diff options
author | marcelloc <marcellocoutinho@gmail.com> | 2011-10-28 02:31:06 -0200 |
---|---|---|
committer | marcelloc <marcellocoutinho@gmail.com> | 2011-10-28 02:31:06 -0200 |
commit | b86bdf8d5ae9472295cfcb9479dc41927b5b69ca (patch) | |
tree | c76fb3696d4a4b8163b2931006d42bd36628a07f /config/pf-blocker | |
parent | 3e1fde5ae6e35a358853db8c4607a2ed3a2a6c79 (diff) | |
download | pfsense-packages-b86bdf8d5ae9472295cfcb9479dc41927b5b69ca.tar.gz pfsense-packages-b86bdf8d5ae9472295cfcb9479dc41927b5b69ca.tar.bz2 pfsense-packages-b86bdf8d5ae9472295cfcb9479dc41927b5b69ca.zip |
pfBlocker-dev - fix alias creation check for outbound traffic
Diffstat (limited to 'config/pf-blocker')
-rwxr-xr-x | config/pf-blocker/countryblock.inc | 402 | ||||
-rw-r--r-- | config/pf-blocker/countryblock.php | 196 | ||||
-rwxr-xr-x | config/pf-blocker/countryblock.xml | 234 | ||||
-rw-r--r-- | config/pf-blocker/countryblock_sync.xml | 144 | ||||
-rwxr-xr-x | config/pf-blocker/pfblocker.inc | 2 |
5 files changed, 1 insertions, 977 deletions
diff --git a/config/pf-blocker/countryblock.inc b/config/pf-blocker/countryblock.inc deleted file mode 100755 index 5844f3d1..00000000 --- a/config/pf-blocker/countryblock.inc +++ /dev/null @@ -1,402 +0,0 @@ -<?php -/* - countryblock.inc - part of the Postfix package for pfSense - Copyright (C) 2010 Erik Fonnesbeck - Copyright (C) 2011 Marcello Coutinho - - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - -*/ -require_once("util.inc"); -require_once("functions.inc"); -require_once("pkg-utils.inc"); -require_once("globals.inc"); -require_once("filter.inc"); - -function cb_text_area_decode($text){ - return preg_replace('/\r\n/', "\n",base64_decode($text)); -} - -function cb_get_real_interface_address($iface) { - global $config; - $iface = convert_friendly_interface_to_real_interface_name($iface); - $line = trim(shell_exec("ifconfig $iface | grep inet | grep -v inet6")); - list($dummy, $ip, $dummy2, $netmask) = explode(" ", $line); - return array($ip, long2ip(hexdec($netmask))); -} - -function sync_package_countryblock() { - global $config; - $countryblock_config=$config['installedpackages']['countryblock']['config'][0]; - $continents= array("Africa","Antartica","Asia","Europe","North America","Oceania","South America"); - - #get local web gui configuration - $web_local=($config['system']['webgui']['protocol'] != ""?$config['system']['webgui']['protocol']:"http"); - $port = $config['system']['webgui']['port']; - if($port == "") { - if($config['system']['webgui']['protocol'] == "http") - $port = "80"; - else - $port = "443"; - } - $web_local .= "://127.0.0.1:".$port.'/countryblock.php'; - - #get all selected countries - $countries=$config['installedpackages']['countryblock']['config'][0]['topspammers'].","; - foreach ($continents as $continent){ - if (is_array($config['installedpackages']['countryblock'.strtolower(preg_replace('/ /','',$continent))]['config'])) - $countries.=$config['installedpackages']['countryblock'.strtolower(preg_replace('/ /','',$continent))]['config'][0]['countries'].","; - } - $cb_files = explode(",", $countries); - $ips=""; - foreach ($cb_files as $iso){ - if ($iso <> ""){ - if (file_exists('/usr/local/pkg/countryblock/'.$iso.'.txt')) - $ips.=file_get_contents('/usr/local/pkg/countryblock/'.$iso.'.txt'); - } - } - #create all ip block lists based on gui - file_put_contents('/usr/local/pkg/cb.txt',$ips, LOCK_EX); - - #write white_list to filesystem - file_put_contents('/usr/local/pkg/cbw.txt',cb_text_area_decode($countryblock_config['whitelist']), LOCK_EX); - - #edit or assign alias "Countryblock" and "CountryblockWL" - $aliases=$config['aliases']['alias']; - #print "<pre>"; - $new_aliases=array(); - if ($ips != ""){ - #create or reaply alias - $new_aliases[]=array("name"=> 'Countryblock', - "url"=> $web_local.'