countryblock-dev moved to pf-blocker-dev

4 files changed, 976 insertions, 0 deletions

diff --git a/config/pf-blocker/countryblock.inc b/config/pf-blocker/countryblock.inc
new file mode 100755
index 00000000..5844f3d1
--- /dev/null
+++ b/config/pf-blocker/countryblock.inc
@@ -0,0 +1,402 @@
+<?php
+/*
+	countryblock.inc
+	part of the Postfix package for pfSense
+	Copyright (C) 2010 Erik Fonnesbeck
+	Copyright (C) 2011 Marcello Coutinho
+
+	All rights reserved.
+
+	Redistribution and use in source and binary forms, with or without
+	modification, are permitted provided that the following conditions are met:
+
+	1. Redistributions of source code must retain the above copyright notice,
+	   this list of conditions and the following disclaimer.
+
+	2. Redistributions in binary form must reproduce the above copyright
+	   notice, this list of conditions and the following disclaimer in the
+	   documentation and/or other materials provided with the distribution.
+
+	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+	POSSIBILITY OF SUCH DAMAGE.
+
+*/
+require_once("util.inc");
+require_once("functions.inc");
+require_once("pkg-utils.inc");
+require_once("globals.inc");
+require_once("filter.inc");
+	
+function cb_text_area_decode($text){
+	return preg_replace('/\r\n/', "\n",base64_decode($text));	
+}
+
+function cb_get_real_interface_address($iface) {
+	global $config;
+	$iface = convert_friendly_interface_to_real_interface_name($iface);
+	$line = trim(shell_exec("ifconfig $iface | grep inet | grep -v inet6"));
+	list($dummy, $ip, $dummy2, $netmask) = explode(" ", $line);
+	return array($ip, long2ip(hexdec($netmask)));
+}
+
+function sync_package_countryblock() {
+	global $config;
+	$countryblock_config=$config['installedpackages']['countryblock']['config'][0];
+	$continents= array("Africa","Antartica","Asia","Europe","North America","Oceania","South America");
+
+	#get local web gui configuration
+    $web_local=($config['system']['webgui']['protocol'] != ""?$config['system']['webgui']['protocol']:"http");
+    $port = $config['system']['webgui']['port'];
+    if($port == "") {
+		if($config['system']['webgui']['protocol'] == "http") 
+			$port = "80";
+		else 
+			$port = "443";
+    }
+    $web_local .= "://127.0.0.1:".$port.'/countryblock.php';
+	
+	#get all selected countries
+	$countries=$config['installedpackages']['countryblock']['config'][0]['topspammers'].",";
+	foreach ($continents as $continent){
+		if (is_array($config['installedpackages']['countryblock'.strtolower(preg_replace('/ /','',$continent))]['config']))
+			$countries.=$config['installedpackages']['countryblock'.strtolower(preg_replace('/ /','',$continent))]['config'][0]['countries'].",";
+	}
+	$cb_files = explode(",", $countries);
+	$ips="";
+    foreach ($cb_files as $iso){
+		if ($iso <> ""){
+			if (file_exists('/usr/local/pkg/countryblock/'.$iso.'.txt'))
+				$ips.=file_get_contents('/usr/local/pkg/countryblock/'.$iso.'.txt');
+		}
+	}
+	#create all ip block lists based on gui
+	file_put_contents('/usr/local/pkg/cb.txt',$ips, LOCK_EX);
+	
+	#write white_list to filesystem
+	file_put_contents('/usr/local/pkg/cbw.txt',cb_text_area_decode($countryblock_config['whitelist']), LOCK_EX);
+
+	#edit or assign alias "Countryblock" and "CountryblockWL" 
+	$aliases=$config['aliases']['alias'];
+	#print "<pre>";
+	$new_aliases=array();
+	if ($ips != ""){
+		#create or reaply alias
+		$new_aliases[]=array("name"=> 'Countryblock',
+					  		 "url"=> $web_local.'?cb=1',
+					  		 "updatefreq"=> "7",
+					  		 "address"=>"",
+					  		 "descr"=> "Countryblock deny list",
+					  		 "type"=> "urltable",
+					  		 "detail"=> "DO NOT EDIT THIS ALIAS");
+		#force alias file update
+		if (! is_dir('/var/db/aliastables/'))
+			mkdir ('/var/db/aliastables/',0755);
+		if (file_exists('/var/db/aliastables/Countryblock.txt'))
+			file_put_contents('/var/db/aliastables/Countryblock.txt',$ips, LOCK_EX);
+		}
+	else{
+		#remove previous aliastable if exist
+		if (file_exists('/var/db/aliastables/Countryblock.txt'))
+			unlink('/var/db/aliastables/Countryblock.txt');
+	}
+	
+	if (cb_text_area_decode($countryblock_config['whitelist']) != ""){
+		#create or reaply alias
+		$new_aliases[]=array("name"=> 'CountryblockWL',
+						  	 "url"=> $web_local.'?cbw=1',
+						  	 "updatefreq"=> "7",
+						  	 "address"=>"",
