aboutsummaryrefslogtreecommitdiffstats
path: root/config/pf-blocker
diff options
context:
space:
mode:
authormarcelloc <marcellocoutinho@gmail.com>2011-10-28 02:31:06 -0200
committermarcelloc <marcellocoutinho@gmail.com>2011-10-28 02:31:06 -0200
commitb86bdf8d5ae9472295cfcb9479dc41927b5b69ca (patch)
treec76fb3696d4a4b8163b2931006d42bd36628a07f /config/pf-blocker
parent3e1fde5ae6e35a358853db8c4607a2ed3a2a6c79 (diff)
downloadpfsense-packages-b86bdf8d5ae9472295cfcb9479dc41927b5b69ca.tar.gz
pfsense-packages-b86bdf8d5ae9472295cfcb9479dc41927b5b69ca.tar.bz2
pfsense-packages-b86bdf8d5ae9472295cfcb9479dc41927b5b69ca.zip
pfBlocker-dev - fix alias creation check for outbound traffic
Diffstat (limited to 'config/pf-blocker')
-rwxr-xr-xconfig/pf-blocker/countryblock.inc402
-rw-r--r--config/pf-blocker/countryblock.php196
-rwxr-xr-xconfig/pf-blocker/countryblock.xml234
-rw-r--r--config/pf-blocker/countryblock_sync.xml144
-rwxr-xr-xconfig/pf-blocker/pfblocker.inc2
5 files changed, 1 insertions, 977 deletions
diff --git a/config/pf-blocker/countryblock.inc b/config/pf-blocker/countryblock.inc
deleted file mode 100755
index 5844f3d1..00000000
--- a/config/pf-blocker/countryblock.inc
+++ /dev/null
@@ -1,402 +0,0 @@
-<?php
-/*
- countryblock.inc
- part of the Postfix package for pfSense
- Copyright (C) 2010 Erik Fonnesbeck
- Copyright (C) 2011 Marcello Coutinho
-
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
-
-*/
-require_once("util.inc");
-require_once("functions.inc");
-require_once("pkg-utils.inc");
-require_once("globals.inc");
-require_once("filter.inc");
-
-function cb_text_area_decode($text){
- return preg_replace('/\r\n/', "\n",base64_decode($text));
-}
-
-function cb_get_real_interface_address($iface) {
- global $config;
- $iface = convert_friendly_interface_to_real_interface_name($iface);
- $line = trim(shell_exec("ifconfig $iface | grep inet | grep -v inet6"));
- list($dummy, $ip, $dummy2, $netmask) = explode(" ", $line);
- return array($ip, long2ip(hexdec($netmask)));
-}
-
-function sync_package_countryblock() {
- global $config;
- $countryblock_config=$config['installedpackages']['countryblock']['config'][0];
- $continents= array("Africa","Antartica","Asia","Europe","North America","Oceania","South America");
-
- #get local web gui configuration
- $web_local=($config['system']['webgui']['protocol'] != ""?$config['system']['webgui']['protocol']:"http");
- $port = $config['system']['webgui']['port'];
- if($port == "") {
- if($config['system']['webgui']['protocol'] == "http")
- $port = "80";
- else
- $port = "443";
- }
- $web_local .= "://127.0.0.1:".$port.'/countryblock.php';
-
- #get all selected countries
- $countries=$config['installedpackages']['countryblock']['config'][0]['topspammers'].",";
- foreach ($continents as $continent){
- if (is_array($config['installedpackages']['countryblock'.strtolower(preg_replace('/ /','',$continent))]['config']))
- $countries.=$config['installedpackages']['countryblock'.strtolower(preg_replace('/ /','',$continent))]['config'][0]['countries'].",";
- }
- $cb_files = explode(",", $countries);
- $ips="";
- foreach ($cb_files as $iso){
- if ($iso <> ""){
- if (file_exists('/usr/local/pkg/countryblock/'.$iso.'.txt'))
- $ips.=file_get_contents('/usr/local/pkg/countryblock/'.$iso.'.txt');
- }
- }
- #create all ip block lists based on gui
- file_put_contents('/usr/local/pkg/cb.txt',$ips, LOCK_EX);
-
- #write white_list to filesystem
- file_put_contents('/usr/local/pkg/cbw.txt',cb_text_area_decode($countryblock_config['whitelist']), LOCK_EX);
-
- #edit or assign alias "Countryblock" and "CountryblockWL"
- $aliases=$config['aliases']['alias'];
- #print "<pre>";
- $new_aliases=array();
- if ($ips != ""){
- #create or reaply alias
- $new_aliases[]=array("name"=> 'Countryblock',
- "url"=> $web_local.'?cb=1',
- "updatefreq"=> "7",
- "address"=>"",
- "descr"=> "Countryblock deny list",
- "type"=> "urltable",
- "detail"=> "DO NOT EDIT THIS ALIAS");
- #force alias file update
- if (! is_dir('/var/db/aliastables/'))
- mkdir ('/var/db/aliastables/',0755);
- if (file_exists('/var/db/aliastables/Countryblock.txt'))
