pfBlocker - include table-entries size validation check

3 files changed, 41 insertions, 10 deletions

diff --git a/config/pf-blocker/pfblocker.inc b/config/pf-blocker/pfblocker.inc
index 578ed75d..1aa8a410 100755
--- a/config/pf-blocker/pfblocker.inc
+++ b/config/pf-blocker/pfblocker.inc
@@ -348,11 +348,44 @@ function sync_package_pfblocker() {
 	}
 	$config['filter']['rule']=$new_rules;
 
-	#save and apply all changes
-	write_config();
-	filter_configure();
-		
-	pfblocker_sync_on_changes();
+	#check aliastable size
+	preg_match("/(\d+)/",exec("/usr/bin/wc -l /usr/local/pkg/pfb_in.txt"),$matches);
+	$count_ips_in = $matches[1];
+	preg_match("/(\d+)/",exec("/usr/bin/wc -l /usr/local/pkg/pfb_out.txt"),$matches);
+	$count_ips_out = $matches[1];
+	preg_match("/(\d+)/",exec("/usr/bin/wc -l /usr/local/pkg/pfb_w.txt"),$matches);
+	$count_ips_w = $matches[1];
+	
+	#get higher value
+	$max=$count_ips_in;
+	if ($max < $count_ips_out)
+		$max = $count_ips_out;
+	if ($max < $count_ips_w)
+		$max = $count_ips_w;
+	$sum=($count_ips_in + $count_ips_out + $count_ips_w);
+	#check table size client option
+	$table_limit =($config['system']['maximumtableentries']!= ""?$config['system']['maximumtableentries']:"100000");
+
+	#check for possible table size erros
+	$error_message="";
+    if ($count_ips_in >= $table_limit )
+    	$message='pfBlockerInbound alias table is too large. Reduce Inbound list or increase "Firewall Maximum Table Entries" value to at least '.($sum +1000).' in "system - advanced - Firewall/NAT".';
+	if ($count_ips_out >= $table_limit )
+    	$message='pfBlockerOutbound alias table is too large. Reduce Outbound List or  increase "Firewall Maximum Table Entries" value to at least '.($sum +1000).' in "system - advanced - Firewall/NAT".';
+	if ($count_ips_w >= $table_limit )
+    	$message='pfBlockerWL alias table is too large. Reduce whitelist or increase "Firewall Maximum Table Entries" value to at least '.($sum +1000).' in "system - advanced - Firewall/NAT ".';
+    	
+	if ($message == ""){
+		#save and apply all changes*/
+   		write_config();
+   		#load filter file after editing
+		filter_configure();
+		pfblocker_sync_on_changes();
+		}
+	else{
+		log_error("[pfBlocker] ".$message);
+		file_notice("pfBlocker", $message, "pfblocker rule apply", "");
+	}
 }
 
 function pfblocker_validate_input($post, &$input_errors) {
diff --git a/config/pf-blocker/pfblocker.php b/config/pf-blocker/pfblocker.php
index 4eb07634..f1dd85f5 100644
--- a/config/pf-blocker/pfblocker.php
+++ b/config/pf-blocker/pfblocker.php
@@ -52,8 +52,8 @@ foreach ($files as $cont => $file){
 			${preg_replace("/\s/","",$matches[1])}=$matches[2];
 			}
 		else{
-			if (${$ISOcount}==0){
-				${$ISOCount}++;
+			if (${$ISOCode."c"}==""){
+				${$ISOCode."c"}="ok";
 			$options.= '<option><name>'.$Country .'-'.$ISOCode.' ('.$TotalNetworks.') '.' </name><value>'.$ISOCode.'</value></option>'."\n";
 			}
 			${$ISOCode}.=$line."\n";
diff --git a/config/pf-blocker/pfblocker.xml b/config/pf-blocker/pfblocker.xml
index c8a1facf..77a81e24 100755
--- a/config/pf-blocker/pfblocker.xml
+++ b/config/pf-blocker/pfblocker.xml
@@ -230,7 +230,7 @@
 				<option><name>None</name><value>none</value></option>
 				</options>
 			</field>
-		<field>
+			<field>
 			<fielddescr>Update frequency</fielddescr>
 			<fieldname>update</fieldname>
 			<description><![CDATA[Default:<strong>Never</strong><br>
@@ -238,14 +238,12 @@
 	    	<type>select</type>
  				<options>
  				<option><name>Never</name><value>never</value></option>
-				<option><name>Every Hour</name><value>hour</value></option>
 				<option><name>Every 4 Hours</name><value>4hours</value></option>
 				<option><name>Every 12 Hours</name><value>12hours</value></option>
 				<option><name>Once a day</name><value>day</value></option>
 				<option><name>Once a week</name><value>week</value></option>
 				</options>
 		</field>	
-
 		<field>
 			<fielddescr><![CDATA[Lists]]></fielddescr>
 			<fieldname>none</fieldname>