?cb=1', - "updatefreq"=> "7", - "address"=>"", - "descr"=> "Countryblock deny list", - "type"=> "urltable", - "detail"=> "DO NOT EDIT THIS ALIAS"); - #force alias file update - if (! is_dir('/var/db/aliastables/')) - mkdir ('/var/db/aliastables/',0755); - if (file_exists('/var/db/aliastables/Countryblock.txt')) - file_put_contents('/var/db/aliastables/Countryblock.txt',$ips, LOCK_EX); - } - else{ - #remove previous aliastable if exist - if (file_exists('/var/db/aliastables/Countryblock.txt')) - unlink('/var/db/aliastables/Countryblock.txt'); - } - - if (cb_text_area_decode($countryblock_config['whitelist']) != ""){ - #create or reaply alias - $new_aliases[]=array("name"=> 'CountryblockWL', - "url"=> $web_local.'?cbw=1', - "updatefreq"=> "7", - "address"=>"", - "descr"=> "Countryblock white list", - "type"=> "urltable", - "detail"=> "DO NOT EDIT THIS ALIAS"); - #force alias file update - if (! is_dir('/var/db/aliastables/')) - mkdir ('/var/db/aliastables/',0755); - if (file_exists('/var/db/aliastables/CountryblockWL.txt')) - file_put_contents('/var/db/aliastables/CountryblockWL.txt',cb_text_area_decode($countryblock_config['whitelist']), LOCK_EX); - } - else{ - #remove previous aliastable if exist - if (file_exists('/var/db/aliastables/CountryblockWL.txt')) - unlink('/var/db/aliastables/CountryblockWL.txt'); - } - - if (is_array($aliases)) - foreach($aliases as $cbalias){ - if (! preg_match("/Countryblock.*list/",$cbalias['descr'])) - $new_aliases[]= $cbalias; - } - $config['aliases']['alias']=$new_aliases; - # check contryblock filter options - $rules=$config['filter']['rule']; - $ifaces = $countryblock_config['inbound_interface']; - foreach (explode(",", $ifaces) as $i => $iface) { - if (cb_text_area_decode($countryblock_config['whitelist']) != ""){ - ${$iface}[0]=array("id" => "", - "type"=>"pass", - "tag"=> "", - "interface" => $iface, - "tagged"=> "", - "max"=> "", - "max-src-nodes"=>"", - "max-src-conn"=> "", - "max-src-states"=>"", - "statetimeout"=>"", - "statetype"=>"keep state", - "os"=> "", - "source"=>array("address"=>"CountryblockWL"), - "destination"=>array("any"=>""), - "descr"=>"Countryblock inbound whitelist rule"); - - if ($countryblock_config['enable_log']) - ${$iface}[0]["log"]=""; - } - if ($ips != ""){ - ${$iface}[1]=array( "id" => "", - "type"=>"block", - "tag"=> "", - "interface" => $iface, - "tagged"=> "", - "max"=> "", - "max-src-nodes"=>"", - "max-src-conn"=> "", - "max-src-states"=>"", - "statetimeout"=>"", - "statetype"=>"keep state", - "os"=> "", - "source"=>array("address"=>"Countryblock"), - "destination"=>array("any"=>""), - "descr"=>"Countryblock inbound deny rule"); - - if ($countryblock_config['enable_log']) - ${$iface}[1]["log"]=""; - } - } - $ifaces = $countryblock_config['outbound_interface']; - foreach (explode(",", $ifaces) as $i => $iface) { - if (cb_text_area_decode($countryblock_config['whitelist']) != ""){ - ${$iface}[2]=array( "id" => "", - "type"=>"pass", - "tag"=> "", - "interface" => $iface, - "tagged"=> "", - "max"=> "", - "max-src-nodes"=>"", - "max-src-conn"=> "", - "max-src-states"=>"", - "statetimeout"=>"", - "statetype"=>"keep state", - "os"=> "", - "source"=>array("any"=>""), - "destination"=>array("address"=>"CountryblockWL"), - "descr"=>"Countryblock outbound whitelist rule"); - if ($countryblock_config['enable_log']) - ${$iface}[2]["log"]=""; - } - if ($ips != ""){ - ${$iface}[3]= array("id" => "", - "type"=>"block", - "tag"=> "", - "interface" => $iface, - "tagged"=> "", - "max"=> "", - "max-src-nodes"=>"", - "max-src-conn"=> "", - "max-src-states"=>"", - "statetimeout"=>"", - "statetype"=>"keep state", - "os"=> "", - "source"=>array("any"=>""), - "destination"=>array("address"=>"Countryblock"), - "descr"=>"Countryblock inbound deny rule"); - if ($countryblock_config['enable_log']) - ${$iface}[3]["log"]=""; - - } - - } - $last_iface=""; - foreach ($rules as $rule){ - if ($rule['interface'] <> $last_iface){ - $last_iface = $rule['interface']; - #apply countryblock rules if enabled - if ($config['installedpackages']['countryblock']['config'][0]['enable_cb'] == "on" && is_array(${$rule['interface']})) - foreach (${$rule['interface']} as $cb_rules) - $new_rules[]=$cb_rules; - } - if (!preg_match("/Countryblock.