diff options
author | BBcan177 <bbcan177@gmail.com> | 2015-05-23 16:45:07 -0400 |
---|---|---|
committer | BBcan177 <bbcan177@gmail.com> | 2015-05-23 16:45:07 -0400 |
commit | 7ac5dc3d8c7a5d4807f1004ca08e3bdd433af7c5 (patch) | |
tree | 36a962afb5860a07441a166713615a233d6e0bdd /config/pfblockerng/pfblockerng.inc | |
parent | e80da3c57d0501d7a5962fcacd6416d47385e86a (diff) | |
download | pfsense-packages-7ac5dc3d8c7a5d4807f1004ca08e3bdd433af7c5.tar.gz pfsense-packages-7ac5dc3d8c7a5d4807f1004ca08e3bdd433af7c5.tar.bz2 pfsense-packages-7ac5dc3d8c7a5d4807f1004ca08e3bdd433af7c5.zip |
pfBlockerNG v1.09 Code Style Changes
Diffstat (limited to 'config/pfblockerng/pfblockerng.inc')
-rw-r--r-- | config/pfblockerng/pfblockerng.inc | 474 |
1 files changed, 237 insertions, 237 deletions
diff --git a/config/pfblockerng/pfblockerng.inc b/config/pfblockerng/pfblockerng.inc index d40ea61a..9abda8ee 100644 --- a/config/pfblockerng/pfblockerng.inc +++ b/config/pfblockerng/pfblockerng.inc @@ -46,7 +46,7 @@ require_once("pfsense-utils.inc"); require_once("globals.inc"); require_once("services.inc"); -# [ $pfb ] pfBlockerNG Global Array for Paths and Variables. This needs to be called to get the Updated Settings. +// [ $pfb ] pfBlockerNG Global Array for Paths and Variables. This needs to be called to get the Updated Settings. function pfb_global() { global $g,$config,$pfb; @@ -58,7 +58,7 @@ function pfb_global() { $prefix = "/usr/local"; } - # Folders + // Folders $pfb['dbdir'] = "{$g['vardb_path']}/pfblockerng"; $pfb['aliasdir'] = "{$g['vardb_path']}/aliastables"; $pfb['logdir'] = "{$g['varlog_path']}/pfblockerng"; @@ -70,13 +70,13 @@ function pfb_global() { $pfb['origdir'] = "{$pfb['dbdir']}/original"; $pfb['ccdir'] = "{$prefix}/share/GeoIP"; - # Create Folders if not Exist. + // Create Folders if not Exist. $folder_array = array ("{$pfb['dbdir']}","{$pfb['logdir']}","{$pfb['ccdir']}","{$pfb['origdir']}","{$pfb['nativedir']}","{$pfb['denydir']}","{$pfb['matchdir']}","{$pfb['permitdir']}","{$pfb['aliasdir']}"); foreach ($folder_array as $folder) { safe_mkdir ("{$folder}",0755); } - # Files + // Files $pfb['master'] = "{$pfb['dbdir']}/masterfile"; $pfb['errlog'] = "{$pfb['logdir']}/error.log"; $pfb['geolog'] = "{$pfb['logdir']}/geoip.log"; @@ -85,32 +85,32 @@ function pfb_global() { $pfb['script'] = 'sh /usr/local/pkg/pfblockerng/pfblockerng.sh'; $pfb['aliasarchive'] = "{$prefix}/etc/aliastables.tar.bz2"; - # General Variables + // General Variables $pfb['config'] = $config['installedpackages']['pfblockerng']['config'][0]; - # Enable/Disable of pfBlockerNG + // Enable/Disable of pfBlockerNG $pfb['enable'] = $pfb['config']['enable_cb']; - # Keep Blocklists on pfBlockerNG Disable + // Keep Blocklists on pfBlockerNG Disable $pfb['keep'] = $pfb['config']['pfb_keep']; - # Enable Suppression + // Enable Suppression $pfb['supp'] = $pfb['config']['suppression']; - # Max Lines in pfblockerng.log file + // Max Lines in pfblockerng.log file $pfb['logmax'] = $pfb['config']['log_maxlines']; - # Lan IP Address + // Lan IP Address $pfb['iplocal'] = $config['interfaces']['lan']['ipaddr']; - # Disable Country Database CRON Updates + // Disable Country Database CRON Updates $pfb['cc'] = $pfb['config']['database_cc']; - # User Defined CRON Start Minute + // User Defined CRON Start Minute $pfb['min'] = $pfb['config']['pfb_min']; - # Start hour of the Scheduler + // Start hour of the Scheduler $pfb['hour'] = $pfb['config']['pfb_hour']; - # Hour cycle for Scheduler + // Hour cycle for Scheduler $pfb['interval'] = $pfb['config']['pfb_interval']; - # Start hour of the 'Once a day' Schedule + // Start hour of the 'Once a day' Schedule $pfb['24hour'] = $pfb['config']['pfb_dailystart']; - # Set pfBlockerNG to Disabled on 'Re-Install' + // Set pfBlockerNG to Disabled on 'Re-Install' if (isset($pfb['install']) && $pfb['install']) { $pfb['enable'] = ""; $pfb['install'] = FALSE; @@ -119,14 +119,14 @@ function pfb_global() { pfb_global(); -# Set Max PHP Memory Setting +// Set Max PHP Memory Setting $uname = posix_uname(); if ($uname['machine'] == 'amd64') { ini_set('memory_limit', '256M'); } -# Function to decode to Alias Custom entry box. +// Function to decode to Alias Custom entry box. function pfbng_text_area_decode($text) { $customlist = explode("\r\n", base64_decode($text)); foreach ($customlist as $line) { @@ -142,13 +142,13 @@ function pfbng_text_area_decode($text) { } -# Manage Log File Line Limit +// Manage Log File Line Limit function pfb_log_mgmt() { global $pfb; pfb_global(); if ($pfb['logmax'] == "nolimit") { - # Skip Log Mgmt + // Skip Log Mgmt } else { if (file_exists($pfb['log'])) { exec("/usr/bin/tail -n {$pfb['logmax']} {$pfb['log']} > /tmp/pfblog; /bin/mv -f /tmp/pfblog {$pfb['log']}"); @@ -157,13 +157,13 @@ function pfb_log_mgmt() { } -# Record Log Messsages to pfBlockerNG Log File and/or Error Log File. +// Record Log Messsages to pfBlockerNG Log File and/or Error Log File. function pfb_logger($log, $type) { global $g,$pfb,$pfbarr; $now = date("m/d/y G:i:s", time()); - # Only log timestamp if new + // Only log timestamp if new if (preg_match("/NOW/", $log)) { if ($now == $pfb['pnow']) { $log = str_replace("[ NOW ]", "", "{$log}"); @@ -199,7 +199,7 @@ function pfb_determine_list_detail($list="", $header_url="", $confconfig="", $ke $pfbarr['skip'] = FALSE; $pfbarr['folder'] = "{$pfb['nativedir']}"; } else { - # Deny + // Deny $pfbarr['skip'] = TRUE; $pfbarr['folder'] = "{$pfb['denydir']}"; } @@ -211,7 +211,7 @@ function pfb_determine_list_detail($list="", $header_url="", $confconfig="", $ke $pfbarr['descr'] = " Auto "; } - //Determine length of Header to format log Output + // Determine length of Header to format log Output if (strlen($header_url) > 19) { $pfbarr['logtab'] = ""; } @@ -283,7 +283,7 @@ function pfb_cron_base_hour() { } if ($pfb['interval'] == 2) { - # 2 Hour Schedule Converter + // 2 Hour Schedule Converter $shour = intval(substr($pfb['hour'], 0, 2)); $sch2 = strval($shour); for ($i=0; $i<11; $i++) { @@ -298,7 +298,7 @@ function pfb_cron_base_hour() { } if ($pfb['interval'] == 3) { - # 3 Hour Schedule Converter + // 3 Hour Schedule Converter $shour = intval(substr($pfb['hour'], 0, 2)); $sch3 = strval($shour); for ($i=0; $i<7; $i++) { @@ -313,7 +313,7 @@ function pfb_cron_base_hour() { } if ($pfb['interval'] == 4) { - # 4 Hour Schedule Converter + // 4 Hour Schedule Converter $shour = intval(substr($pfb['hour'], 0, 2)); $sch4 = strval($shour); for ($i=0; $i<5; $i++) { @@ -328,7 +328,7 @@ function pfb_cron_base_hour() { } if ($pfb['interval'] == 6) { - # 6 Hour Schedule Converter + // 6 Hour Schedule Converter $shour = intval(substr($pfb['hour'], 0, 2)); $sch6 = strval($shour); for ($i=0; $i<3; $i++) { @@ -343,7 +343,7 @@ function pfb_cron_base_hour() { } if ($pfb['interval'] == 8) { - # 8 Hour Schedule Converter + // 8 Hour Schedule Converter $shour = intval(substr($pfb['hour'], 0, 2)); $sch8 = strval($shour); for ($i=0; $i<2; $i++) { @@ -358,7 +358,7 @@ function pfb_cron_base_hour() { } if ($pfb['interval'] == 12) { - # 12 Hour Schedule Converter + // 12 Hour Schedule Converter $shour = intval(substr($pfb['hour'], 0, 2)); $sch12 = strval($shour) . ","; $shour += 12; @@ -380,7 +380,7 @@ function pfb_cron_base_hour() { } -# Create Suppression Alias +// Create Suppression Alias function pfb_create_suppression_alias() { global $config; @@ -402,7 +402,7 @@ function pfb_create_suppression_alias() { } -# Create Suppression file from Alias +// Create Suppression file from Alias function pfb_create_suppression_file() { global $config,$pfb; @@ -426,7 +426,7 @@ function pfb_create_suppression_file() { unlink_if_exists("{$pfb['supptxt']}"); } } else { - # Delete Suppression File if Alias is Empty. + // Delete Suppression File if Alias is Empty. unlink_if_exists("{$pfb['supptxt']}"); } } @@ -587,14 +587,14 @@ function pfb_aliastables($mode) { } -# Main pfBlockerNG Function +// Main pfBlockerNG Function function sync_package_pfblockerng($cron = "") { global $g,$config,$pfb,$pfbarr; pfb_global(); $pfb['cron_mod'] = FALSE; // Flag to check for mods to the config.xml file. - # Detect Boot Process or Update via CRON + // Detect Boot Process or Update via CRON if (isset($_POST) && $cron == "") { if (!preg_match("/\w+/",$_POST['__csrf_magic'])) { log_error("[pfBlockerNG] Sync terminated during boot process."); @@ -608,7 +608,7 @@ function sync_package_pfblockerng($cron = "") { $pfb['save'] = TRUE; } - # Start of pfBlockerNG Logging to 'pfblockerng.log' + // Start of pfBlockerNG Logging to 'pfblockerng.log' if ($pfb['enable'] == "on" && !