aboutsummaryrefslogtreecommitdiffstats
path: root/config/pfblockerng
diff options
context:
space:
mode:
authorRenato Botelho <garga@FreeBSD.org>2015-05-28 13:19:21 -0300
committerRenato Botelho <garga@FreeBSD.org>2015-05-28 13:19:21 -0300
commit901b85305f21a6526b949181bcb7393433044b2d (patch)
tree630e022f8e307156aba53ac39b595e157fae5f11 /config/pfblockerng
parent5be0199960c6d8fe85d1e4085e26316b504a91cd (diff)
parent48d6105a64015ad0f547da90da150b030cbb26fd (diff)
downloadpfsense-packages-901b85305f21a6526b949181bcb7393433044b2d.tar.gz
pfsense-packages-901b85305f21a6526b949181bcb7393433044b2d.tar.bz2
pfsense-packages-901b85305f21a6526b949181bcb7393433044b2d.zip
Merge pull request #880 from BBcan177/pfBlockerNG_052015_1
Diffstat (limited to 'config/pfblockerng')
-rw-r--r--config/pfblockerng/pfblockerng.inc1237
-rw-r--r--config/pfblockerng/pfblockerng.php312
-rw-r--r--config/pfblockerng/pfblockerng.priv.inc6
-rw-r--r--config/pfblockerng/pfblockerng.sh13
-rw-r--r--config/pfblockerng/pfblockerng.widget.php453
-rw-r--r--config/pfblockerng/pfblockerng.xml194
-rw-r--r--config/pfblockerng/pfblockerng_alerts.php381
-rw-r--r--config/pfblockerng/pfblockerng_diag_dns.php23
-rw-r--r--config/pfblockerng/pfblockerng_log.php31
-rw-r--r--config/pfblockerng/pfblockerng_sync.xml14
-rw-r--r--config/pfblockerng/pfblockerng_top20.xml130
-rw-r--r--config/pfblockerng/pfblockerng_update.php164
-rw-r--r--config/pfblockerng/pfblockerng_v4lists.xml232
-rw-r--r--config/pfblockerng/pfblockerng_v6lists.xml226
14 files changed, 2191 insertions, 1225 deletions
diff --git a/config/pfblockerng/pfblockerng.inc b/config/pfblockerng/pfblockerng.inc
index 26eeb5e5..379ce223 100644
--- a/config/pfblockerng/pfblockerng.inc
+++ b/config/pfblockerng/pfblockerng.inc
@@ -46,7 +46,7 @@ require_once("pfsense-utils.inc");
require_once("globals.inc");
require_once("services.inc");
-# [ $pfb ] pfBlockerNG Global Array for Paths and Variables. This needs to be called to get the Updated Settings.
+// [ $pfb ] pfBlockerNG Global Array for Paths and Variables. This needs to be called to get the Updated Settings.
function pfb_global() {
global $g,$config,$pfb;
@@ -58,10 +58,7 @@ function pfb_global() {
$prefix = "/usr/local";
}
- # Collect pfSense Version
- $pfb['pfsenseversion'] = substr(trim(file_get_contents("/etc/version")),0,3);
-
- # Folders
+ // Folders
$pfb['dbdir'] = "{$g['vardb_path']}/pfblockerng";
$pfb['aliasdir'] = "{$g['vardb_path']}/aliastables";
$pfb['logdir'] = "{$g['varlog_path']}/pfblockerng";
@@ -71,39 +68,49 @@ function pfb_global() {
$pfb['matchdir'] = "{$pfb['dbdir']}/match";
$pfb['permitdir'] = "{$pfb['dbdir']}/permit";
$pfb['origdir'] = "{$pfb['dbdir']}/original";
- $pfb['ccdir'] = $prefix . "/share/GeoIP";
+ $pfb['ccdir'] = "{$prefix}/share/GeoIP";
- # Create Folders if not Exist.
+ // Create Folders if not Exist.
$folder_array = array ("{$pfb['dbdir']}","{$pfb['logdir']}","{$pfb['ccdir']}","{$pfb['origdir']}","{$pfb['nativedir']}","{$pfb['denydir']}","{$pfb['matchdir']}","{$pfb['permitdir']}","{$pfb['aliasdir']}");
foreach ($folder_array as $folder) {
safe_mkdir ("{$folder}",0755);
}
- # Files
- $pfb['master'] = "{$pfb['dbdir']}/masterfile";
- $pfb['errlog'] = "{$pfb['logdir']}/error.log";
- $pfb['geolog'] = "{$pfb['logdir']}/geoip.log";
- $pfb['log'] = "{$pfb['logdir']}/pfblockerng.log";
- $pfb['supptxt'] = "{$pfb['dbdir']}/pfbsuppression.txt";
- $pfb['script'] = 'sh /usr/local/pkg/pfblockerng/pfblockerng.sh';
- $pfb['aliasarchive'] = $prefix . "/etc/aliastables.tar.bz2";
-
- # General Variables
- $pfb['config'] = $config['installedpackages']['pfblockerng']['config'][0];
-
- # Enable/Disable of pfBlockerNG
- $pfb['enable'] = $pfb['config']['enable_cb'];
- # Keep Blocklists on pfBlockerNG Disable
- $pfb['keep'] = $pfb['config']['pfb_keep'];
- # Enable Suppression
- $pfb['supp'] = $pfb['config']['suppression'];
- # Max Lines in pfblockerng.log file
- $pfb['logmax'] = $pfb['config']['log_maxlines'];
- $pfb['iplocal'] = $config['interfaces']['lan']['ipaddr'];
- # Disable Country Database CRON Updates
- $pfb['cc'] = $pfb['config']['database_cc'];
-
- # Set pfBlockerNG to Disabled on 'Re-Install'
+ // Files
+ $pfb['master'] = "{$pfb['dbdir']}/masterfile";
+ $pfb['errlog'] = "{$pfb['logdir']}/error.log";
+ $pfb['geolog'] = "{$pfb['logdir']}/geoip.log";
+ $pfb['log'] = "{$pfb['logdir']}/pfblockerng.log";
+ $pfb['supptxt'] = "{$pfb['dbdir']}/pfbsuppression.txt";
+ $pfb['script'] = 'sh /usr/local/pkg/pfblockerng/pfblockerng.sh';
+ $pfb['aliasarchive'] = "{$prefix}/etc/aliastables.tar.bz2";
+
+ // General Variables
+ $pfb['config'] = $config['installedpackages']['pfblockerng']['config'][0];
+
+ // Enable/Disable of pfBlockerNG
+ $pfb['enable'] = $pfb['config']['enable_cb'];
+ // Keep Blocklists on pfBlockerNG Disable
+ $pfb['keep'] = $pfb['config']['pfb_keep'];
+ // Enable Suppression
+ $pfb['supp'] = $pfb['config']['suppression'];
+ // Max Lines in pfblockerng.log file
+ $pfb['logmax'] = $pfb['config']['log_maxlines'];
+ // Lan IP Address
+ $pfb['iplocal'] = $config['interfaces']['lan']['ipaddr'];
+ // Disable Country Database CRON Updates
+ $pfb['cc'] = $pfb['config']['database_cc'];
+
+ // User Defined CRON Start Minute
+ $pfb['min'] = $pfb['config']['pfb_min'];
+ // Start hour of the Scheduler
+ $pfb['hour'] = $pfb['config']['pfb_hour'];
+ // Hour cycle for Scheduler
+ $pfb['interval'] = $pfb['config']['pfb_interval'];
+ // Start hour of the 'Once a day' Schedule
+ $pfb['24hour'] = $pfb['config']['pfb_dailystart'];
+
+ // Set pfBlockerNG to Disabled on 'Re-Install'
if (isset($pfb['install']) && $pfb['install']) {
$pfb['enable'] = "";
$pfb['install'] = FALSE;
@@ -112,38 +119,51 @@ function pfb_global() {
pfb_global();
-# Set Max PHP Memory Setting
+// Set Max PHP Memory Setting
$uname = posix_uname();
-if ($uname['machine'] == 'amd64')
+if ($uname['machine'] == 'amd64') {
ini_set('memory_limit', '256M');
+}
-# Function to decode to Alias Custom Entry Box.
+// Function to decode to Alias Custom entry box.
function pfbng_text_area_decode($text) {
- return preg_replace('/\r\n/', "\n",base64_decode($text));
+ $customlist = explode("\r\n", base64_decode($text));
+ foreach ($customlist as $line) {
+ if (substr(trim($line), 0, 1) != '#' && !empty($line)) {
+ if (strpos($line, '#')) {
+ $custom .= trim(strstr($line, '#', TRUE)) . "\n";
+ } else {
+ $custom .= $line . "\n";
+ }
+ }
+ }
+ return $custom;
}
-# Manage Log File Line Limit
+// Manage Log File Line Limit
function pfb_log_mgmt() {
global $pfb;
pfb_global();
if ($pfb['logmax'] == "nolimit") {
- # Skip Log Mgmt
+ // Skip Log Mgmt
} else {
- exec("/usr/bin/tail -n {$pfb['logmax']} {$pfb['log']} > /tmp/pfblog; /bin/mv -f /tmp/pfblog {$pfb['log']}");
+ if (file_exists($pfb['log'])) {
+ exec("/usr/bin/tail -n {$pfb['logmax']} {$pfb['log']} > /tmp/pfblog; /bin/mv -f /tmp/pfblog {$pfb['log']}");
+ }
}
}
-# Record Log Messsages to pfBlockerNG Log File and/or Error Log File.
+// Record Log Messsages to pfBlockerNG Log File and/or Error Log File.
function pfb_logger($log, $type) {
global $g,$pfb,$pfbarr;
$now = date("m/d/y G:i:s", time());
- # Only log timestamp if new
+ // Only log timestamp if new
if (preg_match("/NOW/", $log)) {
if ($now == $pfb['pnow']) {
$log = str_replace("[ NOW ]", "", "{$log}");
@@ -164,9 +184,9 @@ function pfb_logger($log, $type) {
}
-# Determine Folder Location for 'List'
-function pfb_determine_list_detail($list) {
- global $g,$pfb,$pfbarr;
+// Determine 'List' Details
+function pfb_determine_list_detail($list="", $header_url="", $confconfig="", $key="") {
+ global $pfb,$pfbarr,$config;
$pfbarr = array();
if (in_array($list,array('Match_Both','Match_Inbound','Match_Outbound','Alias_Match'))) {
@@ -179,7 +199,7 @@ function pfb_determine_list_detail($list) {
$pfbarr['skip'] = FALSE;
$pfbarr['folder'] = "{$pfb['nativedir']}";
} else {
- # Deny
+ // Deny
$pfbarr['skip'] = TRUE;
$pfbarr['folder'] = "{$pfb['denydir']}";
}
@@ -191,10 +211,180 @@ function pfb_determine_list_detail($list) {
$pfbarr['descr'] = " Auto ";
}
+ // Determine length of Header to format log Output
+ if (strlen($header_url) > 19) {
+ $pfbarr['logtab'] = "";
+ }
+ elseif (strlen($header_url) > 11) {
+ $pfbarr['logtab'] = "\t";
+ }
+ elseif (strlen($header_url) < 4) {
+ $pfbarr['logtab'] = "\t\t\t";
+ }
+ else {
+ $pfbarr['logtab'] = "\t\t";
+ }
+
+ if ($confconfig != "") {
+ // Configure Autoports/Protocol and Auto Destination if required.
