diff options
author | Marcello Coutinho <marcellocoutinho@gmail.com> | 2011-10-25 18:38:16 -0200 |
---|---|---|
committer | marcelloc <marcellocoutinho@gmail.com> | 2011-10-25 18:38:16 -0200 |
commit | dbbc2d6e11a770fa786e4bd3a26fb4c6c6684f76 (patch) | |
tree | 5e52029f685a13ea626814619ef5deebed87f1f1 | |
parent | de57c95c6b2bb4dd8160e99b0eb7cd1ad3134b03 (diff) | |
download | pfsense-packages-dbbc2d6e11a770fa786e4bd3a26fb4c6c6684f76.tar.gz pfsense-packages-dbbc2d6e11a770fa786e4bd3a26fb4c6c6684f76.tar.bz2 pfsense-packages-dbbc2d6e11a770fa786e4bd3a26fb4c6c6684f76.zip |
CountryBlock-dev new package
-rwxr-xr-x | config/countryblock-dev/countryblock.inc | 363 | ||||
-rw-r--r-- | config/countryblock-dev/countryblock.php | 195 | ||||
-rwxr-xr-x | config/countryblock-dev/countryblock.xml | 236 | ||||
-rw-r--r-- | config/countryblock-dev/countryblock_sync.xml | 144 | ||||
-rw-r--r-- | pkg_config.8.xml | 14 | ||||
-rw-r--r-- | pkg_config.8.xml.amd64 | 14 |
6 files changed, 966 insertions, 0 deletions
diff --git a/config/countryblock-dev/countryblock.inc b/config/countryblock-dev/countryblock.inc new file mode 100755 index 00000000..c17a5d9e --- /dev/null +++ b/config/countryblock-dev/countryblock.inc @@ -0,0 +1,363 @@ +<?php +/* + postfix.inc + part of the Postfix package for pfSense + Copyright (C) 2010 Erik Fonnesbeck + Copyright (C) 2011 Marcello Coutinho + + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + +*/ +require_once("util.inc"); +require_once("functions.inc"); +require_once("pkg-utils.inc"); +require_once("globals.inc"); + +function cb_text_area_decode($text){ + return preg_replace('/\r\n/', "\n",base64_decode($text)); +} + +function cb_get_real_interface_address($iface) { + global $config; + $iface = convert_friendly_interface_to_real_interface_name($iface); + $line = trim(shell_exec("ifconfig $iface | grep inet | grep -v inet6")); + list($dummy, $ip, $dummy2, $netmask) = explode(" ", $line); + return array($ip, long2ip(hexdec($netmask))); +} + +function sync_package_countryblock() { + global $config; + $countryblock_config=$config['installedpackages']['countryblock']['config'][0]; + $continents= array("Africa","Antartica","Asia","Europe","North America","Oceania","South America"); + + #get local web gui configuration + $web_local=($config['system']['webgui']['protocol'] != ""?$config['system']['webgui']['protocol']:"http"); + $port = $config['system']['webgui']['port']; + if($port == "") { + if($config['system']['webgui']['protocol'] == "http") + $port = "80"; + else + $port = "443"; + } + $web_local .= "://127.0.0.1:".$port.'/countryblock.php'; + + #get all selected countries + $countries=$config['installedpackages']['countryblock']['config'][0]['topspammers'].","; + foreach ($continents as $continent){ + $countries.=$config['installedpackages']['countryblock'.strtolower(preg_replace('/ /','',$continent))]['config'][0]['countries'].","; + } + $cb_files = explode(",", $countries); + $ips=""; + foreach ($cb_files as $iso){ + if ($iso <> ""){ + $ips.=file_get_contents('/usr/local/pkg/countryblock/'.$iso.'.txt'); + } + } + #create all ip block lists based on gui + file_put_contents('/usr/local/pkg/cb.txt',$ips, LOCK_EX); + + #write white_list to filesystem + file_put_contents('/usr/local/pkg/cbw.txt',cb_text_area_decode($countryblock_config['whitelist']), LOCK_EX); + + #edit or assign alias "Countryblock" and "CountryblockWL" + $aliases=$config['aliases']['alias']; + print "<pre>"; + foreach($aliases as $cbalias){ + $cb_id =($cb_id == "name"?"name":array_search('Countryblock', $cbalias)); + $cbw_id =($cb_id == "name"?"name":array_search('CountryblockWL', $cbalias)); + } + if ($cb_id <> 'name'){ + $config['aliases']['alias'][]=array( + "name"=> 'Countryblock', + "url"=> $web_local.'