diff options
| author | Scott Ullrich <sullrich@pfsense.org> | 2010-05-22 22:43:59 -0400 |
|---|---|---|
| committer | Scott Ullrich <sullrich@pfsense.org> | 2010-05-22 22:43:59 -0400 |
| commit | 0946cc52048c95dbf8a2c17578578be30d270c58 (patch) | |
| tree | 873427d78c778ce6ab7c60e05a6b6f773c40b9eb /config/ipblocklist/ipblocklist.tmp | |
| parent | 63d1f632b66a2a86da344044cbba4f89f07eee27 (diff) | |
| download | pfsense-packages-0946cc52048c95dbf8a2c17578578be30d270c58.tar.gz pfsense-packages-0946cc52048c95dbf8a2c17578578be30d270c58.tar.bz2 pfsense-packages-0946cc52048c95dbf8a2c17578578be30d270c58.zip | |
Adding IP-Blocklist package: This package uses the pf (pfctl) to block IP addresses. For each IP range or list added a pf table is made and applied to the firewall to prevent traffic from being sent to and traffic from being received from the target. You can either enter an IP range manually (experimental) or add a list from sites like iblocklist.com. Tested on 1.2.2 and 1.2.3 with FF and IE.
Diffstat (limited to 'config/ipblocklist/ipblocklist.tmp')
| -rwxr-xr-x | config/ipblocklist/ipblocklist.tmp | 156 |
1 files changed, 156 insertions, 0 deletions
diff --git a/config/ipblocklist/ipblocklist.tmp b/config/ipblocklist/ipblocklist.tmp new file mode 100755 index 00000000..cf61bfc8 --- /dev/null +++ b/config/ipblocklist/ipblocklist.tmp @@ -0,0 +1,156 @@ +<?php + + + require_once('config.inc'); + require("guiconfig.inc"); + include("head.inc"); + + //set the config as a global variable + global $config; + + $global_usage = '/usr/local/www/packages/ipblocklist/global_usage'; + //$fh = fopen($global_usage, 'r'); + + //phpinfo(); + +if (count($_POST)>0) { + + conf_mount_rw(); + + $ent = array(); + + if ($_POST['enable'] == 1) { + //echo "enabled"; + $config['installedpackages']['ipblocklist_settings']['config'][0]['enable'] = 1; + + //Load ipfw.ko + //exec("kldload ipfw.ko"); (Version 0.1.4) + //Process list by downloading and extracting + $myFile = "lists.txt"; + $fileContents = file_get_contents($myFile); + $lines = explode(PHP_EOL, $fileContents); + //Remove DIR lists to eliminate duplates + exec("rm -R lists"); + //Process each list URL, Extract, and put in DIR lists + exec("mkdir lists"); + foreach ($lines as $line) { + exec("fetch -o lists $line"); + $filename = basename($line); + //Extract list + exec("gzip -d lists/$filename"); + } + //Prep pfctl + mwexec("touch lists/ipfw.ipfw"); + //Now clear ipfw, and process each list to ipfw commands + mwexec("sh convert-execute.sh"); + + } + else { + //echo "disabled"; + $config['installedpackages']['ipblocklist_settings']['config'][0]['enable'] = 0; + //Clear Lists + mwexec("ipfw -f flush"); + mwexec("pfctl -t ipblocklist -T kill"); + mwexec("rm -R /usr/local/www/packages/ipblocklist/lists"); + mwexec("sed -i -e '/ipblocklist/d' /tmp/rules.debug"); + mwexec("pfctl -o basic -f /tmp/rules.debug"); + //Clear errorOUT.txt + mwexec("rm errorOUT.txt"); + + } + + + write_config(); + //services_dnsmasq_configure(); + sleep(1); + $savemsg_dnsb = "IP-Blocklist settings have been saved/updated. "; + conf_mount_ro(); +} +?> + +<?php include("fbegin.inc"); ?> +<p class="pgtitle">Firewall: IP-Blocklist</p> +<form method=POST action=""> + +<?php +if ($config['installedpackages']['ipblocklist_settings']['config'][0]['enable'] == 1) { + echo "<input name='enable' type='checkbox' value='1' checked>\n"; +} +else { + echo "<input name='enable' type='checkbox' value='1'>\n"; +} +?> + +<strong>Enable IP-Blocklist</strong><br><br> +<table width="100%" border="0" cellpadding="0" cellspacing="0"> +<tr> + <td class="tabcont" > + <?php if ($savemsg_dnsb) print_info_box($savemsg_dnsb); ?> + + </form> + <center> + <iframe frameboarder=0 boarder=0 src="ipblocklist_list.php" name="lists" id="lists" width="100%" height="200"> + </iframe> + </center> + <br/> + <u>Usage</u> + <br/> + Add direct link to list and press <img src="../../themes/nervecenter/images/icons/icon_plus.gif"> + (Example: + <a href="http://iblocklist.whitacrecomputers.com/files/bt_level1.gz">Level1</a>, + <a href="http://iblocklist.whitacrecomputers.com/files/bt_level2.gz">Level2</a>, + <a href="http://iblocklist.whitacrecomputers.com/files/bt_level3.gz">Level3</a>) + <br/> + Compressed lists should have .gz extention <br/> + <br/> + <!-- + <br/> + Be Patient - <u>Level3</u> lists take about 5m. <u>Level1</u> lists take about 1h<br/> + + + <br/>If you use a Level1 list or multiple lists, the webserver will become unresponsive <a href="http://forum.pfsense.org/index.php/topic,24769.0.html"><img src="../../themes/nervecenter/images/icons/icon_log.gif"></a> + (version 0.1.4) + --> + <br/><span style="color:red">Warning!</span> - Apply after each reboot or firewall change. Use at your own risk. + <?php + echo "<br/><br/>Current Status = "; + ob_start(); + $results = exec("pfctl -s rules | grep -c ipblocklist"); + ob_end_clean(); + if ($results == '2') echo "Running"; + else + echo "<span style='color:red'>NOT running</span>"; + + //Get Errors if exists + ob_start(); + $results = exec("tail -r errorOUT.txt"); + ob_end_clean(); + echo "<br/><span style='color:red'>"; + echo $results; + echo "</span>"; + ?> + + + +<br/> +<br/> + + + + +</div> +<?php + //This input guarantees that a POST is sent + echo "<input type='hidden' name='zzz' value='required'>"; +?> + +</td> +</tr> +</table> +<input type="submit" value="Save/Update"> +</form> + +<?php include("fend.inc"); ?> + +</body> +</html>
\ No newline at end of file |