+						  	 "descr"=> "Countryblock white list",
+						  	 "type"=> "urltable",
+						  	 "detail"=> "DO NOT EDIT THIS ALIAS");
+		#force alias file update
+		if (! is_dir('/var/db/aliastables/'))
+			mkdir ('/var/db/aliastables/',0755);
+		if (file_exists('/var/db/aliastables/CountryblockWL.txt'))
+			file_put_contents('/var/db/aliastables/CountryblockWL.txt',cb_text_area_decode($countryblock_config['whitelist']), LOCK_EX);
+		}
+	else{
+		#remove previous aliastable if exist
+		if (file_exists('/var/db/aliastables/CountryblockWL.txt'))
+			unlink('/var/db/aliastables/CountryblockWL.txt');
+	}
+	
+	if (is_array($aliases))
+	  foreach($aliases as $cbalias){
+		if (! preg_match("/Countryblock.*list/",$cbalias['descr']))
+			$new_aliases[]=	$cbalias;
+	}
+	$config['aliases']['alias']=$new_aliases;
+	# check contryblock filter options
+	$rules=$config['filter']['rule'];
+	$ifaces = $countryblock_config['inbound_interface'];
+    foreach (explode(",", $ifaces) as $i => $iface) {
+    	if (cb_text_area_decode($countryblock_config['whitelist']) != ""){
+			${$iface}[0]=array("id" => "",
+					"type"=>"pass",
+					"tag"=>	"",
+					"interface" => $iface,
+					"tagged"=> "",
+					"max"=>	 "",
+					"max-src-nodes"=>"",
+					"max-src-conn"=> "",
+					"max-src-states"=>"",
+					"statetimeout"=>"",
+					"statetype"=>"keep state",
+					"os"=> "",
+					"source"=>array("address"=>"CountryblockWL"),
+    				"destination"=>array("any"=>""),
+    				"descr"=>"Countryblock inbound whitelist rule");
+
+			if ($countryblock_config['enable_log'])
+				${$iface}[0]["log"]="";
+    	}
+		if ($ips != ""){
+			${$iface}[1]=array(	"id" => "",
+							"type"=>"block",
+							"tag"=>	"",
+							"interface" => $iface,
+							"tagged"=> "",
+							"max"=>	 "",
+							"max-src-nodes"=>"",
+							"max-src-conn"=> "",
+							"max-src-states"=>"",
+							"statetimeout"=>"",
+						    "statetype"=>"keep state",
+							"os"=> "",
+							"source"=>array("address"=>"Countryblock"),
+    						"destination"=>array("any"=>""),
+    						"descr"=>"Countryblock inbound deny rule");
+
+			if ($countryblock_config['enable_log'])
+				${$iface}[1]["log"]="";
+		}
+	}
+	$ifaces = $countryblock_config['outbound_interface'];
+    foreach (explode(",", $ifaces) as $i => $iface) {
+    	if (cb_text_area_decode($countryblock_config['whitelist']) != ""){
+			${$iface}[2]=array(	"id" => "",
+							"type"=>"pass",
+							"tag"=>	"",
+							"interface" => $iface,
+							"tagged"=> "",
+							"max"=>	 "",
+							"max-src-nodes"=>"",
+							"max-src-conn"=> "",
+							"max-src-states"=>"",
+							"statetimeout"=>"",
+							"statetype"=>"keep state",
+							"os"=> "",
+    						"source"=>array("any"=>""),
+    						"destination"=>array("address"=>"CountryblockWL"),
+    						"descr"=>"Countryblock outbound whitelist rule");
+		if ($countryblock_config['enable_log'])
+				${$iface}[2]["log"]="";			
+    	}
+		if ($ips != ""){
+			${$iface}[3]= array("id" => "",
+							"type"=>"block",
+							"tag"=>	"",
+							"interface" => $iface,
+							"tagged"=> "",
+							"max"=>	 "",
+							"max-src-nodes"=>"",
+							"max-src-conn"=> "",
+							"max-src-states"=>"",
+							"statetimeout"=>"",
+							"statetype"=>"keep state",
+							"os"=> "",
+    						"source"=>array("any"=>""),
+    						"destination"=>array("address"=>"Countryblock"),
+    						"descr"=>"Countryblock inbound deny rule");
+			if ($countryblock_config['enable_log'])
+				${$iface}[3]["log"]="";
+			
+		}
+
+	}
+	$last_iface="";
+	foreach ($rules as $rule){
+		if ($rule['interface'] <> $last_iface){
+			$last_iface = $rule['interface'];
+			#apply countryblock rules if enabled
+			if ($config['installedpackages']['countryblock']['config'][0]['enable_cb'] == "on" && is_array(${$rule['interface']}))
+				foreach (${$rule['interface']} as $cb_rules)
+					$new_rules[]=$cb_rules;
+		}
+		if (!preg_match("/Countryblock.*rule/",$rule['descr']))
+			$new_rules[]=$rule;	
+	}
+	$config['filter']['rule']=$new_rules;
+
+	#save and apply all changes
+	write_config();
+	filter_configure();
+		
+	countryblock_sync_on_changes();
+}
+
+function countryblock_validate_input($post, &$input_errors) {
+	foreach ($post as $key => $value) {
+		if (empty($value))
+			continue;
+		if($key == "greet_time" && !preg_match("/(\d+),(\d+)(s|m|h|w)/",$value))