?cb=1', + "updatefreq"=> "7", + "address"=>"", + "descr"=> "Countryblock deny list", + "type"=> "urltable", + "detail"=> "DO NOT EDIT THIS ALIAS"); + } + if ($cbw_id <> 'name'){ + $config['aliases']['alias'][]=array( + "name"=> 'CountryblockWL', + "url"=> $web_local.'?cbw=1', + "updatefreq"=> "7", + "address"=>"", + "descr"=> "Countryblock white list", + "type"=> "urltable", + "detail"=> "DO NOT EDIT THIS ALIAS"); + } + if ($cb_id <> 'name' || $cbw_id <> 'name'){ + write_config(); + } + + # check contryblock filter options + $rules=$config['filter']['rule']; + $ifaces = $countryblock_config['inbound_interface']; + foreach (explode(",", $ifaces) as $i => $iface) { + ${$iface}[0]=array("id" => "", + "type"=>"pass", + "tag"=> "", + "interface" => $iface, + "tagged"=> "", + "max"=> "", + "max-src-nodes"=>"", + "max-src-conn"=> "", + "max-src-states"=>"", + "statetimeout"=>"", + "statetype"=>"keep state", + "os"=> "", + "source"=>array("address"=>"CoutryblockWL"), + "destination"=>array("any"=>""), + "descr"=>"Countryblock inbound whitelist rule"); + + ${$iface}[1]=array( "id" => "", + "type"=>"block", + "tag"=> "", + "interface" => $iface, + "tagged"=> "", + "max"=> "", + "max-src-nodes"=>"", + "max-src-conn"=> "", + "max-src-states"=>"", + "statetimeout"=>"", + "statetype"=>"keep state", + "os"=> "", + "source"=>array("address"=>"Coutryblock"), + "destination"=>array("any"=>""), + "descr"=>"Countryblock inbound deny rule"); + + if ($countryblock_config['enable_log']){ + ${$iface}[0]["log"]=""; + ${$iface}[1]["log"]=""; + } + } + $ifaces = $countryblock_config['outbound_interface']; + foreach (explode(",", $ifaces) as $i => $iface) { + ${$iface}[2]=array( "id" => "", + "type"=>"pass", + "tag"=> "", + "interface" => $iface, + "tagged"=> "", + "max"=> "", + "max-src-nodes"=>"", + "max-src-conn"=> "", + "max-src-states"=>"", + "statetimeout"=>"", + "statetype"=>"keep state", + "os"=> "", + "source"=>array("any"=>""), + "destination"=>array("address"=>"CoutryblockWL"), + "descr"=>"Countryblock outbound whitelist rule"); + ${$iface}[3]= array("id" => "", + "type"=>"block", + "tag"=> "", + "interface" => $iface, + "tagged"=> "", + "max"=> "", + "max-src-nodes"=>"", + "max-src-conn"=> "", + "max-src-states"=>"", + "statetimeout"=>"", + "statetype"=>"keep state", + "os"=> "", + "source"=>array("any"=>""), + "destination"=>array("address"=>"Coutryblock"), + "descr"=>"Countryblock inbound deny rule"); + + if ($countryblock_config['enable_log']){ + ${$iface}[2]["log"]=""; + ${$iface}[3]["log"]=""; + } + } + $last_iface=""; + foreach ($rules as $rule){ + if ($rule['interface'] <> $last_iface){ + $last_iface = $rule['interface']; + #apply countryblock rules if enabled + if ($config['installedpackages']['countryblock']['config'][0]['enable_cb'] == "on") + foreach (${$rule['interface']} as $cb_rules) + $new_rules[]=$cb_rules; + } + if (!preg_match("/Countryblock.*rule/",$rule['descr'])) + $new_rules[]=$rule; + } + $config['filter']['rule']=$new_rules; + write_config(); + + countryblock_sync_on_changes(); +} + +function countryblock_validate_input($post, &$input_errors) { + foreach ($post as $key => $value) { + if (empty($value)) + continue; + if($key == "greet_time" && !preg_match("/(\d+),(\d+)(s|m|h|w)/",$value)) + $input_errors[] = "Wrong greet time sintax."; + if($key == "message_size_limit" && !is_numeric($value)) + $input_errors[] = "Message size limit must be numeric."; + if($key == "process_limit" && !is_numeric($value)) + $input_errors[] = "Process limit must be numeric."; + if($key == "freq" && (!preg_match("/^\d+(h|m|d)$/",$value) || $value == 0)) + $input_errors[] = "A valid number with a time reference is required for the field 'Frequency'"; + if (substr($key, 0, 2) == "dc" && !is_hostname($value)) + $input_errors[] = "{$value} is not a valid host name."; + if (substr($key, 0, 