diff options
author | Marcello Coutinho <marcellocoutinho@gmail.com> | 2011-11-01 01:47:50 -0200 |
---|---|---|
committer | marcelloc <marcellocoutinho@gmail.com> | 2011-11-01 01:47:50 -0200 |
commit | b826f027192c51b86684a06a572c0aca82cb0a58 (patch) | |
tree | 021d8a87d17328d26dafcadc0d716d51a8370152 | |
parent | 45b5d5d6adebd32322c64c0983022023c241e42c (diff) | |
download | pfsense-packages-b826f027192c51b86684a06a572c0aca82cb0a58.tar.gz pfsense-packages-b826f027192c51b86684a06a572c0aca82cb0a58.tar.bz2 pfsense-packages-b826f027192c51b86684a06a572c0aca82cb0a58.zip |
pfBlocker - version 0.1.4 changes alias/lists/rules engine and gui
-rw-r--r-- | config/pf-blocker/pfBlocker.widget.php | 64 | ||||
-rwxr-xr-x | config/pf-blocker/pfblocker.inc | 602 | ||||
-rw-r--r-- | config/pf-blocker/pfblocker.php | 89 | ||||
-rwxr-xr-x | config/pf-blocker/pfblocker.xml | 128 | ||||
-rwxr-xr-x | config/pf-blocker/pfblocker_lists.xml | 237 | ||||
-rw-r--r-- | config/pf-blocker/pfblocker_sync.xml | 6 | ||||
-rw-r--r-- | config/pf-blocker/pfblocker_topspammers.xml | 28 | ||||
-rw-r--r-- | pkg_config.8.xml | 7 | ||||
-rw-r--r-- | pkg_config.8.xml.amd64 | 7 |
9 files changed, 707 insertions, 461 deletions
diff --git a/config/pf-blocker/pfBlocker.widget.php b/config/pf-blocker/pfBlocker.widget.php index ec1d08a2..6830275a 100644 --- a/config/pf-blocker/pfBlocker.widget.php +++ b/config/pf-blocker/pfBlocker.widget.php @@ -33,49 +33,43 @@ echo "<table style=\"padding-top:0px; padding-bottom:0px; padding-left:0px; padd cellspacing=\"0\""; echo" <tr>"; -$in=""; -$out=""; -$white=""; +$pfb_table=array(); +$out="<img src ='/themes/{$g['theme']}/images/icons/icon_interface_down.gif'>"; +$in="<img src ='/themes/{$g['theme']}/images/icons/icon_interface_up.gif'>"; +if (is_array($config['aliases']['alias'])) +foreach ($config['aliases']['alias'] as $cbalias){ + if (preg_match("/pfBlocker/",$cbalias['name'])){ + + if (file_exists('/var/db/aliastables/'.$cbalias['name'].'.txt')){ + preg_match("/(\d+)/",exec("/usr/bin/wc -l /var/db/aliastables/".$cbalias['name'].".txt"),$matches); + $pfb_table[$cbalias['name']]=array("count" => $matches[1], + "img"=> $out); + } + } + } $rules=$config['filter']['rule']; #echo "<pre>"; foreach($rules as $rule){ - if ($rule['destination']['address'] == 'pfBlockerOutbound' && $out == ""){ - #print_r($rule); - $out="<img src ='/themes/{$g['theme']}/images/icons/icon_interface_up.gif'>"; - } - - if ($rule['source']['address']== 'pfBlockerInbound' && $in == "") - $in="<img src ='/themes/{$g['theme']}/images/icons/icon_interface_up.gif'>"; + if (preg_match("/pfBlocker/",$rule['source']['address'])) + $pfb_table[$rule['source']['address']]["img"]=$in; - if ($rule['source']['address']== 'pfBlockerWL' && $white == "") - $white="<img src ='/themes/{$g['theme']}/images/icons/icon_interface_up.gif'>"; - - if ($rule['destination']['address']== 'pfBlockerWL' && $white == "") - $white="<img src ='/themes/{$g['theme']}/images/icons/icon_interface_up.gif'>"; + if (preg_match("/pfBlocker/",$rule['destination']['address'])) + $pfb_table[$rule['destination']['address']]["img"]=$in; } +print "<pre>"; +#var_dump($pfb_table); +#exit; + print "<td class=\"listlr\"><strong>Alias</strong></td>"; + print "<td class=\"listlr\"><strong>CIDRs</strong></td>"; + print "<td class=\"listlr\"><strong>Status</strong></td></tr>"; -$in=($in != ""?$in:"<img src ='/themes/{$g['theme']}/images/icons/icon_interface_down.gif'>"); -$out=($out != ""?$out:"<img src ='/themes/{$g['theme']}/images/icons/icon_interface_down.gif'>"); -$white=($white != ""?$white:"<img src ='/themes/{$g['theme']}/images/icons/icon_interface_down.gif'>"); - -echo " <td class=\"listhdrr\">pfBlockerInbound".$in."</td>"; -echo " <td class=\"listhdrr\">pfBlockerOutbound".$out."</td>"; -echo " <td class=\"listhdrr\">pfBlockerWL".$white."</td>"; -echo" </tr>"; -echo" <tr>"; -if (file_exists("/usr/local/pkg/pfb_in.txt")) { - $resultsIP = preg_match_all("/\//",file_get_contents("/usr/local/pkg/pfb_in.txt"),$matches); - echo " <td class=\"listlr\">". count($matches[0])." Networks</td>"; +foreach ($pfb_table as $alias => $values){ + print "<td class=\"listlr\">".$alias ."</td>"; + print "<td class=\"listlr\">".$values["count"]."</td>"; + print "<td class=\"listlr\">".$values["img"]."</td></tr>"; } -if (file_exists("/usr/local/pkg/pfb_out.txt")) { - $resultsIP = preg_match_all("/\//",file_get_contents("/usr/local/pkg/pfb_out.txt"),$matches); - echo " <td class=\"listlr\">" . count($matches[0])." Networks</td>"; -} -if (file_exists("/usr/local/pkg/pfb_w.txt")) { - $resultsIP = preg_match_all("/\//",file_get_contents("/usr/local/pkg/pfb_w.txt"),$matches); - echo " <td class=\"listlr\">" . count($matches[0])." Networks</td>";} - echo" </tr>"; echo"</table>"; +exit; ?>
\ No newline at end of file diff --git a/config/pf-blocker/pfblocker.inc b/config/pf-blocker/pfblocker.inc index f9f6d951..ec017df8 100755 --- a/config/pf-blocker/pfblocker.inc +++ b/config/pf-blocker/pfblocker.inc @@ -72,9 +72,9 @@ function pfblocker_Range2CIDR($ip_min, $ip_max) { function sync_package_pfblocker() { global $config; + $pfblocker_enable=$config['installedpackages']['pfblocker']['config'][0]['enable_cb']; $pfblocker_config=$config['installedpackages']['pfblocker']['config'][0]; - $continents= array("Africa","Antartica","Asia","Europe","North America","Oceania","South America"); - + $table_limit =($config['system']['maximumtableentries']!= ""?$config['system']['maximumtableentries']:"100000"); #get local web gui configuration $web_local=($config['system']['webgui']['protocol'] != ""?$config['system']['webgui']['protocol']:"http"); $port = $config['system']['webgui']['port']; @@ -86,304 +86,355 @@ function sync_package_pfblocker() { } $web_local .= "://127.0.0.1:".$port.'/pfblocker.php'; - #get all selected countries - $countries=$config['installedpackages']['pfblockertopspammers']['config'][0]['countries'].","; - foreach ($continents as $continent){ - if (is_array($config['installedpackages']['pfblocker'.strtolower(preg_replace('/ /','',$continent))]['config'])) - $countries.