*rule/",$rule['descr'])) - $new_rules[]=$rule; - } - $config['filter']['rule']=$new_rules; - - #save and apply all changes - write_config(); - filter_configure(); - - countryblock_sync_on_changes(); -} - -function countryblock_validate_input($post, &$input_errors) { - foreach ($post as $key => $value) { - if (empty($value)) - continue; - if($key == "greet_time" && !preg_match("/(\d+),(\d+)(s|m|h|w)/",$value)) - $input_errors[] = "Wrong greet time sintax."; - if($key == "message_size_limit" && !is_numeric($value)) - $input_errors[] = "Message size limit must be numeric."; - if($key == "process_limit" && !is_numeric($value)) - $input_errors[] = "Process limit must be numeric."; - if($key == "freq" && (!preg_match("/^\d+(h|m|d)$/",$value) || $value == 0)) - $input_errors[] = "A valid number with a time reference is required for the field 'Frequency'"; - if (substr($key, 0, 2) == "dc" && !is_hostname($value)) - $input_errors[] = "{$value} is not a valid host name."; - if (substr($key, 0, 6) == "domain" && is_numeric(substr($key, 6))) { - if (!is_domain($value)) - $input_errors[] = "{$value} is not a valid domain name."; - } else if (substr($key, 0, 12) == "mailserverip" && is_numeric(substr($key, 12))) { - if (empty($post['domain' . substr($key, 12)])) - $input_errors[] = "Domain for {$value} cannot be blank."; - if (!is_ipaddr($value) && !is_hostname($value)) - $input_errors[] = "{$value} is not a valid IP address or host name."; - } - } -} - -function countryblock_php_install_command() { - include_once '/usr/local/www/countryblock.php'; - countryblock_get_countries(); - sync_package_countryblock(); -} - -function countryblock_php_deinstall_command() { - global $config; - $config['installedpackages']['countryblock']['config'][0]['enable_cb']=""; - write_config(); - sync_package_countryblock(); -} - -/* Uses XMLRPC to synchronize the changes to a remote node */ -function countryblock_sync_on_changes() { - global $config, $g; - log_error("[countryblock] countryblock_xmlrpc_sync.php is starting."); - $synconchanges = $config['installedpackages']['countryblocksync']['config'][0]['synconchanges']; - if(!$synconchanges) - return; - foreach ($config['installedpackages']['countryblocksync']['config'] as $rs ){ - foreach($rs['row'] as $sh){ - $sync_to_ip = $sh['ipaddress']; - $password = $sh['password']; - if($password && $sync_to_ip) - countryblock_do_xmlrpc_sync($sync_to_ip, $password); - } - } - log_error("[countryblock] countryblock_xmlrpc_sync.php is ending."); -} - -/* Do the actual XMLRPC sync */ -function countryblock_do_xmlrpc_sync($sync_to_ip, $password) { - global $config, $g; - - if(!$password) - return; - - if(!$sync_to_ip) - return; - - $xmlrpc_sync_neighbor = $sync_to_ip; - if($config['system']['webgui']['protocol'] != "") { - $synchronizetoip = $config['system']['webgui']['protocol']; - $synchronizetoip .= "://"; - } - $port = $config['system']['webgui']['port']; - /* if port is empty lets rely on the protocol selection */ - if($port == "") { - if($config['system']['webgui']['protocol'] == "http") - $port = "80"; - else - $port = "443"; - } - $synchronizetoip .