+ $autotype = array( 'autoports' => 'aliasports', 'autodest' => 'aliasdest');
+ $aports = ""; $adest = "";
+ $pfbarr['aproto'] = $config['installedpackages'][$confconfig]['config'][$key]['autoproto'];
+ foreach ($autotype as $akey => $atype) {
+ if ($config['installedpackages'][$confconfig]['config'][$key][$akey] == "on" && is_array($config['aliases']['alias'])) {
+ foreach ($config['aliases']['alias'] as $palias) {
+ if ($palias['name'] == $config['installedpackages'][$confconfig]['config'][$key][$atype]) {
+ if (!empty($palias['address'])) {
+ switch($akey) {
+ case "autoports":
+ $pfbarr['aports'] = $config['installedpackages'][$confconfig]['config'][$key][$atype];
+ break;
+ case "autodest":
+ $pfbarr['adest'] = $config['installedpackages'][$confconfig]['config'][$key][$atype];
+ break;
+ }
+ }
+ }
+ }
+ }
+ }
+ }
return $pfbarr;
}
-# Create Suppression Alias
+
+// Determine if Cron Task requires updating
+function pfblockerng_cron_exists($crontask, $pfb_min, $pfb_hour) {
+ global $config;
+
+ if (is_array($config['cron']['item'])) {
+ foreach ($config['cron']['item'] as $item) {
+ if (strpos($item['command'], $crontask) !== FALSE) {
+ if ($item['minute'] != $pfb_min) {
+ return FALSE;
+ }
+ if ($pfb_hour == 'maxmind' && !empty($item['hour'])) {
+ // Maxmind hour is randomized. Skip comparison.
+ return TRUE;
+ }
+ if ($item['hour'] != $pfb_hour) {
+ return FALSE;
+ }
+ return TRUE;
+ }
+ }
+ }
+ return FALSE;
+}
+
+
+// Calculate the cron task base hour setting
+function pfb_cron_base_hour() {
+ global $pfb;
+
+ if ($pfb['interval'] == 1) {
+ return;
+ }
+
+ if ($pfb['interval'] == 2) {
+ // 2 Hour Schedule Converter
+ $shour = intval(substr($pfb['hour'], 0, 2));
+ $sch2 = strval($shour);
+ for ($i=0; $i<11; $i++) {
+ $shour += 2;
+ if ($shour >= 24)
+ $shour -= 24;
+ $sch2 .= "," . strval($shour);
+ }
+ $sch2 = explode(",", $sch2);
+ sort($sch2);
+ return $sch2;
+ }
+
+ if ($pfb['interval'] == 3) {
+ // 3 Hour Schedule Converter
+ $shour = intval(substr($pfb['hour'], 0, 2));
+ $sch3 = strval($shour);
+ for ($i=0; $i<7; $i++) {
+ $shour += 3;
+ if ($shour >= 24)
+ $shour -= 24;
+ $sch3 .= "," . strval($shour);
+ }
+ $sch3 = explode(",", $sch3);
+ sort($sch3);
+ return $sch3;
+ }
+
+ if ($pfb['interval'] == 4) {
+ // 4 Hour Schedule Converter
+ $shour = intval(substr($pfb['hour'], 0, 2));
+ $sch4 = strval($shour);
+ for ($i=0; $i<5; $i++) {
+ $shour += 4;
+ if ($shour >= 24)
+ $shour -= 24;
+ $sch4 .= "," . strval($shour);
+ }
+ $sch4 = explode(",", $sch4);
+ sort($sch4);
+ return $sch4;
+ }
+
+ if ($pfb['interval'] == 6) {
+ // 6 Hour Schedule Converter
+ $shour = intval(substr($pfb['hour'], 0, 2));
+ $sch6 = strval($shour);
+ for ($i=0; $i<3; $i++) {
+ $shour += 6;
+ if ($shour >= 24)
+ $shour -= 24;
+ $sch6 .= "," . strval($shour);
+ }
+ $sch6 = explode(",", $sch6);
+ sort($sch6);
+ return $sch6;
+ }
+
+ if ($pfb['interval'] == 8) {
+ // 8 Hour Schedule Converter
+ $shour = intval(substr($pfb['hour'], 0, 2));
+ $sch8 = strval($shour);
+ for ($i=0; $i<2; $i++) {
+ $shour += 8;
+ if ($shour >= 24)
+ $shour -= 24;
+ $sch8 .= "," . strval($shour);
+ }
+ $sch8 = explode(",", $sch8);
+ sort($sch8);
+ return $sch8;
+ }
+
+ if ($pfb['interval'] == 12) {
+ // 12 Hour Schedule Converter
+ $shour = intval(substr($pfb['hour'], 0, 2));
+ $sch12 = strval($shour) . ",";
+ $shour += 12;
+ if ($shour >= 24)
+ $shour -= 24;
+ $sch12 .= strval($shour);
+ $sch12 = explode(",", $sch12);
+ sort($sch12);
+ return $sch12;
+ }
+
+ if ($pfb['interval'] == 24) {
+ return array($pfb['24hour']);
+ }
+
+ // Default to hourly schedule
+ $pfb['interval'] = 1;
+ return;
+}
+
+
+// Create Suppression Alias
function pfb_create_suppression_alias() {
global $config;
@@ -212,11 +402,11 @@ function pfb_create_suppression_alias() {
"detail" => ""
);
$config['aliases']['alias'] = $new_aliases;
- write_config();
+ $pfb['cron_mod'] = TRUE;
}
-# Create Suppression file from Alias
+// Create Suppression file from Alias
function pfb_create_suppression_file() {
global $config,$pfb;
@@ -235,19 +425,20 @@ function pfb_create_suppression_file() {
if ($pfb['found']) {
$pfb_suppress = str_replace(" ", "\n", $config['aliases']['alias'][$pfb_id]['address']);
if (!empty($pfb_suppress)) {
- @file_put_contents("{$pfb['supptxt']}",$pfb_suppress, LOCK_EX);
+ @file_put_contents("{$pfb['supptxt']}", $pfb_suppress, LOCK_EX);
} else {
unlink_if_exists("{$pfb['supptxt']}");
}
} else {
- # Delete Suppression File if Alias is Empty.
+ // Delete Suppression File if Alias is Empty.
unlink_if_exists("{$pfb['supptxt']}");
}
}
// Call Function to Create Suppression Alias.
- if (!$pfb['found'])
+ if (!$pfb['found']) {
pfb_create_suppression_alias();
+ }
}
@@ -306,7 +497,7 @@ function ip_range_to_subnet_array_temp2($ip1, $ip2) {
// already checked for the edge case where end = start+1 and start ends in 0x1, above, so it's safe
}
- // this is the only edge case arising from increment/decrement.
+ // this is the only edge case arising from increment/decrement.
// it happens if the range at start of loop is exactly 2 adjacent ips, that spanned the 1->0 gap. (we will have enumerated both by now)
if (strcmp($ip2bin, $ip1bin) < 0)
@@ -393,18 +584,21 @@ function pfb_aliastables($mode) {
}
}
- if ($msg != "")
+ if ($msg != "") {
pfb_logger("{$msg}","1");
+ $pfb['cron_mod'] = TRUE;
+ }
}
-# Main pfBlockerNG Function
+// Main pfBlockerNG Function
function sync_package_pfblockerng($cron = "") {
global $g,$config,$pfb,$pfbarr;
pfb_global();
+ $pfb['cron_mod'] = FALSE; // Flag to check for mods to the config.xml file.
- # Detect Boot Process or Update via CRON
+ // Detect Boot Process or Update via CRON
if (isset($_POST) && $cron == "") {
if (!preg_match("/\w+/",$_POST['__csrf_magic'])) {
log_error("[pfBlockerNG] Sync terminated during boot process.");
@@ -418,7 +612,7 @@ function sync_package_pfblockerng($cron = "") {
$pfb['save'] = TRUE;
}
- # Start of pfBlockerNG Logging to 'pfblockerng.log'
+ // Start of pfBlockerNG Logging to 'pfblockerng.log'
if ($pfb['enable'] == "on" && !$pfb['save']) {
$log = " UPDATE PROCESS START [ NOW ]\n";
pfb_logger("{$log}","1");
@@ -432,13 +626,15 @@ function sync_package_pfblockerng($cron = "") {
// Call function for NanoBSD/Ramdisk processes.
pfb_aliastables("conf");
- # Collect pfSense Max Table Size Entry
- $pfb['table_limit'] = ($config['system']['maximumtableentries'] != "" ? $config['system']['maximumtableentries'] : "2000000");
-
- # If Table limit not defined, set Default to 2M
- $config['system']['maximumtableentries'] = "{$pfb['table_limit']}";
+ // Collect pfSense Max Table Size Entry
+ if (empty($config['system']['maximumtableentries'])) {
+ // If Table limit not defined, set Default to 2M
+ $config['system']['maximumtableentries'] = "2000000";
+ $pfb['cron_mod'] = TRUE;
+ }
+ $pfb['table_limit'] = $config['system']['maximumtableentries'];
- # Collect local web gui configuration
+ // Collect local web gui configuration
$pfb['weblocal'] = ($config['system']['webgui']['protocol'] != "" ? $config['system']['webgui']['protocol'] : "http");
$pfb['port'] = $config['system']['webgui']['port'];
if ($pfb['port'] == "") {
@@ -450,72 +646,57 @@ function sync_package_pfblockerng($cron = "") {
}
$pfb['weblocal'] .= "://127.0.0.1:{$pfb['port']}/pfblockerng/pfblockerng.php";
- # Define Inbound/Outbound Action is not user selected.
+ // Define Inbound/Outbound Action is not user selected.