=$config['installedpackages']['pfblocker'.strtolower(preg_replace('/ /','',$continent))]['config'][0]['countries'].","; - } - $cb_files = explode(",", $countries); - - $pfbdir='/usr/local/pkg/pfblocker'; - #check folders + $pfbdir='/usr/local/pkg/pfblocker'; + $pfb_alias_dir='/usr/local/pkg/pfblocker_aliases'; if (!is_dir($pfbdir)) mkdir ($pfbdir,0755); + if (!is_dir($pfb_alias_dir)) + mkdir ($pfb_alias_dir,0755); if (! is_dir('/var/db/aliastables/')) mkdir ('/var/db/aliastables/',0755); - - #get custom lists - $whitelist=pfb_text_area_decode($pfblocker_config['whitelist']); - $ips_in=""; - $ips_out=""; - foreach ($cb_files as $iso){ - if ($iso <> ""){ - if (file_exists($pfbdir.'/'.$iso.'.txt')) - switch ($pfblocker_config['countryblock']){ - case "inbound": - $ips_in.=file_get_contents($pfbdir.'/'.$iso.'.txt'); + + $continents= array( "Africa" => "pfBlockerAfrica", + "Antartica" => "pfBlockerAntartica", + "Asia" => "pfBlockerAsia", + "Europe" => "pfBlockerEurope", + "North America" => "pfBlockerNorthAmerica", + "Oceania" => "pfBlockerOceania", + "South America" => "pfBlockerSouthAmerica", + "Top Spammers" => "pfBlockerTopSpammers"); + + #create rules vars and arrays + $new_aliases=array(); + $permit_inbound=array(); + $permit_outbound=array(); + $deny_inbound=array(); + $deny_outbound=array(); + $aliases_list=array(); + #check if pfblocker is enabled or not. + $deny_action_inbound=($pfblocker_config['inbound_deny_action']!= ""?$pfblocker_config['inbound_deny_action']:"block"); + $deny_action_outbound=($pfblocker_config['outbound_deny_action']!= ""?$pfblocker_config['outbound_deny_action']:"reject"); + $base_rule= array( "id" => "", + "tag"=> "", + "tagged"=> "", + "max"=> "", + "max-src-nodes"=>"", + "max-src-conn"=> "", + "max-src-states"=>"", + "statetimeout"=>"", + "statetype"=>"keep state", + "os"=> ""); +############################################# +# Assign Countries # +############################################# + foreach ($continents as $continent => $pfb_alias){ + ${$continent}=""; + if (is_array($config['installedpackages']['pfblocker'.strtolower(preg_replace('/ /','',$continent))]['config'])){ + $continent_config=$config['installedpackages']['pfblocker'.strtolower(preg_replace('/ /','',$continent))]['config'][0]; + if ($continent_config['action'] != 'Disabled' && $continent_config['action'] != '' && $pfblocker_enable == "on") + foreach (explode(",", $continent_config['countries']) as $iso){ + #var_dump ($iso); + if ($iso <> "" && file_exists($pfbdir.'/'.$iso.'.txt')) + ${$continent} .= file_get_contents($pfbdir.'/'.$iso.'.txt'); + } + if($continent_config['countries'] != "" && $pfblocker_enable == "on"){ + #write alias file + file_put_contents($pfb_alias_dir.'/'.$pfb_alias.'.txt',${$continent},LOCK_EX); + #Create alias config + $new_aliases[]=array("name"=> $pfb_alias, + "url"=> $web_local.'?pfb='.$pfb_alias, + "updatefreq"=> "32", + "address"=>"", + "descr"=> "pfBlocker country list", + "type"=> "urltable", + "detail"=> "DO NOT EDIT THIS ALIAS"); + #force alias file update + if (file_exists($pfb_alias_dir.'/'.$pfb_alias.'.txt')) + file_put_contents($pfb_alias_dir.'/'.$pfb_alias.'.txt',${$continent}, LOCK_EX); + #Create rule if action permits + switch($continent_config['action']){ + case "Deny_Outbound": + $rule = $base_rule; + $rule["type"] = $deny_action_outbound; + $rule["descr"]= "pfBlocker Outbound rule"; + $rule["source"]=array("any"=>""); + $rule["destination"]= array("address"=> $pfb_alias); + if ($pfblocker_config['enable_log']) + $rule["log"]=""; + $deny_outbound[]=$rule; + break; + case "Deny_Inbound": + $rule = $base_rule; + $rule["type"] = $deny_action_inbound; + $rule["descr"]= "pfBlocker Inbound rule"; + $rule["source"]= array("address"=> $pfb_alias); + $rule["destination"]=array("any"=>""); + if ($pfblocker_config['enable_log']) + $rule["log"]=""; + $deny_inbound[]=$rule; break; - case "outbound": - $ips_out.=file_get_contents($pfbdir.'/'.$iso.'.txt'); + case "Permit_Outbound": + $rule = $base_rule; + $rule["type"] = "pass"; + $rule["descr"]= "pfBlocker Outbound rule"; + $rule["source"]=array("any"=>""); + $rule["destination"]= array("address"=> $pfb_alias); + if ($pfblocker_config['enable_log']) + $rule["log"]=""; + $permit_outbound[]=$rule; break; - case "both": - $ips_in.=file_get_contents($pfbdir.'/'.$iso.'.txt'); - $ips_out.=file_get_contents($pfbdir.'/'.$iso.'.txt'); + case "Permit_Inbound": + $rule = $base_rule; + $rule["type"] = "pass"; + $rule["descr"]= "pfBlocker Inbound rule"; + $rule["source"]= array("address"=> $pfb_alias); + $rule["destination"]=array("any"=>""); + if ($pfblocker_config['enable_log']) + $rule["log"]=""; + $permit_inbound[]=$rule; break; - case "whitelist": - $whitelist.=file_get_contents($pfbdir.'/'.$iso.'.txt'); - break; } + } } + #mark pfctl aliastable for cleanup + if (!in_array($pfb_alias, $aliases_list)) + $aliases_list[]=$pfb_alias; + } - #Assign IP range lists - foreach ($pfblocker_config['row'] as $row){ - $md5_url = md5($row['url']); - #print $row['action']."<br>"; - if (file_exists($pfbdir."/".$md5_url.".txt")){ - ${$row['action']}.= file_get_contents($pfbdir.'/'.$md5_url.'.txt'); - } - else{ - if ($row['format'] == "gz") - $url_list= gzfile($row['url']); - else - $url_list= file($row['url']); - #extract range lists - $new_file=""; - foreach ($url_list as $line){ - # CIDR format 192.168.0.0/16 - if (preg_match("/(\d+\.\d+\.\d+\.\d+\/\d+)/",$line,$matches)){ - ${$row['action']}.= $matches[1]."\n"; - $new_file.= $matches[1]."\n"; + ############################################# + # Assign lists # + ############################################# + #print "<pre>"; + if($config['installedpackages']['pfblockerlists']['config'] != "") + foreach($config['installedpackages']['pfblockerlists']['config'] as $list){ + $alias="pfBlocker".preg_replace("/\W/","",$list['aliasname']); + #print $list['aliasname'].$list['action']." ".$alias." ".$row['url']."<br>"; + if ($alias != "pfBlocker" && $list['action'] != "" && $list['action'] != 'Disabled' && $pfblocker_enable == "on"){ + #remove empty lists files if any + if (is_array($list['row'])) + foreach ($list['row'] as $row){ + #print $list['aliasname'].$list['action'].$list['cron']." ".$alias." ".$row['url']."$update_local<br>"; + if ($row['url'] != ""){ + $md5_url = md5($row['url']); + if (file_exists($pfbdir."/".$md5_url.".txt")){ + ${$alias}.= file_get_contents($pfbdir.'/'.$md5_url.'.txt'); + } + else{ + if ($row['format'] == "gz") + $url_list= gzfile($row['url']); + else + $url_list= file($row['url']); + #extract range lists + $new_file=""; + if (is_array($url_list)) + foreach ($url_list as $line){ + # CIDR format 192.168.0.0/16 + if (preg_match("/(\d+\.\d+\.\d+\.\d+\/\d+)/",$line,$matches)){ + ${$alias}.