= $sync_to_ip; - - /* xml will hold the sections to sync */ - $xml = array(); - $xml['countryblock'] = $config['installedpackages']['countryblock']; - $xml['countryblockafrica'] = $config['installedpackages']['countryblockafrica']; - $xml['countryblockantartica'] = $config['installedpackages']['countryblockantartica']; - $xml['countryblockasia'] = $config['installedpackages']['countryblockasia']; - $xml['countryblockeurope'] = $config['installedpackages']['countryblockeurope']; - $xml['countryblocknorthamerica'] = $config['installedpackages']['countryblocknorthamerica']; - $xml['countryblockoceania'] = $config['installedpackages']['countryblockoceania']; - $xml['countryblocksouthamerica'] = $config['installedpackages']['countryblocksouthamerica']; - /* assemble xmlrpc payload */ - $params = array( - XML_RPC_encode($password), - XML_RPC_encode($xml) - ); - - /* set a few variables needed for sync code borrowed from filter.inc */ - $url = $synchronizetoip; - log_error("Beginning countryblock XMLRPC sync to {$url}:{$port}."); - $method = 'pfsense.merge_installedpackages_section_xmlrpc'; - $msg = new XML_RPC_Message($method, $params); - $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); - $cli->setCredentials('admin', $password); - if($g['debug']) - $cli->setDebug(1); - /* send our XMLRPC message and timeout after 250 seconds */ - $resp = $cli->send($msg, "250"); - if(!$resp) { - $error = "A communications error occurred while attempting countryblock XMLRPC sync with {$url}:{$port}."; - log_error($error); - file_notice("sync_settings", $error, "countryblock Settings Sync", ""); - } elseif($resp->faultCode()) { - $cli->setDebug(1); - $resp = $cli->send($msg, "250"); - $error = "An error code was received while attempting countryblock XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); - log_error($error); - file_notice("sync_settings", $error, "countryblock Settings Sync", ""); - } else { - log_error("countryblock XMLRPC sync successfully completed with {$url}:{$port}."); - } - - /* tell countryblock to reload our settings on the destionation sync host. */ - $method = 'pfsense.exec_php'; - $execcmd = "require_once('/usr/local/pkg/countryblock.inc');\n"; - $execcmd .= "sync_package_countryblock();"; - - /* assemble xmlrpc payload */ - $params = array( - XML_RPC_encode($password), - XML_RPC_encode($execcmd) - ); - - log_error("countryblock XMLRPC reload data {$url}:{$port}."); - $msg = new XML_RPC_Message($method, $params); - $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); - $cli->setCredentials('admin', $password); - $resp = $cli->send($msg, "250"); - if(!$resp) { - $error = "A communications error occurred while attempting countryblock XMLRPC sync with {$url}:{$port} (pfsense.exec_php)."; - log_error($error); - file_notice("sync_settings", $error, "countryblock Settings Sync", ""); - } elseif($resp->faultCode()) { - $cli->setDebug(1); - $resp = $cli->send($msg, "250"); - $error = "An error code was received while attempting countryblock XMLRPC exec with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); - log_error($error); - file_notice("sync_settings", $error, "countryblock Settings Sync", ""); - } else { - log_error("countryblock XMLRPC reload data success with {$url}:{$port} (pfsense.exec_php)."); - } - -} - -?> diff --git a/config/pf-blocker/countryblock.php b/config/pf-blocker/countryblock.php deleted file mode 100644 index 5d0f825a..00000000 --- a/config/pf-blocker/countryblock.php +++ /dev/null @@ -1,196 +0,0 @@ -<?php -function get_networks($cb){ - if ($cb==1) - $return= file_get_contents('/usr/local/pkg/cb.txt'); - if ($cb==2) - $return=file_get_contents('/usr/local/pkg/cbw.txt'); - #print "<pre>"; - print $return; -} - -if ($_REQUEST['cb']== 1){# and $_SERVER['REMOTE_ADDR']== '127.0.0.1'){ - get_networks(1); -} -if ($_REQUEST['cbw']== 1){# and $_SERVER['REMOTE_ADDR']== '127.0.0.1'){ - get_networks(2); -} - -function countryblock_get_countries(){ -$files= array ( "Africa" => "/usr/local/pkg/Africa_cidr.txt", - "Antartica" => "/usr/local/pkg/Antartica_cidr.txt", - "Asia" => "/usr/local/pkg/Asia_cidr.txt", - "Europe" => "/usr/local/pkg/Europe_cidr.txt", - "North America" => "/usr/local/pkg/North_America_cidr.txt", - "Oceania" => "/usr/local/pkg/Oceania_cidr.txt", - "South America"=>"/usr/local/pkg/South_America_cidr.txt"); -$cdir='/usr/local/pkg/countryblock'; -if (! is_dir($cdir)) - mkdir ($cdir,0755); -foreach ($files as $cont => $file){ - $ips=file_get_contents($file); - $convert = explode("\n", $ips); - print $cont."