$pfb['save']) { $log = " UPDATE PROCESS START [ NOW ]\n"; pfb_logger("{$log}","1"); @@ -622,15 +622,15 @@ function sync_package_pfblockerng($cron = "") { // Call function for NanoBSD/Ramdisk processes. pfb_aliastables("conf"); - # Collect pfSense Max Table Size Entry + // Collect pfSense Max Table Size Entry if (empty($config['system']['maximumtableentries'])) { - # If Table limit not defined, set Default to 2M + // If Table limit not defined, set Default to 2M $config['system']['maximumtableentries'] = "2000000"; $pfb['cron_mod'] = TRUE; } $pfb['table_limit'] = $config['system']['maximumtableentries']; - # Collect local web gui configuration + // Collect local web gui configuration $pfb['weblocal'] = ($config['system']['webgui']['protocol'] != "" ? $config['system']['webgui']['protocol'] : "http"); $pfb['port'] = $config['system']['webgui']['port']; if ($pfb['port'] == "") { @@ -642,57 +642,57 @@ function sync_package_pfblockerng($cron = "") { } $pfb['weblocal'] .= "://127.0.0.1:{$pfb['port']}/pfblockerng/pfblockerng.php"; - # Define Inbound/Outbound Action is not user selected. + // Define Inbound/Outbound Action is not user selected. $pfb['deny_action_inbound'] = ($pfb['config']['inbound_deny_action'] != "" ? $pfb['config']['inbound_deny_action'] : "block"); $pfb['deny_action_outbound'] = ($pfb['config']['outbound_deny_action'] != "" ? $pfb['config']['outbound_deny_action'] : "reject"); - # Reloads Existing Blocklists without Downloading New Lists + // Reloads Existing Blocklists without Downloading New Lists $pfb['reuse'] = $pfb['config']['pfb_reuse']; - # Enable OpenVPN AutoRules + // Enable OpenVPN AutoRules $pfb['openvpn'] = $pfb['config']['openvpn_action']; - # Enable/Disable Floating Auto-Rules + // Enable/Disable Floating Auto-Rules $pfb['float'] = $pfb['config']['enable_float']; - # Enable Remove of Duplicate IPs utilizing Grepcidr + // Enable Remove of Duplicate IPs utilizing Grepcidr $pfb['dup'] = $pfb['config']['enable_dup']; - # Order of the Auto-Rules + // Order of the Auto-Rules $pfb['order'] = $pfb['config']['pass_order']; - # Suffix used for Auto-Rules + // Suffix used for Auto-Rules $pfb['suffix'] = $pfb['config']['autorule_suffix']; - # Reputation Variables + // Reputation Variables $pfb['config_rep'] = $config['installedpackages']['pfblockerngreputation']['config'][0]; - # Enable/Disable Reputation + // Enable/Disable Reputation $pfb['rep'] = $pfb['config_rep']['enable_rep']; - # Enable/Disable 'pDup' + // Enable/Disable 'pDup' $pfb['pdup'] = $pfb['config_rep']['enable_pdup']; - # Enable/Disable 'dDup' + // Enable/Disable 'dDup' $pfb['dedup'] = ($pfb['config_rep']['enable_dedup'] != "" ? $pfb['config_rep']['enable_dedup'] : "x"); - # 'Max' variable setting for Reputation + // 'Max' variable setting for Reputation $pfb['max'] = ($pfb['config_rep']['p24_max_var'] != "" ? $pfb['config_rep']['p24_max_var'] : "x"); - # 'dMax' variable setting for Reputation + // 'dMax' variable setting for Reputation $pfb['dmax'] = ($pfb['config_rep']['p24_dmax_var'] != "" ? $pfb['config_rep']['p24_dmax_var'] : "x"); - # 'pMax' variable setting for Reputation + // 'pMax' variable setting for Reputation $pfb['pmax'] = ($pfb['config_rep']['p24_pmax_var'] != "" ? $pfb['config_rep']['p24_pmax_var'] : "x"); - # Action for Whitelist Country Category + // Action for Whitelist Country Category $pfb['ccwhite'] = $pfb['config_rep']['ccwhite']; - # Action for Blacklist Country Category + // Action for Blacklist Country Category $pfb['ccblack'] = $pfb['config_rep']['ccblack']; - # List of Countries in the Whitelist Category + // List of Countries in the Whitelist Category $pfb['ccexclude']= ($pfb['config_rep']['ccexclude'] != "" ? $pfb['config_rep']['ccexclude'] : "x"); - # Emerging Threats IQRisk Block Categories + // Emerging Threats IQRisk Block Categories $pfb['etblock'] = ($pfb['config_rep']['etblock'] != "" ? $pfb['config_rep']['etblock'] : "x"); - # Emerging Threats IQRisk Match Categories + // Emerging Threats IQRisk Match Categories $pfb['etmatch'] = ($pfb['config_rep']['etmatch'] != "" ? $pfb['config_rep']['etmatch'] : "x"); - # Perform a Force Update on ET Categories + // Perform a Force Update on ET Categories $pfb['etupdate']= $pfb['config_rep']['et_update']; - # Variables + // Variables - # Starting Variable to Skip rep, pdup and dedeup functions if no changes are required + // Starting Variable to Skip rep, pdup and dedeup functions if no changes are required $pfb['dupcheck'] = FALSE; - ## $pfb['save'] is used to determine if User pressed "Save" Button to avoid Collision with CRON. - ## This is defined in each pfBlockerNG XML Files + // $pfb['save'] is used to determine if User pressed "Save" Button to avoid Collision with CRON. + // This is defined in each pfBlockerNG XML Files ################################# @@ -710,8 +710,8 @@ function sync_package_pfblockerng($cron = "") { "Proxy and Satellite" => "pfB_PS" ); - #create rules vars and arrays - # Array used to Collect Changes to Aliases to be saved to Config + // create rules vars and arrays + // Array used to Collect Changes to Aliases to be saved to Config $new_aliases = array(); $new_aliases_list = array(); $continent_existing = array(); @@ -720,14 +720,14 @@ function sync_package_pfblockerng($cron = "") { $permit_outbound = array(); $deny_inbound = array(); $deny_outbound = array(); - # An Array of all Aliases (Active and non-Active) + // An Array of all Aliases (Active and non-Active) $aliases_list = array(); - # This is an Array of Aliases that Have Updated Lists via CRON/Force Update when 'Reputation' disabled. + // This is an Array of Aliases that Have Updated Lists via CRON/Force Update when 'Reputation' disabled. $pfb_alias_lists = array(); - # This is an Array of All Active Aliases used when 'Reputation' enabled + // This is an Array of All Active Aliases used when 'Reputation' enabled $pfb_alias_lists_all = array(); - # Base Rule Array + // Base Rule Array $base_rule_reg = array( "id" => "", "tag" => "", "tagged" => "", @@ -740,7 +740,7 @@ function sync_package_pfblockerng($cron = "") { "os" => "" ); - # Floating Rules, Base Rule Array + // Floating Rules, Base Rule Array $base_rule_float = array("id" => "", "tag" => "", "tagged" => "", @@ -760,8 +760,8 @@ function sync_package_pfblockerng($cron = "") { # Configure Rule Suffix # ######################################### - # Discover if any Rules are AutoRules (If no AutoRules found, $pfb['autorules'] is FALSE, Skip Rules Re-Order ) - # To configure Auto Rule Suffix. pfBlockerNG must be disabled to change Suffix and to avoid Duplicate Rules + // Discover if any Rules are AutoRules (If no AutoRules found, $pfb['autorules'] is FALSE, Skip Rules Re-Order ) + // To configure Auto Rule Suffix. pfBlockerNG must be disabled to change Suffix and to avoid Duplicate Rules $pfb['autorules'] = FALSE; $pfb['found'] = FALSE; foreach ($continents as $continent => $pfb_alias) { @@ -787,16 +787,16 @@ function sync_package_pfblockerng($cron = "") { } } - #Configure Auto Rule Suffix. pfBlockerNG must be disabled to change Suffix and to avoid Duplicate Rules - # Count Number of Rules with 'pfB_' + // Configure Auto Rule Suffix. pfBlockerNG must be disabled to change Suffix and to avoid Duplicate Rules + // Count Number of Rules with 'pfB_' $count = 0; if (is_array($config['filter']['rule'])) { foreach ($config['filter']['rule'] as $rule) { - # Collect any pre-existing Suffix + // Collect any pre-existing Suffix if (preg_match("/pfB_\w+(\s.