= $matches[1]."\n"; + $new_file.= $matches[1]."\n"; + } + # Network range 192.168.0.0-192.168.0.254 + if (preg_match("/(\d+\.\d+\.\d+\.\d+)-(\d+\.\d+\.\d+\.\d+)/",$line,$matches)){ + $cidr= pfblocker_Range2CIDR($matches[1],$matches[2]); + if ($cidr != ""){ + ${$alias}.= $cidr."\n"; + $new_file.= $cidr."\n"; + } + } + } + if ($new_file != "") + file_put_contents($pfbdir.'/'.$md5_url.'.txt',$new_file, LOCK_EX); + } + } } - - # Network range 192.168.0.0-192.168.0.254 - if (preg_match("/(\d+\.\d+\.\d+\.\d+)-(\d+\.\d+\.\d+\.\d+)/",$line,$matches)) - $cidr= pfblocker_Range2CIDR($matches[1],$matches[2]); - if ($cidr != ""){ - ${$row['action']}.= $cidr."\n"; - $new_file.= $cidr."\n"; + #check custom network list + if (pfb_text_area_decode($list['custom']) != "") + ${$alias}.=pfb_text_area_decode($list['custom'])."\n"; + #save alias file if not empty + if (${$alias} == ""){ + if (file_exists($pfb_alias_dir.'/'.$alias.'.txt')) + unlink($pfb_alias_dir.'/'.$alias.'.txt'); } + else{ + file_put_contents($pfb_alias_dir.'/'.$alias.'.txt',${$alias}, LOCK_EX); + #create alias + $new_aliases[]=array("name"=> $alias, + "url"=> $web_local.'?pfb='.$alias, + "updatefreq"=> "32", + "address"=>"", + "descr"=> "pfBlocker user list", + "type"=> "urltable", + "detail"=> "DO NOT EDIT THIS ALIAS"); + #Create rule if action permits + switch($list['action']){ + case "Deny_Outbound": + $rule = $base_rule; + $rule["type"] = $deny_action_outbound; + $rule["descr"]= "pfBlocker Outbound rule"; + $rule["source"]=array("any"=>""); + $rule["destination"]= array("address"=> $alias); + if ($pfblocker_config['enable_log']) + $rule["log"]=""; + $deny_outbound[]=$rule; + break; + case "Deny_Inbound": + $rule = $base_rule; + $rule["type"] = $deny_action_inbound; + $rule["descr"]= "pfBlocker Inbound rule"; + $rule["source"]= array("address"=> $alias); + $rule["destination"]=array("any"=>""); + if ($pfblocker_config['enable_log']) + $rule["log"]=""; + $deny_inbound[]=$rule; + break; + case "Permit_Outbound": + $rule = $base_rule; + $rule["type"] = "pass"; + $rule["descr"]= "pfBlocker Outbound rule"; + $rule["source"]=array("any"=>""); + $rule["destination"]= array("address"=> $alias); + if ($pfblocker_config['enable_log']) + $rule["log"]=""; + $permit_outbound[]=$rule; + break; + case "Permit_Inbound": + $rule = $base_rule; + $rule["type"] = "pass"; + $rule["descr"]= "pfBlocker Inbound rule"; + $rule["source"]= array("address"=> $alias); + $rule["destination"]=array("any"=>""); + if ($pfblocker_config['enable_log']) + $rule["log"]=""; + $permit_inbound[]=$rule; + break; + } + } + #mark pfctl aliastable for cleanup + if (!in_array($alias, $aliases_list)) + $aliases_list[]=$alias; + } + else{ + #unlink previous pfblocker alias list if any + if (file_exists($pfb_alias_dir.'/'.$alias.'.txt')) + unlink($pfb_alias_dir.'/'.$alias.'.txt'); } - if ($new_file != "") - file_put_contents($pfbdir.'/'.$md5_url.'.txt',$new_file, LOCK_EX); - } - #print $row['url']."<br>" .$md5_url.".txt<br>"; - #var_dump(gzfile($row['url'])); - } - - #create all country block lists based on gui - file_put_contents('/usr/local/pkg/pfb_in.txt',$ips_in, LOCK_EX); - - #create all country block lists based on gui - file_put_contents('/usr/local/pkg/pfb_out.txt',$ips_out, LOCK_EX); - - #write white_list to filesystem - file_put_contents('/usr/local/pkg/pfb_w.txt',$whitelist, LOCK_EX); - - - #edit or assign alias "pfblockerInbound", "pfblockerOutbound" and "pfblockerWL" - $aliases=$config['aliases']['alias']; - $new_aliases=array(); - $pfBlockerInbound='/var/db/aliastables/pfBlockerInbound.txt'; - if ($ips_in != "" && $config['installedpackages']['pfblocker']['config'][0]['enable_cb'] == "on"){ - #create or reaply alias - $new_aliases[]=array("name"=> 'pfBlockerInbound', - "url"=> $web_local.'?pfb=in', - "updatefreq"=> "7", - "address"=>"", - "descr"=> "pfBlocker Inbound deny list", - "type"=> "urltable", - "detail"=> "DO NOT EDIT THIS ALIAS"); - #force alias file update - if (file_exists($pfBlockerInbound)) - file_put_contents($pfBlockerInbound,$ips_in, LOCK_EX); - } - else{ - #remove previous aliastable if exist - if (file_exists($pfBlockerInbound)) - unlink($pfBlockerInbound); - } - $pfBlockerOutbound='/var/db/aliastables/pfBlockerOutbound.txt'; - if ($ips_out != "" && $config['installedpackages']['pfblocker']['config'][0]['enable_cb'] == "on"){ - #create or reaply alias - $new_aliases[]=array("name"=> 'pfBlockerOutbound', - "url"=> $web_local.'?pfb=out', - "updatefreq"=> "7", - "address"=>"", - "descr"=> "pfBlocker Outbound deny list", - "type"=> "urltable", - "detail"=> "DO NOT EDIT THIS ALIAS"); - #force alias file update - if (file_exists($pfBlockerOutbound)) - file_put_contents($pfBlockerOutbound,$ips_out, LOCK_EX); } - else{ - #remove previous aliastable if exist - if (file_exists($pfBlockerOutbound)) - unlink($pfBlockerOutbound); - } - - $pfblockerWL='/var/db/aliastables/pfBlockerWL.txt'; - if ($whitelist != "" && $config['installedpackages']['pfblocker']['config'][0]['enable_cb'] == "on"){ - #create or reaply alias - $new_aliases[]=array("name"=> 'pfBlockerWL', - "url"=> $web_local.'?pfb=white', - "updatefreq"=> "7", - "address"=>"", - "descr"=> "pfBlocker White list", - "type"=> "urltable", - "detail"=> "DO NOT EDIT THIS ALIAS"); - #force alias file update - if (file_exists($pfblockerWL)) - file_put_contents($pfblockerWL,$whitelist, LOCK_EX); + #update pfsense alias table + $aliases=$config['aliases']['alias']; + foreach($aliases as $cbalias){ + if (preg_match("/pfBlocker/",$cbalias['name'])){ + #mark pfctl aliastable for cleaning + if (!in_array($cbalias['name'], $aliases_list)) + $aliases_list[]=$cbalias['name']; #mark aliastable for cleaning + #remove previous aliastable file if exist + $aliastablefile="/var/db/aliastables/".$cbalias['name'].".txt"; + if (file_exists($aliastablefile)) + unlink($aliastablefile); + } + else{ + $new_aliases[]= $cbalias; + if (file_exists($pfb_alias_dir.'/'.$alias.'.txt') && $message ==""){ + preg_match("/(\d+)/",exec("/usr/bin/wc -l ".$pfb_alias_dir.'/'.$alias.'