\n"; - $active= array("$cont" => '<active/>'); - $options=""; - $total=1; - foreach ($convert as $line){ - if (preg_match('/#(.*):\s+(.*)$/',$line,$matches)){ - if ($ISOCode <> "" && $ISOCode <> $matches[2] && preg_match("/ISO Code/",$line)){ - file_put_contents($cdir.'/'.$ISOCode.'.txt',${$ISOCode},LOCK_EX); - $total++; - } - ${preg_replace("/\s/","",$matches[1])}=$matches[2]; - } - else{ - if (${$ISOCode}==0){ - ${$ISOCode}++; - $options.= '<option><name>'.$Country.' </name><value>'.$ISOCode.'</value></option>'."\n"; - } - ${$ISOCode}.=$line."\n"; - } - } -#save last country networks -file_put_contents($cdir.'/'.$ISOCode.'.txt',${$ISOCode},LOCK_EX); -$cont_name= preg_replace("/ /","",$cont); -$cont_name_lower= strtolower($cont_name); -#file_put_contents($cdir.'/'.$cont_name.'.txt',$ips,LOCK_EX); -$xml= <<<EOF -<?xml version="1.0" encoding="utf-8" ?> -<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> -<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> -<packagegui> - <copyright> - <![CDATA[ -/* \$Id$ */ -/* ========================================================================== */ -/* - countryblock_{$cont_name}.xml - part of the Countryblock package for pfSense - Copyright (C) 2011 Marcello Coutinho - All rights reserved. - */ -/* ========================================================================== */ -/* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - ]]> - </copyright> - <description>Describe your package here</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> - <name>countryblock{$cont_name_lower}</name> - <version>1.0.1</version> - <title>Firewall: Countryblock</title> - <include_file>/usr/local/pkg/countryblock.inc</include_file> - <menu> - <name>Countryblock</name> - <tooltiptext>Configure Countryblock</tooltiptext> - <section>Firewall</section> - <url>pkg_edit.php?xml=countryblock.xml&id=0</url> - </menu> - <service> - <name>countryblock</name> - </service> -<tabs> - <tab> - <text>General</text> - <url>/pkg_edit.php?xml=countryblock.xml&id=0</url> - </tab> - <tab> - <text>Africa</text> - <url>/pkg_edit.php?xml=countryblock_Africa.xml&id=0</url> - {$active['Africa']} - </tab> - <tab> - <text>Antartica</text> - <url>/pkg_edit.php?xml=countryblock_Antartica.xml&id=0</url> - {$active['Antartica']} - </tab> - <tab> - <text>Asia</text> - <url>/pkg_edit.php?xml=countryblock_Asia.xml&id=0</url> - {$active['Asia']} - </tab> - <tab> - <text>Europe</text> - <url>/pkg_edit.php?xml=countryblock_Europe.xml&id=0</url> - {$active['Europe']} - </tab> - <tab> - <text>North America</text> - <url>/pkg_edit.php?xml=countryblock_NorthAmerica.xml&id=0</url> - {$active['North America']} - </tab> - <tab> - <text>Oceania</text> - <url>/pkg_edit.php?xml=countryblock_Oceania.xml&id=0</url> - {$active['Oceania']} - </tab> - <tab> - <text>South America</text> - <url>/pkg_edit.php?xml=countryblock_SouthAmerica.xml&id=0</url> - {$active['South America']} - </tab> - <tab> - <text>XMLRPC Sync</text> - <url>/pkg_edit.php?xml=countryblock_sync.xml&id=0</url> - </tab> -</tabs> - <fields> - <field> - <name>Continent {$cont}</name> - <type>listtopic</type> - </field> - <field> - <fielddescr>Countries</fielddescr> - <fieldname>countries</fieldname> - <description> - <![CDATA[Select Countries you want to block.]]> - </description> - <type>select</type> - <options> - {$options} - </options> - <size>{$total}</size> - <multiple/> - </field> </fields> - <custom_php_install_command> - countryblock_php_install_command(); - </custom_php_install_command> - <custom_php_deinstall_command> - countryblock_php_deinstall_command(); - </custom_php_deinstall_command> - <custom_php_validation_command> - countryblock_validate_input(\$_POST, &\$input_errors); - </custom_php_validation_command> - <custom_php_resync_config_command> - sync_package_countryblock(); - </custom_php_resync_config_command> -</packagegui> -EOF; - file_put_contents('/usr/local/pkg/countryblock_'.$cont_name.'.xml',$xml,LOCK_EX); - -} - -} -?>