- file_put_contents('/var/db/aliastables/Countryblock.txt',$ips, LOCK_EX);
- }
- else{
- #remove previous aliastable if exist
- if (file_exists('/var/db/aliastables/Countryblock.txt'))
- unlink('/var/db/aliastables/Countryblock.txt');
- }
-
- if (cb_text_area_decode($countryblock_config['whitelist']) != ""){
- #create or reaply alias
- $new_aliases[]=array("name"=> 'CountryblockWL',
- "url"=> $web_local.'?cbw=1',
- "updatefreq"=> "7",
- "address"=>"",
- "descr"=> "Countryblock white list",
- "type"=> "urltable",
- "detail"=> "DO NOT EDIT THIS ALIAS");
- #force alias file update
- if (! is_dir('/var/db/aliastables/'))
- mkdir ('/var/db/aliastables/',0755);
- if (file_exists('/var/db/aliastables/CountryblockWL.txt'))
- file_put_contents('/var/db/aliastables/CountryblockWL.txt',cb_text_area_decode($countryblock_config['whitelist']), LOCK_EX);
- }
- else{
- #remove previous aliastable if exist
- if (file_exists('/var/db/aliastables/CountryblockWL.txt'))
- unlink('/var/db/aliastables/CountryblockWL.txt');
- }
-
- if (is_array($aliases))
- foreach($aliases as $cbalias){
- if (! preg_match("/Countryblock.*list/",$cbalias['descr']))
- $new_aliases[]= $cbalias;
- }
- $config['aliases']['alias']=$new_aliases;
- # check contryblock filter options
- $rules=$config['filter']['rule'];
- $ifaces = $countryblock_config['inbound_interface'];
- foreach (explode(",", $ifaces) as $i => $iface) {
- if (cb_text_area_decode($countryblock_config['whitelist']) != ""){
- ${$iface}[0]=array("id" => "",
- "type"=>"pass",
- "tag"=> "",
- "interface" => $iface,
- "tagged"=> "",
- "max"=> "",
- "max-src-nodes"=>"",
- "max-src-conn"=> "",
- "max-src-states"=>"",
- "statetimeout"=>"",
- "statetype"=>"keep state",
- "os"=> "",
- "source"=>array("address"=>"CountryblockWL"),
- "destination"=>array("any"=>""),
- "descr"=>"Countryblock inbound whitelist rule");
-
- if ($countryblock_config['enable_log'])
- ${$iface}[0]["log"]="";
- }
- if ($ips != ""){
- ${$iface}[1]=array( "id" => "",
- "type"=>"block",
- "tag"=> "",
- "interface" => $iface,
- "tagged"=> "",
- "max"=> "",
- "max-src-nodes"=>"",
- "max-src-conn"=> "",
- "max-src-states"=>"",
- "statetimeout"=>"",
- "statetype"=>"keep state",
- "os"=> "",
- "source"=>array("address"=>"Countryblock"),
- "destination"=>array("any"=>""),
- "descr"=>"Countryblock inbound deny rule");
-
- if ($countryblock_config['enable_log'])
- ${$iface}[1]["log"]="";
- }
- }
- $ifaces = $countryblock_config['outbound_interface'];
- foreach (explode(",", $ifaces) as $i => $iface) {
- if (cb_text_area_decode($countryblock_config['whitelist']) != ""){
- ${$iface}[2]=array( "id" => "",
- "type"=>"pass",
- "tag"=> "",
- "interface" => $iface,
- "tagged"=> "",
- "max"=> "",
- "max-src-nodes"=>"",
- "max-src-conn"=> "",
- "max-src-states"=>"",
- "statetimeout"=>"",
- "statetype"=>"keep state",
- "os"=> "",
- "source"=>array("any"=>""),
- "destination"=>array("address"=>"CountryblockWL"),
- "descr"=>"Countryblock outbound whitelist rule");
- if ($countryblock_config['enable_log'])
- ${$iface}[2]["log"]="";
- }
- if ($ips != ""){
- ${$iface}[3]= array("id" => "",
- "type"=>"block",
- "tag"=> "",
- "interface" => $iface,
- "tagged"=> "",
- "max"=> "",
- "max-src-nodes"=>"",
- "max-src-conn"=> "",
- "max-src-states"=>"",
- "statetimeout"=>"",
- "statetype"=>"keep state",
- "os"=> "",
- "source"=>array("any"=>""),
- "destination"=>array("address"=>"Countryblock"),
- "descr"=>"Countryblock inbound deny rule");
- if ($countryblock_config['enable_log'])
- ${$iface}[3]["log"]="";
-
- }
-
- }
- $last_iface="";
- foreach ($rules as $rule){
- if ($rule['interface'] <> $last_iface){
- $last_iface = $rule['interface'];
- #apply countryblock rules if enabled
- if ($config['installedpackages']['countryblock']['config'][0]['enable_cb'] == "on" && is_array(${$rule['interface']}))
- foreach (${$rule['interface']} as $cb_rules)
- $new_rules[]=$cb_rules;
- }
- if (!preg_match("/Countryblock.*rule/",$rule['descr']))
- $new_rules[]=$rule;
- }
- $config['filter']['rule']=$new_rules;
-
- #save and apply all changes
- write_config();
- filter_configure();
-