.txt'),$matches); + } + if (($matches[1] * 2.1)>= $table_limit ) + #alias table too large + $message= $alias .' alias table is too large. Reduce networks in list or increase "Firewall Maximum Table Entries" value to at least '. (int)($matches[1] * 2.1) .' in "system - advanced - Firewall/NAT".'; + } } - else{ - #remove previous aliastable if exist - if (file_exists($pfblockerWL)) - unlink($pfblockerWL); - } + #apply new alias table to xml + if ($message == "") + $config['aliases']['alias']=$new_aliases; + #exit; + ############################################# + # Assign rules # + ############################################# + #print "<pre>"; + #var_dump($permit_inbound); + #var_dump($permit_outbound); + #var_dump($deny_inbound); + #var_dump($deny_outbound); + #var_dump($pfblocker_config['inbound_interface']); + #print count($deny_inbound) .count($deny_inbound); - if (is_array($aliases)) - foreach($aliases as $cbalias){ - if (! preg_match("/pfBlocker.*list/",$cbalias['descr'])) - $new_aliases[]= $cbalias; - } - $config['aliases']['alias']=$new_aliases; - - # check pfBlocker filter options - $ifaces = $pfblocker_config['inbound_interface']; - if ($ifaces != "") - foreach (explode(",", $ifaces) as $i => $iface) { - if ($whitelist != "" && $iface != ""){ - ${$iface}[0]=array("id" => "", - "type"=>"pass", - "tag"=> "", - "interface" => $iface, - "tagged"=> "", - "max"=> "", - "max-src-nodes"=>"", - "max-src-conn"=> "", - "max-src-states"=>"", - "statetimeout"=>"", - "statetype"=>"keep state", - "os"=> "", - "source"=>array("address"=>"pfBlockerWL"), - "destination"=>array("any"=>""), - "descr"=>"pfBlocker Whitelist rule"); - - if ($pfblocker_config['enable_log']) - ${$iface}[0]["log"]=""; - } - if ($ips_in != "" && $iface != ""){ - $action=($pfblocker_config['inbound_deny_action']!= ""?$pfblocker_config['inbound_deny_action']:"block"); - ${$iface}[1]=array( "id" => "", - "type"=>$action, - "tag"=> "", - "interface" => $iface, - "tagged"=> "", - "max"=> "", - "max-src-nodes"=>"", - "max-src-conn"=> "", - "max-src-states"=>"", - "statetimeout"=>"", - "statetype"=>"keep state", - "os"=> "", - "source"=>array("address"=>"pfBlockerInbound"), - "destination"=>array("any"=>""), - "descr"=>"pfBlocker Inbound deny rule"); - - if ($pfblocker_config['enable_log']) - ${$iface}[1]["log"]=""; + # Inbound filter options + $inbound_interface = $pfblocker_config['inbound_interface']; + if (count($deny_inbound) > 0 || count($permit_inbound) > 0){ + if($inbound_interface == "") + $message="Unable to apply rules.Inbound Interface option not configured."; + if ($inbound_interface == "lo0") + $message="Floating rules are not implemented in pfBlocker yet, choose Inbound Interface other than loopback or change action to Alias only."; } - } - $ifaces = $pfblocker_config['outbound_interface']; - if ($ifaces != "") - foreach (explode(",", $ifaces) as $i => $iface) { - if ($whitelist != "" && $iface != ""){ - ${$iface}[2]=array( "id" => "", - "type"=>"pass", - "tag"=> "", - "interface" => $iface, - "tagged"=> "", - "max"=> "", - "max-src-nodes"=>"", - "max-src-conn"=> "", - "max-src-states"=>"", - "statetimeout"=>"", - "statetype"=>"keep state", - "os"=> "", - "source"=>array("any"=>""), - "destination"=>array("address"=>"pfBlockerWL"), - "descr"=>"pfBlocker Whitelist rule"); - if ($pfblocker_config['enable_log']) - ${$iface}[2]["log"]=""; - } - if ($ips_out != "" && $iface != ""){ - $action=($pfblocker_config['outbound_deny_action']!= ""?$pfblocker_config['outbound_deny_action']:"block"); - ${$iface}[3]= array("id" => "", - "type"=>$action, - "tag"=> "", - "interface" => $iface, - "tagged"=> "", - "max"=> "", - "max-src-nodes"=>"", - "max-src-conn"=> "", - "max-src-states"=>"", - "statetimeout"=>"", - "statetype"=>"keep state", - "os"=> "", - "source"=>array("any"=>""), - "destination"=>array("address"=>"pfBlockerOutbound"), - "descr"=>"pfBlocker Outbound deny rule"); - if ($pfblocker_config['enable_log']) - ${$iface}[3]["log"]=""; - + + # Outbound filter options + $outbound_interface = $pfblocker_config['outbound_interface']; + if (count($deny_outbound) > 0 || count($permit_outbound) > 0){ + if($outbound_interface == "") + $message="Unable to apply rules.Outbound Interface option not configured."; + if ($outbound_interface == "lo0") + $message="Floating rules are not implemented in pfBlocker yet, choose Outbound Interface other than loopback or change action to Alias only."; } - - } - $last_iface=""; - $rules=$config['filter']['rule']; - foreach ($rules as $rule){ - if ($rule['interface'] <> $last_iface){ - $last_iface = $rule['interface']; - #apply pfblocker rules if enabled - if ($config['installedpackages']['pfblocker']['config'][0]['enable_cb'] == "on" && is_array(${$rule['interface']})) - foreach (${$rule['interface']} as $cb_rules) - $new_rules[]=$cb_rules; + + if ($message == "") + { + $last_iface=""; + $rules=$config['filter']['rule']; + $new_rules=array(); + foreach ($rules as $rule){ + if ($rule['interface'] <> $last_iface){ + $last_iface = $rule['interface']; + #apply pfblocker rules if enabled + + #Inbound + if (preg_match("/$last_iface/",$inbound_interface)){ + #permit rules + if (is_array($permit_inbound)) + foreach ($permit_inbound as $cb_rules){ + $cb_rules['interface']=$rule['interface']; + $new_rules[]=$cb_rules; + } + #deny rules + if (is_array($deny_inbound)) + foreach ($deny_inbound as $cb_rules){ + $cb_rules['interface']=$rule['interface']; + $new_rules[]=$cb_rules; + } + } + #Outbound + if (preg_match("/$last_iface/",$outbound_interface)){ + #permit rules + if (is_array($permit_outbound)) + foreach ($permit_outbound as $cb_rules){ + $cb_rules['interface']=$rule['interface']; + $new_rules[]=$cb_rules; + } + #deny rules + if (is_array($deny_outbound)) + foreach ($deny_outbound as $cb_rules){ + $cb_rules['interface']=$rule['interface']; + $new_rules[]=$cb_rules; + } + } + } + #include all rules that is not from pfBlocker + if (!preg_match("/pfBlocker.*rule/",$rule['descr']) && $rule['interface'] != "") + $new_rules[]=$rule; } - if (!preg_match("/pfBlocker.*rule/",$rule['descr'])) - $new_rules[]=$rule; - } - $config['filter']['rule']=$new_rules; - - #check aliastable size - preg_match("/(\d+)/",exec("/usr/bin/wc -l /usr/local/pkg/pfb_in.txt"),$matches); - $count_ips_in = $matches[1]; - preg_match("/(\d+)/",exec("/usr/bin/wc -l /usr/local/pkg/pfb_out.txt"),$matches); - $count_ips_out = $matches[1]; - preg_match("/(\d+)/",exec("/usr/bin/wc -l /usr/local/pkg/pfb_w.txt"),$matches); - $count_ips_w = $matches[1]; - - #get higher value - $max=$count_ips_in; - if ($max < $count_ips_out) - $max = $count_ips_out; - if ($max < $count_ips_w) - $max = $count_ips_w; - $sum=($count_ips_in + $count_ips_out + $count_ips_w); - #check table size client option - $table_limit =($config['system']['maximumtableentries']!