> |