*)/",$rule['descr'], $pfb_suffix_real) && $count == 0) { $pfb_suffix_match = $pfb_suffix_real[1]; } - # Query for Existing pfB Rules + // Query for Existing pfB Rules if (preg_match("/pfB_/",$rule['descr'])) { $count++; break; @@ -804,7 +804,7 @@ function sync_package_pfblockerng($cron = "") { } } - # Change Suffix only if No pfB Rules Found and Auto Rules are Enabled. + // Change Suffix only if No pfB Rules Found and Auto Rules are Enabled. if ($pfb['autorules'] && $count == 0) { switch ($pfb['suffix']) { case "autorule": @@ -819,10 +819,10 @@ function sync_package_pfblockerng($cron = "") { } } else { if ($pfb['autorules']) { - # Use existing Suffix Match + // Use existing Suffix Match $pfb['suffix'] = $pfb_suffix_match; } else { - # Leave Rule Suffix 'Blank' + // Leave Rule Suffix 'Blank' $pfb['suffix'] = ""; } } @@ -832,39 +832,39 @@ function sync_package_pfblockerng($cron = "") { # Configure INBOUND/OUTBOUND INTERFACES # ######################################################### - # Collect pfSense Interface Order + // Collect pfSense Interface Order $ifaces = get_configured_interface_list(); if (!empty($pfb['config']['inbound_interface'])) { - # Sort Interface Array to match pfSense Interface order to allow Floating Rules to populate. + // Sort Interface Array to match pfSense Interface order to allow Floating Rules to populate. $selected_interfaces = explode(",",$pfb['config']['inbound_interface']); - # Sort pfBlockerNG Interface order to pfSense Interface Order + // Sort pfBlockerNG Interface order to pfSense Interface Order $sort_interfaces = array_intersect($ifaces, $selected_interfaces); $implode_interfaces = ltrim(implode(",",$sort_interfaces), ","); - # CSV String for Inbound Interfaces for 'pfB_' Match Rules + // CSV String for Inbound Interfaces for 'pfB_' Match Rules $pfb['inbound_floating'] = $implode_interfaces; $pfb['inbound_interfaces_float'] = explode(" ",$implode_interfaces); - # Assign Inbound Base Rule/Interfaces + // Assign Inbound Base Rule/Interfaces if ($pfb['float'] == "on") { - # Define Base Firewall Floating Rules Settings + // Define Base Firewall Floating Rules Settings $base_rule = $base_rule_float; $pfb['inbound_interfaces'] = $pfb['inbound_interfaces_float']; } else { - # Define Base Firewall Rules Settings + // Define Base Firewall Rules Settings $base_rule = $base_rule_reg; $pfb['inbound_interfaces'] = explode(",",$pfb['config']['inbound_interface']); } } else { - # Define Empty Variable/Array + // Define Empty Variable/Array $pfb['inbound_interfaces_float'] = ""; $pfb['inbound_interfaces'] = array(); } if (!empty($pfb['config']['outbound_interface'])) { - # Sort Interface Array to match pfSense Interface order to allow Floating Rules to populate. + // Sort Interface Array to match pfSense Interface order to allow Floating Rules to populate. $selected_interfaces = explode(",",$pfb['config']['outbound_interface']); - # Sort pfBlockerNG Interface order to pfSense Interface Order + // Sort pfBlockerNG Interface order to pfSense Interface Order $sort_interfaces = array_intersect($ifaces, $selected_interfaces); // If OpenVPN Interfaces are not in dropdown menu if ($pfb['openvpn'] == "on" && $config['openvpn']['openvpn-server'] || $pfb['openvpn'] == "on" && $config['openvpn']['openvpn-client']) { @@ -873,11 +873,11 @@ function sync_package_pfblockerng($cron = "") { } } $implode_interfaces = ltrim(implode(",",$sort_interfaces), ","); - # CSV String for Outbound Interfaces for 'pfB_' Match Rules + // CSV String for Outbound Interfaces for 'pfB_' Match Rules $pfb['outbound_floating'] = $implode_interfaces; $pfb['outbound_interfaces_float'] = explode(" ",$implode_interfaces); - # Assign Outbound Base Rule/Interfaces + // Assign Outbound Base Rule/Interfaces if ($pfb['float'] == "on") { $base_rule = $base_rule_float; $pfb['outbound_interfaces'] = $pfb['outbound_interfaces_float']; @@ -892,7 +892,7 @@ function sync_package_pfblockerng($cron = "") { } } } else { - # Define Empty Variable/Array + // Define Empty Variable/Array $pfb['outbound_interfaces_float'] = ""; $pfb['outbound_interfaces'] = array(); } @@ -902,10 +902,10 @@ function sync_package_pfblockerng($cron = "") { # Clear Removed Lists from Masterfiles # ################################################# - # Process to keep Masterfiles in Sync with Valid Lists from config.conf file. + // Process to keep Masterfiles in Sync with Valid Lists from config.conf file. $pfb['sync_master'] = TRUE; - # Don't execute this function when pfBlockerNG is Disabled and 'Keep Blocklists' is enabled. + // Don't execute this function when pfBlockerNG is Disabled and 'Keep Blocklists' is enabled. if ($pfb['enable'] == "" && $pfb['keep'] == "on") { $pfb['sync_master'] = FALSE; } @@ -936,7 +936,7 @@ function sync_package_pfblockerng($cron = "") { $cont_type = array ("countries4" => "_v4", "countries6" => "_v6"); foreach ($cont_type as $c_type => $vtype) { if ($continent_config[$c_type] != "") { - # Set Parameters for 'Match', 'Permit', 'Native' and 'Deny' + // Set Parameters for 'Match', 'Permit', 'Native' and 'Deny' if (in_array($continent_config['action'],array('Match_Both','Match_Inbound','Match_Outbound','Alias_Match'))) { $pfb['existing']['match'][] = "{$pfb_alias}{$vtype}"; } elseif (in_array($continent_config['action'],array('Permit_Both','Permit_Inbound','Permit_Outbound','Alias_Permit'))){ @@ -952,7 +952,7 @@ function sync_package_pfblockerng($cron = "") { } } - # Find all Enabled IPv4/IPv6 Lists + // Find all Enabled IPv4/IPv6 Lists $list_type = array ("pfblockernglistsv4" => "_v4", "pfblockernglistsv6" => "_v6"); foreach ($list_type as $ip_type => $vtype) { if ($config['installedpackages'][$ip_type]['config'] != "" && $pfb['enable'] == "on") { @@ -964,9 +964,9 @@ function sync_package_pfblockerng($cron = "") { } else { $pfb_alias = "{$row['header']}_v6"; } - # Collect Enabled Lists + // Collect Enabled Lists if ($row['url'] != "" && $row['state'] != "Disabled") { - # Set Parameters for 'Match', 'Permit', 'Native' and 'Deny' + // Set Parameters for 'Match', 'Permit', 'Native' and 'Deny' if (in_array($list['action'],array('Match_Both','Match_Inbound','Match_Outbound','Alias_Match'))) { $pfb['existing']['match'][] = "{$pfb_alias}"; } elseif (in_array($list['action'],array('Permit_Both','Permit_Inbound','Permit_Outbound','Alias_Permit'))) { @@ -983,7 +983,7 @@ function sync_package_pfblockerng($cron = "") { } } - # Find all Enabled IPv4 'Custom List' Header Names and Check if 'Emerging Threats Update' and 'Custom List Update' Needs Force Updating + // Find all Enabled IPv4 'Custom List' Header Names and Check if 'Emerging Threats Update' and 'Custom List Update' Needs Force Updating $list_type = array ("pfblockernglistsv4" => "_v4", "pfblockernglistsv6" => "_v6"); foreach ($list_type as $ip_type => $vtype) { if ($config['installedpackages'][$ip_type]['config'] != "" && $pfb['enable'] == "on") { @@ -991,7 +991,7 @@ function sync_package_pfblockerng($cron = "") { foreach ($config['installedpackages'][$ip_type]['config'] as $list) { if (is_array($list['row']) && $list['action'] != "Disabled") { $count++; - # Check if 'Emerging Threats Update' Needs Updating before next CRON Event. + // Check if 'Emerging Threats Update' Needs Updating before next CRON Event. if (is_array($list['row']) && $row['state'] != "Disabled" && $pfb['etupdate'] == "enabled" && $vtype == "_v4") { foreach ($list['row'] as $row) { $aliasname = $row['header']; @@ -1005,14 +1005,14 @@ function sync_package_pfblockerng($cron = "") { } } - # Collect Enabled Custom List Box Aliases + // Collect Enabled Custom List Box Aliases if (pfbng_text_area_decode($list['custom']) != "") { if ($vtype == "_v4") { $pfb_alias = "{$list['aliasname']}_custom"; } else { $pfb_alias = "{$list['aliasname']}_custom_v6"; } - # Determine Folder Location for 'List' + // Determine Folder Location for 'List' if (in_array($list['action'],array('Match_Both','Match_Inbound','Match_Outbound','Alias_Match'))) { $pfb['existing']['match'][] = "{$pfb_alias}"; $pfbfolder = "{$pfb['matchdir']}"; @@ -1026,10 +1026,10 @@ function sync_package_pfblockerng($cron = "") { $pfb['existing']['deny'][] = "{$pfb_alias},"; // Add Trailing ',' $pfbfolder = "{$pfb['denydir']}"; } - # Determine if 'Custom List' Needs Force Updating before next CRON Event. + // Determine if 'Custom List' Needs Force Updating before next CRON Event. if ($list['custom_update'] == "enabled") { unlink_if_exists("{$pfbfolder}/{$pfb_alias}.txt"); - # Uncheck 'Enabled' in List 'Custom_update' Setting + // Uncheck 'Enabled' in List 'Custom_update' Setting $config['installedpackages'][$ip_type]['config'][$count]['custom_update'] = "disabled"; $pfb['cron_mod'] = TRUE; } @@ -1038,7 +1038,7 @@ function sync_package_pfblockerng($cron = "") { } } - # Collect all .txt file Names for each List Type + // Collect all .txt file Names for each List Type $list_types = array('match' => $pfb['matchdir'], 'permit' => $pfb['permitdir'], 'deny' => $pfb['denydir'], 'native' => $pfb['nativedir']); foreach ($list_types as $type => $pfbfolder) { $pfb_files = glob("$pfbfolder/*.txt"); @@ -1052,12 +1052,12 @@ function sync_package_pfblockerng($cron = "") { } } - # Flag to execute pfctl and Rules Ordering + // Flag to execute pfctl and Rules Ordering $pfb['remove'] = FALSE; - # Execute Final Summary as a List was Removed + // Execute Final Summary as a List was Removed $pfb['summary'] = FALSE; - # Process to Remove Lists from Masterfile/DB Folder if they do not Exist + // Process to Remove Lists from Masterfile/DB Folder if they do not Exist if (isset($pfb['existing'])) { foreach ($pfb['existing'] as $pfb_exist) { $existing_type = $pfb_exist['type']; @@ -1072,7 +1072,7 @@ function sync_package_pfblockerng($cron = "") { if ($f_result != "") { $log = "[ Removing List(s) : {$f_result} ]\n"; pfb_logger("{$log}","1"); - # Script to Remove un-associated Lists + // Script to Remove un-associated Lists exec ("{$pfb['script']} remove x x x {$f_result} >> {$pfb['log']} 2>&1"); $pfb['summary'] = TRUE; $pfb['remove'] = TRUE; @@ -1082,7 +1082,7 @@ function sync_package_pfblockerng($cron = "") { case "permit": case "native": $results = array_diff($pfb_act, $pfb_exist); - # This variable ($f_result) used in next section below. + // This variable ($f_result) used in next section below. $f_result = implode($results); if (!empty($results)) { foreach ($results as $pfb_result) { @@ -1096,7 +1096,7 @@ function sync_package_pfblockerng($cron = "") { break; } - # Allow rebuilding of changed Alias to purge 'SKIP' Lists (when pfBlockerNG is enabled) + // Allow rebuilding of changed Alias to purge 'SKIP' Lists (when pfBlockerNG is enabled) $list_type = array ("pfblockernglistsv4" => "_v4", "pfblockernglistsv6" => "_v6"); foreach ($list_type as $ip_type => $vtype) { if ($f_result != "" && $pfb['enable'] == "on") { @@ -1110,7 +1110,7 @@ function sync_package_pfblockerng($cron = "") { if ($row['header'] == $removed) { $pfb['summary'] = TRUE; $pfb['remove'] = TRUE; - # Add Alias to Update Array + // Add Alias to Update Array $pfb_alias_lists[] = "{$alias}"; $pfb_alias_lists_all[] = "{$alias}"; } @@ -1131,7 +1131,7 @@ function sync_package_pfblockerng($cron = "") { # Clear Match/Pass/ET/Original Files/Folders # ######################################################### - # When pfBlockerNG is Disabled and 'Keep Blocklists' is Disabled. + // When pfBlockerNG is Disabled and 'Keep Blocklists' is Disabled. if ($pfb['enable'] == "" && $pfb['keep'] == "" && !$pfb['install']) { $log = "\n Removing DB Files/Folders \n"; pfb_logger("{$log}","1"); @@ -1171,7 +1171,7 @@ function sync_package_pfblockerng($cron = "") { $cont_type = array ("countries4" => "_v4", "countries6" => "_v6"); foreach ($cont_type as $c_type => $vtype) { - # Determine 'List' details (return array $pfbarr) + // Determine 'List' details (return array $pfbarr) pfb_determine_list_detail($continent_config['action'], "{$pfb_alias}{$vtype}", $cc_name, "0"); $pfb['skip'] = $pfbarr['skip']; $pfb_descr = $pfbarr['descr']; @@ -1200,16 +1200,16 @@ function sync_package_pfblockerng($cron = "") { $match = $continent_new[$line]; $continent_new[$line] = rtrim($match, "\n"); - # Check if pfBlockerNG pfctl Continent Tables are Empty (pfBlockerNG was Disabled w/ "keep", then Re-enabled) + // Check if pfBlockerNG pfctl Continent Tables are Empty (pfBlockerNG was Disabled w/ "keep", then Re-enabled) $pfctlck = exec ("/sbin/pfctl -vvsTables | grep -A1 {$pfb_alias}{$vtype} | awk '/Addresses/ {s+=$2}; END {print s}'"); if (empty($pfctlck) && file_exists($pfbfolder . '/' . $pfb_alias . $vtype . '.txt')) { $file_cont = file_get_contents($pfbfolder . '/' . $pfb_alias . $vtype . '.txt'); @file_put_contents($pfb['aliasdir'] . '/' . $pfb_alias . $vtype . '.txt',$file_cont, LOCK_EX); - # PFCTL - Update Only Aliases that have been updated. ('Reputation' Disabled) + // PFCTL - Update Only Aliases that have been updated. ('Reputation' Disabled) $pfb_alias_lists[] = "{$pfb_alias}{$vtype}"; } - # Collect Active Alias Lists (Used for pfctl Update when 'Reputation' is enabled). + // Collect Active Alias Lists (Used for pfctl Update when 'Reputation' is enabled). $pfb_alias_lists_all[] = "{$pfb_alias}{$vtype}"; // Compare Existing (Original File) and New Continent Data @@ -1224,7 +1224,7 @@ function sync_package_pfblockerng($cron = "") { $log = "\n[ {$pfb_alias}{$vtype} ]{$log_tab} Changes Found... Updating \n"; pfb_logger("{$log}","1"); - # Test to Skip d-dup and p-dup functions when changes are found. + // Test to Skip d-dup and p-dup functions when changes are found. $pfb['dupcheck'] = TRUE; $pfb_alias_lists[] = "{$pfb_alias}{$vtype}"; @@ -1243,7 +1243,7 @@ function sync_package_pfblockerng($cron = "") { @file_put_contents($pfb['aliasdir'] . '/' . $pfb_alias . $vtype . '.txt',$continent, LOCK_EX); } - # Check if File Exists and is > 0 in Size and Save alias file + // Check if File Exists and is > 0 in Size and Save alias file $file_chk = "0"; $cont_chk = "{$pfbfolder}/{$pfb_alias}{$vtype}.txt"; if (file_exists($cont_chk) && @filesize($cont_chk) > 0) { @@ -1261,7 +1261,7 @@ function sync_package_pfblockerng($cron = "") { } if (file_exists($pfbfolder . '/' . $pfb_alias . $vtype . '.txt')) { - #Create alias config + // Create alias config $new_aliases_list[] = "{$pfb_alias}{$vtype}"; $pfb_contlog = $continent_config['aliaslog']; @@ -1275,7 +1275,7 @@ function sync_package_pfblockerng($cron = "") { "detail" => "DO NOT EDIT THIS ALIAS" ); - #Create rule if action permits + // Create rule if action permits switch ($continent_config['action']) { case "Deny_Both": case "Deny_Outbound": @@ -1403,42 +1403,42 @@ function sync_package_pfblockerng($cron = "") { break; } } else { - #unlink continent list if any + // unlink continent list if any unlink_if_exists($pfb['aliasdir'] . '/' . $pfb_alias . $vtype . '.txt'); } } } } - #mark pfctl aliastable for cleanup + // mark pfctl aliastable for cleanup if (!in_array($pfb_alias, $aliases_list)) { $aliases_list[] = "{$pfb_alias}{$vtype}"; } } } - # UNSET variables + // UNSET variables unset ($continent, $continent_existing, $continent_new); ################################################# # Download and Collect IPv4/IPv6 lists # ################################################# - # IPv4 REGEX Definitions + // IPv4 REGEX Definitions $pfb['range'] = '/((?