= ""?$config['system']['maximumtableentries']:"100000"); + $config['filter']['rule']=$new_rules; + } - #check for possible table size erros - $error_message=""; - if ($count_ips_in >= $table_limit ) - $message='pfBlockerInbound alias table is too large. Reduce Inbound list or increase "Firewall Maximum Table Entries" value to at least '.($sum +1000).' in "system - advanced - Firewall/NAT".'; - if ($count_ips_out >= $table_limit ) - $message='pfBlockerOutbound alias table is too large. Reduce Outbound List or increase "Firewall Maximum Table Entries" value to at least '.($sum +1000).' in "system - advanced - Firewall/NAT".'; - if ($count_ips_w >= $table_limit ) - $message='pfBlockerWL alias table is too large. Reduce whitelist or increase "Firewall Maximum Table Entries" value to at least '.($sum +1000).' in "system - advanced - Firewall/NAT ".'; - if ($message == ""){ - #save and apply all changes*/ + #save and apply all changes + # to be removed in final version + $aliases_list[]="pfBlockerInbound"; #remove previous version lists + $aliases_list[]="pfBlockerOutbound";#remove previous version lists + $aliases_list[]="pfBlockerWL"; #remove previous version lists + #exit; #update pfctrl tables - $tables = array ('pfBlockerOutbound' => 'pfb_out.txt', - 'pfBlockerInbound' => 'pfb_in.txt', - 'pfBlockerWL' => 'pfb_w.txt'); - foreach ($tables as $table => $pfb_file) - exec("/sbin/pfctl -t " . escapeshellarg($table) . " -T replace -f /usr/local/pkg/" . escapeshellarg($pfb_file) . " 2>&1", $result_pfb); + foreach ($aliases_list as $table) + exec("/sbin/pfctl -t " . escapeshellarg($table) . " -T kill 2>&1", $result_pfb); #write config write_config(); @@ -485,6 +536,7 @@ function pfblocker_do_xmlrpc_sync($sync_to_ip, $password) { /* xml will hold the sections to sync */ $xml = array(); $xml['pfblocker'] = $config['installedpackages']['pfblocker']; + $xml['pfblockerlists'] = $config['installedpackages']['pfblockerlists']; $xml['pfblockertopspammers'] = $config['installedpackages']['pfblockertopspammers']; $xml['pfblockerafrica'] = $config['installedpackages']['pfblockerafrica']; $xml['pfblockerantartica'] = $config['installedpackages']['pfblockerantartica']; diff --git a/config/pf-blocker/pfblocker.php b/config/pf-blocker/pfblocker.php index f1dd85f5..b6c595ab 100644 --- a/config/pf-blocker/pfblocker.php +++ b/config/pf-blocker/pfblocker.php @@ -1,29 +1,27 @@ <?php function get_networks($pfb){ - if ($pfb==1) - $return= file_get_contents('/usr/local/pkg/pfb_in.txt'); - if ($pfb==2) - $return= file_get_contents('/usr/local/pkg/pfb_out.txt'); - if ($pfb==3) - $return=file_get_contents('/usr/local/pkg/pfb_w.txt'); - #print "<pre>"; - print $return; + $file='/usr/local/pkg/pfblocker_aliases/'.$pfb.'.txt'; + if ($file) + $return= file_get_contents($file); + print $return; } # to be uncomented when this packages gets stable state #if($_SERVER['REMOTE_ADDR']== '127.0.0.1'){ -switch ($_REQUEST['pfb']){ - case "in": - get_networks(1); - break; - case "out": - get_networks(2); - break; - case "white": - get_networks(3); - break; -} +if (preg_match("/(\w+)/",$_REQUEST['pfb'],$matches)) + get_networks($matches[1]); #} + +if ($argv[1]=='cron' && preg_match("/\d+/",$argv[2],$matches)){ + #require_once("/etc/inc/util.inc"); + #require_once("/etc/inc/functions.inc"); + #require_once("/etc/inc/etpkg-utils.inc"); + #require_once("/etc/inc/globals.inc"); + #require_once("/etc/inc/filter.inc"); + include "/usr/local/pkg/pfblocker.inc"; + print "id".$argv[2]; + sync_package_pfblocker($argv[2]); + } function pfblocker_get_countries(){ $files= array ( "Africa" => "/usr/local/pkg/Africa_cidr.txt", @@ -124,6 +122,10 @@ $xml= <<<EOF <url>/pkg_edit.php?xml=pfblocker.xml&id=0</url> </tab> <tab> + <text>Lists</text> + <url>/pkg.php?xml=pfblocker_lists.xml</url> + </tab> + <tab> <text>Top Spammers</text> <url>/pkg_edit.php?xml=pfblocker_topspammers.xml&id=0</url> {$active['top']} @@ -166,22 +168,45 @@ $xml= <<<EOF </tabs> <fields> <field> - <name>Continent {$cont}</name> - <type>listtopic</type> + <name>Continent {$cont}</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Countries</fielddescr> + <fieldname>countries</fieldname> + <description> + <![CDATA[Select Countries you want to take an action.<br> + <strong>Use CTRL + CLICK to unselect countries</strong>]]> + </description> + <type>select</type> + <options> + {$options} + </options> + <size>{$total}</size> + <multiple/> </field> <field> - <fielddescr>Countries</fielddescr> - <fieldname>countries</fieldname> - <description> - <![CDATA[Select Countries you want to block.]]> - </description> + <fielddescr>Action</fielddescr> + <fieldname>action</fieldname> + <description><![CDATA[Default:<strong>Disabled</strong><br> + Select action for countries you have selected in {$cont}<br><br> + <strong>Note: </strong><br>'Deny Inbound' - Will deny access from selected countries to your network.<br> + 'Deny Outbound' - Will deny access from your users to countries you selected to block<br> + 'Permit Inbound' - Will allow access from selected countries to your network.<br> + 'Permit Outbound' - Will allow access from your users to countries you selected to block<br> + 'Alias Only' - Will create alias <strong>{$cont}</strong> with selected countries to help custom rule assignments.<br> + 'Disabled' - Will just keep selection and do nothing to selected countries.<br>]]></description> <type>select</type> <options> - {$options} - </options> - <size>{$total}</size> - <multiple/> - </field> </fields> + <option><name>Disabled</name><value>Disabled</value></option> + <option><name>Deny Inbound</name><value>Deny_Inbound</value></option> + <option><name>Deny Outbound</name><value>Deny_Outbound</value></option> + <option><name>Permit Inbound</name><value>Permit_Inbound</value></option> + <option><name>Permit Outbound</name><value>Permit_Outbound</value></option> + <option><name>Alias only</name><value>Alias_only</value></option> + </options> + </field> + </fields> <custom_php_install_command> pfblocker_php_install_command(); </custom_php_install_command> @@ -201,4 +226,4 @@ EOF; } } -?>