$pfb['deny_action_inbound'] = ($pfb['config']['inbound_deny_action'] != "" ? $pfb['config']['inbound_deny_action'] : "block");
$pfb['deny_action_outbound'] = ($pfb['config']['outbound_deny_action'] != "" ? $pfb['config']['outbound_deny_action'] : "reject");
- # Validation check to see if the Original pfBlocker package is Enabled
- $pfb['validate']= $pfb['config']['pfblocker_cb'];
- # User Defined CRON Start Minute
- $pfb['min'] = $pfb['config']['pfb_min'];
- # Reloads Existing Blocklists without Downloading New Lists
+ // Reloads Existing Blocklists without Downloading New Lists
$pfb['reuse'] = $pfb['config']['pfb_reuse'];
- # Enable OpenVPN AutoRules
+ // Enable OpenVPN AutoRules
$pfb['openvpn'] = $pfb['config']['openvpn_action'];
- # Enable/Disable Floating Auto-Rules
+ // Enable/Disable Floating Auto-Rules
$pfb['float'] = $pfb['config']['enable_float'];
- # Enable Remove of Duplicate IPs utilizing Grepcidr
+ // Enable Remove of Duplicate IPs utilizing Grepcidr
$pfb['dup'] = $pfb['config']['enable_dup'];
- # Order of the Auto-Rules
+ // Order of the Auto-Rules
$pfb['order'] = $pfb['config']['pass_order'];
- # Suffix used for Auto-Rules
+ // Suffix used for Auto-Rules
$pfb['suffix'] = $pfb['config']['autorule_suffix'];
- # Reputation Variables
+ // Reputation Variables
$pfb['config_rep'] = $config['installedpackages']['pfblockerngreputation']['config'][0];
- # Enable/Disable Reputation
+ // Enable/Disable Reputation
$pfb['rep'] = $pfb['config_rep']['enable_rep'];
- # Enable/Disable 'pDup'
+ // Enable/Disable 'pDup'
$pfb['pdup'] = $pfb['config_rep']['enable_pdup'];
- # Enable/Disable 'dDup'
+ // Enable/Disable 'dDup'
$pfb['dedup'] = ($pfb['config_rep']['enable_dedup'] != "" ? $pfb['config_rep']['enable_dedup'] : "x");
- # 'Max' variable setting for Reputation
+ // 'Max' variable setting for Reputation
$pfb['max'] = ($pfb['config_rep']['p24_max_var'] != "" ? $pfb['config_rep']['p24_max_var'] : "x");
- # 'dMax' variable setting for Reputation
+ // 'dMax' variable setting for Reputation
$pfb['dmax'] = ($pfb['config_rep']['p24_dmax_var'] != "" ? $pfb['config_rep']['p24_dmax_var'] : "x");
- # 'pMax' variable setting for Reputation
+ // 'pMax' variable setting for Reputation
$pfb['pmax'] = ($pfb['config_rep']['p24_pmax_var'] != "" ? $pfb['config_rep']['p24_pmax_var'] : "x");
- # Action for Whitelist Country Category
+ // Action for Whitelist Country Category
$pfb['ccwhite'] = $pfb['config_rep']['ccwhite'];
- # Action for Blacklist Country Category
+ // Action for Blacklist Country Category
$pfb['ccblack'] = $pfb['config_rep']['ccblack'];
- # List of Countries in the Whitelist Category
+ // List of Countries in the Whitelist Category
$pfb['ccexclude']= ($pfb['config_rep']['ccexclude'] != "" ? $pfb['config_rep']['ccexclude'] : "x");
- # Emerging Threats IQRisk Block Categories
+ // Emerging Threats IQRisk Block Categories
$pfb['etblock'] = ($pfb['config_rep']['etblock'] != "" ? $pfb['config_rep']['etblock'] : "x");
- # Emerging Threats IQRisk Match Categories
+ // Emerging Threats IQRisk Match Categories
$pfb['etmatch'] = ($pfb['config_rep']['etmatch'] != "" ? $pfb['config_rep']['etmatch'] : "x");
- # Perform a Force Update on ET Categories
+ // Perform a Force Update on ET Categories
$pfb['etupdate']= $pfb['config_rep']['et_update'];
- # Variables
+ // Variables
- # Starting Variable to Skip rep, pdup and dedeup functions if no changes are required
+ // Starting Variable to Skip rep, pdup and dedeup functions if no changes are required
$pfb['dupcheck'] = FALSE;
- ## $pfb['save'] is used to determine if User pressed "Save" Button to avoid Collision with CRON.
- ## This is defined in each pfBlockerNG XML Files
-
- # Validation Check to ensure pfBlocker and pfBlockerNG are not running at the same time.
- if ($pfb['validate'] == "") {
- # Collect pfBlocker Enabled Status from config file
- $pfb['validate_chk'] = $config['installedpackages']['pfblocker']['config'][0]['enable_cb'];
- if ($pfb['validate_chk'] == "on") {
- $log = "\n The Package 'pfBlocker' is currently Enabled. Either Disable pfBlocker, or 'Disable Validation Check' in pfBlockerNG \n";
- pfb_logger("{$log}","1");
- return;
- }
- }
+ // $pfb['save'] is used to determine if User pressed "Save" Button to avoid Collision with CRON.
+ // This is defined in each pfBlockerNG XML Files
#################################
@@ -533,8 +714,8 @@ function sync_package_pfblockerng($cron = "") {
"Proxy and Satellite" => "pfB_PS"
);
- #create rules vars and arrays
- # Array used to Collect Changes to Aliases to be saved to Config
+ // create rules vars and arrays
+ // Array used to Collect Changes to Aliases to be saved to Config
$new_aliases = array();
$new_aliases_list = array();
$continent_existing = array();
@@ -543,14 +724,14 @@ function sync_package_pfblockerng($cron = "") {
$permit_outbound = array();
$deny_inbound = array();
$deny_outbound = array();
- # An Array of all Aliases (Active and non-Active)
+ // An Array of all Aliases (Active and non-Active)
$aliases_list = array();
- # This is an Array of Aliases that Have Updated Lists via CRON/Force Update when 'Reputation' disabled.
+ // This is an Array of Aliases that Have Updated Lists via CRON/Force Update when 'Reputation' disabled.
$pfb_alias_lists = array();
- # This is an Array of All Active Aliases used when 'Reputation' enabled
+ // This is an Array of All Active Aliases used when 'Reputation' enabled
$pfb_alias_lists_all = array();
- # Base Rule Array
+ // Base Rule Array
$base_rule_reg = array( "id" => "",
"tag" => "",
"tagged" => "",
@@ -563,7 +744,7 @@ function sync_package_pfblockerng($cron = "") {
"os" => ""
);
- # Floating Rules, Base Rule Array
+ // Floating Rules, Base Rule Array
$base_rule_float = array("id" => "",
"tag" => "",
"tagged" => "",
@@ -583,8 +764,8 @@ function sync_package_pfblockerng($cron = "") {
# Configure Rule Suffix #
#########################################
- # Discover if any Rules are AutoRules (If no AutoRules found, $pfb['autorules'] is FALSE, Skip Rules Re-Order )
- # To configure Auto Rule Suffix. pfBlockerNG must be disabled to change Suffix and to avoid Duplicate Rules
+ // Discover if any Rules are AutoRules (If no AutoRules found, $pfb['autorules'] is FALSE, Skip Rules Re-Order )
+ // To configure Auto Rule Suffix. pfBlockerNG must be disabled to change Suffix and to avoid Duplicate Rules
$pfb['autorules'] = FALSE;
$pfb['found'] = FALSE;
foreach ($continents as $continent => $pfb_alias) {
@@ -610,16 +791,16 @@ function sync_package_pfblockerng($cron = "") {
}
}
- #Configure Auto Rule Suffix. pfBlockerNG must be disabled to change Suffix and to avoid Duplicate Rules
- # Count Number of Rules with 'pfB_'
+ // Configure Auto Rule Suffix. pfBlockerNG must be disabled to change Suffix and to avoid Duplicate Rules
+ // Count Number of Rules with 'pfB_'
$count = 0;
if (is_array($config['filter']['rule'])) {
foreach ($config['filter']['rule'] as $rule) {
- # Collect any pre-existing Suffix
+ // Collect any pre-existing Suffix
if (preg_match("/pfB_\w+(\s.*)/",$rule['descr'], $pfb_suffix_real) && $count == 0) {
$pfb_suffix_match = $pfb_suffix_real[1];
}
- # Query for Existing pfB Rules
+ // Query for Existing pfB Rules
if (preg_match("/pfB_/",$rule['descr'])) {
$count++;
break;
@@ -627,7 +808,7 @@ function sync_package_pfblockerng($cron = "") {
}
}
- # Change Suffix only if No pfB Rules Found and Auto Rules are Enabled.
+ // Change Suffix only if No pfB Rules Found and Auto Rules are Enabled.
if ($pfb['autorules'] && $count == 0) {
switch ($pfb['suffix']) {
case "autorule":
@@ -642,10 +823,10 @@ function sync_package_pfblockerng($cron = "") {
}
} else {
if ($pfb['autorules']) {
- # Use existing Suffix Match
+ // Use existing Suffix Match
$pfb['suffix'] = $pfb_suffix_match;
} else {
- # Leave Rule Suffix 'Blank'
+ // Leave Rule Suffix 'Blank'
$pfb['suffix'] = "";
}
}
@@ -655,50 +836,52 @@ function sync_package_pfblockerng($cron = "") {
# Configure INBOUND/OUTBOUND INTERFACES #
#########################################################
- # Collect pfSense Interface Order
+ // Collect pfSense Interface Order
$ifaces = get_configured_interface_list();
if (!empty($pfb['config']['inbound_interface'])) {
- # Sort Interface Array to match pfSense Interface order to allow Floating Rules to populate.
+ // Sort Interface Array to match pfSense Interface order to allow Floating Rules to populate.
$selected_interfaces = explode(",",$pfb['config']['inbound_interface']);
- # Sort pfBlockerNG Interface order to pfSense Interface Order
+ // Sort pfBlockerNG Interface order to pfSense Interface Order
$sort_interfaces = array_intersect($ifaces, $selected_interfaces);
$implode_interfaces = ltrim(implode(",",$sort_interfaces), ",");
- # CSV String for Inbound Interfaces for 'pfB_' Match Rules
+ // CSV String for Inbound Interfaces for 'pfB_' Match Rules
$pfb['inbound_floating'] = $implode_interfaces;
$pfb['inbound_interfaces_float'] = explode(" ",$implode_interfaces);
- # Assign Inbound Base Rule/Interfaces
+ // Assign Inbound Base Rule/Interfaces
if ($pfb['float'] == "on") {
- # Define Base Firewall Floating Rules Settings
+ // Define Base Firewall Floating Rules Settings
$base_rule = $base_rule_float;
$pfb['inbound_interfaces'] = $pfb['inbound_interfaces_float'];
} else {
- # Define Base Firewall Rules Settings
+ // Define Base Firewall Rules Settings
$base_rule = $base_rule_reg;
$pfb['inbound_interfaces'] = explode(",",$pfb['config']['inbound_interface']);
}
} else {
- # Define Empty Variable/Array
+ // Define Empty Variable/Array
$pfb['inbound_interfaces_float'] = "";
$pfb['inbound_interfaces'] = array();
}
if (!empty($pfb['config']['outbound_interface'])) {
- # Sort Interface Array to match pfSense Interface order to allow Floating Rules to populate.
+ // Sort Interface Array to match pfSense Interface order to allow Floating Rules to populate.