\ No newline at end of file diff --git a/config/pf-blocker/countryblock.xml b/config/pf-blocker/countryblock.xml deleted file mode 100755 index 20e34462..00000000 --- a/config/pf-blocker/countryblock.xml +++ /dev/null @@ -1,234 +0,0 @@ -<?xml version="1.0" encoding="utf-8" ?> -<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> -<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> -<packagegui> - <copyright> - <![CDATA[ -/* $Id$ */ -/* ========================================================================== */ -/* - Countryblock.xml - part of the Countryblock for pfSense - Copyright (C) 2011 Marcello Coutinho - - All rights reserved. - */ -/* ========================================================================== */ -/* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - ]]> - </copyright> - <description>Describe your package here</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> - <name>countryblock</name> - <version>1.0</version> - <title>Firewall: Countryblock</title> - <include_file>/usr/local/pkg/countryblock.inc</include_file> - <menu> - <name>Country Block</name> - <tooltiptext>Configure Countryblock</tooltiptext> - <section>Firewall</section> - <url>pkg_edit.php?xml=countryblock.xml&id=0</url> - </menu> - <service> - <name>countryblock</name> - </service> - <additional_files_needed> - <item>http://www.pfsense.org/packages/config/countryblock-dev/countryblock.inc</item> - <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> - </additional_files_needed> - <additional_files_needed> - <item>http://www.pfsense.org/packages/config/countryblock-dev/countryblock.php</item> - <prefix>/usr/local/www/</prefix> - <chmod>0755</chmod> - </additional_files_needed> - <additional_files_needed> - <item>http://www.pfsense.org/packages/config/countryblock-dev/countryblock_sync.xml</item> - <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> - </additional_files_needed> - <additional_files_needed> - <item>http://www.countryipblocks.net/e_country_data/Africa_cidr.txt</item> - <prefix>/usr/local/pkg/</prefix> - <chmod>0555</chmod> - </additional_files_needed> - <additional_files_needed> - <item>http://www.countryipblocks.net/e_country_data/Antartica_cidr.txt</item> - <prefix>/usr/local/pkg/</prefix> - <chmod>0555</chmod> - </additional_files_needed> - <additional_files_needed> - <item>http://www.countryipblocks.net/e_country_data/Asia_cidr.txt</item> - <prefix>/usr/local/pkg/</prefix> - <chmod>0555</chmod> - </additional_files_needed> - <additional_files_needed> - <item>http://www.countryipblocks.net/e_country_data/Europe_cidr.txt</item> - <prefix>/usr/local/pkg/</prefix> - <chmod>0555</chmod> - </additional_files_needed> - <additional_files_needed> - <item>http://www.countryipblocks.net/e_country_data/North_America_cidr.txt</item> - <prefix>/usr/local/pkg/</prefix> - <chmod>0555</chmod> - </additional_files_needed> - <additional_files_needed> - <item>http://www.countryipblocks.net/e_country_data/Oceania_cidr.txt</item> - <prefix>/usr/local/pkg/</prefix> - <chmod>0555</chmod> - </additional_files_needed> - <additional_files_needed> - <item>http://www.countryipblocks.net/e_country_data/South_America_cidr.txt</item> - <prefix>/usr/local/pkg/</prefix> - <chmod>0555</chmod> - </additional_files_needed> -<tabs> - <tab> - <text>General</text> - <url>/pkg_edit.php?xml=countryblock.xml&id=0</url> - <active/> - </tab> - <tab> - <text>Africa</text> - <url>/pkg_edit.php?xml=countryblock_Africa.xml&id=0</url> - - </tab> - <tab> - <text>Antartica</text> - <url>/pkg_edit.php?xml=countryblock_Antartica.xml&id=0</url> - - </tab> - <tab> - <text>Asia</text> - <url>/pkg_edit.php?xml=countryblock_Asia.xml&id=0</url> - - </tab> - <tab> - <text>Europe</text> - <url>/pkg_edit.php?xml=countryblock_Europe.xml&id=0</url> - </tab> - <tab> - <text>North