\ No newline at end of file +?> diff --git a/config/pf-blocker/pfblocker.xml b/config/pf-blocker/pfblocker.xml index 77a81e24..eef4c882 100755 --- a/config/pf-blocker/pfblocker.xml +++ b/config/pf-blocker/pfblocker.xml @@ -50,7 +50,7 @@ <name>pfBlocker</name> <tooltiptext>Configure pfblocker</tooltiptext> <section>Firewall</section> - <url>pkg_edit.php?xml=pfblocker.xml&id=0</url> + <url>pkg_edit.php?xml=pfblocker.xml</url> </menu> <additional_files_needed> <item>http://www.pfsense.org/packages/config/pf-blocker/pfblocker.inc</item> @@ -73,6 +73,11 @@ <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> + <item>http://www.pfsense.org/packages/config/pf-blocker/pfblocker_lists.xml</item> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + </additional_files_needed> + <additional_files_needed> <item>http://www.pfsense.org/packages/config/pf-blocker/pfblocker_sync.xml</item> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> @@ -114,6 +119,11 @@ <active/> </tab> <tab> + <text>Lists</text> + <url>/pkg.php?xml=pfblocker_lists.xml</url> + </tab> + + <tab> <text>Top Spammers</text> <url>/pkg_edit.php?xml=pfblocker_topspammers.xml&id=0</url> </tab> @@ -169,8 +179,7 @@ <field> <fielddescr>Inbound Interface(s)</fielddescr> <fieldname>inbound_interface</fieldname> - <description><![CDATA[Default: <strong>WAN</strong><br>Select interface(s) that you want to block incoming traffic.<br> - If you want to create custom inbound rules for blocked countries based on pfBlocker firewall alias, leave this list empty.]]></description> + <description><![CDATA[Default: <strong>WAN</strong><br>Select interface(s) that you want to block incoming traffic.]]></description> <type>interfaces_selection</type> <required/> <multiple/> @@ -189,8 +198,7 @@ <field> <fielddescr>Outbound Interface(s)</fielddescr> <fieldname>outbound_interface</fieldname> - <description><![CDATA[Default:<strong>LAN</strong> or none.<br>Select interface(s) that you do not want to send outgoing traffic.<br> - If you want to create custom outbound rules for blocked countries based on pfBlocker firewall alias, leave this list empty.]]></description> + <description><![CDATA[Default:<strong>LAN</strong> or none.<br>Select interface(s) that you do not want to send outgoing traffic.]]></description> <type>interfaces_selection</type> <required/> <multiple/> @@ -206,115 +214,7 @@ <option><name>Block</name><value>block</value></option> </options> </field> - - <field> - <name>Network ranges / CIDR lists</name> - <type>listtopic</type> - </field> - - <field> - <fielddescr>Country Action</fielddescr> - <fieldname>countryblock</fieldname> - <description><![CDATA[Default:<strong>Block Inbound</strong><br> - Select action for countries you have selected<br><br> - <strong>Note: </strong><br>'Deny Inbound' traffic will deny access from selected countries to your network.<br> - 'Deny Outgoing' traffic will deny access from your users to countries you selected to block<br> - 'Whitelist' will allow access from and to selected countries to your network.<br> - 'None' will not apply rules to selected countries.]]></description> - <type>select</type> - <options> - <option><name>Deny Inbound</name><value>inbound</value></option> - <option><name>Deny Outbound</name><value>outbound</value></option> - <option><name>Deny Inbound and Outbound</name><value>both</value></option> - <option><name>whitelist</name><value>whitelist</value></option> - <option><name>None</name><value>none</value></option> - </options> - </field> - <field> - <fielddescr>Update frequency</fielddescr> - <fieldname>update</fieldname> - <description><![CDATA[Default:<strong>Never</strong><br> - Select how often pfsense will download List files]]></description> - <type>select</type> - <options> - <option><name>Never</name><value>never</value></option> - <option><name>Every 4 Hours</name><value>4hours</value></option> - <option><name>Every 12 Hours</name><value>12hours</value></option> - <option><name>Once a day</name><value>day</value></option> - <option><name>Once a week</name><value>week</value></option> - </options> - </field> - <field> - <fielddescr><![CDATA[Lists]]></fielddescr> - <fieldname>none</fieldname> - <description><![CDATA[In 'list action' choose the way you want to use the list and in 'Format' choose the file format on url.<br> - ON url field, add direct link to list (Example: <a target=_new href='http://list.iblocklist.com/?list=bt_ads&fileformat=p2p&archiveformat=gz'>Ads</a>, - <a target=_new href='http://list.iblocklist.com/?list=bt_spyware&fileformat=p2p&archiveformat=gz'>Spyware</a>, - <a target=_new href='http://list.iblocklist.com/?list=bt_proxy&fileformat=p2p&archiveformat=gz'>Proxies</a> )<br> - Compressed lists must be in gz format.<br> - File must have only one network per line and could follows PeerBlock syntax or this below:<br> - Network ranges: <strong>172.16.1.0-172.16.1.255</strong><br> - CIDR: <strong>172.16.1.0/24</strong> - ]]></description> - <type>rowhelper</type> - <rowhelper> - <rowhelperfield> - <fielddescr>List Action</fielddescr> - <fieldname>action</fieldname> - <type>select</type> - <options> - <option><name>Deny Inbound</name><value>ips_in</value></option> - <option><name>Deny Outbound</name><value>ips_out</value></option> - <option><name>whitelist</name><value>whitelist</value></option> - <option><name>None</name><value>none</value></option> - </options> - </rowhelperfield> - <rowhelperfield> - <fielddescr>Format</fielddescr> - <fieldname>format</fieldname> - <type>select</type> - <options> - <option><name>gz</name><value>gz</value></option> - <option><name>txt</name><value>txt</value></option> - </options> - </rowhelperfield> - <rowhelperfield> - <fielddescr>Url</fielddescr> - <fieldname>url</fieldname> - <type>input</type> - <size>55</size> - </rowhelperfield> - </rowhelper> - </field> - <field> - <name>List info help</name> - <fieldname>list_info</fieldname> - <description><![CDATA[In 'list action' choose the way you want to use the list and in 'Format' choose the file format on url.<br> - ON url field, add direct link to list (Example: <a target=_new href='http://list.iblocklist.com/?list=bt_ads&fileformat=p2p&archiveformat=gz'>Ads</a>, - <a target=_new href='http://list.iblocklist.com/?list=bt_spyware&fileformat=p2p&archiveformat=gz'>Spyware</a>, - <a target=_new href='http://list.iblocklist.com/?list=bt_proxy&fileformat=p2p&archiveformat=gz'>Proxies</a> )<br> - Compressed lists must be in gz format.