$selected_interfaces = explode(",",$pfb['config']['outbound_interface']);
- # Sort pfBlockerNG Interface order to pfSense Interface Order
+ // Sort pfBlockerNG Interface order to pfSense Interface Order
$sort_interfaces = array_intersect($ifaces, $selected_interfaces);
// If OpenVPN Interfaces are not in dropdown menu
- if ($pfb['openvpn'] == "on" && $config['openvpn']['openvpn-server'] || $pfb['openvpn'] == "on" && $config['openvpn']['openvpn-client'])
- if (!in_array("openvpn",$sort_interfaces))
+ if ($pfb['openvpn'] == "on" && $config['openvpn']['openvpn-server'] || $pfb['openvpn'] == "on" && $config['openvpn']['openvpn-client']) {
+ if (!in_array("openvpn",$sort_interfaces)) {
array_push($sort_interfaces, "openvpn");
+ }
+ }
$implode_interfaces = ltrim(implode(",",$sort_interfaces), ",");
- # CSV String for Outbound Interfaces for 'pfB_' Match Rules
+ // CSV String for Outbound Interfaces for 'pfB_' Match Rules
$pfb['outbound_floating'] = $implode_interfaces;
$pfb['outbound_interfaces_float'] = explode(" ",$implode_interfaces);
- # Assign Outbound Base Rule/Interfaces
+ // Assign Outbound Base Rule/Interfaces
if ($pfb['float'] == "on") {
$base_rule = $base_rule_float;
$pfb['outbound_interfaces'] = $pfb['outbound_interfaces_float'];
@@ -706,12 +889,14 @@ function sync_package_pfblockerng($cron = "") {
$base_rule = $base_rule_reg;
$pfb['outbound_interfaces'] = explode(",",$pfb['config']['outbound_interface']);
// If OpenVPN Interfaces are not in dropdown menu
- if ($pfb['openvpn'] == "on" && $config['openvpn']['openvpn-server'] || $pfb['openvpn'] == "on" && $config['openvpn']['openvpn-client'])
- if (!in_array("openvpn",$sort_interfaces))
+ if ($pfb['openvpn'] == "on" && $config['openvpn']['openvpn-server'] || $pfb['openvpn'] == "on" && $config['openvpn']['openvpn-client']) {
+ if (!in_array("openvpn",$sort_interfaces)) {
array_push($pfb['outbound_interfaces'], "openvpn");
+ }
+ }
}
} else {
- # Define Empty Variable/Array
+ // Define Empty Variable/Array
$pfb['outbound_interfaces_float'] = "";
$pfb['outbound_interfaces'] = array();
}
@@ -721,12 +906,13 @@ function sync_package_pfblockerng($cron = "") {
# Clear Removed Lists from Masterfiles #
#################################################
- # Process to keep Masterfiles in Sync with Valid Lists from config.conf file.
+ // Process to keep Masterfiles in Sync with Valid Lists from config.conf file.
$pfb['sync_master'] = TRUE;
- # Don't execute this function when pfBlockerNG is Disabled and 'Keep Blocklists' is enabled.
- if ($pfb['enable'] == "" && $pfb['keep'] == "on")
+ // Don't execute this function when pfBlockerNG is Disabled and 'Keep Blocklists' is enabled.
+ if ($pfb['enable'] == "" && $pfb['keep'] == "on") {
$pfb['sync_master'] = FALSE;
+ }
if ($pfb['sync_master']) {
$pfb['existing']['match']['type'] = "match";
@@ -754,7 +940,7 @@ function sync_package_pfblockerng($cron = "") {
$cont_type = array ("countries4" => "_v4", "countries6" => "_v6");
foreach ($cont_type as $c_type => $vtype) {
if ($continent_config[$c_type] != "") {
- # Set Parameters for 'Match', 'Permit', 'Native' and 'Deny'
+ // Set Parameters for 'Match', 'Permit', 'Native' and 'Deny'
if (in_array($continent_config['action'],array('Match_Both','Match_Inbound','Match_Outbound','Alias_Match'))) {
$pfb['existing']['match'][] = "{$pfb_alias}{$vtype}";
} elseif (in_array($continent_config['action'],array('Permit_Both','Permit_Inbound','Permit_Outbound','Alias_Permit'))){
@@ -770,7 +956,7 @@ function sync_package_pfblockerng($cron = "") {
}
}
- # Find all Enabled IPv4/IPv6 Lists
+ // Find all Enabled IPv4/IPv6 Lists
$list_type = array ("pfblockernglistsv4" => "_v4", "pfblockernglistsv6" => "_v6");
foreach ($list_type as $ip_type => $vtype) {
if ($config['installedpackages'][$ip_type]['config'] != "" && $pfb['enable'] == "on") {
@@ -782,9 +968,9 @@ function sync_package_pfblockerng($cron = "") {
} else {
$pfb_alias = "{$row['header']}_v6";
}
- # Collect Enabled Lists
+ // Collect Enabled Lists
if ($row['url'] != "" && $row['state'] != "Disabled") {
- # Set Parameters for 'Match', 'Permit', 'Native' and 'Deny'
+ // Set Parameters for 'Match', 'Permit', 'Native' and 'Deny'
if (in_array($list['action'],array('Match_Both','Match_Inbound','Match_Outbound','Alias_Match'))) {
$pfb['existing']['match'][] = "{$pfb_alias}";
} elseif (in_array($list['action'],array('Permit_Both','Permit_Inbound','Permit_Outbound','Alias_Permit'))) {
@@ -801,7 +987,7 @@ function sync_package_pfblockerng($cron = "") {
}
}
- # Find all Enabled IPv4 'Custom List' Header Names and Check if 'Emerging Threats Update' and 'Custom List Update' Needs Force Updating
+ // Find all Enabled IPv4 'Custom List' Header Names and Check if 'Emerging Threats Update' and 'Custom List Update' Needs Force Updating
$list_type = array ("pfblockernglistsv4" => "_v4", "pfblockernglistsv6" => "_v6");
foreach ($list_type as $ip_type => $vtype) {
if ($config['installedpackages'][$ip_type]['config'] != "" && $pfb['enable'] == "on") {
@@ -809,27 +995,28 @@ function sync_package_pfblockerng($cron = "") {
foreach ($config['installedpackages'][$ip_type]['config'] as $list) {
if (is_array($list['row']) && $list['action'] != "Disabled") {
$count++;
- # Check if 'Emerging Threats Update' Needs Updating before next CRON Event.
+ // Check if 'Emerging Threats Update' Needs Updating before next CRON Event.
if (is_array($list['row']) && $row['state'] != "Disabled" && $pfb['etupdate'] == "enabled" && $vtype == "_v4") {
foreach ($list['row'] as $row) {
$aliasname = $row['header'];
if ($row['format'] == "et") {
unlink_if_exists("{$pfb['denydir']}/{$aliasname}.txt");
$config['installedpackages']['pfblockerngreputation']['config'][0]['et_update'] = "disabled";
+ $pfb['cron_mod'] = TRUE;
break;
}
}
}
}
- # Collect Enabled Custom List Box Aliases
+ // Collect Enabled Custom List Box Aliases
if (pfbng_text_area_decode($list['custom']) != "") {
if ($vtype == "_v4") {
$pfb_alias = "{$list['aliasname']}_custom";
} else {
$pfb_alias = "{$list['aliasname']}_custom_v6";
}
- # Determine Folder Location for 'List'
+ // Determine Folder Location for 'List'
if (in_array($list['action'],array('Match_Both','Match_Inbound','Match_Outbound','Alias_Match'))) {
$pfb['existing']['match'][] = "{$pfb_alias}";
$pfbfolder = "{$pfb['matchdir']}";
@@ -843,18 +1030,19 @@ function sync_package_pfblockerng($cron = "") {
$pfb['existing']['deny'][] = "{$pfb_alias},"; // Add Trailing ','
$pfbfolder = "{$pfb['denydir']}";
}
- # Determine if 'Custom List' Needs Force Updating before next CRON Event.
+ // Determine if 'Custom List' Needs Force Updating before next CRON Event.
if ($list['custom_update'] == "enabled") {
unlink_if_exists("{$pfbfolder}/{$pfb_alias}.txt");
- # Uncheck 'Enabled' in List 'Custom_update' Setting
+ // Uncheck 'Enabled' in List 'Custom_update' Setting
$config['installedpackages'][$ip_type]['config'][$count]['custom_update'] = "disabled";
+ $pfb['cron_mod'] = TRUE;
}
}
}
}
}
- # Collect all .txt file Names for each List Type
+ // Collect all .txt file Names for each List Type
$list_types = array('match' => $pfb['matchdir'], 'permit' => $pfb['permitdir'], 'deny' => $pfb['denydir'], 'native' => $pfb['nativedir']);
foreach ($list_types as $type => $pfbfolder) {
$pfb_files = glob("$pfbfolder/*.txt");
@@ -868,12 +1056,12 @@ function sync_package_pfblockerng($cron = "") {
}
}
- # Flag to execute pfctl and Rules Ordering
+ // Flag to execute pfctl and Rules Ordering
$pfb['remove'] = FALSE;
- # Execute Final Summary as a List was Removed
+ // Execute Final Summary as a List was Removed
$pfb['summary'] = FALSE;
- # Process to Remove Lists from Masterfile/DB Folder if they do not Exist
+ // Process to Remove Lists from Masterfile/DB Folder if they do not Exist
if (isset($pfb['existing'])) {
foreach ($pfb['existing'] as $pfb_exist) {
$existing_type = $pfb_exist['type'];
@@ -888,7 +1076,7 @@ function sync_package_pfblockerng($cron = "") {
if ($f_result != "") {
$log = "[ Removing List(s) : {$f_result} ]\n";
pfb_logger("{$log}","1");
- # Script to Remove un-associated Lists
+ // Script to Remove un-associated Lists
exec ("{$pfb['script']} remove x x x {$f_result} >> {$pfb['log']} 2>&1");
$pfb['summary'] = TRUE;
$pfb['remove'] = TRUE;
@@ -898,13 +1086,13 @@ function sync_package_pfblockerng($cron = "") {
case "permit":
case "native":
$results = array_diff($pfb_act, $pfb_exist);
- # This variable ($f_result) used in next section below.
+ // This variable ($f_result) used in next section below.
$f_result = implode($results);
if (!empty($results)) {
- foreach ($results as $pfb_results) {
- $log = "[ Removing List(s) : {$pfb_results} ]\n";
+ foreach ($results as $pfb_result) {
+ $log = "[ Removing List : {$pfb_result} ]\n";
pfb_logger("{$log}","1");
- unlink_if_exists("{$pfbfolder}/{$pfb_results}.txt");
+ unlink_if_exists("{$pfbfolder}/{$pfb_result}.txt");
}
$pfb['summary'] = TRUE;
$pfb['remove'] = TRUE;
@@ -912,12 +1100,12 @@ function sync_package_pfblockerng($cron = "") {
break;
}
- # Allow Rebuilding of Changed Aliase to purge 'SKIP' Lists (when pfBlockerNG is Enabled)
+ // Allow rebuilding of changed Alias to purge 'SKIP' Lists (when pfBlockerNG is enabled)
$list_type = array ("pfblockernglistsv4" => "_v4", "pfblockernglistsv6" => "_v6");
foreach ($list_type as $ip_type => $vtype) {
if ($f_result != "" && $pfb['enable'] == "on") {
foreach ($results as $removed_header) {
- if ($config['installedpackages'][$ip_type]['config'] != "" && $pfb['enable'] == "on") {
+ if ($config['installedpackages'][$ip_type]['config'] != "") {
foreach ($config['installedpackages'][$ip_type]['config'] as $list) {
$alias = "pfB_" . preg_replace("/\W/","",$list['aliasname']);
if (is_array($list['row'])) {
@@ -926,7 +1114,7 @@ function sync_package_pfblockerng($cron = "") {
if ($row['header'] == $removed) {
$pfb['summary'] = TRUE;
$pfb['remove'] = TRUE;
- # Add Alias to Update Array
+ // Add Alias to Update Array
$pfb_alias_lists[] = "{$alias}";
$pfb_alias_lists_all[] = "{$alias}";
}
@@ -947,7 +1135,7 @@ function sync_package_pfblockerng($cron = "") {
# Clear Match/Pass/ET/Original Files/Folders #
#########################################################
- # When pfBlockerNG is Disabled and 'Keep Blocklists' is Disabled.