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))-((?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))/'; $pfb['block'] = '/(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[ 0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.([0]{1})\s+/'; $pfb['cidr'] = '/(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)?\/([0-9]{2}|[0-9]{1})/'; $pfb['single'] = '/(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\s+/'; $pfb['s_html'] = '/(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)/'; - # IPv4 preg_replace Regex Filter array + // IPv4 preg_replace Regex Filter array $pfb_ipreg = array(); - $pfb_ipreg[0] = '/\b0+(?=\d)/'; # Remove any Leading Zeros in each Octet - $pfb_ipreg[1] = '/\s/'; # Remove any Whitespaces - $pfb_ipreg[2] = '/\/32/'; # Remove any /32 CIDR - $pfb_ipreg[3] = '/127\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/'; # Remove any Loopback Addresses 127/8 - $pfb_ipreg[4] = '/0\.0\.0\.0/'; # Remove 0.0.0.0 - - # IPv6 REGEX Definitions -- ** Still Needs some Adjustment on Regex Definition for IPv6 ** - # https://mebsd.com/coding-snipits/php-regex-ipv6-with-preg_match.html + $pfb_ipreg[0] = '/\b0+(?=\d)/'; // Remove any Leading Zeros in each Octet + $pfb_ipreg[1] = '/\s/'; // Remove any Whitespaces + $pfb_ipreg[2] = '/\/32/'; // Remove any /32 CIDR + $pfb_ipreg[3] = '/127\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/'; // Remove any Loopback Addresses 127/8 + $pfb_ipreg[4] = '/0\.0\.0\.0/'; // Remove 0.0.0.0 + + // IPv6 REGEX Definitions -- ** Still Needs some Adjustment on Regex Definition for IPv6 ** + // https://mebsd.com/coding-snipits/php-regex-ipv6-with-preg_match.html $pattern1 = '([A-Fa-f0-9]{1,4}:){7}[A-Fa-f0-9]{1,4}'; $pattern2 = '[A-Fa-f0-9]{1,4}::([A-Fa-f0-9]{1,4}:){0,5}[A-Fa-f0-9]{1,4}'; $pattern3 = '([A-Fa-f0-9]{1,4}:){2}:([A-Fa-f0-9]{1,4}:){0,4}[A-Fa-f0-9]{1,4}'; @@ -1457,7 +1457,7 @@ function sync_package_pfblockerng($cron = "") { if ($config['installedpackages'][$ip_type]['config'] != "") { foreach ($config['installedpackages'][$ip_type]['config'] as $list) { if ($list['action'] != "Disabled" && $pfb['enable'] == "on" && !$pfb['save'] && is_array($list['row'])) { - # Capture Alias Name + // capture Alias Name $alias = "pfB_" . preg_replace("/\W/","",$list['aliasname']); foreach ($list['row'] as $row) { if ($row['url'] != "" && $row['state'] != "Disabled") { @@ -1468,7 +1468,7 @@ function sync_package_pfblockerng($cron = "") { $header_url = "{$row['header']}_v6"; } - # Determine 'List' details (return array $pfbarr) + // Determine 'List' details (return array $pfbarr) pfb_determine_list_detail($list['action'], $header_url, "", ""); $pfb['skip'] = $pfbarr['skip']; $pfbfolder = $pfbarr['folder']; @@ -1481,7 +1481,7 @@ function sync_package_pfblockerng($cron = "") { continue; } - # Collect Active Alias List (Used for pfctl Update when 'Reputation' is enabled. + // Collect Active Alias List (Used for pfctl Update when 'Reputation' is enabled. $pfb_alias_lists_all[] = "{$alias}"; if (file_exists($pfbfolder . '/' . $header_url . '.txt') && $pfb['reuse'] == "") { @@ -1501,7 +1501,7 @@ function sync_package_pfblockerng($cron = "") { $list_url = "{$row['url']}"; if (!$pfb['reuse'] == "on") { - # Perform Remote URL Date/Time Stamp checks + // Perform Remote URL Date/Time Stamp checks $host = @parse_url($row['url']); if ($row['format'] != "rsync" || $row['format'] != "html") { if ($host['host'] == "127.0.0.1" || $host['host'] == $pfb['iplocal'] || empty($host['host'])) { @@ -1517,7 +1517,7 @@ function sync_package_pfblockerng($cron = "") { if ($row['format'] == "gz" || $row['format'] == "gz_2") { $file_dwn = "{$pfb['origdir']}/{$header_url}.gz"; if ($pfb['reuse'] == "on" && file_exists($file_dwn)) { - # File Exists/Reuse + // File Exists/Reuse } else { $url_gz = "{$row['url']}"; $file_gz = @file_get_contents($url_gz); @@ -1531,11 +1531,11 @@ function sync_package_pfblockerng($cron = "") { $url_list = @gzfile($file_dwn); } - # IBlock Large Files mixed with IPs and Domains. PHP mem of 256M can't handle very large Files. + // IBlock Large Files mixed with IPs and Domains. PHP mem of 256M can't handle very large Files. if ($row['format'] == "gz_lg") { $file_dwn = "{$pfb['origdir']}/{$header_url}.gz"; if ($pfb['reuse'] == "on" && file_exists($file_dwn)) { - # File Exists/Reuse + // File Exists/Reuse } else { $url_gz = "{$row['url']}"; $file_gz = @file_get_contents($url_gz); @@ -1553,7 +1553,7 @@ function sync_package_pfblockerng($cron = "") { elseif ($row['format'] == "zip") { $file_dwn = "{$pfb['origdir']}/{$header_url}.zip"; if ($pfb['reuse'] == "on" && file_exists($file_dwn)) { - # File Exists/Reuse + // File Exists/Reuse } else { $url_zip = "{$row['url']}"; if (!$file_zip = @file_get_contents($url_zip)) { @@ -1576,9 +1576,9 @@ function sync_package_pfblockerng($cron = "") { elseif ($row['format'] == "et") { $file_dwn = "{$pfb['origdir']}/{$header_url}.gz"; - # Script to Call ET IQRISK Process + // Script to Call ET IQRISK Process if ($pfb['reuse'] == "on" && file_exists($file_dwn)) { - # File Exists/Reuse + // File Exists/Reuse } else { $url_et = "{$row['url']}"; $file_et = @file_get_contents($url_et); @@ -1595,9 +1595,9 @@ function sync_package_pfblockerng($cron = "") { elseif ($row['format'] == "xlsx") { $file_dwn = "{$pfb['origdir']}/{$header_url}.zip"; - # Script to Call XLSX Process + // Script to Call XLSX Process if ($pfb['reuse'] == "on" && file_exists($file_dwn)) { - # File Exists/Reuse + // File Exists/Reuse } else { $url_xlsx = "{$row['url']}"; $file_xlsx = @file_get_contents($url_xlsx); @@ -1631,7 +1631,7 @@ function sync_package_pfblockerng($cron = "") { elseif ($row['format'] == "html" || $row['format'] == "block") { $file_dwn = "{$pfb['origdir']}/{$header_url}.raw"; if ($pfb['reuse'] == "on" && file_exists($file_dwn)) { - # File Exists/Reuse + // File Exists/Reuse $return = 0; } else { $url_html = "{$row['url']}"; @@ -1644,7 +1644,7 @@ function sync_package_pfblockerng($cron = "") { elseif ($row['format'] == "rsync") { $file_dwn = "{$pfb['origdir']}/{$header_url}.orig"; if ($pfb['reuse'] == "on" && file_exists($file_dwn)) { - # File Exists/Reuse + // File Exists/Reuse } else { $url_rsync = "{$row['url']}"; exec ("/usr/local/bin/rsync --timeout=5 {$url_rsync} {$file_dwn}"); @@ -1652,13 +1652,13 @@ function sync_package_pfblockerng($cron = "") { $url_list = @file($file_dwn); } - #extract range lists + // extract range lists $new_file = ""; if (!empty($url_list)) { if ($row['format'] == "gz" && $vtype == "_v4") { foreach ($url_list as $line) { if (!preg_match("/^#/", $line)) { - # Network range 192.168.0.0-192.168.0.254 + // Network range 192.168.0.0-192.168.0.254 if (preg_match($pfb['range'],$line,$matches)) { $a_cidr = ip_range_to_subnet_array_temp2($matches[1],$matches[2]); if (!empty($a_cidr)) { @@ -1674,7 +1674,7 @@ function sync_package_pfblockerng($cron = "") { elseif ($row['format'] == "block" && $vtype == "_v4") { foreach ($url_list as $line) { if (!preg_match("/^#/", $line)) { - # Block Type '218.77.79.0 218.77.79.255 24' + // Block Type '218.77.79.0 218.77.79.255 24' if (preg_match($pfb['block'],$line,$matches)) { $new_file .