+				$input_errors[] = "Wrong greet time sintax.";			
+		if($key == "message_size_limit" && !is_numeric($value))
+				$input_errors[] = "Message size limit must be numeric.";
+		if($key == "process_limit" && !is_numeric($value))
+				$input_errors[] = "Process limit must be numeric.";	
+		if($key == "freq" && (!preg_match("/^\d+(h|m|d)$/",$value) || $value == 0))
+				$input_errors[] = "A valid number with a time reference is required for the field 'Frequency'";
+		if (substr($key, 0, 2) == "dc" && !is_hostname($value))
+				$input_errors[] = "{$value} is not a valid host name.";
+		if (substr($key, 0, 6) == "domain" && is_numeric(substr($key, 6))) {
+			if (!is_domain($value))
+				$input_errors[] = "{$value} is not a valid domain name.";
+		} else if (substr($key, 0, 12) == "mailserverip" && is_numeric(substr($key, 12))) {
+			if (empty($post['domain' . substr($key, 12)]))
+				$input_errors[] = "Domain for {$value} cannot be blank.";
+			if (!is_ipaddr($value) && !is_hostname($value))
+				$input_errors[] = "{$value} is not a valid IP address or host name.";
+		}
+	}
+}
+
+function countryblock_php_install_command() {
+	include_once '/usr/local/www/countryblock.php';
+	countryblock_get_countries();
+	sync_package_countryblock();
+}
+
+function countryblock_php_deinstall_command() {
+	global $config;
+	$config['installedpackages']['countryblock']['config'][0]['enable_cb']="";
+	write_config();
+	sync_package_countryblock();
+}
+
+/* Uses XMLRPC to synchronize the changes to a remote node */
+function countryblock_sync_on_changes() {
+	global $config, $g;
+	log_error("[countryblock] countryblock_xmlrpc_sync.php is starting.");
+	$synconchanges = $config['installedpackages']['countryblocksync']['config'][0]['synconchanges'];	
+	if(!$synconchanges) 
+		return;
+	foreach ($config['installedpackages']['countryblocksync']['config'] as $rs ){
+		foreach($rs['row'] as $sh){
+		$sync_to_ip = $sh['ipaddress'];
+		$password   = $sh['password'];
+		if($password && $sync_to_ip)
+			countryblock_do_xmlrpc_sync($sync_to_ip, $password);
+		}
+	}
+	log_error("[countryblock] countryblock_xmlrpc_sync.php is ending.");
+}
+
+/* Do the actual XMLRPC sync */
+function countryblock_do_xmlrpc_sync($sync_to_ip, $password) {
+	global $config, $g;
+
+	if(!$password)
+		return;
+
+	if(!$sync_to_ip)
+		return;
+
+	$xmlrpc_sync_neighbor = $sync_to_ip;
+    if($config['system']['webgui']['protocol'] != "") {
+		$synchronizetoip = $config['system']['webgui']['protocol'];
+		$synchronizetoip .= "://";
+    }
+    $port = $config['system']['webgui']['port'];
+    /* if port is empty lets rely on the protocol selection */
+    if($port == "") {
+		if($config['system']['webgui']['protocol'] == "http") 
+			$port = "80";
+		else 
+			$port = "443";
+    }
+	$synchronizetoip .= $sync_to_ip;
+
+	/* xml will hold the sections to sync */
+	$xml = array();
+	$xml['countryblock'] = $config['installedpackages']['countryblock'];
+	$xml['countryblockafrica'] = $config['installedpackages']['countryblockafrica'];
+	$xml['countryblockantartica'] = $config['installedpackages']['countryblockantartica'];
+	$xml['countryblockasia'] = $config['installedpackages']['countryblockasia'];
+	$xml['countryblockeurope'] = $config['installedpackages']['countryblockeurope'];
+	$xml['countryblocknorthamerica'] = $config['installedpackages']['countryblocknorthamerica'];
+	$xml['countryblockoceania'] = $config['installedpackages']['countryblockoceania'];
+	$xml['countryblocksouthamerica'] = $config['installedpackages']['countryblocksouthamerica'];
+	/* assemble xmlrpc payload */
+	$params = array(
+		XML_RPC_encode($password),
+		XML_RPC_encode($xml)
+	);
+
+	/* set a few variables needed for sync code borrowed from filter.inc */
+	$url = $synchronizetoip;
+	log_error("Beginning countryblock XMLRPC sync to {$url}:{$port}.");
+	$method = 'pfsense.merge_installedpackages_section_xmlrpc';
+	$msg = new XML_RPC_Message($method, $params);
+	$cli = new XML_RPC_Client('/xmlrpc.php', $url, $port);
+	$cli->setCredentials('admin', $password);
+	if($g['debug'])
+		$cli->setDebug(1);
+	/* send our XMLRPC message and timeout after 250 seconds */
+	$resp = $cli->send($msg, "250");
+	if(!$resp) {
+		$error = "A communications error occurred while attempting countryblock XMLRPC sync with {$url}:{$port}.";
+		log_error($error);