6) == "domain" && is_numeric(substr($key, 6))) { + if (!is_domain($value)) + $input_errors[] = "{$value} is not a valid domain name."; + } else if (substr($key, 0, 12) == "mailserverip" && is_numeric(substr($key, 12))) { + if (empty($post['domain' . substr($key, 12)])) + $input_errors[] = "Domain for {$value} cannot be blank."; + if (!is_ipaddr($value) && !is_hostname($value)) + $input_errors[] = "{$value} is not a valid IP address or host name."; + } + } +} + +function countryblock_php_install_command() { + include_once '/usr/local/www/countryblock.php'; + countryblock_get_countries(); + sync_package_countryblock(); +} + +function countryblock_php_deinstall_command() { + global $config; + $config['installedpackages']['countryblock']['config'][0]['enable_cb']=""; + write_config(); + sync_package_countryblock(); +} + +/* Uses XMLRPC to synchronize the changes to a remote node */ +function countryblock_sync_on_changes() { + global $config, $g; + log_error("[countryblock] countryblock_xmlrpc_sync.php is starting."); + $synconchanges = $config['installedpackages']['countryblocksync']['config'][0]['synconchanges']; + if(!$synconchanges) + return; + foreach ($config['installedpackages']['countryblocksync']['config'] as $rs ){ + foreach($rs['row'] as $sh){ + $sync_to_ip = $sh['ipaddress']; + $password = $sh['password']; + if($password && $sync_to_ip) + countryblock_do_xmlrpc_sync($sync_to_ip, $password); + } + } + log_error("[countryblock] countryblock_xmlrpc_sync.php is ending."); +} + +/* Do the actual XMLRPC sync */ +function countryblock_do_xmlrpc_sync($sync_to_ip, $password) { + global $config, $g; + + if(!$password) + return; + + if(!$sync_to_ip) + return; + + $xmlrpc_sync_neighbor = $sync_to_ip; + if($config['system']['webgui']['protocol'] != "") { + $synchronizetoip = $config['system']['webgui']['protocol']; + $synchronizetoip .= "://"; + } + $port = $config['system']['webgui']['port']; + /* if port is empty lets rely on the protocol selection */ + if($port == "") { + if($config['system']['webgui']['protocol'] == "http") + $port = "80"; + else + $port = "443"; + } + $synchronizetoip .= $sync_to_ip; + + /* xml will hold the sections to sync */ + $xml = array(); + $xml['countryblock'] = $config['installedpackages']['countryblock']; + $xml['countryblockacl'] = $config['installedpackages']['countryblockacl']; + $xml['countryblockrecipients'] = $config['installedpackages']['countryblockrecipients']; + $xml['countryblockantispam'] = $config['installedpackages']['countryblockantispam']; + + /* assemble xmlrpc payload */ + $params = array( + XML_RPC_encode($password), + XML_RPC_encode($xml) + ); + + /* set a few variables needed for sync code borrowed from filter.inc */ + $url = $synchronizetoip; + log_error("Beginning countryblock XMLRPC sync to {$url}:{$port}."); + $method = 'pfsense.merge_installedpackages_section_xmlrpc'; + $msg = new XML_RPC_Message($method, $params); + $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); + $cli->setCredentials('admin', $password); + if($g['debug']) + $cli->setDebug(1); + /* send our XMLRPC message and timeout after 250 seconds */ + $resp = $cli->send($msg, "250"); + if(!$resp) { + $error = "A communications error occurred while attempting countryblock XMLRPC sync with {$url}:{$port}."; + log_error($error); + file_notice("sync_settings", $error, "countryblock Settings Sync", ""); + } elseif($resp->faultCode()) { + $cli->setDebug(1); + $resp = $cli->send($msg, "250"); + $error = "An error code was received while attempting countryblock XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); + log_error($error); + file_notice("sync_settings", $error, "countryblock Settings Sync", ""); + } else { + log_error("countryblock XMLRPC sync successfully completed with {$url}:{$port}."); + } + + /* tell countryblock to reload our settings on the destionation sync host. */ + $method = 'pfsense.exec_php'; + $execcmd = "require_once('/usr/local/pkg/countryblock.inc');\n"; + $execcmd .