- countryblock_sync_on_changes();
-}
-
-function countryblock_validate_input($post, &$input_errors) {
- foreach ($post as $key => $value) {
- if (empty($value))
- continue;
- if($key == "greet_time" && !preg_match("/(\d+),(\d+)(s|m|h|w)/",$value))
- $input_errors[] = "Wrong greet time sintax.";
- if($key == "message_size_limit" && !is_numeric($value))
- $input_errors[] = "Message size limit must be numeric.";
- if($key == "process_limit" && !is_numeric($value))
- $input_errors[] = "Process limit must be numeric.";
- if($key == "freq" && (!preg_match("/^\d+(h|m|d)$/",$value) || $value == 0))
- $input_errors[] = "A valid number with a time reference is required for the field 'Frequency'";
- if (substr($key, 0, 2) == "dc" && !is_hostname($value))
- $input_errors[] = "{$value} is not a valid host name.";
- if (substr($key, 0, 6) == "domain" && is_numeric(substr($key, 6))) {
- if (!is_domain($value))
- $input_errors[] = "{$value} is not a valid domain name.";
- } else if (substr($key, 0, 12) == "mailserverip" && is_numeric(substr($key, 12))) {
- if (empty($post['domain' . substr($key, 12)]))
- $input_errors[] = "Domain for {$value} cannot be blank.";
- if (!is_ipaddr($value) && !is_hostname($value))
- $input_errors[] = "{$value} is not a valid IP address or host name.";
- }
- }
-}
-
-function countryblock_php_install_command() {
- include_once '/usr/local/www/countryblock.php';
- countryblock_get_countries();
- sync_package_countryblock();
-}
-
-function countryblock_php_deinstall_command() {
- global $config;
- $config['installedpackages']['countryblock']['config'][0]['enable_cb']="";
- write_config();
- sync_package_countryblock();
-}
-
-/* Uses XMLRPC to synchronize the changes to a remote node */
-function countryblock_sync_on_changes() {
- global $config, $g;
- log_error("[countryblock] countryblock_xmlrpc_sync.php is starting.");
- $synconchanges = $config['installedpackages']['countryblocksync']['config'][0]['synconchanges'];
- if(!$synconchanges)
- return;
- foreach ($config['installedpackages']['countryblocksync']['config'] as $rs ){
- foreach($rs['row'] as $sh){
- $sync_to_ip = $sh['ipaddress'];
- $password = $sh['password'];
- if($password && $sync_to_ip)
- countryblock_do_xmlrpc_sync($sync_to_ip, $password);
- }
- }
- log_error("[countryblock] countryblock_xmlrpc_sync.php is ending.");
-}
-
-/* Do the actual XMLRPC sync */
-function countryblock_do_xmlrpc_sync($sync_to_ip, $password) {
- global $config, $g;
-
- if(!$password)
- return;
-
- if(!$sync_to_ip)
- return;
-
- $xmlrpc_sync_neighbor = $sync_to_ip;
- if($config['system']['webgui']['protocol'] != "") {
- $synchronizetoip = $config['system']['webgui']['protocol'];
- $synchronizetoip .= "://";
- }
- $port = $config['system']['webgui']['port'];
- /* if port is empty lets rely on the protocol selection */
- if($port == "") {
- if($config['system']['webgui']['protocol'] == "http")
- $port = "80";
- else
- $port = "443";
- }
- $synchronizetoip .= $sync_to_ip;
-
- /* xml will hold the sections to sync */
- $xml = array();
- $xml['countryblock'] = $config['installedpackages']['countryblock'];
- $xml['countryblockafrica'] = $config['installedpackages']['countryblockafrica'];
- $xml['countryblockantartica'] = $config['installedpackages']['countryblockantartica'];
- $xml['countryblockasia'] = $config['installedpackages']['countryblockasia'];
- $xml['countryblockeurope'] = $config['installedpackages']['countryblockeurope'];
- $xml['countryblocknorthamerica'] = $config['installedpackages']['countryblocknorthamerica'];
- $xml['countryblockoceania'] = $config['installedpackages']['countryblockoceania'];
- $xml['countryblocksouthamerica'] = $config['installedpackages']['countryblocksouthamerica'];
- /* assemble xmlrpc payload */
- $params = array(
- XML_RPC_encode($password),
- XML_RPC_encode($xml)
- );
-
- /* set a few variables needed for sync code borrowed from filter.inc */
- $url = $synchronizetoip;
- log_error("Beginning countryblock XMLRPC sync to {$url}:{$port}.");
- $method = 'pfsense.merge_installedpackages_section_xmlrpc';
- $msg = new XML_RPC_Message($method, $params);