+ // When pfBlockerNG is Disabled and 'Keep Blocklists' is Disabled.
if ($pfb['enable'] == "" && $pfb['keep'] == "" && !$pfb['install']) {
$log = "\n Removing DB Files/Folders \n";
pfb_logger("{$log}","1");
@@ -964,12 +1152,13 @@ function sync_package_pfblockerng($cron = "") {
}
- #########################################
- # Create Suppression Txt File #
- #########################################
+ #################################################
+ # Create IP Suppression Txt File #
+ #################################################
- if ($pfb['enable'] == "on" && $pfb['supp'] == "on")
+ if ($pfb['enable'] == "on" && $pfb['supp'] == "on") {
pfb_create_suppression_file();
+ }
#################################
@@ -979,18 +1168,23 @@ function sync_package_pfblockerng($cron = "") {
foreach ($continents as $continent => $pfb_alias) {
if (is_array($config['installedpackages']['pfblockerng' . strtolower(preg_replace('/ /','',$continent))]['config'])) {
$continent_config = $config['installedpackages']['pfblockerng' . strtolower(preg_replace('/ /','',$continent))]['config'][0];
+ $cc_name = 'pfblockerng' . strtolower(preg_replace('/ /','',$continent));
if ($continent_config['action'] != "Disabled" && $pfb['enable'] == "on") {
- # Determine Folder Location for Alias (return array $pfbarr)
- pfb_determine_list_detail($continent_config['action']);
- $pfb['skip'] = $pfbarr['skip'];
- $pfb_descr = $pfbarr['descr'];
- $pfbfolder = $pfbarr['folder'];
-
// Determine if Continent Lists require Action (IPv4 and IPv6)
$cont_type = array ("countries4" => "_v4", "countries6" => "_v6");
foreach ($cont_type as $c_type => $vtype) {
+ // Determine 'List' details (return array $pfbarr)
+ pfb_determine_list_detail($continent_config['action'], "{$pfb_alias}{$vtype}", $cc_name, "0");
+ $pfb['skip'] = $pfbarr['skip'];
+ $pfb_descr = $pfbarr['descr'];
+ $pfbfolder = $pfbarr['folder'];
+ $log_tab = $pfbarr['logtab'];
+ $aports = $pfbarr['aports'];
+ $adest = $pfbarr['adest'];
+ $aproto = $pfbarr['aproto'];
+
$continent = "";
if ($continent_config[$c_type] != "") {
@@ -1001,48 +1195,40 @@ function sync_package_pfblockerng($cron = "") {
}
}
- if (file_exists($pfb['origdir'] . '/' . $pfb_alias . $vtype . '.orig'))
+ if (file_exists($pfb['origdir'] . '/' . $pfb_alias . $vtype . '.orig')) {
$continent_existing = preg_replace('/\s/', '', file ($pfb['origdir'] . '/' . $pfb_alias . $vtype . '.orig'));
-
+ }
// Collect New Continent Data for comparison. Cleanup Array for Comparison
$continent_new = preg_split ('/$\R?^/m', $continent);
$line = count ( $continent_new ) - 1;
$match = $continent_new[$line];
$continent_new[$line] = rtrim($match, "\n");
- # Check if pfBlockerNG pfctl Continent Tables are Empty (pfBlockerNG was Disabled w/ "keep", then Re-enabled)
+ // Check if pfBlockerNG pfctl Continent Tables are Empty (pfBlockerNG was Disabled w/ "keep", then Re-enabled)
$pfctlck = exec ("/sbin/pfctl -vvsTables | grep -A1 {$pfb_alias}{$vtype} | awk '/Addresses/ {s+=$2}; END {print s}'");
if (empty($pfctlck) && file_exists($pfbfolder . '/' . $pfb_alias . $vtype . '.txt')) {
$file_cont = file_get_contents($pfbfolder . '/' . $pfb_alias . $vtype . '.txt');
@file_put_contents($pfb['aliasdir'] . '/' . $pfb_alias . $vtype . '.txt',$file_cont, LOCK_EX);
- # PFCTL - Update Only Aliases that have been updated. ('Reputation' Disabled)
+ // PFCTL - Update Only Aliases that have been updated. ('Reputation' Disabled)
$pfb_alias_lists[] = "{$pfb_alias}{$vtype}";
}
- # Collect Active Alias Lists (Used for pfctl Update when 'Reputation' is enabled).
+ // Collect Active Alias Lists (Used for pfctl Update when 'Reputation' is enabled).
$pfb_alias_lists_all[] = "{$pfb_alias}{$vtype}";
// Compare Existing (Original File) and New Continent Data
if ($continent_new === $continent_existing && !empty($pfctlck) && file_exists($pfbfolder . '/' . $pfb_alias . $vtype . '.txt') && $pfb['reuse'] == "") {
- # Format Log into clean Tab Spaces
- $string_final = "{$pfb_alias}{$vtype}";
- if (strlen($string_final) > 10) {
- $log_tab = "\t";
- } else {
- $log_tab = "\t\t";
- }
-
if (!$pfb['save']) {
- $log = "\n[ {$pfb_alias}{$vtype} ] {$log_tab} exists, Reloading File [ NOW ]\n";
+ $log = "\n[ {$pfb_alias}{$vtype} ]{$log_tab} exists, Reloading File [ NOW ]";
pfb_logger("{$log}","1");
}
} else {
// Do not proceed with Changes on User 'Save'
if (!$pfb['save']) {
- $log = "\n[ {$pfb_alias}{$vtype} ] {$log_tab} Changes Found... Updating \n";
+ $log = "\n[ {$pfb_alias}{$vtype} ]{$log_tab} Changes Found... Updating \n";
pfb_logger("{$log}","1");
- # Test to Skip d-dup and p-dup functions when changes are found.
+ // Test to Skip d-dup and p-dup functions when changes are found.
$pfb['dupcheck'] = TRUE;
$pfb_alias_lists[] = "{$pfb_alias}{$vtype}";
@@ -1061,11 +1247,12 @@ function sync_package_pfblockerng($cron = "") {
@file_put_contents($pfb['aliasdir'] . '/' . $pfb_alias . $vtype . '.txt',$continent, LOCK_EX);
}
- # Check if File Exists and is >0 in Size and Save alias file
+ // Check if File Exists and is > 0 in Size and Save alias file
$file_chk = "0";
$cont_chk = "{$pfbfolder}/{$pfb_alias}{$vtype}.txt";
- if (file_exists($cont_chk) && @filesize($cont_chk) >0)
+ if (file_exists($cont_chk) && @filesize($cont_chk) > 0) {
$file_chk = exec ("/usr/bin/grep -cv '^#\|^$' {$cont_chk}");
+ }
if ($file_chk == "0" || $file_chk == "1") {
$new_file = "1.1.1.1\n";
@@ -1077,9 +1264,8 @@ function sync_package_pfblockerng($cron = "") {
}
}
-
if (file_exists($pfbfolder . '/' . $pfb_alias . $vtype . '.txt')) {
- #Create alias config
+ // Create alias config
$new_aliases_list[] = "{$pfb_alias}{$vtype}";
$pfb_contlog = $continent_config['aliaslog'];
@@ -1093,7 +1279,7 @@ function sync_package_pfblockerng($cron = "") {
"detail" => "DO NOT EDIT THIS ALIAS"
);
- #Create rule if action permits
+ // Create rule if action permits
switch ($continent_config['action']) {
case "Deny_Both":
case "Deny_Outbound":
@@ -1105,7 +1291,7 @@ function sync_package_pfblockerng($cron = "") {
$rule['direction'] = "any";
$rule['descr']= "{$pfb_alias}{$vtype}{$pfb['suffix']}";
$rule['source'] = array("any" => "");
- $rule['destination'] = array ("address" => "{$pfb_alias}{$vtype}");
+ $rule['destination'] = array("address" => "{$pfb_alias}{$vtype}");
if ($pfb['config']['enable_log'] == "on" || $pfb_contlog == "enabled")
$rule['log'] = "";
$deny_outbound[] = $rule;
@@ -1120,7 +1306,19 @@ function sync_package_pfblockerng($cron = "") {
$rule['direction'] = "any";
$rule['descr'] = "{$pfb_alias}{$vtype}{$pfb['suffix']}";
$rule['source'] = array("address" => "{$pfb_alias}{$vtype}");
- $rule['destination'] = array ("any" => "");
+ if (!empty($adest) && !empty($aports)) {
+ $rule['destination'] = array("address" => "{$adest}", "port" => "{$aports}");
+ } elseif (!empty($adest) && empty($aports)) {
+ $rule['destination'] = array("address" => "{$adest}");
+ } elseif (empty($adest) && !empty($aports)) {
+ $rule['destination'] = array("any" => "", "port" => "{$aports}");
+ } else {
+ $rule['destination'] = array("any" => "");
+ }
+ if (!empty($adest) && $continent_config['autonot'] == "on")
+ $rule['destination']['not'] = "";
+ if (!empty($aproto))
+ $rule['protocol'] = "{$aproto}";
if ($pfb['config']['enable_log'] == "on" || $pfb_contlog == "enabled")
$rule['log'] = "";
$deny_inbound[] = $rule;
@@ -1150,7 +1348,19 @@ function sync_package_pfblockerng($cron = "") {
$rule['direction'] = "any";
$rule['descr'] = "{$pfb_alias}{$vtype}{$pfb['suffix']}";
$rule['source'] = array("address"=> "{$pfb_alias}{$vtype}");
- $rule['destination'] = array ("any" => "");
+ if (!empty($adest) && !empty($aports)) {
+ $rule['destination'] = array("address" => "{$adest}", "port" => "{$aports}");
+ } elseif (!empty($adest) && empty($aports)) {
+ $rule['destination'] = array("address" => "{$adest}");
+ } elseif (empty($adest) && !empty($aports)) {
+ $rule['destination'] = array("any" => "", "port" => "{$aports}");
+ } else {
+ $rule['destination'] = array("any" => "");
+ }
+ if (!empty($adest) && $continent_config['autonot'] == "on")
+ $rule['destination']['not'] = "";
+ if (!empty($aproto))
+ $rule['protocol'] = "{$aproto}";