+		file_notice("sync_settings", $error, "countryblock Settings Sync", "");
+	} elseif($resp->faultCode()) {
+		$cli->setDebug(1);
+		$resp = $cli->send($msg, "250");
+		$error = "An error code was received while attempting countryblock XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
+		log_error($error);
+		file_notice("sync_settings", $error, "countryblock Settings Sync", "");
+	} else {
+		log_error("countryblock XMLRPC sync successfully completed with {$url}:{$port}.");
+	}
+	
+	/* tell countryblock to reload our settings on the destionation sync host. */
+	$method = 'pfsense.exec_php';
+	$execcmd  = "require_once('/usr/local/pkg/countryblock.inc');\n";
+	$execcmd .= "sync_package_countryblock();";
+	
+	/* assemble xmlrpc payload */
+	$params = array(
+		XML_RPC_encode($password),
+		XML_RPC_encode($execcmd)
+	);
+
+	log_error("countryblock XMLRPC reload data {$url}:{$port}.");
+	$msg = new XML_RPC_Message($method, $params);
+	$cli = new XML_RPC_Client('/xmlrpc.php', $url, $port);
+	$cli->setCredentials('admin', $password);
+	$resp = $cli->send($msg, "250");
+	if(!$resp) {
+		$error = "A communications error occurred while attempting countryblock XMLRPC sync with {$url}:{$port} (pfsense.exec_php).";
+		log_error($error);
+		file_notice("sync_settings", $error, "countryblock Settings Sync", "");
+	} elseif($resp->faultCode()) {
+		$cli->setDebug(1);
+		$resp = $cli->send($msg, "250");
+		$error = "An error code was received while attempting countryblock XMLRPC exec with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
+		log_error($error);
+		file_notice("sync_settings", $error, "countryblock Settings Sync", "");
+	} else {
+		log_error("countryblock XMLRPC reload data success with {$url}:{$port} (pfsense.exec_php).");
+	}
+
+}
+
+?>
diff --git a/config/pf-blocker/countryblock.php b/config/pf-blocker/countryblock.php
new file mode 100644
index 00000000..5d0f825a
--- /dev/null
+++ b/config/pf-blocker/countryblock.php
@@ -0,0 +1,196 @@
+<?php 
+function get_networks($cb){
+	if ($cb==1)
+		$return= file_get_contents('/usr/local/pkg/cb.txt');
+	if ($cb==2)
+		$return=file_get_contents('/usr/local/pkg/cbw.txt');
+		#print "<pre>";
+		print $return;
+}
+
+if ($_REQUEST['cb']== 1){# and $_SERVER['REMOTE_ADDR']== '127.0.0.1'){
+	get_networks(1);
+}
+if ($_REQUEST['cbw']== 1){# and $_SERVER['REMOTE_ADDR']== '127.0.0.1'){
+	get_networks(2);
+}
+
+function countryblock_get_countries(){
+$files= array (	"Africa" => "/usr/local/pkg/Africa_cidr.txt",
+				"Antartica" => "/usr/local/pkg/Antartica_cidr.txt",
+				"Asia" => "/usr/local/pkg/Asia_cidr.txt",
+				"Europe" => "/usr/local/pkg/Europe_cidr.txt",
+				"North America" => "/usr/local/pkg/North_America_cidr.txt",
+				"Oceania" => "/usr/local/pkg/Oceania_cidr.txt",
+				"South America"=>"/usr/local/pkg/South_America_cidr.txt");
+$cdir='/usr/local/pkg/countryblock';
+if (! is_dir($cdir))
+	mkdir ($cdir,0755);
+foreach ($files as $cont => $file){
+	$ips=file_get_contents($file);	
+	$convert = explode("\n", $ips);
+	print $cont."\n";
+	$active= array("$cont" => '<active/>');
+	$options="";
+	$total=1;
+	foreach ($convert as $line){
+		if (preg_match('/#(.*):\s+(.*)$/',$line,$matches)){
+			if ($ISOCode <> "" && $ISOCode <> $matches[2] && preg_match("/ISO Code/",$line)){
+				file_put_contents($cdir.'/'.$ISOCode.'.txt',${$ISOCode},LOCK_EX);
+				$total++;
+				}
+			${preg_replace("/\s/","",$matches[1])}=$matches[2];
+		}
+		else{
+			if (${$ISOCode}==0){
+				${$ISOCode}++;
+			$options.= '<option><name>'.$Country.' </name><value>'.$ISOCode.'</value></option>'."\n";
+			}
+			${$ISOCode}.=$line."\n";
+		}
+	}
+#save last country networks
+file_put_contents($cdir.'/'.$ISOCode.'.txt',${$ISOCode},LOCK_EX);
+$cont_name= preg_replace("/ /","",$cont);
+$cont_name_lower= strtolower($cont_name);
+#file_put_contents($cdir.'/'.$cont_name.'.txt',$ips,LOCK_EX);
+$xml= <<<EOF
+<?xml version="1.0" encoding="utf-8" ?>
+<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd">
+<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?>
+<packagegui>
+	<copyright>
+	<![CDATA[
+/* \$Id$ */
+/* ========================================================================== */
+/*
+    countryblock_{$cont_name}.xml
+    part of the Countryblock package for pfSense
+    Copyright (C) 2011 Marcello Coutinho
+    All rights reserved.            