America</text> - <url>/pkg_edit.php?xml=countryblock_NorthAmerica.xml&id=0</url> - </tab> - <tab> - <text>Oceania</text> - <url>/pkg_edit.php?xml=countryblock_Oceania.xml&id=0</url> - </tab> - <tab> - <text>South America</text> - <url>/pkg_edit.php?xml=countryblock_SouthAmerica.xml&id=0</url> - </tab> - <tab> - <text>XMLRPC Sync</text> - <url>/pkg_edit.php?xml=countryblock_sync.xml&id=0</url> - </tab> -</tabs> - <fields> - <field> - <name>Countryblock General Settings</name> - <type>listtopic</type> - </field> - <field> - <fielddescr>Enable Countryblock </fielddescr> - <fieldname>enable_cb</fieldname> - <type>checkbox</type> - <description></description> - </field> - <field> - <fielddescr>Enable Logging </fielddescr> - <fieldname>enable_log</fieldname> - <type>checkbox</type> - <description></description> - </field> - <field> - <fielddescr>Inbound Interface(s)</fielddescr> - <fieldname>inbound_interface</fieldname> - <description><![CDATA[Default: <strong>WAN</strong><br>Select interface(s) that you want to block incoming traffic.<br> - If you want to create custom inbound rules for blocked countries based on Countryblock firewall alias, leave this list empty.]]></description> - <type>interfaces_selection</type> - <required/> - <multiple/> - </field> - <field> - <fielddescr>Outbound Interface(s)</fielddescr> - <fieldname>outbound_interface</fieldname> - <description><![CDATA[Default:<strong>LAN</strong><br>Select interface(s) that you do not want to send outgoing traffic.<br> - If you want to create custom outbound rules for blocked countries based on Countryblock firewall alias, leave this list empty.]]></description> - <type>interfaces_selection</type> - <required/> - <multiple/> - </field> - <field> - <fielddescr>Whitelist</fielddescr> - <fieldname>whitelist</fieldname> - <description><![CDATA[Enter a CIDR range for the Address you wish to whitlist. One network per line.<br> - Example: 192.168.1.0/24]]></description> - <type>textarea</type> - <cols>20</cols> - <rows>06</rows> - <encoding>base64</encoding> - </field> - <field> - <name>Shortcut</name> - <type>listtopic</type> - </field> - <field> - <fielddescr>Top Spammers</fielddescr> - <fieldname>topspammers</fieldname> - <description> - <![CDATA[Select top spammers countries you want to block.]]> - </description> - <type>select</type> - <options> - <option><name>Korea</name><value>KR</value></option> - <option><name>China</name><value>CN</value></option> - <option><name>India</name><value>IN</value></option> - <option><name>Russia</name><value>RU</value></option> - <option><name>Turkey</name><value>TR</value></option> - <option><name>Vietnam</name><value>VN</value></option> - <option><name>Ukraine</name><value>UA</value></option> - <option><name>Brazil</name><value>BR</value></option> - <option><name>Venezuela </name><value>VE</value></option> - <option><name>Pakistan</name><value>PK</value></option> - </options> - <size>10</size> - <multiple/> - </field> - </fields> - <custom_php_install_command> - countryblock_php_install_command(); - </custom_php_install_command> - <custom_php_deinstall_command> - countryblock_php_deinstall_command(); - </custom_php_deinstall_command> - <custom_php_validation_command> - countryblock_validate_input($_POST, &$input_errors); - </custom_php_validation_command> - <custom_php_resync_config_command> - sync_package_countryblock(); - </custom_php_resync_config_command> -</packagegui> diff --git a/config/pf-blocker/countryblock_sync.xml b/config/pf-blocker/countryblock_sync.xml deleted file mode 100644 index e026b636..00000000 --- a/config/pf-blocker/countryblock_sync.xml +++ /dev/null @@ -1,144 +0,0 @@ -<?xml version="1.0" encoding="utf-8" ?