= "sync_package_countryblock();"; + + /* assemble xmlrpc payload */ + $params = array( + XML_RPC_encode($password), + XML_RPC_encode($execcmd) + ); + + log_error("countryblock XMLRPC reload data {$url}:{$port}."); + $msg = new XML_RPC_Message($method, $params); + $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); + $cli->setCredentials('admin', $password); + $resp = $cli->send($msg, "250"); + if(!$resp) { + $error = "A communications error occurred while attempting countryblock XMLRPC sync with {$url}:{$port} (pfsense.exec_php)."; + log_error($error); + file_notice("sync_settings", $error, "countryblock Settings Sync", ""); + } elseif($resp->faultCode()) { + $cli->setDebug(1); + $resp = $cli->send($msg, "250"); + $error = "An error code was received while attempting countryblock XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); + log_error($error); + file_notice("sync_settings", $error, "countryblock Settings Sync", ""); + } else { + log_error("countryblock XMLRPC reload data success with {$url}:{$port} (pfsense.exec_php)."); + } + +} + +?> diff --git a/config/countryblock-dev/countryblock.php b/config/countryblock-dev/countryblock.php new file mode 100644 index 00000000..26b454d5 --- /dev/null +++ b/config/countryblock-dev/countryblock.php @@ -0,0 +1,195 @@ +<?php +function get_networks($cb){ + if ($cb==1) + $return= file_get_contents('/usr/local/pkg/cb.txt'); + if ($cb==2) + $return=file_get_contents('/usr/local/pkg/cbw.txt'); + print "<pre>"; + print $return; +} + +if ($_REQUEST['cb']== 1){# and $_SERVER['REMOTE_ADDR']== '127.0.0.1'){ + get_networks(1); +} +if ($_REQUEST['cbw']== 1){# and $_SERVER['REMOTE_ADDR']== '127.0.0.1'){ + get_networks(2); +} + +function countryblock_get_countries(){ +$files= array ( "Africa" => "/usr/loca/pkg/Africa_cidr.txt", + "Antartica" => "/usr/loca/pkg/Antartica_cidr.txt", + "Asia" => "/usr/loca/pkg/Asia_cidr.txt", + "Europe" => "/usr/loca/pkg/Europe_cidr.txt", + "North America" => "/usr/loca/pkg/North_America_cidr.txt", + "Oceania" => "/usr/loca/pkg/Oceania_cidr.txt", + "South America"=>"/usr/loca/pkg/South_America_cidr.txt"); +$cdir='/usr/local/pkg/countryblock'; +foreach ($files as $cont => $file){ + $ips=file_get_contents($file); + $convert = explode("\n", $ips); + print $cont."\n"; + $active= array("$cont" => '<active/>'); + $options=""; + $total=1; + foreach ($convert as $line){ + if (preg_match('/#(.*):\s+(.*)$/',$line,$matches)){ + if ($ISOCode <> "" && $ISOCode <> $matches[2] && preg_match("/ISO Code/",$line)){ + if (! is_dir($cdir)) + mkdir ($cdir,755); + file_put_contents($cdir.'/'.$ISOCode.'.txt',${$ISOCode},LOCK_EX); + $total++; + } + ${preg_replace("/\s/","",$matches[1])}=$matches[2]; + } + else{ + if (${$ISOCode}==0){ + ${$ISOCode}++; + $options.= '<option><name>'.$Country.' </name><value>'.$ISOCode.'</value></option>'."\n"; + } + ${$ISOCode}.=$line."\n"; + } + } +$cont_name= preg_replace("/ /","",$cont); +#file_put_contents($cdir.'/'.$cont_name.'.txt',$ips,LOCK_EX); +$xml= <<<EOF +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<packagegui> + <copyright> + <![CDATA[ +/* \$Id$ */ +/* ========================================================================== */ +/* + postfix_{$cont_name}.xml + part of the Postfix package for pfSense + Copyright (C) 2011 Marcello Coutinho + All rights reserved. + */ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + </copyright> + <description>Describe your package here</description> + <requirements>Describe your package requirements here</requirements> + <faq>Currently there are no FAQ items provided.