- $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port);
- $cli->setCredentials('admin', $password);
- if($g['debug'])
- $cli->setDebug(1);
- /* send our XMLRPC message and timeout after 250 seconds */
- $resp = $cli->send($msg, "250");
- if(!$resp) {
- $error = "A communications error occurred while attempting countryblock XMLRPC sync with {$url}:{$port}.";
- log_error($error);
- file_notice("sync_settings", $error, "countryblock Settings Sync", "");
- } elseif($resp->faultCode()) {
- $cli->setDebug(1);
- $resp = $cli->send($msg, "250");
- $error = "An error code was received while attempting countryblock XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
- log_error($error);
- file_notice("sync_settings", $error, "countryblock Settings Sync", "");
- } else {
- log_error("countryblock XMLRPC sync successfully completed with {$url}:{$port}.");
- }
-
- /* tell countryblock to reload our settings on the destionation sync host. */
- $method = 'pfsense.exec_php';
- $execcmd = "require_once('/usr/local/pkg/countryblock.inc');\n";
- $execcmd .= "sync_package_countryblock();";
-
- /* assemble xmlrpc payload */
- $params = array(
- XML_RPC_encode($password),
- XML_RPC_encode($execcmd)
- );
-
- log_error("countryblock XMLRPC reload data {$url}:{$port}.");
- $msg = new XML_RPC_Message($method, $params);
- $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port);
- $cli->setCredentials('admin', $password);
- $resp = $cli->send($msg, "250");
- if(!$resp) {
- $error = "A communications error occurred while attempting countryblock XMLRPC sync with {$url}:{$port} (pfsense.exec_php).";
- log_error($error);
- file_notice("sync_settings", $error, "countryblock Settings Sync", "");
- } elseif($resp->faultCode()) {
- $cli->setDebug(1);
- $resp = $cli->send($msg, "250");
- $error = "An error code was received while attempting countryblock XMLRPC exec with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
- log_error($error);
- file_notice("sync_settings", $error, "countryblock Settings Sync", "");
- } else {
- log_error("countryblock XMLRPC reload data success with {$url}:{$port} (pfsense.exec_php).");
- }
-
-}
-
-?>
diff --git a/config/pf-blocker/countryblock.php b/config/pf-blocker/countryblock.php
deleted file mode 100644
index 5d0f825a..00000000
--- a/config/pf-blocker/countryblock.php
+++ /dev/null
@@ -1,196 +0,0 @@
-<?php
-function get_networks($cb){
- if ($cb==1)
- $return= file_get_contents('/usr/local/pkg/cb.txt');
- if ($cb==2)
- $return=file_get_contents('/usr/local/pkg/cbw.txt');
- #print "<pre>";
- print $return;
-}
-
-if ($_REQUEST['cb']== 1){# and $_SERVER['REMOTE_ADDR']== '127.0.0.1'){
- get_networks(1);
-}
-if ($_REQUEST['cbw']== 1){# and $_SERVER['REMOTE_ADDR']== '127.0.0.1'){
- get_networks(2);
-}
-
-function countryblock_get_countries(){
-$files= array ( "Africa" => "/usr/local/pkg/Africa_cidr.txt",
- "Antartica" => "/usr/local/pkg/Antartica_cidr.txt",
- "Asia" => "/usr/local/pkg/Asia_cidr.txt",
- "Europe" => "/usr/local/pkg/Europe_cidr.txt",
- "North America" => "/usr/local/pkg/North_America_cidr.txt",
- "Oceania" => "/usr/local/pkg/Oceania_cidr.txt",
- "South America"=>"/usr/local/pkg/South_America_cidr.txt");
-$cdir='/usr/local/pkg/countryblock';
-if (! is_dir($cdir))
- mkdir ($cdir,0755);
-foreach ($files as $cont => $file){
- $ips=file_get_contents($file);
- $convert = explode("\n", $ips);
- print $cont."\n";
- $active= array("$cont" => '<active/>');
- $options="";
- $total=1;
- foreach ($convert as $line){
- if (preg_match('/#(.*):\s+(.*)$/',$line,$matches)){
- if ($ISOCode <> "" && $ISOCode <> $matches[2] && preg_match("/ISO Code/",$line)){
- file_put_contents($cdir.'/'.$ISOCode.'.txt',${$ISOCode},LOCK_EX);
- $total++;
- }
- ${preg_replace("/\s/","",$matches[1])}=$matches[2];
- }
- else{
- if (${$ISOCode}==0){
- ${$ISOCode}++;
- $options.= '<option><name>'.$Country.' </name><value>'.$ISOCode.'</value></option>'."\n";
- }
- ${$ISOCode}.=$line."\n";
- }
- }
-#save last country networks
-file_put_contents($cdir.'/'.$ISOCode.'.txt',${$ISOCode},LOCK_EX);
-$cont_name= preg_replace("/ /","",$cont);
-$cont_name_lower= strtolower($cont_name);
