diff options
author | marcelloc <marcellocoutinho@gmail.com> | 2011-10-28 11:32:36 -0200 |
---|---|---|
committer | marcelloc <marcellocoutinho@gmail.com> | 2011-10-28 11:32:36 -0200 |
commit | 94d57a9f85b242766f272c4e9a1dbee7d1694b8f (patch) | |
tree | 4fc4af69495d2be47550ceccfae5910d4ed185dc /config/pf-blocker | |
parent | 9a75216ac2ec2e992ce1050a3556f86340027d85 (diff) | |
download | pfsense-packages-94d57a9f85b242766f272c4e9a1dbee7d1694b8f.tar.gz pfsense-packages-94d57a9f85b242766f272c4e9a1dbee7d1694b8f.tar.bz2 pfsense-packages-94d57a9f85b242766f272c4e9a1dbee7d1694b8f.zip |
pfBlocker - more improvements
Diffstat (limited to 'config/pf-blocker')
-rwxr-xr-x | config/pf-blocker/pfblocker.inc | 12 | ||||
-rwxr-xr-x | config/pf-blocker/pfblocker.xml | 48 |
2 files changed, 43 insertions, 17 deletions
diff --git a/config/pf-blocker/pfblocker.inc b/config/pf-blocker/pfblocker.inc index 11a2b30a..57c24c2d 100755 --- a/config/pf-blocker/pfblocker.inc +++ b/config/pf-blocker/pfblocker.inc @@ -178,7 +178,7 @@ function sync_package_pfblocker() { #print "<pre>"; $new_aliases=array(); $pfBlockerInbound='/var/db/aliastables/pfBlockerInbound.txt'; - if ($ips_in != ""){ + if ($ips_in != "" && $config['installedpackages']['pfblocker']['config'][0]['enable_cb'] == "on"){ #create or reaply alias $new_aliases[]=array("name"=> 'pfBlockerInbound', "url"=> $web_local.'?pfb=in', @@ -197,7 +197,7 @@ function sync_package_pfblocker() { unlink($pfBlockerInbound); } $pfBlockerOutbound='/var/db/aliastables/pfBlockerOutbound.txt'; - if ($ips_out != ""){ + if ($ips_out != "" && $config['installedpackages']['pfblocker']['config'][0]['enable_cb'] == "on"){ #create or reaply alias $new_aliases[]=array("name"=> 'pfBlockerOutbound', "url"=> $web_local.'?pfb=out', @@ -217,7 +217,7 @@ function sync_package_pfblocker() { } $pfblockerWL='/var/db/aliastables/pfBlockerWL.txt'; - if ($whitelist != ""){ + if ($whitelist != "" && $config['installedpackages']['pfblocker']['config'][0]['enable_cb'] == "on"){ #create or reaply alias $new_aliases[]=array("name"=> 'pfBlockerWL', "url"=> $web_local.'?pfb=white', @@ -267,8 +267,9 @@ function sync_package_pfblocker() { ${$iface}[0]["log"]=""; } if ($ips_in != ""){ + $action=($pfblocker_config['inbound_deny_action']!= ""?$pfblocker_config['inbound_deny_action']:"block"); ${$iface}[1]=array( "id" => "", - "type"=>"block", + "type"=>$action, "tag"=> "", "interface" => $iface, "tagged"=> "", @@ -309,8 +310,9 @@ function sync_package_pfblocker() { ${$iface}[2]["log"]=""; } if ($ips_out != ""){ + $action=($pfblocker_config['outbound_deny_action']!= ""?$pfblocker_config['outbound_deny_action']:"block"); ${$iface}[3]= array("id" => "", - "type"=>"block", + "type"=>$action, "tag"=> "", "interface" => $iface, "tagged"=> "", diff --git a/config/pf-blocker/pfblocker.xml b/config/pf-blocker/pfblocker.xml index 7294dffa..77c8a4f2 100755 --- a/config/pf-blocker/pfblocker.xml +++ b/config/pf-blocker/pfblocker.xml @@ -68,12 +68,12 @@ <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/pf-blocker/pfblocker_topspammers.xml</item> + <item>http://www.countryipblocks.net/e_country_data/Africa_cidr.txt</item> <prefix>/usr/local/pkg/</prefix> <chmod>0555</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.countryipblocks.net/e_country_data/Africa_cidr.txt</item> + <item>http://www.countryipblocks.net/e_country_data/Antartica_cidr.txt</item> <prefix>/usr/local/pkg/</prefix> <chmod>0555</chmod> </additional_files_needed> @@ -171,6 +171,17 @@ <multiple/> </field> <field> + <fielddescr>Inbound deny action</fielddescr> + <fieldname>inbound_deny_action</fieldname> + <description><![CDATA[Default:<strong>Block</strong><br> + Select deny action for inbound rules]]></description> + <type>select</type> + <options> + <option><name>Block</name><value>block</value></option> + <option><name>Reject</name><value>reject</value></option> + </options> + </field> + <field> <fielddescr>Outbound Interface(s)</fielddescr> <fieldname>outbound_interface</fieldname> <description><![CDATA[Default:<strong>LAN</strong> or none.