</faq> + <name>countryblock_{$cont_name}</name> + <version>1.0</version> + <title>Firewall: Countryblock</title> + <include_file>/usr/local/pkg/countryblock.inc</include_file> + <menu> + <name>Countryblock</name> + <tooltiptext>Configure Countryblock</tooltiptext> + <section>Firewall</section> + <url>pkg_edit.php?xml=countryblock.xml&id=0</url> + </menu> + <service> + <name>countryblock</name> + </service> +<tabs> + <tab> + <text>General</text> + <url>/pkg_edit.php?xml=countryblock.xml&id=0</url> + </tab> + <tab> + <text>Africa</text> + <url>/pkg_edit.php?xml=countryblock_Africa.xml&id=0</url> + {$active['Africa']} + </tab> + <tab> + <text>Antartica</text> + <url>/pkg_edit.php?xml=countryblock_Antartica.xml&id=0</url> + {$active['Antartica']} + </tab> + <tab> + <text>Asia</text> + <url>/pkg_edit.php?xml=countryblock_Asia.xml&id=0</url> + {$active['Asia']} + </tab> + <tab> + <text>Europe</text> + <url>/pkg_edit.php?xml=countryblock_Europe.xml&id=0</url> + {$active['Europe']} + </tab> + <tab> + <text>North America</text> + <url>/pkg_edit.php?xml=countryblock_NorthAmerica.xml&id=0</url> + {$active['North America']} + </tab> + <tab> + <text>Oceania</text> + <url>/pkg_edit.php?xml=countryblock_Oceania.xml&id=0</url> + {$active['Oceania']} + </tab> + <tab> + <text>South America</text> + <url>/pkg_edit.php?xml=countryblock_SouthAmerica.xml&id=0</url> + {$active['South America']} + </tab> + <tab> + <text>XMLRPC Sync</text> + <url>/pkg_edit.php?xml=countryblock_sync.xml&id=0</url> + </tab> +</tabs> + <fields> + <field> + <name>Continent {$cont}</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Countries</fielddescr> + <fieldname>countries</fieldname> + <description> + <![CDATA[Select Countries you want to block.]]> + </description> + <type>select</type> + <options> + {$options} + </options> + <size>{$total}</size> + <multiple/> + </field> </fields> + <custom_php_install_command> + countryblock_php_install_command(); + </custom_php_install_command> + <custom_php_deinstall_command> + countryblock_php_deinstall_command(); + </custom_php_deinstall_command> + <custom_php_validation_command> + countryblock_validate_input(\$_POST, &\$input_errors); + </custom_php_validation_command> + <custom_php_resync_config_command> + sync_package_countryblock(); + </custom_php_resync_config_command> +</packagegui> +EOF; + file_put_contents('/usr/local/pkg/countryblock_'.$cont_name.'.xml',$xml,LOCK_EX); + + #var_dump($ips); + +} + +} +?>
\ No newline at end of file diff --git a/config/countryblock-dev/countryblock.xml b/config/countryblock-dev/countryblock.xml new file mode 100755 index 00000000..4bf3bda4 --- /dev/null +++ b/config/countryblock-dev/countryblock.xml @@ -0,0 +1,236 @@ +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<packagegui> + <copyright> + <![CDATA[ +/* $Id$ */ +/* ========================================================================== */ +/* + Countryblock.xml + part of the Countryblock for pfSense + Copyright (C) 2011 Marcello Coutinho + + All rights reserved. + */ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + </copyright> + <description>Describe your package here</description> + <requirements>Describe your package requirements here</requirements> + <faq>Currently there are no FAQ items provided.</faq> + <name>countryblock</name> + <version>1.0</version> + <title>Firewall: Countryblock</title> + <include_file>/usr/local/pkg/countryblock.inc</include_file> + <menu> + <name>Countryblock</name> + <tooltiptext>Configure Countryblock</tooltiptext> + <section>Firewall</section> + <url>pkg_edit.php?xml=countryblock.xml&id=0</url> + </menu> + <service> + <name>countryblock</name> + </service> + <additional_files_needed> + <item>http://www.pfsense.org/packages/config/countryblock-dev/countryblock.inc</item> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + </additional_files_needed> + <additional_files_needed> + <item>http://www.pfsense.org/packages/config/countryblock-dev/countryblock.php</item> + <prefix>/usr/local/www/</prefix> + <chmod>0755</chmod> + </additional_files_needed> + <additional_files_needed> + <item>http://www.pfsense.org/packages/config/countryblock-dev/countryblock_sync.xml</item> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + </additional_files_needed> + <additional_files_needed> + <item>http://www.countryipblocks.net/e_country_data/Africa_cidr.txt</item> + <prefix>/usr/local/pkg/</prefix> + <chmod>0555</chmod> + </additional_files_needed> + <additional_files_needed> + <item>http://www.countryipblocks.net/e_country_data/Antartica_cidr.txt</item> + <prefix>/usr/local/pkg/</prefix> + <chmod>0555</chmod> + </additional_files_needed> + <additional_files_needed> + <item>http://www.countryipblocks.net/e_country_data/Asia_cidr.txt</item> + <prefix>/usr/local/pkg/</prefix> + <chmod>0555</chmod> + </additional_files_needed> + <additional_files_needed> + <item>http://www.countryipblocks.net/e_country_data/Europe_cidr.txt</item> + <prefix>/usr/local/pkg/</prefix> + <chmod>0555</chmod> + </additional_files_needed> + <additional_files_needed> + <item>http://www.countryipblocks.net/e_country_data/North_America_cidr.txt</item> + <prefix>/usr/local/pkg/</prefix> + <chmod>0555</chmod> + </additional_files_needed> + <additional_files_needed> + <item>http://www.countryipblocks.net/e_country_data/Oceania_cidr.txt</item> + <prefix>/usr/local/pkg/</prefix> + <chmod>0555</chmod> + </additional_files_needed> + <additional_files_needed> + <item>http://www.countryipblocks.net/e_country_data/South_America_cidr.txt</item> + <prefix>/usr/local/pkg/</prefix> + <chmod>0555</chmod> + </additional_files_needed> +<tabs> + <tab> + <text>General</text> + <url>/pkg_edit.php?xml=countryblock.xml&id=0</url> + <active/> + </tab> + <tab> + <text>Africa</text> + <url>/pkg_edit.php?xml=countryblock_Africa.xml&id=0</url> + + </tab> + <tab> + <text>Antartica</text> + <url>/pkg_edit.php?xml=countryblock_Antartica.xml&id=0</url> + + </tab> + <tab> + <text>Asia</text> + <url>/pkg_edit.php?xml=countryblock_Asia.xml&id=0</url> + + </tab> + <tab> + <text>Europe</text> + <url>/pkg_edit.php?xml=countryblock_Europe.xml&id=0</url> + </tab> + <tab> + <text>North America</text> + <url>/pkg_edit.php?xml=countryblock_NorthAmerica.xml&id=0</url> + </tab> + <tab> + <text>Oceania</text> + <url>/pkg_edit.php?xml=countryblock_Oceania.xml&id=0</url> + </tab> + <tab> + <text>South America</text> + <url>/pkg_edit.php?xml=countryblock_SouthAmerica.xml&id=0</url> + </tab> + <tab> + <text>XMLRPC Sync</text> + <url>/pkg_edit.php?xml=countryblock_sync.xml&id=0</url> + </tab> +</tabs> + <fields> + <field> + <name>Countryblock General Settings</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Enable Countryblock </fielddescr> + <fieldname>enable_cb</fieldname> + <type>checkbox</type> + <description></description> + </field> + <field> + <fielddescr>Enable Logging </fielddescr> + <fieldname>enable_log</fieldname> + <type>checkbox</type> + <description></description> + </field> + <field> + <fielddescr>Inbound FilterInterface(s)</fielddescr> + <fieldname>inbound_interface</fieldname> + <description><![CDATA[Default: <strong>WAN</strong><br>Select interface(s) that you do not want to block incoming traffic.<br> + If you want to create custom inbound rules for blocked countries based on Countryblock firewall alias, leave this list empty.]]></description> + <type>interfaces_selection</type> + <required/> + <default_value>wan</default_value> + <multiple/> + </field> + <field> + <fielddescr>Outbound Filter Interface(s)</fielddescr> + <fieldname>outbound_interface</fieldname> + <description><![CDATA[Default:<strong>LAN</strong><br>Select interface(s) that you do not want to send outgoing traffic.