+                                                                  */
+/* ========================================================================== */
+/*
+    Redistribution and use in source and binary forms, with or without
+    modification, are permitted provided that the following conditions are met:
+
+     1. Redistributions of source code must retain the above copyright notice,
+        this list of conditions and the following disclaimer.
+
+     2. Redistributions in binary form must reproduce the above copyright
+        notice, this list of conditions and the following disclaimer in the
+        documentation and/or other materials provided with the distribution.
+
+    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+    POSSIBILITY OF SUCH DAMAGE.
+                                                                              */
+/* ========================================================================== */
+	]]>
+	</copyright>
+	<description>Describe your package here</description>
+	<requirements>Describe your package requirements here</requirements>
+	<faq>Currently there are no FAQ items provided.</faq>
+	<name>countryblock{$cont_name_lower}</name>
+	<version>1.0.1</version>
+	<title>Firewall: Countryblock</title>
+	<include_file>/usr/local/pkg/countryblock.inc</include_file>
+	<menu>
+		<name>Countryblock</name>
+		<tooltiptext>Configure Countryblock</tooltiptext>
+		<section>Firewall</section>
+		<url>pkg_edit.php?xml=countryblock.xml&amp;id=0</url>
+	</menu>
+	<service>
+		<name>countryblock</name>
+	</service>
+<tabs>
+		<tab>
+			<text>General</text>
+			<url>/pkg_edit.php?xml=countryblock.xml&amp;id=0</url>
+		</tab>
+		<tab>
+			<text>Africa</text>
+			<url>/pkg_edit.php?xml=countryblock_Africa.xml&amp;id=0</url>
+			{$active['Africa']}
+		</tab>
+		<tab>
+			<text>Antartica</text>
+			<url>/pkg_edit.php?xml=countryblock_Antartica.xml&amp;id=0</url>
+			{$active['Antartica']}
+		</tab>
+		<tab>
+			<text>Asia</text>
+			<url>/pkg_edit.php?xml=countryblock_Asia.xml&amp;id=0</url>
+			{$active['Asia']}
+		</tab>
+		<tab>
+			<text>Europe</text>
+			<url>/pkg_edit.php?xml=countryblock_Europe.xml&amp;id=0</url>
+			{$active['Europe']}
+		</tab>
+		<tab>
+			<text>North America</text>
+			<url>/pkg_edit.php?xml=countryblock_NorthAmerica.xml&amp;id=0</url>
+			{$active['North America']}
+		</tab>
+		<tab>
+			<text>Oceania</text>
+			<url>/pkg_edit.php?xml=countryblock_Oceania.xml&amp;id=0</url>
+			{$active['Oceania']}
+		</tab>
+		<tab>
+			<text>South America</text>
+			<url>/pkg_edit.php?xml=countryblock_SouthAmerica.xml&amp;id=0</url>
+			{$active['South America']}
+		</tab>
+		<tab>
+			<text>XMLRPC Sync</text>
+			<url>/pkg_edit.php?xml=countryblock_sync.xml&amp;id=0</url>
+		</tab>
+</tabs>
+	<fields>
+	<field>
+			<name>Continent {$cont}</name>
+			<type>listtopic</type>
+		</field>
+		<field>
+			<fielddescr>Countries</fielddescr>
+			<fieldname>countries</fieldname>
+			<description>
+			<![CDATA[Select Countries you want to block.]]>
+			</description>
+	    	<type>select</type>
+ 				<options>
+				{$options}
+ 				</options>
+				<size>{$total}</size>
+				<multiple/>
+		</field>	</fields>
+	<custom_php_install_command>
+		countryblock_php_install_command();
+	</custom_php_install_command>
+	<custom_php_deinstall_command>
+		countryblock_php_deinstall_command();
+	</custom_php_deinstall_command>
+	<custom_php_validation_command>
+		countryblock_validate_input(\$_POST, &amp;\$input_errors);
+	</custom_php_validation_command>	
+	<custom_php_resync_config_command>
+		sync_package_countryblock();
+	</custom_php_resync_config_command>
+</packagegui>
+EOF;
+	file_put_contents('/usr/local/pkg/countryblock_'.$cont_name.'.xml',$xml,LOCK_EX);
+	
+}
+	
+}
+?>
\ No newline at end of file
diff --git a/config/pf-blocker/countryblock.xml b/config/pf-blocker/countryblock.xml
new file mode 100755
index 00000000..20e34462
--- /dev/null
+++ b/config/pf-blocker/countryblock.xml
@@ -0,0 +1,234 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd">
+<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?>
+<packagegui>
+	<copyright>
+	<![CDATA[
+/* $Id$ */
+/* ========================================================================== */
+/*
+    Countryblock.xml
+    part of the Countryblock for pfSense
+    Copyright (C) 2011 Marcello Coutinho
+
+    All rights reserved.            