if ($pfb['config']['enable_log'] == "on" || $pfb_contlog == "enabled")
$rule['log'] = "";
$permit_inbound[] = $rule;
@@ -1163,8 +1373,8 @@ function sync_package_pfblockerng($cron = "") {
$rule['ipprotocol'] = "inet6";
$rule['direction'] = "any";
$rule['descr'] = "{$pfb_alias}{$vtype}{$pfb['suffix']}";
- $rule['source'] = array ("any" => "");
- $rule['destination'] = array ("address" => "{$pfb_alias}{$vtype}");
+ $rule['source'] = array("any" => "");
+ $rule['destination'] = array("address" => "{$pfb_alias}{$vtype}");
if ($pfb['config']['enable_log'] == "on" || $pfb_contlog == "enabled")
$rule['log'] = "";
$match_outbound[] = $rule;
@@ -1178,49 +1388,61 @@ function sync_package_pfblockerng($cron = "") {
$rule['direction'] = "any";
$rule['descr'] = "{$pfb_alias}{$vtype}{$pfb['suffix']}";
$rule['source'] = array ("address" => "{$pfb_alias}{$vtype}");
- $rule['destination'] = array ( "any" => "");
+ if (!empty($adest) && !empty($aports)) {
+ $rule['destination'] = array("address" => "{$adest}", "port" => "{$aports}");
+ } elseif (!empty($adest) && empty($aports)) {
+ $rule['destination'] = array("address" => "{$adest}");
+ } elseif (empty($adest) && !empty($aports)) {
+ $rule['destination'] = array("any" => "", "port" => "{$aports}");
+ } else {
+ $rule['destination'] = array("any" => "");
+ }
+ if (!empty($adest) && $continent_config['autonot'] == "on")
+ $rule['destination']['not'] = "";
+ if (!empty($aproto))
+ $rule['protocol'] = "{$aproto}";
if ($pfb['config']['enable_log'] == "on" || $pfb_contlog == "enabled")
$rule['log'] = "";
$match_inbound[] = $rule;
break;
}
} else {
- #unlink continent list if any
+ // unlink continent list if any
unlink_if_exists($pfb['aliasdir'] . '/' . $pfb_alias . $vtype . '.txt');
}
}
}
}
- #mark pfctl aliastable for cleanup
+ // mark pfctl aliastable for cleanup
if (!in_array($pfb_alias, $aliases_list)) {
$aliases_list[] = "{$pfb_alias}{$vtype}";
}
}
}
- # UNSET variables
+ // UNSET variables
unset ($continent, $continent_existing, $continent_new);
#################################################
# Download and Collect IPv4/IPv6 lists #
#################################################
- # IPv4 REGEX Definitions
+ // IPv4 REGEX Definitions
$pfb['range'] = '/((?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))-((?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))/';
$pfb['block'] = '/(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[ 0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.([0]{1})\s+/';
- $pfb['cidr'] = '/(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)?\/[0-9]{2}/';
+ $pfb['cidr'] = '/(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)?\/([0-9]{2}|[0-9]{1})/';
$pfb['single'] = '/(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\s+/';
$pfb['s_html'] = '/(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)/';
- # IPv4 preg_replace Regex Filter array
+ // IPv4 preg_replace Regex Filter array
$pfb_ipreg = array();
- $pfb_ipreg[0] = '/\b0+(?=\d)/'; # Remove any Leading Zeros in each Octet
- $pfb_ipreg[1] = '/\s/'; # Remove any Whitespaces
- $pfb_ipreg[2] = '/127\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/'; # Remove any Loopback Addresses 127/8
- $pfb_ipreg[3] = '/0\.0\.0\.0\/32/'; # Remove 0.0.0.0/32
- $pfb_ipreg[4] = '/0\.0\.0\.0/'; # Remove 0.0.0.0
-
- # IPv6 REGEX Definitions -- ** Still Needs some Adjustment on Regex Definition for IPv6 **
- # https://mebsd.com/coding-snipits/php-regex-ipv6-with-preg_match.html
+ $pfb_ipreg[0] = '/\b0+(?=\d)/'; // Remove any Leading Zeros in each Octet
+ $pfb_ipreg[1] = '/\s/'; // Remove any Whitespaces
+ $pfb_ipreg[2] = '/\/32/'; // Remove any /32 CIDR
+ $pfb_ipreg[3] = '/127\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/'; // Remove any Loopback Addresses 127/8
+ $pfb_ipreg[4] = '/0\.0\.0\.0/'; // Remove 0.0.0.0
+
+ // IPv6 REGEX Definitions -- ** Still Needs some Adjustment on Regex Definition for IPv6 **
+ // https://mebsd.com/coding-snipits/php-regex-ipv6-with-preg_match.html
$pattern1 = '([A-Fa-f0-9]{1,4}:){7}[A-Fa-f0-9]{1,4}';
$pattern2 = '[A-Fa-f0-9]{1,4}::([A-Fa-f0-9]{1,4}:){0,5}[A-Fa-f0-9]{1,4}';
$pattern3 = '([A-Fa-f0-9]{1,4}:){2}:([A-Fa-f0-9]{1,4}:){0,4}[A-Fa-f0-9]{1,4}';
@@ -1239,28 +1461,22 @@ function sync_package_pfblockerng($cron = "") {
if ($config['installedpackages'][$ip_type]['config'] != "") {
foreach ($config['installedpackages'][$ip_type]['config'] as $list) {
if ($list['action'] != "Disabled" && $pfb['enable'] == "on" && !$pfb['save'] && is_array($list['row'])) {
- # Capture Alias Name
+ // capture Alias Name
$alias = "pfB_" . preg_replace("/\W/","",$list['aliasname']);
foreach ($list['row'] as $row) {
if ($row['url'] != "" && $row['state'] != "Disabled") {
- # Determine Folder Location for Alias (return array $pfbarr)
- pfb_determine_list_detail($list['action']);
- $pfb['skip'] = $pfbarr['skip'];
- $pfbfolder = $pfbarr['folder'];
-
if ($vtype == "_v4") {
$header_url = "{$row['header']}";
} else {
$header_url = "{$row['header']}_v6";
}
- # Format Log into clean Tab Spaces
- if (strlen($header_url) > 10) {
- $log_tab = "\t";
- } else {
- $log_tab = "\t\t";
- }
+ // Determine 'List' details (return array $pfbarr)
+ pfb_determine_list_detail($list['action'], $header_url, "", "");
+ $pfb['skip'] = $pfbarr['skip'];
+ $pfbfolder = $pfbarr['folder'];
+ $log_tab = $pfbarr['logtab'];
// Empty Header Field Validation Check
if (empty($header_url) || preg_match("/\W/",$header_url)) {
@@ -1269,33 +1485,35 @@ function sync_package_pfblockerng($cron = "") {
continue;
}
- # Collect Active Alias List (Used for pfctl Update when 'Reputation' is enabled.
+ // Collect Active Alias List (Used for pfctl Update when 'Reputation' is enabled.
$pfb_alias_lists_all[] = "{$alias}";
if (file_exists($pfbfolder . '/' . $header_url . '.txt') && $pfb['reuse'] == "") {
if ($row['state'] == "Hold") {
- $log = "\n[ {$header_url} ] {$log_tab} Static Hold [ NOW ]\n";
+ $log = "\n[ {$header_url} ]{$log_tab} Static Hold [ NOW ]";
} else {
- $log = "\n[ {$header_url} ] {$log_tab} exists, Reloading File [ NOW ]\n";
+ $log = "\n[ {$header_url} ]{$log_tab} exists, Reloading File [ NOW ]";
}
pfb_logger("{$log}","1");
} else {
if ($pfb['reuse'] == "on" && file_exists($pfb['origdir'] . '/' . $header_url . '.orig')) {
- $log = "\n[ {$header_url} ] {$log_tab} Using Previously Downloaded File [ NOW ]\n";
+ $log = "\n[ {$header_url} ]{$log_tab} Using Previously Downloaded File [ NOW ]";
} else {
- $log = "\n[ {$header_url} ] {$log_tab} Downloading New File [ NOW ]\n";
- }
+ $log = "\n[ {$header_url} ]{$log_tab} Downloading New File [ NOW ]";
+ }
pfb_logger("{$log}","1");
- # Perform Remote URL Date/Time Stamp checks
- $host = @parse_url($row['url']);
$list_url = "{$row['url']}";
- if ($row['format'] != "rsync" || $row['format'] != "html") {
- if ($host['host'] == "127.0.0.1" || $host['host'] == $pfb['iplocal'] || empty($host['host'])) {
- $remote_tds = "local";
- } else {
- $remote_tds = @implode(preg_grep("/Last-Modified/", get_headers($list_url)));
- $remote_tds = preg_replace("/^Last-Modified: /","", $remote_tds);
+ if (!$pfb['reuse'] == "on") {
+ // Perform Remote URL Date/Time Stamp checks
+ $host = @parse_url($row['url']);
+ if ($row['format'] != "rsync" || $row['format'] != "html") {
+ if ($host['host'] == "127.0.0.1" || $host['host'] == $pfb['iplocal'] || empty($host['host'])) {
+ $remote_tds = "local";
+ } else {
+ $remote_tds = @implode(preg_grep("/Last-Modified/", get_headers($list_url)));
+ $remote_tds = preg_replace("/^Last-Modified: /","", $remote_tds);
+ }
}
}
@@ -1303,7 +1521,7 @@ function sync_package_pfblockerng($cron = "") {
if ($row['format'] == "gz" || $row['format'] == "gz_2") {
$file_dwn = "{$pfb['origdir']}/{$header_url}.gz";
if ($pfb['reuse'] == "on" && file_exists($file_dwn)) {
- # File Exists/Reuse
+ // File Exists/Reuse
} else {
$url_gz = "{$row['url']}";
$file_gz = @file_get_contents($url_gz);
@@ -1317,11 +1535,11 @@ function sync_package_pfblockerng($cron = "") {
$url_list = @gzfile($file_dwn);
}
- # IBlock Large Files mixed with IPs and Domains. PHP mem of 256M can't handle very large Files.
+ // IBlock Large Files mixed with IPs and Domains. PHP mem of 256M can't handle very large Files.
