aboutsummaryrefslogtreecommitdiffstats
path: root/config/pf-blocker
diff options
context:
space:
mode:
authorPhil Davis <phil.davis@world.inf.org>2013-03-28 17:48:46 +0545
committerPhil Davis <phil.davis@world.inf.org>2013-03-28 17:48:46 +0545
commite2ec86f40c9573292a46d4ab89ae70e353a99f8f (patch)
treeeb1e9327baf8d9ae00947125788b57b74a66c4ea /config/pf-blocker
parentd7ec5f1ec1c8eeee6c84bc3b85543543711655bc (diff)
downloadpfsense-packages-e2ec86f40c9573292a46d4ab89ae70e353a99f8f.tar.gz
pfsense-packages-e2ec86f40c9573292a46d4ab89ae70e353a99f8f.tar.bz2
pfsense-packages-e2ec86f40c9573292a46d4ab89ae70e353a99f8f.zip
pfBlocker allow list ranges that are not exact subnets
Fixes #2892 I made a "nasty" list as follows: 192.168.100.0-192.168.101.255 192.168.103.8-192.168.103.23 192.168.104.1-192.168.104.254 192.168.105.22-192.168.106.66 192.168.107.3-192.168.107.33 And this code turns it into: 192.168.100.0/23 192.168.103.8/29 192.168.103.16/29 192.168.104.1/32 192.168.104.2/31 192.168.104.4/30 192.168.104.8/29 192.168.104.16/28 192.168.104.32/27 192.168.104.64/26 192.168.104.128/26 192.168.104.192/27 192.168.104.224/28 192.168.104.240/29 192.168.104.248/30 192.168.104.252/31 192.168.104.254/32 192.168.105.22/31 192.168.105.24/29 192.168.105.32/27 192.168.105.64/26 192.168.105.128/25 192.168.106.0/26 192.168.106.64/31 192.168.106.66/32 192.168.107.3/32 192.168.107.4/30 192.168.107.8/29 192.168.107.16/28 192.168.107.32/31 Which is the correct group of CIDRs to represent the given ranges.
Diffstat (limited to 'config/pf-blocker')
-rwxr-xr-xconfig/pf-blocker/pfblocker.inc33
1 files changed, 6 insertions, 27 deletions
diff --git a/config/pf-blocker/pfblocker.inc b/config/pf-blocker/pfblocker.inc
index 58b93bb5..c40d742e 100755
--- a/config/pf-blocker/pfblocker.inc
+++ b/config/pf-blocker/pfblocker.inc
@@ -52,29 +52,6 @@ function cb_get_real_interface_address($iface) {
return array($ip, long2ip(hexdec($netmask)));
}
-function pfblocker_Range2CIDR($ip_min, $ip_max) {
- #function called without any args
- if ($ip_min == "" || $ip_max == "")
- return "";
- #function called with same ip in min and max
- if ($ip_min == $ip_max)
- return $ip_min. "/32";
- #convert ip to decimal numbers
- $ip_min_long=ip2long($ip_min);
- $ip_max_long=ip2long($ip_max);
- #check long results
- if ($ip_min_long == -1 || $ip_max_long == -1)
- return "";
- #identify bits mask
- $bits=(32 -strlen(decbin($ip_max_long - $ip_min_long)));
- if ($bits < 0)
- return "";
- #identify first ip on range network
- $network=long2ip( $ip_min_long & ((1<<32)-(1<<(32-$bits))-1) );
- #print decbin($ip_min_long)."\n".$network."\n";
- return $network . "/". $bits;
-}
-
function sync_package_pfblocker($cron="") {
global $g,$config;
@@ -290,10 +267,12 @@ function sync_package_pfblocker($cron="") {
foreach ($url_list as $line){
# Network range 192.168.0.0-192.168.0.254
if (preg_match("/(\d+\.\d+\.\d+\.\d+)-(\d+\.\d+\.\d+\.\d+)/",$line,$matches)){
- $cidr= pfblocker_Range2CIDR($matches[1],$matches[2]);
- if ($cidr != ""){
- ${$alias}.= $cidr."\n";
- $new_file.= $cidr."\n";
+ $a_cidr = ip_range_to_subnet_array($matches[1],$matches[2]);
+ if (is_array($a_cidr)) {
+ foreach ($a_cidr as $cidr) {
+ ${$alias}.= $cidr."\n";
+ $new_file.= $cidr."\n";
+ }
}
}
# CIDR format 192.168.0.0/16