-#file_put_contents($cdir.'/'.$cont_name.'.txt',$ips,LOCK_EX);
-$xml= <<<EOF
-<?xml version="1.0" encoding="utf-8" ?>
-<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd">
-<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?>
-<packagegui>
- <copyright>
- <![CDATA[
-/* \$Id$ */
-/* ========================================================================== */
-/*
- countryblock_{$cont_name}.xml
- part of the Countryblock package for pfSense
- Copyright (C) 2011 Marcello Coutinho
- All rights reserved.
- */
-/* ========================================================================== */
-/*
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
- */
-/* ========================================================================== */
- ]]>
- </copyright>
- <description>Describe your package here</description>
- <requirements>Describe your package requirements here</requirements>
- <faq>Currently there are no FAQ items provided.</faq>
- <name>countryblock{$cont_name_lower}</name>
- <version>1.0.1</version>
- <title>Firewall: Countryblock</title>
- <include_file>/usr/local/pkg/countryblock.inc</include_file>
- <menu>
- <name>Countryblock</name>
- <tooltiptext>Configure Countryblock</tooltiptext>
- <section>Firewall</section>
- <url>pkg_edit.php?xml=countryblock.xml&amp;id=0</url>
- </menu>
- <service>
- <name>countryblock</name>
- </service>
-<tabs>
- <tab>
- <text>General</text>
- <url>/pkg_edit.php?xml=countryblock.xml&amp;id=0</url>
- </tab>
- <tab>
- <text>Africa</text>
- <url>/pkg_edit.php?xml=countryblock_Africa.xml&amp;id=0</url>
- {$active['Africa']}
- </tab>
- <tab>
- <text>Antartica</text>
- <url>/pkg_edit.php?xml=countryblock_Antartica.xml&amp;id=0</url>
- {$active['Antartica']}
- </tab>
- <tab>
- <text>Asia</text>
- <url>/pkg_edit.php?xml=countryblock_Asia.xml&amp;id=0</url>
- {$active['Asia']}
- </tab>
- <tab>
- <text>Europe</text>
- <url>/pkg_edit.php?xml=countryblock_Europe.xml&amp;id=0</url>
- {$active['Europe']}
- </tab>
- <tab>
- <text>North America</text>
- <url>/pkg_edit.php?xml=countryblock_NorthAmerica.xml&amp;id=0</url>
- {$active['North America']}
- </tab>
- <tab>
- <text>Oceania</text>
- <url>/pkg_edit.php?xml=countryblock_Oceania.xml&amp;id=0</url>
- {$active['Oceania']}
- </tab>
- <tab>
- <text>South America</text>
- <url>/pkg_edit.php?xml=countryblock_SouthAmerica.xml&amp;id=0</url>
- {$active['South America']}
- </tab>
- <tab>
- <text>XMLRPC Sync</text>
- <url>/pkg_edit.php?xml=countryblock_sync.xml&amp;id=0</url>
- </tab>
-</tabs>
- <fields>
- <field>
- <name>Continent {$cont}</name>
- <type>listtopic</type>
- </field>
- <field>
- <fielddescr>Countries</fielddescr>
- <fieldname>countries</fieldname>
- <description>
- <![CDATA[Select Countries you want to block.]]>
- </description>
- <type>select</type>
- <options>
- {$options}
- </options>
- <size>{$total}</size>
- <multiple/>
- </field> </fields>
- <custom_php_install_command>
- countryblock_php_install_command();
- </custom_php_install_command>
- <custom_php_deinstall_command>
- countryblock_php_deinstall_command();
- </custom_php_deinstall_command>
- <custom_php_validation_command>
- countryblock_validate_input(\$_POST, &amp;\$input_errors);
- </custom_php_validation_command>
- <custom_php_resync_config_command>
- sync_package_countryblock();
- </custom_php_resync_config_command>
-</packagegui>
-EOF;
- file_put_contents('/usr/local/pkg/countryblock_'.$cont_name.'.xml',$xml,LOCK_EX);
-
-}
-
-}
-?> \ No newline at end of file
diff --git a/config/pf-blocker/countryblock.xml b/config/pf-blocker/countryblock.xml
deleted file mode 100755
index 20e34462..00000000
--- a/config/pf-blocker/countryblock.xml
+++ /dev/null
@@ -1,234 +0,0 @@
-<?xml version="1.0" encoding="utf-8" ?>
-<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd">
-<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?>
-<packagegui>
- <copyright>
- <![CDATA[
-/* $Id$ */
-/* ========================================================================== */
-/*
- Countryblock.xml
- part of the Countryblock for pfSense
- Copyright (C) 2011 Marcello Coutinho
-
- All rights reserved.