= preg_replace($pfb_ipreg, '',$matches[0]) . "/24\n"; } @@ -1685,11 +1685,11 @@ function sync_package_pfblockerng($cron = "") { elseif ($row['format'] == "html" && $vtype == "_v4") { foreach ($url_list as $line) { if (!preg_match("/^#/", $line)) { - # CIDR format 192.168.0.0/16 + // CIDR format 192.168.0.0/16 if (preg_match($pfb['cidr'],$line,$matches)) { $new_file .= preg_replace($pfb_ipreg, '',$matches[0]) . "\n"; } - # Single ip addresses + // Single ip addresses elseif (preg_match($pfb['s_html'],$line,$matches)) { $new_file .= preg_replace($pfb_ipreg, '',$matches[0]) . "\n"; } @@ -1700,7 +1700,7 @@ function sync_package_pfblockerng($cron = "") { elseif ($vtype == "_v6") { foreach ($url_list as $line) { if (!preg_match("/^#/", $line)) { - # IPv6 Regex Match + // IPv6 Regex Match if (preg_match($pfb['ipv6'],$line,$matches)) { $new_file .= preg_replace($pfb_ipreg, '',$matches[0]) . "\n"; } @@ -1711,7 +1711,7 @@ function sync_package_pfblockerng($cron = "") { else { foreach ($url_list as $line) { if (!preg_match("/^#/", $line)) { - # Network range 192.168.0.0-192.168.0.254 + // Network range 192.168.0.0-192.168.0.254 if (preg_match($pfb['range'],$line,$matches)) { $a_cidr = ip_range_to_subnet_array_temp2($matches[1],$matches[2]); if (!empty($a_cidr)) { @@ -1720,11 +1720,11 @@ function sync_package_pfblockerng($cron = "") { } } } - # CIDR format 192.168.0.0/16 + // CIDR format 192.168.0.0/16 elseif (preg_match($pfb['cidr'],$line,$matches)) { $new_file .= preg_replace($pfb_ipreg, '',$matches[0]) . "\n"; } - # Single ip addresses + // Single ip addresses elseif (preg_match($pfb['single'],$line,$matches)) { $new_file .= preg_replace($pfb_ipreg, '',$matches[0]) . "\n"; } @@ -1733,14 +1733,14 @@ function sync_package_pfblockerng($cron = "") { } } - # Check to see if Blocklist actually Failed Download or has no IPs listed. + // Check to see if Blocklist actually Failed Download or has no IPs listed. if ($row['format'] == "html" || $row['format'] == "block") { $url_chk = $file_dwn; } else { $url_chk = "{$pfb['origdir']}/{$header_url}.orig"; } - # Check if File Exists and is > 0 in Size + // Check if File Exists and is > 0 in Size $file_chk = ""; if (file_exists($url_chk) && @filesize($url_chk) > 0) { $file_chk = exec ("/usr/bin/grep -cv '^#\|^$' {$url_chk}"); @@ -1755,42 +1755,42 @@ function sync_package_pfblockerng($cron = "") { if ($new_file != "") { if ($row['format'] == "gz" || $row['format'] == "gz_2" || $row['format'] == "html" || $row['format'] == "block") { - # Re-Save these formats as original file + // Re-Save these formats as original file $url_other = $new_file; @file_put_contents($pfb['origdir'] . '/' . $header_url . '.orig',$url_other, LOCK_EX); } - # Save List to '.txt' format in appropriate Folder + // Save List to '.txt' format in appropriate Folder @file_put_contents($pfbfolder . '/' .$header_url . '.txt',$new_file, LOCK_EX); if ($pfb['rep'] == "on" && $pfb['skip'] && $vtype == "_v4") { - # Script to Call p24 Process + // Script to Call p24 Process exec ("{$pfb['script']} p24 {$header_url} {$pfb['max']} {$pfb['dedup']} {$pfb['ccexclude']} {$pfb['ccwhite']} {$pfb['ccblack']} >> {$pfb['log']} 2>&1"); } if ($pfb['dup'] == "on" && $pfb['skip'] && $vtype == "_v4") { - # Script to call Duplication Check Process + // Script to call Duplication Check Process exec ("{$pfb['script']} duplicate {$header_url} >> {$pfb['log']} 2>&1"); } - # PFCTL - Update Only Aliases that have been updated only. + // PFCTL - Update Only Aliases that have been updated only. $pfb_alias_lists[] = "{$alias}"; - # Launch d-dup and p-dup functions when changes are found. + // Launch d-dup and p-dup functions when changes are found. if ($pfb['skip'] && $vtype == "_v4") { $pfb['dupcheck'] = TRUE; } - # Enable Suppression Process due to Updates + // Enable Suppression Process due to Updates if ($pfb['supp'] == "on" && $vtype == "_v4") { $pfb['supp_update'] = TRUE; } } else { - # Log FAILED Downloads and Check if Firewall or Snort/Suricata is Blocking Host + // Log FAILED Downloads and Check if Firewall or Snort/Suricata is Blocking Host $log = "\n [ {$alias} {$header_url} ] Download FAIL [ NOW ]\n"; pfb_logger("{$log}","2"); - # Rebuild Previous List File from contents of Masterfile + // Rebuild Previous List File from contents of Masterfile if ($pfb['skip'] && $vtype == "_v4") { - # Search with trailing Whitespace to match exact Header in Masterfile + // Search with trailing Whitespace to match exact Header in Masterfile $header_url2 = $header_url . "[[:space:]]"; $file_chk = exec ("/usr/bin/grep {$header_url2} {$pfb['master']} | grep -c ^"); @@ -1800,17 +1800,17 @@ function sync_package_pfblockerng($cron = "") { exec ("/usr/bin/grep {$header_url2} {$pfb['master']} | cut -d' ' -f2 > {$pfbfolder}/{$header_url}.txt"); } } - # A "Space" string Variable + // A "Space" string Variable $sp = " "; $ip = @gethostbyname($host['host']); $ip2 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", "\"^$1\.$2\.$3\.\"", $ip); - # Only Perform these Checks if they are not "localfiles" + // Only Perform these Checks if they are not "localfiles" if ($host['host'] == "127.0.0.1" || $host['host'] == $pfb['iplocal'] || empty($host['host'])) { $log = " [ {$alias} {$header_url} ] Local File Failure \n"; pfb_logger("{$log}","2"); } else { - # only perform these steps if an 'IP' is found. + // only perform these steps if an 'IP' is found. if (!empty($ip)) { // Query for Exact IP Match $result_b1 = array(); @@ -1821,7 +1821,7 @@ function sync_package_pfblockerng($cron = "") { // Query Snort/Suricata snort2c IP Block Table $snort_pfb = exec("/sbin/pfctl -t snort2c -T show | grep {$ip}"); - # If an exact IP Match is not found report any First Three IP Octets. + // If an exact IP Match is not found report any First Three IP Octets. if (!empty($result_b1)) { $final_b1 = implode("\n ", $result_b1); $log = " [ {$alias} {$header_url}, {$ip} ] Firewall IP Block Found in : \n{$sp}{$final_b1}\n"; @@ -1843,12 +1843,12 @@ function sync_package_pfblockerng($cron = "") { } } } - # UNSET variables + // UNSET variables unset ($file_gz,$file_zip,$file_et,$file_xlsx,$url_other,$url_list); } } } - #check custom network list + // check custom network list if (pfbng_text_area_decode($list['custom']) != "") { if ($vtype == "_v4") { @@ -1857,10 +1857,10 @@ function sync_package_pfblockerng($cron = "") { $aliascustom = "{$list['aliasname']}_custom_v6"; } - # Collect Active Alias List (Used for pfctl Update when 'Reputation' is enabled. + // Collect Active Alias List (Used for pfctl Update when 'Reputation' is enabled. $pfb_alias_lists_all[] = "{$alias}"; - # Determine 'List' details (return array $pfbarr) + // Determine 'List' details (return array $pfbarr) pfb_determine_list_detail($list['action'], $aliascustom, "", ""); $pfb['skip'] = $pfbarr['skip']; $pfbfolder = $pfbarr['folder']; @@ -1882,7 +1882,7 @@ function sync_package_pfblockerng($cron = "") { if (!empty($url_list)) { foreach ($url_list as $line) { if ($vtype == "_v4") { - # Network range 192.168.0.0-192.168.0.254 + // Network range 192.168.0.0-192.168.0.254 if (preg_match($pfb['range'],$line,$matches)) { $a_cidr = ip_range_to_subnet_array_temp2($matches[1],$matches[2]); if (!empty($a_cidr)) { @@ -1891,16 +1891,16 @@ function sync_package_pfblockerng($cron = "") { } } } - # CIDR format 192.168.0.0/16 + // CIDR format 192.168.0.0/16 elseif (preg_match($pfb['cidr'],$line,$matches)) { $new_file .