+			                                                                  */
+/* ========================================================================== */
+/*
+    Redistribution and use in source and binary forms, with or without
+    modification, are permitted provided that the following conditions are met:
+
+     1. Redistributions of source code must retain the above copyright notice,
+        this list of conditions and the following disclaimer.
+
+     2. Redistributions in binary form must reproduce the above copyright
+        notice, this list of conditions and the following disclaimer in the
+        documentation and/or other materials provided with the distribution.
+
+    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+    POSSIBILITY OF SUCH DAMAGE.
+                                                                              */
+/* ========================================================================== */
+	]]>
+	</copyright>
+	<description>Describe your package here</description>
+	<requirements>Describe your package requirements here</requirements>
+	<faq>Currently there are no FAQ items provided.</faq>
+	<name>countryblock</name>
+	<version>1.0</version>
+	<title>Firewall: Countryblock</title>
+	<include_file>/usr/local/pkg/countryblock.inc</include_file>
+	<menu>
+		<name>Country Block</name>
+		<tooltiptext>Configure Countryblock</tooltiptext>
+		<section>Firewall</section>
+		<url>pkg_edit.php?xml=countryblock.xml&amp;id=0</url>
+	</menu>
+	<service>
+		<name>countryblock</name>
+	</service>
+	<additional_files_needed>
+		<item>http://www.pfsense.org/packages/config/countryblock-dev/countryblock.inc</item>
+		<prefix>/usr/local/pkg/</prefix>
+		<chmod>0755</chmod>
+	</additional_files_needed>
+	<additional_files_needed>
+		<item>http://www.pfsense.org/packages/config/countryblock-dev/countryblock.php</item>
+		<prefix>/usr/local/www/</prefix>
+		<chmod>0755</chmod>
+	</additional_files_needed>
+	<additional_files_needed>
+		<item>http://www.pfsense.org/packages/config/countryblock-dev/countryblock_sync.xml</item>
+		<prefix>/usr/local/pkg/</prefix>
+		<chmod>0755</chmod>
+	</additional_files_needed>
+	<additional_files_needed>
+		<item>http://www.countryipblocks.net/e_country_data/Africa_cidr.txt</item>
+		<prefix>/usr/local/pkg/</prefix>
+		<chmod>0555</chmod>
+	</additional_files_needed>
+	<additional_files_needed>
+		<item>http://www.countryipblocks.net/e_country_data/Antartica_cidr.txt</item>
+		<prefix>/usr/local/pkg/</prefix>
+		<chmod>0555</chmod>
+	</additional_files_needed>
+	<additional_files_needed>
+		<item>http://www.countryipblocks.net/e_country_data/Asia_cidr.txt</item>
+		<prefix>/usr/local/pkg/</prefix>
+		<chmod>0555</chmod>
+	</additional_files_needed>
+	<additional_files_needed>
+		<item>http://www.countryipblocks.net/e_country_data/Europe_cidr.txt</item>
+		<prefix>/usr/local/pkg/</prefix>
+		<chmod>0555</chmod>
+	</additional_files_needed>
+	<additional_files_needed>
+		<item>http://www.countryipblocks.net/e_country_data/North_America_cidr.txt</item>
+		<prefix>/usr/local/pkg/</prefix>
+		<chmod>0555</chmod>
+	</additional_files_needed>
+	<additional_files_needed>
+		<item>http://www.countryipblocks.net/e_country_data/Oceania_cidr.txt</item>
+		<prefix>/usr/local/pkg/</prefix>
+		<chmod>0555</chmod>
+	</additional_files_needed>
+	<additional_files_needed>
+		<item>http://www.countryipblocks.net/e_country_data/South_America_cidr.txt</item>
+		<prefix>/usr/local/pkg/</prefix>
+		<chmod>0555</chmod>
+	</additional_files_needed>
+<tabs>
+		<tab>
+			<text>General</text>
+			<url>/pkg_edit.php?xml=countryblock.xml&amp;id=0</url>
+			<active/>
+		</tab>
+		<tab>
+			<text>Africa</text>
+			<url>/pkg_edit.php?xml=countryblock_Africa.xml&amp;id=0</url>
+			
+		</tab>
+		<tab>
+			<text>Antartica</text>
+			<url>/pkg_edit.php?xml=countryblock_Antartica.xml&amp;id=0</url>
+			
+		</tab>
+		<tab>
+			<text>Asia</text>
+			<url>/pkg_edit.php?xml=countryblock_Asia.xml&amp;id=0</url>
+			
+		</tab>
+		<tab>
+			<text>Europe</text>
+			<url>/pkg_edit.php?xml=countryblock_Europe.xml&amp;id=0</url>
+		</tab>
+		<tab>
+			<text>North America</text>
+			<url>/pkg_edit.php?xml=countryblock_NorthAmerica.xml&amp;id=0</url>