if ($row['format'] == "gz_lg") {
$file_dwn = "{$pfb['origdir']}/{$header_url}.gz";
if ($pfb['reuse'] == "on" && file_exists($file_dwn)) {
- # File Exists/Reuse
+ // File Exists/Reuse
} else {
$url_gz = "{$row['url']}";
$file_gz = @file_get_contents($url_gz);
@@ -1339,12 +1557,12 @@ function sync_package_pfblockerng($cron = "") {
elseif ($row['format'] == "zip") {
$file_dwn = "{$pfb['origdir']}/{$header_url}.zip";
if ($pfb['reuse'] == "on" && file_exists($file_dwn)) {
- # File Exists/Reuse
+ // File Exists/Reuse
} else {
$url_zip = "{$row['url']}";
if (!$file_zip = @file_get_contents($url_zip)) {
$error = error_get_last();
- $log = "\n [ {$header_url} ] {$error['message']} \n";
+ $log = "\n [ {$header_url} ] {$error['message']}\n";
pfb_logger("{$log}","2");
} else {
@file_put_contents($file_dwn, $file_zip, LOCK_EX);
@@ -1362,9 +1580,9 @@ function sync_package_pfblockerng($cron = "") {
elseif ($row['format'] == "et") {
$file_dwn = "{$pfb['origdir']}/{$header_url}.gz";
- # Script to Call ET IQRISK Process
+ // Script to Call ET IQRISK Process
if ($pfb['reuse'] == "on" && file_exists($file_dwn)) {
- # File Exists/Reuse
+ // File Exists/Reuse
} else {
$url_et = "{$row['url']}";
$file_et = @file_get_contents($url_et);
@@ -1381,9 +1599,9 @@ function sync_package_pfblockerng($cron = "") {
elseif ($row['format'] == "xlsx") {
$file_dwn = "{$pfb['origdir']}/{$header_url}.zip";
- # Script to Call XLSX Process
+ // Script to Call XLSX Process
if ($pfb['reuse'] == "on" && file_exists($file_dwn)) {
- # File Exists/Reuse
+ // File Exists/Reuse
} else {
$url_xlsx = "{$row['url']}";
$file_xlsx = @file_get_contents($url_xlsx);
@@ -1417,11 +1635,11 @@ function sync_package_pfblockerng($cron = "") {
elseif ($row['format'] == "html" || $row['format'] == "block") {
$file_dwn = "{$pfb['origdir']}/{$header_url}.raw";
if ($pfb['reuse'] == "on" && file_exists($file_dwn)) {
- # File Exists/Reuse
+ // File Exists/Reuse
$return = 0;
} else {
$url_html = "{$row['url']}";
- exec ("/usr/bin/fetch -v -o {$file_dwn} -T 20 {$url_html}",$output,$return);
+ exec ("/usr/bin/fetch -v -o {$file_dwn} -T 20 '{$url_html}'",$output,$return);
}
if ($return == 0)
$url_list = @file($file_dwn);
@@ -1430,7 +1648,7 @@ function sync_package_pfblockerng($cron = "") {
elseif ($row['format'] == "rsync") {
$file_dwn = "{$pfb['origdir']}/{$header_url}.orig";
if ($pfb['reuse'] == "on" && file_exists($file_dwn)) {
- # File Exists/Reuse
+ // File Exists/Reuse
} else {
$url_rsync = "{$row['url']}";
exec ("/usr/local/bin/rsync --timeout=5 {$url_rsync} {$file_dwn}");
@@ -1438,13 +1656,13 @@ function sync_package_pfblockerng($cron = "") {
$url_list = @file($file_dwn);
}
- #extract range lists
+ // extract range lists
$new_file = "";
if (!empty($url_list)) {
if ($row['format'] == "gz" && $vtype == "_v4") {
foreach ($url_list as $line) {
if (!preg_match("/^#/", $line)) {
- # Network range 192.168.0.0-192.168.0.254
+ // Network range 192.168.0.0-192.168.0.254
if (preg_match($pfb['range'],$line,$matches)) {
$a_cidr = ip_range_to_subnet_array_temp2($matches[1],$matches[2]);
if (!empty($a_cidr)) {
@@ -1460,7 +1678,7 @@ function sync_package_pfblockerng($cron = "") {
elseif ($row['format'] == "block" && $vtype == "_v4") {
foreach ($url_list as $line) {
if (!preg_match("/^#/", $line)) {
- # Block Type '218.77.79.0 218.77.79.255 24'
+ // Block Type '218.77.79.0 218.77.79.255 24'
if (preg_match($pfb['block'],$line,$matches)) {
$new_file .= preg_replace($pfb_ipreg, '',$matches[0]) . "/24\n";
}
@@ -1471,11 +1689,11 @@ function sync_package_pfblockerng($cron = "") {
elseif ($row['format'] == "html" && $vtype == "_v4") {
foreach ($url_list as $line) {
if (!preg_match("/^#/", $line)) {
- # CIDR format 192.168.0.0/16
+ // CIDR format 192.168.0.0/16
if (preg_match($pfb['cidr'],$line,$matches)) {
$new_file .= preg_replace($pfb_ipreg, '',$matches[0]) . "\n";
}
- # Single ip addresses
+ // Single ip addresses
elseif (preg_match($pfb['s_html'],$line,$matches)) {
$new_file .= preg_replace($pfb_ipreg, '',$matches[0]) . "\n";
}
@@ -1486,7 +1704,7 @@ function sync_package_pfblockerng($cron = "") {
elseif ($vtype == "_v6") {
foreach ($url_list as $line) {
if (!preg_match("/^#/", $line)) {
- # IPv6 Regex Match
+ // IPv6 Regex Match
if (preg_match($pfb['ipv6'],$line,$matches)) {
$new_file .= preg_replace($pfb_ipreg, '',$matches[0]) . "\n";
}
@@ -1497,11 +1715,20 @@ function sync_package_pfblockerng($cron = "") {
else {
foreach ($url_list as $line) {
if (!preg_match("/^#/", $line)) {
- # CIDR format 192.168.0.0/16
- if (preg_match($pfb['cidr'],$line,$matches)) {
+ // Network range 192.168.0.0-192.168.0.254
+ if (preg_match($pfb['range'],$line,$matches)) {
+ $a_cidr = ip_range_to_subnet_array_temp2($matches[1],$matches[2]);
+ if (!empty($a_cidr)) {
+ foreach ($a_cidr as $cidr) {
+ $new_file .= preg_replace($pfb_ipreg,'',$cidr) . "\n";
+ }
+ }
+ }
+ // CIDR format 192.168.0.0/16
+ elseif (preg_match($pfb['cidr'],$line,$matches)) {
$new_file .= preg_replace($pfb_ipreg, '',$matches[0]) . "\n";
}
- # Single ip addresses
+ // Single ip addresses
elseif (preg_match($pfb['single'],$line,$matches)) {
$new_file .= preg_replace($pfb_ipreg, '',$matches[0]) . "\n";
}
@@ -1510,17 +1737,18 @@ function sync_package_pfblockerng($cron = "") {
}
}
- # Check to see if Blocklist actually Failed Download or has no IPs listed.
+ // Check to see if Blocklist actually Failed Download or has no IPs listed.
if ($row['format'] == "html" || $row['format'] == "block") {
$url_chk = $file_dwn;
} else {
$url_chk = "{$pfb['origdir']}/{$header_url}.orig";
}
- # Check if File Exists and is >0 in Size
+ // Check if File Exists and is > 0 in Size
$file_chk = "";
- if (file_exists($url_chk) && @filesize($url_chk) >0)
+ if (file_exists($url_chk) && @filesize($url_chk) > 0) {
$file_chk = exec ("/usr/bin/grep -cv '^#\|^$' {$url_chk}");
+ }
if ($file_chk == "0") {
$new_file = "1.1.1.1\n";
@@ -1531,41 +1759,42 @@ function sync_package_pfblockerng($cron = "") {
if ($new_file != "") {
if ($row['format'] == "gz" || $row['format'] == "gz_2" || $row['format'] == "html" || $row['format'] == "block") {
- # Re-Save these formats as original file
+ // Re-Save these formats as original file
$url_other = $new_file;
@file_put_contents($pfb['origdir'] . '/' . $header_url . '.orig',$url_other, LOCK_EX);
}
- # Save List to '.txt' format in appropriate Folder
+ // Save List to '.txt' format in appropriate Folder
@file_put_contents($pfbfolder . '/' .$header_url . '.txt',$new_file, LOCK_EX);
if ($pfb['rep'] == "on" && $pfb['skip'] && $vtype == "_v4") {
- # Script to Call p24 Process
+ // Script to Call p24 Process
exec ("{$pfb['script']} p24 {$header_url} {$pfb['max']} {$pfb['dedup']} {$pfb['ccexclude']} {$pfb['ccwhite']} {$pfb['ccblack']} >> {$pfb['log']} 2>&1");
}
if ($pfb['dup'] == "on" && $pfb['skip'] && $vtype == "_v4") {
- # Script to call Duplication Check Process
+ // Script to call Duplication Check Process
exec ("{$pfb['script']} duplicate {$header_url} >> {$pfb['log']} 2>&1");
}
- # PFCTL - Update Only Aliases that have been updated only.
+ // PFCTL - Update Only Aliases that have been updated only.
$pfb_alias_lists[] = "{$alias}";
- # Launch d-dup and p-dup functions when changes are found.
- if ($pfb['skip'] && $vtype == "_v4")
+ // Launch d-dup and p-dup functions when changes are found.
+ if ($pfb['skip'] && $vtype == "_v4") {
$pfb['dupcheck'] = TRUE;
- # Enable Suppression Process due to Updates
- if ($pfb['supp'] == "on" && $vtype == "_v4")
+ }
+ // Enable Suppression Process due to Updates
+ if ($pfb['supp'] == "on" && $vtype == "_v4") {
$pfb['supp_update'] = TRUE;
-
+ }
} else {
- # Log FAILED Downloads and Check if Firewall or Snort/Suricata is Blocking Host
+ // Log FAILED Downloads and Check if Firewall or Snort/Suricata is Blocking Host
$log = "\n [ {$alias} {$header_url} ] Download FAIL [ NOW ]\n";
pfb_logger("{$log}","2");
- # Rebuild Previous List File from contents of Masterfile
+ // Rebuild Previous List File from contents of Masterfile
if ($pfb['skip'] && $vtype == "_v4") {
- # Search with trailing Whitespace to match exact Header in Masterfile
+ // Search with trailing Whitespace to match exact Header in Masterfile
$header_url2 = $header_url . "[[:space:]]";
$file_chk = exec ("/usr/bin/grep {$header_url2} {$pfb['master']} | grep -c ^");
@@ -1575,17 +1804,17 @@ function sync_package_pfblockerng($cron = "") {
exec ("/usr/bin/grep {$header_url2} {$pfb['master']} | cut -d' ' -f2 > {$pfbfolder}/{$header_url}.txt");
}
}
- # A "Space" string Variable
+ // A "Space" string Variable
$sp = " ";
$ip = @gethostbyname($host['host']);
$ip2 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", "\"^$1\.$2\.$3\.\"", $ip);
- # Only Perform these Checks if they are not "localfiles"
+ // Only Perform these Checks if they are not "localfiles"
if ($host['host'] == "127.0.0.1" || $host['host'] == $pfb['iplocal'] || empty($host['host'])) {
$log = " [ {$alias} {$header_url} ] Local File Failure \n";
pfb_logger("{$log}","2");
} else {
- # only perform these steps if an 'IP' is found.
+ // only perform these steps if an 'IP' is found.
if (!empty($ip)) {
// Query for Exact IP Match
$result_b1 = array();
@@ -1596,7 +1825,7 @@ function sync_package_pfblockerng($cron = "") {
// Query Snort/Suricata snort2c IP Block Table
$snort_pfb = exec("/sbin/pfctl -t snort2c -T show | grep {$ip}");
- # If an exact IP Match is not found report any First Three IP Octets.
+ // If an exact IP Match is not found report any First Three IP Octets.
if (!empty($result_b1)) {
$final_b1 = implode("\n ", $result_b1);
$log = " [ {$alias} {$header_url}, {$ip} ] Firewall IP Block Found in : \n{$sp}{$final_b1}\n";
@@ -1618,12 +1847,12 @@ function sync_package_pfblockerng($cron = "") {
}
}
}
- # UNSET variables
+ // UNSET variables
unset ($file_gz,$file_zip,$file_et,$file_xlsx,$url_other,$url_list);
}
}
}
- #check custom network list
+ // check custom network list
if (pfbng_text_area_decode($list['custom']) != "") {
if ($vtype == "_v4") {
@@ -1632,27 +1861,21 @@ function sync_package_pfblockerng($cron = "") {
$aliascustom = "{$list['aliasname']}_custom_v6";
}
- # Format Log into clean Tab Spaces
- if (strlen($aliascustom) > 10) {
- $log_tab = "\t";
- } else {
- $log_tab = "\t\t";
- }
-
- # Collect Active Alias List (Used for pfctl Update when 'Reputation' is enabled.
+ // Collect Active Alias List (Used for pfctl Update when 'Reputation' is enabled.