- */
-/* ========================================================================== */
-/*
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
- */
-/* ========================================================================== */
- ]]>
- </copyright>
- <description>Describe your package here</description>
- <requirements>Describe your package requirements here</requirements>
- <faq>Currently there are no FAQ items provided.</faq>
- <name>countryblock</name>
- <version>1.0</version>
- <title>Firewall: Countryblock</title>
- <include_file>/usr/local/pkg/countryblock.inc</include_file>
- <menu>
- <name>Country Block</name>
- <tooltiptext>Configure Countryblock</tooltiptext>
- <section>Firewall</section>
- <url>pkg_edit.php?xml=countryblock.xml&amp;id=0</url>
- </menu>
- <service>
- <name>countryblock</name>
- </service>
- <additional_files_needed>
- <item>http://www.pfsense.org/packages/config/countryblock-dev/countryblock.inc</item>
- <prefix>/usr/local/pkg/</prefix>
- <chmod>0755</chmod>
- </additional_files_needed>
- <additional_files_needed>
- <item>http://www.pfsense.org/packages/config/countryblock-dev/countryblock.php</item>
- <prefix>/usr/local/www/</prefix>
- <chmod>0755</chmod>
- </additional_files_needed>
- <additional_files_needed>
- <item>http://www.pfsense.org/packages/config/countryblock-dev/countryblock_sync.xml</item>
- <prefix>/usr/local/pkg/</prefix>
- <chmod>0755</chmod>
- </additional_files_needed>
- <additional_files_needed>
- <item>http://www.countryipblocks.net/e_country_data/Africa_cidr.txt</item>
- <prefix>/usr/local/pkg/</prefix>
- <chmod>0555</chmod>
- </additional_files_needed>
- <additional_files_needed>
- <item>http://www.countryipblocks.net/e_country_data/Antartica_cidr.txt</item>
- <prefix>/usr/local/pkg/</prefix>
- <chmod>0555</chmod>
- </additional_files_needed>
- <additional_files_needed>
- <item>http://www.countryipblocks.net/e_country_data/Asia_cidr.txt</item>
- <prefix>/usr/local/pkg/</prefix>
- <chmod>0555</chmod>
- </additional_files_needed>
- <additional_files_needed>
- <item>http://www.countryipblocks.net/e_country_data/Europe_cidr.txt</item>
- <prefix>/usr/local/pkg/</prefix>
- <chmod>0555</chmod>
- </additional_files_needed>
- <additional_files_needed>
- <item>http://www.countryipblocks.net/e_country_data/North_America_cidr.txt</item>
- <prefix>/usr/local/pkg/</prefix>
- <chmod>0555</chmod>
- </additional_files_needed>
- <additional_files_needed>
- <item>http://www.countryipblocks.net/e_country_data/Oceania_cidr.txt</item>
- <prefix>/usr/local/pkg/</prefix>
- <chmod>0555</chmod>
- </additional_files_needed>
- <additional_files_needed>
- <item>http://www.countryipblocks.net/e_country_data/South_America_cidr.txt</item>
- <prefix>/usr/local/pkg/</prefix>
- <chmod>0555</chmod>
- </additional_files_needed>
-<tabs>
- <tab>
- <text>General</text>
- <url>/pkg_edit.php?xml=countryblock.xml&amp;id=0</url>
- <active/>
- </tab>
- <tab>
- <text>Africa</text>
- <url>/pkg_edit.php?xml=countryblock_Africa.xml&amp;id=0</url>
-
- </tab>
- <tab>
- <text>Antartica</text>
- <url>/pkg_edit.php?xml=countryblock_Antartica.xml&amp;id=0</url>
-
- </tab>
- <tab>
- <text>Asia</text>
- <url>/pkg_edit.php?xml=countryblock_Asia.xml&amp;id=0</url>
-
- </tab>
- <tab>
- <text>Europe</text>
- <url>/pkg_edit.php?xml=countryblock_Europe.xml&amp;id=0</url>
- </tab>
- <tab>
- <text>North America</text>
- <url>/pkg_edit.php?xml=countryblock_NorthAmerica.xml&amp;id=0</url>
- </tab>
- <tab>
- <text>Oceania</text>
- <url>/pkg_edit.php?xml=countryblock_Oceania.xml&amp;id=0</url>
- </tab>
- <tab>
- <text>South America</text>
- <url>/pkg_edit.php?xml=countryblock_SouthAmerica.xml&amp;id=0</url>
- </tab>
- <tab>
- <text>XMLRPC Sync</text>