+		</tab>
+		<tab>
+			<text>Oceania</text>
+			<url>/pkg_edit.php?xml=countryblock_Oceania.xml&amp;id=0</url>
+		</tab>
+		<tab>
+			<text>South America</text>
+			<url>/pkg_edit.php?xml=countryblock_SouthAmerica.xml&amp;id=0</url>
+		</tab>
+		<tab>
+			<text>XMLRPC Sync</text>
+			<url>/pkg_edit.php?xml=countryblock_sync.xml&amp;id=0</url>
+		</tab>
+</tabs>
+	<fields>
+		<field>
+			<name>Countryblock General Settings</name>
+			<type>listtopic</type>
+		</field>
+		<field>
+			<fielddescr>Enable Countryblock  </fielddescr>
+			<fieldname>enable_cb</fieldname>
+			<type>checkbox</type>
+			<description></description>
+		</field>
+		<field>
+			<fielddescr>Enable Logging  </fielddescr>
+			<fieldname>enable_log</fieldname>
+			<type>checkbox</type>
+			<description></description>
+		</field>
+		<field>
+			<fielddescr>Inbound Interface(s)</fielddescr>
+			<fieldname>inbound_interface</fieldname>
+			<description><![CDATA[Default: <strong>WAN</strong><br>Select interface(s) that you want to block incoming traffic.<br>
+								If you want to create custom inbound rules for blocked countries based on Countryblock firewall alias, leave this list empty.]]></description>
+			<type>interfaces_selection</type>
+			<required/>
+			<multiple/>
+		</field>
+		<field>
+			<fielddescr>Outbound Interface(s)</fielddescr>
+			<fieldname>outbound_interface</fieldname>
+			<description><![CDATA[Default:<strong>LAN</strong><br>Select interface(s) that you do not want to send outgoing traffic.<br>
+								If you want to create custom outbound rules for blocked countries based on Countryblock firewall alias, leave this list empty.]]></description>
+			<type>interfaces_selection</type>
+			<required/>
+			<multiple/>
+		</field>
+		<field>
+			<fielddescr>Whitelist</fielddescr>
+			<fieldname>whitelist</fieldname>
+			<description><![CDATA[Enter a CIDR range for the Address you wish to whitlist. One network per line.<br>	
+								  Example: 192.168.1.0/24]]></description>
+			<type>textarea</type>
+			<cols>20</cols>
+			<rows>06</rows>
+			<encoding>base64</encoding>
+		</field>
+		<field>
+			<name>Shortcut</name>
+			<type>listtopic</type>
+		</field>
+		<field>
+			<fielddescr>Top Spammers</fielddescr>
+			<fieldname>topspammers</fieldname>
+			<description>
+			<![CDATA[Select top spammers countries you want to block.]]>
+			</description>
+	    	<type>select</type>
+ 				<options>
+				<option><name>Korea</name><value>KR</value></option>
+				<option><name>China</name><value>CN</value></option>
+				<option><name>India</name><value>IN</value></option>
+				<option><name>Russia</name><value>RU</value></option>
+				<option><name>Turkey</name><value>TR</value></option>
+				<option><name>Vietnam</name><value>VN</value></option>
+				<option><name>Ukraine</name><value>UA</value></option>
+				<option><name>Brazil</name><value>BR</value></option>
+				<option><name>Venezuela </name><value>VE</value></option>
+				<option><name>Pakistan</name><value>PK</value></option>
+				</options>
+				<size>10</size>
+				<multiple/>
+		</field>
+	</fields>
+	<custom_php_install_command>
+		countryblock_php_install_command();
+	</custom_php_install_command>
+	<custom_php_deinstall_command>
+		countryblock_php_deinstall_command();
+	</custom_php_deinstall_command>
+	<custom_php_validation_command>
+		countryblock_validate_input($_POST, &amp;$input_errors);
+	</custom_php_validation_command>	
+	<custom_php_resync_config_command>
+		sync_package_countryblock();
+	</custom_php_resync_config_command>
+</packagegui>
diff --git a/config/pf-blocker/countryblock_sync.xml b/config/pf-blocker/countryblock_sync.xml
new file mode 100644
index 00000000..e026b636
--- /dev/null
+++ b/config/pf-blocker/countryblock_sync.xml
@@ -0,0 +1,144 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd">
+<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?>
+<packagegui>
+	<copyright>
+	<![CDATA[
+/* $Id$ */
+/* ========================================================================== */
+/*
+    Countryblock_sync.xml
+    part of the Countryblock package for pfSense
+    Copyright (C) 2011 Marcello Coutinho
+    All rights reserved.            