<br> - File must have only one network per line and could follows PeerBlock syntax or this below:<br> - Network ranges: <strong>172.16.1.0-172.16.1.255</strong><br> - CIDR: <strong>172.16.1.0/24</strong> - ]]></description> - <type>checkbox</type> - - </field> - <field> - <name>Custom list</name> - <type>listtopic</type> - </field> - <field> - <fielddescr>Whitelist</fielddescr> - <fieldname>whitelist</fieldname> - <description><![CDATA[Enter network you want to whitlist in CIDR format. One network per line.<br> - Example: 192.168.1.0/24]]></description> - <type>textarea</type> - <cols>50</cols> - <rows>06</rows> - <encoding>base64</encoding> - </field> + </fields> <custom_php_install_command> pfblocker_php_install_command(); diff --git a/config/pf-blocker/pfblocker_lists.xml b/config/pf-blocker/pfblocker_lists.xml new file mode 100755 index 00000000..08574783 --- /dev/null +++ b/config/pf-blocker/pfblocker_lists.xml @@ -0,0 +1,237 @@ +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<packagegui> + <copyright> + <![CDATA[ +/* ========================================================================== */ +/* + pfblocker_lists.xml + part of pfSense (http://www.pfSense.com) + Copyright (C) 2010 Scott Ullrich <sullrich@gmail.com> + Copyright (C) 2011 Marcello Coutinho + + All rights reserved. +*/ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + </copyright> + <description>Describe your package here</description> + <requirements>Describe your package requirements here</requirements> + <faq>Currently there are no FAQ items provided.</faq> + <name>pfblockerlists</name> + <version>1.0</version> + <title>Firewall: pfBlocker</title> + <include_file>/usr/local/pkg/pfblocker.inc</include_file> + <menu> + <name>pfBlocker </name> + <tooltiptext></tooltiptext> + <section>Firewall</section> + <configfile>pfblocker_lists.xml</configfile> + </menu> +<tabs> + <tab> + <text>General</text> + <url>/pkg_edit.php?xml=pfblocker.xml&id=0</url> + </tab> + <tab> + <text>Lists</text> + <url>/pkg.php?xml=pfblocker_lists.xml</url> + <active/> + </tab> + + <tab> + <text>Top Spammers</text> + <url>/pkg_edit.php?xml=pfblocker_topspammers.xml&id=0</url> + </tab> + + <tab> + <text>Africa</text> + <url>/pkg_edit.php?xml=pfblocker_Africa.xml&id=0</url> + + </tab> + <tab> + <text>Asia</text> + <url>/pkg_edit.php?xml=pfblocker_Asia.xml&id=0</url> + + </tab> + <tab> + <text>Europe</text> + <url>/pkg_edit.php?xml=pfblocker_Europe.xml&id=0</url> + </tab> + <tab> + <text>North America</text> + <url>/pkg_edit.php?xml=pfblocker_NorthAmerica.xml&id=0</url> + </tab> + <tab> + <text>Oceania</text> + <url>/pkg_edit.php?xml=pfblocker_Oceania.xml&id=0</url> + </tab> + <tab> + <text>South America</text> + <url>/pkg_edit.php?xml=pfblocker_SouthAmerica.xml&id=0</url> + </tab> + <tab> + <text>XMLRPC Sync</text> + <url>/pkg_edit.php?xml=pfblocker_sync.xml&id=0</url> + </tab> +</tabs> + <adddeleteeditpagefields> + <columnitem> + <fielddescr>Alias</fielddescr> + <fieldname>aliasname</fieldname> + </columnitem> + <columnitem> + <fielddescr>Description</fielddescr> + <fieldname>description</fieldname> + </columnitem> + + <columnitem> + <fielddescr>Action</fielddescr> + <fieldname>action</fieldname> + </columnitem> + <columnitem> + <fielddescr>Update Frequency</fielddescr> + <fieldname>cron</fieldname> + </columnitem> + </adddeleteeditpagefields> + <fields> + <field> + <name>Network ranges / CIDR lists</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Alias Name</fielddescr> + <fieldname>aliasname</fieldname> + <description><![CDATA[Enter lists Alias Names.<br> + Example: Badguys<br> + Do not include pfBlocker name, it's done by package.<br> + <strong>International, special or space caracters will be ignored in pfsense alias name.</strong><br>]]></description> + <type>input</type> + <size>20</size> + </field> + <field> + <fielddescr>List Description</fielddescr> + <fieldname>description</fieldname> + <type>input</type> + <size>90</size> + </field> + <field> + <fielddescr><![CDATA[Lists]]></fielddescr> + <fieldname>none</fieldname> + <description><![CDATA['Format' - Choose the file format that url will retrieve or local file format.<br> + 'Url or local file' - Add direct link to list (Example: <a target=_new href='http://list.iblocklist.com/?list=bt_ads&fileformat=p2p&archiveformat=gz'>Ads</a>, + <a target=_new href='http://list.iblocklist.com/?list=bt_spyware&fileformat=p2p&archiveformat=gz'>Spyware</a>, + <a target=_new href='http://list.iblocklist.com/?list=bt_proxy&fileformat=p2p&archiveformat=gz'>Proxies</a> )<br> + <br><strong>Note: </strong><br> + Compressed lists must be in gz format.<br> + Downloaded or local file must have only one network per line and could follows PeerBlock syntax or this below:<br> + Network ranges: <strong>172.16.1.0-172.16.1.255</strong><br> + IP Address: <strong>172.16.1.10</strong><br> + CIDR: <strong>172.16.1.0/24</strong> + ]]></description> + <type>rowhelper</type> + <rowhelper> + <rowhelperfield> + <fielddescr>Format</fielddescr> + <fieldname>format</fieldname> + <type>select</type> + <options> + <option><name>gz</name><value>gz</value></option> + <option><name>txt</name><value>txt</value></option> + </options> + </rowhelperfield> + <rowhelperfield> + <fielddescr>Url or localfile</fielddescr> + <fieldname>url</fieldname> + <type>input</type> + <size>75</size> + </rowhelperfield> + </rowhelper> + </field> + <field> + <fielddescr>List Action</fielddescr> + <description><![CDATA[Default:<strong>Deny Inbound</strong><br> + Select action for network on lists you have selected.<br><br> + <strong>Note: </strong><br>'Deny Inbound' - Will deny access from selected countries to your network.<br> + 'Deny Outbound' - Will deny access from your users to countries you selected to block<br> + 'Permit Inbound' - Will allow access from selected countries to your network.<br> + 'Permit Outbound' - Will allow access from your users to countries you selected to block<br> + 'Alias Only' - Will create an alias with selected countries to help custom rule assignments.<br> + 'Disabled' - Will just keep selection and do nothing to selected countries.