- <url>/pkg_edit.php?xml=countryblock_sync.xml&amp;id=0</url>
- </tab>
-</tabs>
- <fields>
- <field>
- <name>Countryblock General Settings</name>
- <type>listtopic</type>
- </field>
- <field>
- <fielddescr>Enable Countryblock </fielddescr>
- <fieldname>enable_cb</fieldname>
- <type>checkbox</type>
- <description></description>
- </field>
- <field>
- <fielddescr>Enable Logging </fielddescr>
- <fieldname>enable_log</fieldname>
- <type>checkbox</type>
- <description></description>
- </field>
- <field>
- <fielddescr>Inbound Interface(s)</fielddescr>
- <fieldname>inbound_interface</fieldname>
- <description><![CDATA[Default: <strong>WAN</strong><br>Select interface(s) that you want to block incoming traffic.<br>
- If you want to create custom inbound rules for blocked countries based on Countryblock firewall alias, leave this list empty.]]></description>
- <type>interfaces_selection</type>
- <required/>
- <multiple/>
- </field>
- <field>
- <fielddescr>Outbound Interface(s)</fielddescr>
- <fieldname>outbound_interface</fieldname>
- <description><![CDATA[Default:<strong>LAN</strong><br>Select interface(s) that you do not want to send outgoing traffic.<br>
- If you want to create custom outbound rules for blocked countries based on Countryblock firewall alias, leave this list empty.]]></description>
- <type>interfaces_selection</type>
- <required/>
- <multiple/>
- </field>
- <field>
- <fielddescr>Whitelist</fielddescr>
- <fieldname>whitelist</fieldname>
- <description><![CDATA[Enter a CIDR range for the Address you wish to whitlist. One network per line.<br>
- Example: 192.168.1.0/24]]></description>
- <type>textarea</type>
- <cols>20</cols>
- <rows>06</rows>
- <encoding>base64</encoding>
- </field>
- <field>
- <name>Shortcut</name>
- <type>listtopic</type>
- </field>
- <field>
- <fielddescr>Top Spammers</fielddescr>
- <fieldname>topspammers</fieldname>
- <description>
- <![CDATA[Select top spammers countries you want to block.]]>
- </description>
- <type>select</type>
- <options>
- <option><name>Korea</name><value>KR</value></option>
- <option><name>China</name><value>CN</value></option>
- <option><name>India</name><value>IN</value></option>
- <option><name>Russia</name><value>RU</value></option>
- <option><name>Turkey</name><value>TR</value></option>
- <option><name>Vietnam</name><value>VN</value></option>
- <option><name>Ukraine</name><value>UA</value></option>
- <option><name>Brazil</name><value>BR</value></option>
- <option><name>Venezuela </name><value>VE</value></option>
- <option><name>Pakistan</name><value>PK</value></option>
- </options>
- <size>10</size>
- <multiple/>
- </field>
- </fields>
- <custom_php_install_command>
- countryblock_php_install_command();
- </custom_php_install_command>
- <custom_php_deinstall_command>
- countryblock_php_deinstall_command();
- </custom_php_deinstall_command>
- <custom_php_validation_command>
- countryblock_validate_input($_POST, &amp;$input_errors);
- </custom_php_validation_command>
- <custom_php_resync_config_command>
- sync_package_countryblock();
- </custom_php_resync_config_command>
-</packagegui>
diff --git a/config/pf-blocker/countryblock_sync.xml b/config/pf-blocker/countryblock_sync.xml
deleted file mode 100644
index e026b636..00000000
--- a/config/pf-blocker/countryblock_sync.xml
+++ /dev/null
@@ -1,144 +0,0 @@
-<?xml version="1.0" encoding="utf-8" ?>
-<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd">
-<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?>
-<packagegui>
- <copyright>
- <![CDATA[
-/* $Id$ */
-/* ========================================================================== */
-/*
- Countryblock_sync.xml
- part of the Countryblock package for pfSense
- Copyright (C) 2011 Marcello Coutinho
- All rights reserved.