+                                                                  */
+/* ========================================================================== */
+/*
+    Redistribution and use in source and binary forms, with or without
+    modification, are permitted provided that the following conditions are met:
+
+     1. Redistributions of source code must retain the above copyright notice,
+        this list of conditions and the following disclaimer.
+
+     2. Redistributions in binary form must reproduce the above copyright
+        notice, this list of conditions and the following disclaimer in the
+        documentation and/or other materials provided with the distribution.
+
+    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+    POSSIBILITY OF SUCH DAMAGE.
+                                                                              */
+/* ========================================================================== */
+	]]>
+	</copyright>
+	<description>Describe your package here</description>
+	<requirements>Describe your package requirements here</requirements>
+	<faq>Currently there are no FAQ items provided.</faq>
+	<name>countryblock_sync</name>
+	<version>1.0</version>
+	<title>Firewall: Countryblock</title>
+	<include_file>/usr/local/pkg/countryblock.inc</include_file>
+	<menu>
+		<name>Countryblock</name>
+		<tooltiptext>Configure Countryblock</tooltiptext>
+		<section>Services</section>
+		<url>pkg_edit.php?xml=countryblock.xml&amp;id=0</url>
+	</menu>
+	<service>
+		<name>countryblock</name>
+	</service>
+<tabs>
+		<tab>
+			<text>General</text>
+			<url>/pkg_edit.php?xml=countryblock.xml&amp;id=0</url>
+		</tab>
+		<tab>
+			<text>Africa</text>
+			<url>/pkg_edit.php?xml=countryblock_Africa.xml&amp;id=0</url>
+			
+		</tab>
+		<tab>
+			<text>Antartica</text>
+			<url>/pkg_edit.php?xml=countryblock_Antartica.xml&amp;id=0</url>
+			
+		</tab>
+		<tab>
+			<text>Asia</text>
+			<url>/pkg_edit.php?xml=countryblock_Asia.xml&amp;id=0</url>
+			
+		</tab>
+		<tab>
+			<text>Europe</text>
+			<url>/pkg_edit.php?xml=countryblock_Europe.xml&amp;id=0</url>
+		</tab>
+		<tab>
+			<text>North America</text>
+			<url>/pkg_edit.php?xml=countryblock_NorthAmerica.xml&amp;id=0</url>
+		</tab>
+		<tab>
+			<text>Oceania</text>
+			<url>/pkg_edit.php?xml=countryblock_Oceania.xml&amp;id=0</url>
+		</tab>
+		<tab>
+			<text>South America</text>
+			<url>/pkg_edit.php?xml=countryblock_SouthAmerica.xml&amp;id=0</url>
+		</tab>
+		<tab>
+			<text>XMLRPC Sync</text>
+			<url>/pkg_edit.php?xml=countryblock_sync.xml&amp;id=0</url>
+			<active/>
+		</tab>
+</tabs>
+	<fields>
+		<field>
+			<name>countryblock XMLRPC Sync</name>
+			<type>listtopic</type>
+		</field>
+		<field>
+			<fielddescr>Automatically sync countryblock configuration changes</fielddescr>
+			<fieldname>synconchanges</fieldname>
+			<description>pfSense will automatically sync changes to the hosts defined below.</description>
+			<type>checkbox</type>
+		</field>
+		<field>
+			<fielddescr>Remote Server</fielddescr>
+			<fieldname>none</fieldname>
+			<type>rowhelper</type>
+			<rowhelper>
+			<rowhelperfield>
+				<fielddescr>IP Address</fielddescr>
+				<fieldname>ipaddress</fieldname>
+				<description>IP Address of remote server</description>
+				<type>input</type>
+				<size>20</size>
+			</rowhelperfield>
+			<rowhelperfield>
+				<fielddescr>Password</fielddescr>
+				<fieldname>password</fieldname>
+				<description>Password for remote server.</description>
+				<type>password</type>
+				<size>20</size>
+			</rowhelperfield>
+			</rowhelper>
+		</field>
+	</fields>
+	<custom_php_install_command>
+		countryblock_php_install_command();
+	</custom_php_install_command>
+	<custom_php_deinstall_command>
+		countryblock_php_deinstall_command();
+	</custom_php_deinstall_command>
+	<custom_php_validation_command>
+		countryblock_validate_input($_POST, &amp;$input_errors);
+	</custom_php_validation_command>	
+	<custom_php_resync_config_command>
+		sync_package_countryblock();
+	</custom_php_resync_config_command>
+</packagegui>