<br>Select interface(s) that you do not want to send outgoing traffic.<br> @@ -179,24 +190,37 @@ <required/> <multiple/> </field> + <field> + <fielddescr>Outbound deny action</fielddescr> + <fieldname>outbound_deny_action</fieldname> + <description><![CDATA[Default:<strong>Reject</strong><br> + Select deny action for outbound rules]]></description> + <type>select</type> + <options> + <option><name>Reject</name><value>reject</value></option> + <option><name>Block</name><value>block</value></option> + </options> + </field> + <field> <name>Network ranges / CIDR lists</name> <type>listtopic</type> </field> + <field> <fielddescr>Country Action</fielddescr> <fieldname>countryblock</fieldname> <description><![CDATA[Default:<strong>Block Inbound</strong><br> Select action for countries you have selected<br><br> - <strong>Note: </strong><br>'Block Inbound' traffic will deny access from selected countries to your network.<br> - 'Block Outgoing' traffic will deny access from your users to countries you selected to block<br> + <strong>Note: </strong><br>'Deny Inbound' traffic will deny access from selected countries to your network.<br> + 'Deny Outgoing' traffic will deny access from your users to countries you selected to block<br> 'Whitelist' will allow access from and to selected countries to your network.<br> 'None' will not apply rules to selected countries.]]></description> <type>select</type> <options> - <option><name>Block Inbound</name><value>inbound</value></option> - <option><name>Block Outbound</name><value>outbound</value></option> - <option><name>Block Inbound and Outbound</name><value>both</value></option> + <option><name>Deny Inbound</name><value>inbound</value></option> + <option><name>Deny Outbound</name><value>outbound</value></option> + <option><name>Deny Inbound and Outbound</name><value>both</value></option> <option><name>whitelist</name><value>whitelist</value></option> <option><name>None</name><value>none</value></option> </options> @@ -205,7 +229,7 @@ <fielddescr>Update frequency</fielddescr> <fieldname>update</fieldname> <description><![CDATA[Default:<strong>Never</strong><br> - Select how often pfsense will download Lists files]]></description> + Select how often pfsense will download List files]]></description> <type>select</type> <options> <option><name>Never</name><value>never</value></option> @@ -236,8 +260,8 @@ <fieldname>action</fieldname> <type>select</type> <options> - <option><name>Block Inbound</name><value>ips_in</value></option> - <option><name>Block Outbound</name><value>ips_out</value></option> + <option><name>Deny Inbound</name><value>ips_in</value></option> + <option><name>Deny Outbound</name><value>ips_out</value></option> <option><name>whitelist</name><value>whitelist</value></option> <option><name>None</name><value>none</value></option> </options> @@ -255,7 +279,7 @@ <fielddescr>Url</fielddescr> <fieldname>url</fieldname> <type>input</type> - <size>57</size> + <size>65</size> </rowhelperfield> </rowhelper> </field> @@ -281,7 +305,7 @@ <field> <fielddescr>Whitelist</fielddescr> <fieldname>whitelist</fieldname> - <description><![CDATA[Enter CIDR network ranges you want to whitlist. One network per line.<br> + <description><![CDATA[Enter network you want to whitlist in CIDR format. One network per line.<br> Example: 192.168.1.0/24]]></description> <type>textarea</type> <cols>50</cols> |