<br> + If you want to create custom outbound rules for blocked countries based on Countryblock firewall alias, leave this list empty.]]></description> + <type>interfaces_selection</type> + <required/> + <default_value>lan</default_value> + <multiple/> + </field> + <field> + <fielddescr>Whitelist</fielddescr> + <fieldname>whitelist</fieldname> + <description><![CDATA[Enter a CIDR range for the Address you wish to whitlist. One network per line.<br> + Example: 192.168.1.0/24]]></description> + <type>textarea</type> + <cols>20</cols> + <rows>06</rows> + <encoding>base64</encoding> + </field> + <field> + <name>Shortcut</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Top Spammers</fielddescr> + <fieldname>topspammers</fieldname> + <description> + <![CDATA[Select top spammers countries you want to block.]]> + </description> + <type>select</type> + <options> + <option><name>Korea</name><value>KR</value></option> + <option><name>China</name><value>CN</value></option> + <option><name>India</name><value>IN</value></option> + <option><name>Russia</name><value>RU</value></option> + <option><name>Turkey</name><value>TR</value></option> + <option><name>Vietnam</name><value>VN</value></option> + <option><name>Ukraine</name><value>UA</value></option> + <option><name>Brazil</name><value>BR</value></option> + <option><name>Venezuela </name><value>VE</value></option> + <option><name>Pakistan</name><value>PK</value></option> + </options> + <size>10</size> + <multiple/> + </field> + </fields> + <custom_php_install_command> + countryblock_php_install_command(); + </custom_php_install_command> + <custom_php_deinstall_command> + countryblock_php_deinstall_command(); + </custom_php_deinstall_command> + <custom_php_validation_command> + countryblock_validate_input($_POST, &$input_errors); + </custom_php_validation_command> + <custom_php_resync_config_command> + sync_package_countryblock(); + </custom_php_resync_config_command> +</packagegui> diff --git a/config/countryblock-dev/countryblock_sync.xml b/config/countryblock-dev/countryblock_sync.xml new file mode 100644 index 00000000..627272e5 --- /dev/null +++ b/config/countryblock-dev/countryblock_sync.xml @@ -0,0 +1,144 @@ +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<packagegui> + <copyright> + <![CDATA[ +/* $Id$ */ +/* ========================================================================== */ +/* + postfix_sync.xml + part of the Postfix package for pfSense + Copyright (C) 2011 Marcello Coutinho + All rights reserved. + */ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + </copyright> + <description>Describe your package here</description> + <requirements>Describe your package requirements here</requirements> + <faq>Currently there are no FAQ items provided.</faq> + <name>countryblock_sync</name> + <version>1.0</version> + <title>Firewall: Countryblock</title> + <include_file>/usr/local/pkg/countryblock.inc</include_file> + <menu> + <name>Countryblock</name> + <tooltiptext>Configure Countryblock</tooltiptext> + <section>Services</section> + <url>pkg_edit.php?xml=countryblock.xml&id=0</url> + </menu> + <service> + <name>countryblock</name> + </service> +<tabs> + <tab> + <text>General</text> + <url>/pkg_edit.php?xml=countryblock.xml&id=0</url> + </tab> + <tab> + <text>Africa</text> + <url>/pkg_edit.php?xml=countryblock_Africa.xml&id=0</url> + + </tab> + <tab> + <text>Antartica</text> + <url>/pkg_edit.php?xml=countryblock_Antartica.xml&id=0</url> + + </tab> + <tab> + <text>Asia</text> + <url>/pkg_edit.php?xml=countryblock_Asia.xml&id=0</url> + + </tab> + <tab> + <text>Europe</text> + <url>/pkg_edit.php?xml=countryblock_Europe.xml&id=0</url> + </tab> + <tab> + <text>North