= preg_replace($pfb_ipreg, '',$matches[0]) . "\n"; } - # Single ip addresses + // Single ip addresses elseif (preg_match($pfb['s_html'],$line,$matches)) { $new_file .= preg_replace($pfb_ipreg, '',$matches[0]) . "\n"; } } else { - # IPv6 Regex + // IPv6 Regex if (preg_match($pfb['ipv6'],$line,$matches)) { $new_file .= preg_replace($pfb_ipreg, '',$matches[0]) . "\n"; } @@ -1909,20 +1909,20 @@ function sync_package_pfblockerng($cron = "") { } if ($new_file != "") { - # PFCTL - Collect Only Aliases that have been updated only. + // PFCTL - Collect Only Aliases that have been updated only. $pfb_alias_lists[] = "{$alias}"; - # Collect Updated lists for Suppression Process + // Collect Updated lists for Suppression Process @file_put_contents($pfbfolder . '/'. $aliascustom . '.txt',$new_file, LOCK_EX); - # Enable Suppression Process due to Updates + // Enable Suppression Process due to Updates if ($pfb['supp'] == "on" && $vtype == "_v4") { $pfb['supp_update'] = TRUE; } if ($pfb['rep'] == "on" && $pfb['skip'] && $vtype == "_v4") { - # Script to Call p24 Process + // Script to Call p24 Process exec ("{$pfb['script']} p24 {$aliascustom} {$pfb['max']} {$pfb['dedup']} {$pfb['ccexclude']} {$pfb['ccwhite']} {$pfb['ccblack']} >> {$pfb['log']} 2>&1"); } if ($pfb['dup'] == "on" && $pfb['skip'] && $vtype == "_v4") { - # Script to call Duplication Check Process + // Script to call Duplication Check Process exec ("{$pfb['script']} duplicate {$aliascustom} >> {$pfb['log']} 2>&1"); } } else { @@ -1941,13 +1941,13 @@ function sync_package_pfblockerng($cron = "") { # REPUTATION PROCESSES # ################################# - # IP Reputation processes (pdup and ddup) + // IP Reputation processes (pdup and ddup) if ($pfb['pdup'] == "on" && $pfb['dupcheck'] && !$pfb['save'] && $pfb['enable'] == "on") { - # Script to run pdup process + // Script to run pdup process exec ("{$pfb['script']} pdup x {$pfb['pmax']} >> {$pfb['log']} 2>&1"); } if ($pfb['dedup'] == "on" && $pfb['dupcheck'] && !$pfb['save'] && $pfb['enable'] == "on") { - # Script to run dedup process + // Script to run dedup process exec ("{$pfb['script']} dedup x {$pfb['dmax']} {$pfb['dedup']} {$pfb['ccexclude']} {$pfb['ccwhite']} {$pfb['ccblack']} >> {$pfb['log']} 2>&1"); } @@ -1962,7 +1962,7 @@ function sync_package_pfblockerng($cron = "") { foreach ($config['installedpackages'][$ip_type]['config'] as $key => $list) { $alias = "pfB_" . preg_replace("/\W/","",$list['aliasname']); - # Determine 'List' details (return array $pfbarr) + // Determine 'List' details (return array $pfbarr) pfb_determine_list_detail($list['action'], "", $ip_type, $key); $pfb['skip'] = $pfbarr['skip']; $pfb_descr = $pfbarr['descr']; @@ -1985,7 +1985,7 @@ function sync_package_pfblockerng($cron = "") { } if ($list['action'] != "Disabled") { - #remove empty lists files if any + // remove empty lists files if any if (is_array($list['row'])) { $update = 0; ${$alias} = ""; @@ -1998,20 +1998,20 @@ function sync_package_pfblockerng($cron = "") { } $pfctlck = exec ("/sbin/pfctl -vvsTables | grep -A1 {$alias} | awk '/Addresses/ {s+=$2}; END {print s}'"); - # Update Alias if List File Exists and its been updated or if the Alias URL Table is Empty. + // Update Alias if List File Exists and its been updated or if the Alias URL Table is Empty. if (file_exists($pfbfolder . "/" . $header_url . ".txt") && in_array($alias, $final_alias) || file_exists($pfbfolder . "/" . $header_url . ".txt") && empty($pfctlck)) { - # Script to run Suppression process (Print Header Only) + // Script to run Suppression process (Print Header Only) if ($pfb['supp'] == "on" && $vtype == "_v4" && $runonce == 0 && $pfb['supp_update']) { exec ("{$pfb['script']} suppress x x x suppressheader >> {$pfb['log']} 2>&1"); $runonce++; } - # Script to run Suppression Process (Body) + // Script to run Suppression Process (Body) if ($pfb['supp'] == "on" && $vtype == "_v4" && $pfb['supp_update']) { if ($pfb['dup'] == "on" || !$pfb['skip']) { - # Execute if Duplication Process is Enabled or List is Permit or Match + // Execute if Duplication Process is Enabled or List is Permit or Match exec ("{$pfb['script']} suppress x x x {$header_url}\|{$pfbfolder}/ >> {$pfb['log']} 2>&1"); } else { - # Execute if Duplication Process is Disabled + // Execute if Duplication Process is Disabled exec ("{$pfb['script']} suppress x x off {$header_url}\|{$pfbfolder}/ >> {$pfb['log']} 2>&1"); } } @@ -2022,14 +2022,14 @@ function sync_package_pfblockerng($cron = "") { } } - #check custom network list + // check custom network list if ($vtype == "_v4") { $aliasname = "{$list['aliasname']}_custom"; } else { $aliasname = "{$list['aliasname']}_custom_v6"; } - # Update Alias if List File Exists and its been updated or if the Alias URL Table is Empty. + // Update Alias if List File Exists and its been updated or if the Alias URL Table is Empty. $pfctlck = exec ("/sbin/pfctl -vvsTables | grep -A1 {$alias} | awk '/Addresses/ {s+=$2}; END {print s}'"); if (pfbng_text_area_decode($list['custom']) != "") { @@ -2038,7 +2038,7 @@ function sync_package_pfblockerng($cron = "") { $update++; } } - # Determine Validity of Alias URL Tables/Rules. ie: Don't create Empty URL Tables or Aliases + // Determine Validity of Alias URL Tables/Rules. ie: Don't create Empty URL Tables or Aliases if (${$alias} == "" && empty($pfctlck)) { unlink_if_exists($pfb['aliasdir'] . '/' . $alias. '.txt'); } else { @@ -2048,7 +2048,7 @@ function sync_package_pfblockerng($cron = "") { } $alias_log = $list['aliaslog']; - #create alias + // create alias $new_aliases_list[] = "{$alias}"; $new_aliases[] = array( "name" => "{$alias}", @@ -2060,7 +2060,7 @@ function sync_package_pfblockerng($cron = "") { "detail" => "DO NOT EDIT THIS ALIAS" ); - #Create rule if action permits + // Create rule if action permits switch ($list['action']) { case "Deny_Both": case "Deny_Outbound": @@ -2188,18 +2188,18 @@ function sync_package_pfblockerng($cron = "") { break; } } - #mark pfctl aliastable for cleanup + // mark pfctl aliastable for cleanup if (!in_array($alias, $aliases_list)) { $aliases_list[] = "{$alias}"; } } else { - #unlink previous pfblockerNG alias list if any + // unlink previous pfblockerNG alias list if any unlink_if_exists($pfb['aliasdir'] . '/' . $alias . '.txt'); } } } } - # Clear Variables + // Clear Variables ${$alias} = ""; @@ -2207,39 +2207,39 @@ function sync_package_pfblockerng($cron = "") { # UPDATE pfSense ALIAS TABLES # ######################################### - #update pfsense alias table + // update pfsense alias table if (is_array($config['aliases']['alias'])) { foreach ($config['aliases']['alias'] as $cbalias) { if (substr($cbalias['name'], 0, 4) == 'pfB_') { - #mark pfctl aliastable for cleaning + // mark pfctl aliastable for cleaning if (!in_array($cbalias['name'], $aliases_list)) { - $aliases_list[] = $cbalias['name']; #mark aliastable for cleaning + $aliases_list[] = $cbalias['name']; // mark aliastable for cleaning } - #remove previous aliastable file if alias is not defined any more + // remove previous aliastable file if alias is not defined any more if (!in_array($cbalias['name'], $new_aliases_list)) { unlink_if_exists($pfb['aliasdir'] . '/' . $cbalias['name'] . ".txt"); } } else { $new_aliases[] = $cbalias; - # Check Table Size + // Check Table Size if (file_exists($pfb['aliasdir'] . '/' . $alias . '.txt') && $message == "") { preg_match("/(\d+)/",exec("/usr/bin/grep -c ^ " . $pfb['aliasdir'] . '/' . $alias . '.txt'),$matches); } if (($matches[1] * 2.1) >= $pfb['table_limit']) { - #alias table too large + // alias table too large $message = "{$alias} alias table