- */
-/* ========================================================================== */
-/*
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
- */
-/* ========================================================================== */
- ]]>
- </copyright>
- <description>Describe your package here</description>
- <requirements>Describe your package requirements here</requirements>
- <faq>Currently there are no FAQ items provided.</faq>
- <name>countryblock_sync</name>
- <version>1.0</version>
- <title>Firewall: Countryblock</title>
- <include_file>/usr/local/pkg/countryblock.inc</include_file>
- <menu>
- <name>Countryblock</name>
- <tooltiptext>Configure Countryblock</tooltiptext>
- <section>Services</section>
- <url>pkg_edit.php?xml=countryblock.xml&amp;id=0</url>
- </menu>
- <service>
- <name>countryblock</name>
- </service>
-<tabs>
- <tab>
- <text>General</text>
- <url>/pkg_edit.php?xml=countryblock.xml&amp;id=0</url>
- </tab>
- <tab>
- <text>Africa</text>
- <url>/pkg_edit.php?xml=countryblock_Africa.xml&amp;id=0</url>
-
- </tab>
- <tab>
- <text>Antartica</text>
- <url>/pkg_edit.php?xml=countryblock_Antartica.xml&amp;id=0</url>
-
- </tab>
- <tab>
- <text>Asia</text>
- <url>/pkg_edit.php?xml=countryblock_Asia.xml&amp;id=0</url>
-
- </tab>
- <tab>
- <text>Europe</text>
- <url>/pkg_edit.php?xml=countryblock_Europe.xml&amp;id=0</url>
- </tab>
- <tab>
- <text>North America</text>
- <url>/pkg_edit.php?xml=countryblock_NorthAmerica.xml&amp;id=0</url>
- </tab>
- <tab>
- <text>Oceania</text>
- <url>/pkg_edit.php?xml=countryblock_Oceania.xml&amp;id=0</url>
- </tab>
- <tab>
- <text>South America</text>
- <url>/pkg_edit.php?xml=countryblock_SouthAmerica.xml&amp;id=0</url>
- </tab>
- <tab>
- <text>XMLRPC Sync</text>
- <url>/pkg_edit.php?xml=countryblock_sync.xml&amp;id=0</url>
- <active/>
- </tab>
-</tabs>
- <fields>
- <field>
- <name>countryblock XMLRPC Sync</name>
- <type>listtopic</type>
- </field>
- <field>
- <fielddescr>Automatically sync countryblock configuration changes</fielddescr>
- <fieldname>synconchanges</fieldname>
- <description>pfSense will automatically sync changes to the hosts defined below.</description>
- <type>checkbox</type>
- </field>
- <field>
- <fielddescr>Remote Server</fielddescr>
- <fieldname>none</fieldname>
- <type>rowhelper</type>
- <rowhelper>
- <rowhelperfield>
- <fielddescr>IP Address</fielddescr>
- <fieldname>ipaddress</fieldname>
- <description>IP Address of remote server</description>
- <type>input</type>
- <size>20</size>
- </rowhelperfield>
- <rowhelperfield>
- <fielddescr>Password</fielddescr>
- <fieldname>password</fieldname>
- <description>Password for remote server.</description>
- <type>password</type>
- <size>20</size>
- </rowhelperfield>
- </rowhelper>
- </field>
- </fields>
- <custom_php_install_command>
- countryblock_php_install_command();
- </custom_php_install_command>
- <custom_php_deinstall_command>
- countryblock_php_deinstall_command();
- </custom_php_deinstall_command>
- <custom_php_validation_command>
- countryblock_validate_input($_POST, &amp;$input_errors);
- </custom_php_validation_command>
- <custom_php_resync_config_command>
- sync_package_countryblock();
- </custom_php_resync_config_command>
-</packagegui>
diff --git a/config/pf-blocker/pfblocker.inc b/config/pf-blocker/pfblocker.inc
index de28a432..11a2b30a 100755
--- a/config/pf-blocker/pfblocker.inc
+++ b/config/pf-blocker/pfblocker.inc
@@ -197,7 +197,7 @@ function sync_package_pfblocker() {
unlink($pfBlockerInbound);
}
$pfBlockerOutbound='/var/db/aliastables/pfBlockerOutbound.txt';
- if ($ips_out != "" && $pfblocker_config['outbound_interface'] != ""){
+ if ($ips_out != ""){
#create or reaply alias
$new_aliases[]=array("name"=> 'pfBlockerOutbound',
"url"=> $web_local.'?pfb=out',