America</text> + <url>/pkg_edit.php?xml=countryblock_NorthAmerica.xml&id=0</url> + </tab> + <tab> + <text>Oceania</text> + <url>/pkg_edit.php?xml=countryblock_Oceania.xml&id=0</url> + </tab> + <tab> + <text>South America</text> + <url>/pkg_edit.php?xml=countryblock_SouthAmerica.xml&id=0</url> + </tab> + <tab> + <text>XMLRPC Sync</text> + <url>/pkg_edit.php?xml=countryblock_sync.xml&id=0</url> + <active/> + </tab> +</tabs> + <fields> + <field> + <name>countryblock XMLRPC Sync</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Automatically sync countryblock configuration changes</fielddescr> + <fieldname>synconchanges</fieldname> + <description>pfSense will automatically sync changes to the hosts defined below.</description> + <type>checkbox</type> + </field> + <field> + <fielddescr>Remote Server</fielddescr> + <fieldname>none</fieldname> + <type>rowhelper</type> + <rowhelper> + <rowhelperfield> + <fielddescr>IP Address</fielddescr> + <fieldname>ipaddress</fieldname> + <description>IP Address of remote server</description> + <type>input</type> + <size>20</size> + </rowhelperfield> + <rowhelperfield> + <fielddescr>Password</fielddescr> + <fieldname>password</fieldname> + <description>Password for remote server.</description> + <type>password</type> + <size>20</size> + </rowhelperfield> + </rowhelper> + </field> + </fields> + <custom_php_install_command> + countryblock_php_install_command(); + </custom_php_install_command> + <custom_php_deinstall_command> + countryblock_php_deinstall_command(); + </custom_php_deinstall_command> + <custom_php_validation_command> + countryblock_validate_input($_POST, &$input_errors); + </custom_php_validation_command> + <custom_php_resync_config_command> + sync_package_countryblock(); + </custom_php_resync_config_command> +</packagegui> diff --git a/pkg_config.8.xml b/pkg_config.8.xml index 9af06cd5..746a3bd4 100644 --- a/pkg_config.8.xml +++ b/pkg_config.8.xml @@ -59,6 +59,20 @@ <configurationfile>countryblock.xml</configurationfile> </package> <package> + <name>Country Block DEV</name> + <website/> + <descr>Block countries. You must remove Country Block before installing this package.</descr> + <category>Firewall</category> + <pkginfolink>http://forum.pfsense.org/index.php/topic,25732.0.html</pkginfolink> + <config_file>http://pfsense.org/packages/config/countryblock-dev/countryblock.xml</config_file> + <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> + <version>0.4.0</version> + <status>Beta</status> + <required_version>2.0</required_version> + <maintainer>tom@tomschaefer.org</maintainer> + <configurationfile>countryblock.xml</configurationfile> + </package> + <package> <name>IP-Blocklist</name> <website/> <descr>IP-Blocklist is the new PeerBlock. IP lists are used to add deny/allow rules to the firewall for in & out traffic.</descr> diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64 index 886a2385..1301413c 100644 --- a/pkg_config.8.xml.amd64 +++ b/pkg_config.8.xml.amd64 @@ -133,6 +133,20 @@ <configurationfile>countryblock.xml</configurationfile> </package> <package> + <name>Country Block DEV</name> + <website/> + <descr>Block countries. You must remove Country Block before installing this package.</descr> + <category>Firewall</category> + <pkginfolink>http://forum.pfsense.org/index.php/topic,25732.0.html</pkginfolink> + <config_file>http://pfsense.org/packages/config/countryblock-dev/countryblock.xml</config_file> + <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> + <version>0.4.0</version> + <status>Beta</status> + <required_version>2.0</required_version> + <maintainer>tom@tomschaefer.org</maintainer> + <configurationfile>countryblock.xml</configurationfile> + </package> + <package> <name>IP-Blocklist</name> <website/> <descr>IP-Blocklist is the new PeerBlock. IP lists are used to add deny/allow rules to the firewall for in & out traffic.</descr> |