<br>]]></description> + <fieldname>action</fieldname> + <type>select</type> + <options> + <option><name>Deny Inbound</name><value>Deny_Inbound</value></option> + <option><name>Deny Outbound</name><value>Deny_Outbound</value></option> + <option><name>Permit Inbound</name><value>Permit_Inbound</value></option> + <option><name>Permit Outbound</name><value>Permit_Outbound</value></option> + <option><name>Alias only</name><value>Alias_only</value></option> + <option><name>Disabled</name><value>Disabled</value></option> + </options> + </field> + <field> + <fielddescr>Update frequency</fielddescr> + <fieldname>cron</fieldname> + <description><![CDATA[Default:<strong>Never</strong><br> + Select how often pfsense will download List files]]></description> + <type>select</type> + <options> + <option><name>Never</name><value>Never</value></option> + <option><name>Every 4 Hours</name><value>04hours</value></option> + <option><name>Every 12 Hours</name><value>12hours</value></option> + <option><name>Once a day</name><value>Day</value></option> + <option><name>Once a week</name><value>Week</value></option> + </options> + </field> + <field> + <name>Custom list</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>CIDR</fielddescr> + <fieldname>custom</fieldname> + <description><![CDATA[Enter networks you want to include in this alias. One network per line in CIDR format.<br> + Example: 192.168.1.0/24]]></description> + <type>textarea</type> + <cols>50</cols> + <rows>10</rows> + <encoding>base64</encoding> + </field> + </fields> + <custom_php_install_command> + pfblocker_php_install_command(); + </custom_php_install_command> + <custom_php_deinstall_command> + pfblocker_php_deinstall_command(); + </custom_php_deinstall_command> + <custom_php_validation_command> + pfblocker_validate_input($_POST, &$input_errors); + </custom_php_validation_command> + <custom_php_resync_config_command> + sync_package_pfblocker(); + </custom_php_resync_config_command> +</packagegui>
\ No newline at end of file diff --git a/config/pf-blocker/pfblocker_sync.xml b/config/pf-blocker/pfblocker_sync.xml index 43cca1f9..41e5403c 100644 --- a/config/pf-blocker/pfblocker_sync.xml +++ b/config/pf-blocker/pfblocker_sync.xml @@ -57,9 +57,15 @@ <url>/pkg_edit.php?xml=pfblocker.xml&id=0</url> </tab> <tab> + <text>Lists</text> + <url>/pkg.php?xml=pfblocker_lists.xml</url> + </tab> + + <tab> <text>Top Spammers</text> <url>/pkg_edit.php?xml=pfblocker_topspammers.xml&id=0</url> </tab> + <tab> <text>Africa</text> <url>/pkg_edit.php?xml=pfblocker_Africa.xml&id=0</url> diff --git a/config/pf-blocker/pfblocker_topspammers.xml b/config/pf-blocker/pfblocker_topspammers.xml index dcb02524..f6bf8664 100644 --- a/config/pf-blocker/pfblocker_topspammers.xml +++ b/config/pf-blocker/pfblocker_topspammers.xml @@ -58,6 +58,10 @@ <url>/pkg_edit.php?xml=pfblocker.xml&id=0</url> </tab> <tab> + <text>Lists</text> + <url>/pkg.php?xml=pfblocker_lists.xml</url> + </tab> + <tab> <text>Top Spammers</text> <url>/pkg_edit.php?xml=pfblocker_topspammers.xml&id=0</url> <active/> @@ -102,7 +106,8 @@ <fielddescr>Top Spammers</fielddescr> <fieldname>countries</fieldname> <description> - <![CDATA[Select top spammers countries you want to block.]]> + <![CDATA[Select top spammers countries you want to take an action.<br> + <strong>Use CTRL + CLICK to unselect countries</strong>]]> </description> <type>select</type> <options> @@ -120,6 +125,27 @@ <size>10</size> <multiple/> </field> + <field> + <fielddescr>Action</fielddescr> + <fieldname>action</fieldname> + <description><![CDATA[Default:<strong>Deny Inbound</strong><br> + Select action for countries you have selected.<br><br> + <strong>Note: </strong><br>'Deny Inbound' - Will deny access from selected countries to your network.<br> + 'Deny Outbound' - Will deny access from your users to countries you selected to block<br> + 'Permit Inbound' - Will allow access from selected countries to your network.<br> + 'Permit Outbound' - Will allow access from your users to countries you selected to block<br> + 'Alias Only' - Will create alias <strong>pfBlockerTopSpammers</strong> with selected countries to help custom rule assignments. + 'Disabled' - Will just keep selection and do nothing to selected countries.<br>]]></description> + <type>select</type> + <options> + <option><name>Deny Inbound</name><value>Deny_Inbound</value></option> + <option><name>Deny Outbound</name><value>Deny_Outbound</value></option> + <option><name>Permit Inbound</name><value>Permit_Inbound</value></option> + <option><name>Permit Outbound</name><value>Permit_Outbound</value></option> + <option><name>Alias only</name><value>Alias_only</value></option> + <option><name>Disabled</name><value>Disabled</value></option> + </options> + </field> </fields> <custom_php_install_command> pfblocker_php_install_command(); diff --git a/pkg_config.8.xml b/pkg_config.8.xml index a2c8d8b3..31da5095 100644 --- a/pkg_config.8.xml +++ b/pkg_config.8.xml @@ -61,12 +61,15 @@ <package> <name>pfBlocker-dev</name> <website/> - <descr>Block countries and IP ranges. Replaces Countryblock and IPblocklist</descr> + <descr><![CDATA[Introduce Enhanced Aliastable Feature to pfsense.<br> + Assign many IP urls lists from sites like I-blocklist to a single alias and then choose rule action to take.<br> + This package also Block countries and IP ranges.<br> + pfBlocker replaces Countryblock and IPblocklist.]]></descr> <category>Firewall</category> <pkginfolink>http://forum.pfsense.org/index.php/topic,25732.0.html</pkginfolink> <config_file>http://pfsense.org/packages/config/pf-blocker/pfblocker.xml</config_file> <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> - <version>0.1.3</version> + <version>0.1.4</version> <status>Beta</status> <required_version>2.0</required_version> <maintainer>tom@tomschaefer.org marcellocoutinho@gmail.com</maintainer> diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64 index 6db67733..4d41ac1c 100644 --- a/pkg_config.8.xml.amd64 +++ b/pkg_config.8.xml.amd64 @@ -135,12 +135,15 @@ <package> <name>pfBlocker-dev</name> <website/> - <descr>Block countries and IP ranges. Replaces Countryblock and IPblocklist</descr> + <descr><![CDATA[Introduce Enhanced Aliastable Feature to pfsense.<br> + Assign many IP urls lists from sites like I-blocklist to a single alias and then choose rule action to take.<br> + This package also Block countries and IP ranges.<br> + pfBlocker replaces Countryblock and IPblocklist]]></descr> <category>Firewall</category> <pkginfolink>http://forum.pfsense.org/index.php/topic,25732.0.html</pkginfolink> <config_file>http://pfsense.org/packages/config/pf-blocker/pfblocker.xml</config_file> <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> - <version>0.1.3</version> + <version>0.1.4</version> <status>Beta</status> <required_version>2.0</required_version> <maintainer>tom@tomschaefer.org marcellocoutinho@gmail.com</maintainer> |