> -<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> -<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> -<packagegui> - <copyright> - <![CDATA[ -/* $Id$ */ -/* ========================================================================== */ -/* - Countryblock_sync.xml - part of the Countryblock package for pfSense - Copyright (C) 2011 Marcello Coutinho - All rights reserved. - */ -/* ========================================================================== */ -/* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - ]]> - </copyright> - <description>Describe your package here</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> - <name>countryblock_sync</name> - <version>1.0</version> - <title>Firewall: Countryblock</title> - <include_file>/usr/local/pkg/countryblock.inc</include_file> - <menu> - <name>Countryblock</name> - <tooltiptext>Configure Countryblock</tooltiptext> - <section>Services</section> - <url>pkg_edit.php?xml=countryblock.xml&id=0</url> - </menu> - <service> - <name>countryblock</name> - </service> -<tabs> - <tab> - <text>General</text> - <url>/pkg_edit.php?xml=countryblock.xml&id=0</url> - </tab> - <tab> - <text>Africa</text> - <url>/pkg_edit.php?xml=countryblock_Africa.xml&id=0</url> - - </tab> - <tab> - <text>Antartica</text> - <url>/pkg_edit.php?xml=countryblock_Antartica.xml&id=0</url> - - </tab> - <tab> - <text>Asia</text> - <url>/pkg_edit.php?xml=countryblock_Asia.xml&id=0</url> - - </tab> - <tab> - <text>Europe</text> - <url>/pkg_edit.php?xml=countryblock_Europe.xml&id=0</url> - </tab> - <tab> - <text>North America</text> - <url>/pkg_edit.php?xml=countryblock_NorthAmerica.xml&id=0</url> - </tab> - <tab> - <text>Oceania</text> - <url>/pkg_edit.php?xml=countryblock_Oceania.xml&id=0</url> - </tab> - <tab> - <text>South America</text> - <url>/pkg_edit.php?xml=countryblock_SouthAmerica.xml&id=0</url> - </tab> - <tab> - <text>XMLRPC Sync</text> - <url>/pkg_edit.php?xml=countryblock_sync.xml&id=0</url> - <active/> - </tab> -</tabs> - <fields> - <field> - <name>countryblock XMLRPC Sync</name> - <type>listtopic</type> - </field> - <field> - <fielddescr>Automatically sync countryblock configuration changes</fielddescr> - <fieldname>synconchanges</fieldname> - <description>pfSense will automatically sync changes to the hosts defined below.</description> - <type>checkbox</type> - </field> - <field> - <fielddescr>Remote Server</fielddescr> - <fieldname>none</fieldname> - <type>rowhelper</type> - <rowhelper> - <rowhelperfield> - <fielddescr>IP Address</fielddescr> - <fieldname>ipaddress</fieldname> - <description>IP Address of remote server</description> - <type>input</type> - <size>20</size> - </rowhelperfield> - <rowhelperfield> - <fielddescr>Password</fielddescr> - <fieldname>password</fieldname> - <description>Password for remote server.</description> - <type>password</type> - <size>20</size> - </rowhelperfield> - </rowhelper> - </field> - </fields> - <custom_php_install_command> - countryblock_php_install_command(); - </custom_php_install_command> - <custom_php_deinstall_command> - countryblock_php_deinstall_command(); - </custom_php_deinstall_command> - <custom_php_validation_command> - countryblock_validate_input($_POST, &$input_errors); - </custom_php_validation_command> - <custom_php_resync_config_command> - sync_package_countryblock(); - </custom_php_resync_config_command> -</packagegui> diff --git a/config/pf-blocker/pfblocker.inc b/config/pf-blocker/pfblocker.inc index de28a432..11a2b30a 100755 --- a/config/pf-blocker/pfblocker.inc +++ b/config/pf-blocker/pfblocker.inc @@ -197,7 +197,7 @@ function sync_package_pfblocker() { unlink($pfBlockerInbound); } $pfBlockerOutbound='/var/db/aliastables/pfBlockerOutbound.txt'; - if ($ips_out != "" && $pfblocker_config['outbound_interface'] != ""){ + if ($ips_out != ""){ #create or reaply alias $new_aliases[]=array("name"=> 'pfBlockerOutbound', "url"=> $web_local.'?pfb=out', |