is too large. Reduce networks in list or increase 'Firewall Maximum Table Entries' value to at least " . (int)($matches[1] * 2.1) . ' in "system - advanced - Firewall/NAT" . '; } } } } - #apply new alias table to xml + // apply new alias table to xml if ($message == "") { $config['aliases']['alias'] = $new_aliases; $pfb['cron_mod'] = TRUE; } - # UNSET Variables + // UNSET Variables unset($new_aliases, $cbalias); @@ -2247,7 +2247,7 @@ function sync_package_pfblockerng($cron = "") { # Assign Rules # ######################### - # Only Execute if AutoRules are defined or if an Alias has been removed. + // Only Execute if AutoRules are defined or if an Alias has been removed. if ($pfb['autorules'] || $pfb['enable'] == "" || $pfb['remove']) { if (count($deny_inbound) > 0 || count($permit_inbound) > 0 || count($match_inbound) > 0) { if ($pfb['inbound_interfaces'] == "") { @@ -2269,9 +2269,9 @@ function sync_package_pfblockerng($cron = "") { $fmatch_rules = array(); $fother_rules = array(); - # Collect All Existing Rules + // Collect All Existing Rules $rules = $config['filter']['rule']; - # Collect Existing pfSense Rules 'Pass', 'Match' and 'Other' pfSense rules into new Arrays. + // Collect Existing pfSense Rules 'Pass', 'Match' and 'Other' pfSense rules into new Arrays. if (!empty($rules)) { foreach ($rules as $rule) { if (!preg_match("/pfB_.*" . $pfb['suffix'] . "/",$rule['descr'])) { @@ -2345,7 +2345,7 @@ function sync_package_pfblockerng($cron = "") { } } - # Define Inbound Interface Rules + // Define Inbound Interface Rules if (!empty($pfb['inbound_interfaces'])) { $counter = 0; foreach ($pfb['inbound_interfaces'] as $inbound_interface) { @@ -2361,7 +2361,7 @@ function sync_package_pfblockerng($cron = "") { $new_rules[] = $cb_rules; } } - # Match Inbound Rules defined as Floating Only. + // Match Inbound Rules defined as Floating Only. if (!empty($match_inbound) && $counter == 0) { foreach ($match_inbound as $cb_rules) { $cb_rules['interface'] = $pfb['inbound_floating']; @@ -2406,7 +2406,7 @@ function sync_package_pfblockerng($cron = "") { } } - # Define Outbound Interface Rules + // Define Outbound Interface Rules if (!empty($pfb['outbound_interfaces'])) { $counter = 0; foreach ($pfb['outbound_interfaces'] as $outbound_interface) { @@ -2422,7 +2422,7 @@ function sync_package_pfblockerng($cron = "") { $new_rules[] = $cb_rules; } } - # Match Outbound Rules defined as Floating Only. + // Match Outbound Rules defined as Floating Only. if (!empty($match_outbound) && $counter == 0) { foreach ($match_outbound as $cb_rules) { $cb_rules['interface'] = $pfb['outbound_floating']; @@ -2500,7 +2500,7 @@ function sync_package_pfblockerng($cron = "") { } } - # Save New Rule Order to Config + // Save New Rule Order to Config $config['filter']['rule'] = $new_rules; } if (!empty($message)) { @@ -2508,7 +2508,7 @@ function sync_package_pfblockerng($cron = "") { pfb_logger("{$log}","1"); } - # UNSET arrays + // UNSET arrays unset ($cb_rules,$permit_inbound,$permit_outbound,$deny_inbound,$deny_outbound,$match_inbound,$match_outbound); unset ($other_rules,$fother_rules,$permit_rules,$fpermit_rules,$match_rules,$fmatch_rules); } @@ -2522,7 +2522,7 @@ function sync_package_pfblockerng($cron = "") { # pfSense Integration # ################################# - # If 'Rule Changes' are found, utilize the 'filter_configure()' function, if not, utilize 'pfctl replace' command + // If 'Rule Changes' are found, utilize the 'filter_configure()' function, if not, utilize 'pfctl replace' command if ($pfb['autorules'] && $rules != $new_rules || $pfb['enable'] == "" || $pfb['remove']) { require_once("filter.inc"); @@ -2534,20 +2534,20 @@ function sync_package_pfblockerng($cron = "") { pfb_logger("{$log}","1"); } - # Remove all pfBlockerNG Alias tables + // Remove all pfBlockerNG Alias tables if (!empty($aliases_list)) { foreach ($aliases_list as $table) { exec ("/sbin/pfctl -t " . escapeshellarg($table) . " -T kill 2>&1", $pfb_null); } } - #load filter file which will create the pfctl tables + // load filter file which will create the pfctl tables filter_configure(); // Call function for NanoBSD/Ramdisk processes. pfb_aliastables("update"); } else { - # Don't Execute on User 'Save' + // Don't Execute on User 'Save' if (!$pfb['save']) { $log = "\n\n===[ Aliastables / Rules ]================================\n\n"; @@ -2593,10 +2593,10 @@ function sync_package_pfblockerng($cron = "") { } } } - # UNSET Variables + // UNSET Variables unset($rules, $new_rules); - #sync config + // sync config pfblockerng_sync_on_changes(); @@ -2604,9 +2604,9 @@ function sync_package_pfblockerng($cron = "") { # FINAL REPORTING # ################################# - # Only run with CRON or Force Invoked Process + // Only run with CRON or Force Invoked Process if ((!$pfb['save'] && $pfb['dupcheck'] && $pfb['enable'] == "on") || $pfb['summary']) { - # Script to run Final Script Processes. + // Script to run Final Script Processes. exec ("{$pfb['script']} closing {$pfb['dup']} >> {$pfb['log']} 2>&1"); } @@ -2729,10 +2729,10 @@ function pfblockerng_php_install_command() { // Remove previously used CC folder location if exists @rmdir_recursive("{$pfb['dbdir']}/cc"); - # Uncompress Country Code File + // Uncompress Country Code File @copy("{$pfb['dbdir']}/countrycodes.tar.bz2", "{$pfb['ccdir']}/countrycodes.tar.bz2"); exec("/usr/bin/tar -jx -C {$pfb['ccdif']} -f {$pfb['ccdir']}/countrycodes.tar.bz2"); - # Download MaxMind Files and Create Country Code files and Build Continent XML Files + // Download MaxMind Files and Create Country Code files and Build Continent XML Files update_output_window(gettext("Downloading MaxMind Country Databases. This may take a minute...")); exec("/bin/sh /usr/local/pkg/pfblockerng/geoipupdate.sh all >> {$pfb['geolog']} 2>&1"); @@ -2749,7 +2749,7 @@ function pfblockerng_php_install_command() { @unlink_if_exists("{$pfb['dbdir']}/GeoIPv6.csv"); @unlink_if_exists("{$pfb['dbdir']}/country_continent.csv"); - # Add Widget to Dashboard + // Add Widget to Dashboard update_output_window(gettext("Adding pfBlockerNG Widget to Dashboard.")); if ($pfb['keep'] == "on" && !empty($pfb['widgets'])) { // Restore previous Widget setting if "Keep" is enabled. @@ -2771,16 +2771,16 @@ function pfblockerng_php_deinstall_command() { require_once("config.inc"); global $config,$pfb; - # Set these two variables to Disable pfBlockerNG on De-Install + // Set these two variables to Disable pfBlockerNG on De-Install $pfb['save'] = TRUE; $pfb['install'] = TRUE; sync_package_pfblockerng(); rmdir_recursive("/usr/local/pkg/pfblockerng"); rmdir_recursive("/usr/local/www/pfblockerng"); - # Maintain pfBlockerNG Settings and Database Files if $pfb['keep'] is ON. + // Maintain pfBlockerNG Settings and Database Files if $pfb['keep'] is ON. if ($pfb['keep'] != "on") { - # Remove pfBlockerNG Log and DB Folder + // Remove pfBlockerNG Log and DB Folder rmdir_recursive("{$pfb['dbdir']}"); rmdir_recursive("{$pfb['logdir']}"); @@ -2793,7 +2793,7 @@ function pfblockerng_php_deinstall_command() { } } - # Remove Settings from Config + // Remove Settings from Config if (is_array($config['installedpackages']['pfblockerng'])) unset($config['installedpackages']['pfblockerng']); if (is_array($config['installedpackages']['pfblockerngglobal'])) @@ -2826,7 +2826,7 @@ function pfblockerng_php_deinstall_command() { unset($config['installedpackages']['pfblockerngproxyandsatellite']); } - # Remove Widget (code from Snort deinstall) + // Remove Widget (code from Snort deinstall) $pfb['widgets'] = $config['widgets']['sequence']; if (!empty($pfb['widgets'])) { $widgetlist = explode(",", $pfb['widgets']); |