$pfb_alias_lists_all[] = "{$alias}";
- # Determine Folder Location for Alias (return array $pfbarr)
- pfb_determine_list_detail($list['action']);
- $pfb['skip'] = $pfbarr['skip'];
- $pfbfolder = $pfbarr['folder'];
+ // Determine 'List' details (return array $pfbarr)
+ pfb_determine_list_detail($list['action'], $aliascustom, "", "");
+ $pfb['skip'] = $pfbarr['skip'];
+ $pfbfolder = $pfbarr['folder'];
+ $log_tab = $pfbarr['logtab'];
if (file_exists($pfbfolder . '/' . $aliascustom . '.txt') && $pfb['reuse'] == "") {
- $log = "\n[ {$aliascustom} ] {$log_tab} exists, Reloading File [ NOW ]\n";
+ $log = "\n[ {$aliascustom} ]{$log_tab} exists, Reloading File [ NOW ]";
pfb_logger("{$log}","1");
} else {
$url_list = array();
- $log = "\n[ {$aliascustom} ] {$log_tab} Loading Custom File [ NOW ]\n";
+ $log = "\n[ {$aliascustom} ]{$log_tab} Loading Custom File [ NOW ]\n";
pfb_logger("{$log}","1");
$custom_list = pfbng_text_area_decode($list['custom']) . "\n";
@@ -1663,16 +1886,8 @@ function sync_package_pfblockerng($cron = "") {
if (!empty($url_list)) {
foreach ($url_list as $line) {
if ($vtype == "_v4") {
- # CIDR format 192.168.0.0/16
- if (preg_match($pfb['cidr'],$line,$matches)) {
- $new_file .= preg_replace($pfb_ipreg, '',$matches[0]) . "\n";
- }
- # Single ip addresses
- elseif (preg_match($pfb['s_html'],$line,$matches)) {
- $new_file .= preg_replace($pfb_ipreg, '',$matches[0]) . "\n";
- }
- # Network range 192.168.0.0-192.168.0.254
- elseif (preg_match($pfb['range'],$line,$matches)) {
+ // Network range 192.168.0.0-192.168.0.254
+ if (preg_match($pfb['range'],$line,$matches)) {
$a_cidr = ip_range_to_subnet_array_temp2($matches[1],$matches[2]);
if (!empty($a_cidr)) {
foreach ($a_cidr as $cidr) {
@@ -1680,8 +1895,16 @@ function sync_package_pfblockerng($cron = "") {
}
}
}
+ // CIDR format 192.168.0.0/16
+ elseif (preg_match($pfb['cidr'],$line,$matches)) {
+ $new_file .= preg_replace($pfb_ipreg, '',$matches[0]) . "\n";
+ }
+ // Single ip addresses
+ elseif (preg_match($pfb['s_html'],$line,$matches)) {
+ $new_file .= preg_replace($pfb_ipreg, '',$matches[0]) . "\n";
+ }
} else {
- # IPv6 Regex
+ // IPv6 Regex
if (preg_match($pfb['ipv6'],$line,$matches)) {
$new_file .= preg_replace($pfb_ipreg, '',$matches[0]) . "\n";
}
@@ -1690,19 +1913,20 @@ function sync_package_pfblockerng($cron = "") {
}
if ($new_file != "") {
- # PFCTL - Collect Only Aliases that have been updated only.
+ // PFCTL - Collect Only Aliases that have been updated only.
$pfb_alias_lists[] = "{$alias}";
- # Collect Updated lists for Suppression Process
+ // Collect Updated lists for Suppression Process
@file_put_contents($pfbfolder . '/'. $aliascustom . '.txt',$new_file, LOCK_EX);
- # Enable Suppression Process due to Updates
- if ($pfb['supp'] == "on" && $vtype == "_v4")
+ // Enable Suppression Process due to Updates
+ if ($pfb['supp'] == "on" && $vtype == "_v4") {
$pfb['supp_update'] = TRUE;
+ }
if ($pfb['rep'] == "on" && $pfb['skip'] && $vtype == "_v4") {
- # Script to Call p24 Process
+ // Script to Call p24 Process
exec ("{$pfb['script']} p24 {$aliascustom} {$pfb['max']} {$pfb['dedup']} {$pfb['ccexclude']} {$pfb['ccwhite']} {$pfb['ccblack']} >> {$pfb['log']} 2>&1");
}
if ($pfb['dup'] == "on" && $pfb['skip'] && $vtype == "_v4") {
- # Script to call Duplication Check Process
+ // Script to call Duplication Check Process
exec ("{$pfb['script']} duplicate {$aliascustom} >> {$pfb['log']} 2>&1");
}
} else {
@@ -1721,13 +1945,13 @@ function sync_package_pfblockerng($cron = "") {
# REPUTATION PROCESSES #
#################################
- # IP Reputation processes (pdup and ddup)
+ // IP Reputation processes (pdup and ddup)
if ($pfb['pdup'] == "on" && $pfb['dupcheck'] && !$pfb['save'] && $pfb['enable'] == "on") {
- # Script to run pdup process
+ // Script to run pdup process
exec ("{$pfb['script']} pdup x {$pfb['pmax']} >> {$pfb['log']} 2>&1");
}
if ($pfb['dedup'] == "on" && $pfb['dupcheck'] && !$pfb['save'] && $pfb['enable'] == "on") {
- # Script to run dedup process
+ // Script to run dedup process
exec ("{$pfb['script']} dedup x {$pfb['dmax']} {$pfb['dedup']} {$pfb['ccexclude']} {$pfb['ccwhite']} {$pfb['ccblack']} >> {$pfb['log']} 2>&1");
}
@@ -1739,28 +1963,33 @@ function sync_package_pfblockerng($cron = "") {
foreach ($list_type as $ip_type => $vtype) {
if ($config['installedpackages'][$ip_type]['config'] != "" && $pfb['enable'] == "on") {
$runonce = 0;
- foreach ($config['installedpackages'][$ip_type]['config'] as $list) {
+ foreach ($config['installedpackages'][$ip_type]['config'] as $key => $list) {
$alias = "pfB_" . preg_replace("/\W/","",$list['aliasname']);
- # Determine Folder Location for Alias (return array $pfbarr)
- pfb_determine_list_detail($list['action']);
+ // Determine 'List' details (return array $pfbarr)
+ pfb_determine_list_detail($list['action'], "", $ip_type, $key);
$pfb['skip'] = $pfbarr['skip'];
$pfb_descr = $pfbarr['descr'];
$pfbfolder = $pfbarr['folder'];
+ $aports = $pfbarr['aports'];
+ $adest = $pfbarr['adest'];
+ $aproto = $pfbarr['aproto'];
// Re-Save Only Aliases that have been updated only.
// When 'Reputation' is used, all Aliases need to be Updated.
$final_alias = array();
if ($pfb['dedup'] == "on" || $pfb['pdup'] == "on") {
- if (!empty($pfb_alias_lists_all))
+ if (!empty($pfb_alias_lists_all)) {
$final_alias = array_unique($pfb_alias_lists_all);
+ }
} else {
- if (!empty($pfb_alias_lists))
+ if (!empty($pfb_alias_lists)) {
$final_alias = array_unique($pfb_alias_lists);
+ }
}
if ($list['action'] != "Disabled") {
- #remove empty lists files if any
+ // remove empty lists files if any
if (is_array($list['row'])) {
$update = 0;
${$alias} = "";
@@ -1773,20 +2002,20 @@ function sync_package_pfblockerng($cron = "") {
}
$pfctlck = exec ("/sbin/pfctl -vvsTables | grep -A1 {$alias} | awk '/Addresses/ {s+=$2}; END {print s}'");
- # Update Alias if List File Exists and its been updated or if the Alias URL Table is Empty.
+ // Update Alias if List File Exists and its been updated or if the Alias URL Table is Empty.
if (file_exists($pfbfolder . "/" . $header_url . ".txt") && in_array($alias, $final_alias) || file_exists($pfbfolder . "/" . $header_url . ".txt") && empty($pfctlck)) {
- # Script to run Suppression process (Print Header Only)
+ // Script to run Suppression process (Print Header Only)
if ($pfb['supp'] == "on" && $vtype == "_v4" && $runonce == 0 && $pfb['supp_update']) {
exec ("{$pfb['script']} suppress x x x suppressheader >> {$pfb['log']} 2>&1");
$runonce++;
}
- # Script to run Suppression Process (Body)
+ // Script to run Suppression Process (Body)
if ($pfb['supp'] == "on" && $vtype == "_v4" && $pfb['supp_update']) {
if ($pfb['dup'] == "on" || !$pfb['skip']) {
- # Execute if Duplication Process is Enabled or List is Permit or Match
+ // Execute if Duplication Process is Enabled or List is Permit or Match
exec ("{$pfb['script']} suppress x x x {$header_url}\|{$pfbfolder}/ >> {$pfb['log']} 2>&1");
} else {
- # Execute if Duplication Process is Disabled
+ // Execute if Duplication Process is Disabled
exec ("{$pfb['script']} suppress x x off {$header_url}\|{$pfbfolder}/ >> {$pfb['log']} 2>&1");
}
}
@@ -1797,14 +2026,14 @@ function sync_package_pfblockerng($cron = "") {
}
}
- #check custom network list
+ // check custom network list
if ($vtype == "_v4") {
$aliasname = "{$list['aliasname']}_custom";
} else {
$aliasname = "{$list['aliasname']}_custom_v6";
}
- # Update Alias if List File Exists and its been updated or if the Alias URL Table is Empty.
+ // Update Alias if List File Exists and its been updated or if the Alias URL Table is Empty.
$pfctlck = exec ("/sbin/pfctl -vvsTables | grep -A1 {$alias} | awk '/Addresses/ {s+=$2}; END {print s}'");
if (pfbng_text_area_decode($list['custom']) != "") {
@@ -1813,7 +2042,7 @@ function sync_package_pfblockerng($cron = "") {
$update++;
}
}
- # Determine Validity of Alias URL Tables/Rules. ie: Don't create Empty URL Tables or Aliases
+ // Determine Validity of Alias URL Tables/Rules. ie: Don't create Empty URL Tables or Aliases
if (${$alias} == "" && empty($pfctlck)) {
unlink_if_exists($pfb['aliasdir'] . '/' . $alias. '.txt');
} else {
@@ -1823,7 +2052,7 @@ function sync_package_pfblockerng($cron = "") {
}
$alias_log = $list['aliaslog'];
- #create alias
+ // create alias
$new_aliases_list[] = "{$alias}";
$new_aliases[] = array( "name" => "{$alias}",
@@ -1835,7 +2064,7 @@ function sync_package_pfblockerng($cron = "") {
"detail" => "DO NOT EDIT THIS ALIAS"
);
- #Create rule if action permits
+ // Create rule if action permits
switch ($list['action']) {
case "Deny_Both":
case "Deny_Outbound":
@@ -1862,7 +2091,19 @@ function sync_package_pfblockerng($cron = "") {
$rule['direction'] = "any";
$rule['descr'] = "{$alias}{$pfb['suffix']}";
$rule['source'] = array("address" => "{$alias}");
- $rule['destination'] = array ("any" => "");
+ if (!empty($adest) && !empty($aports)) {
+ $rule['destination'] = array ("address" => "{$adest}", "port" => "{$aports}");
+ } elseif (!empty($adest) && empty($aports)) {
+ $rule['destination'] = array ("address" => "{$adest}");
+ } elseif (empty($adest) && !empty($aports)) {
+ $rule['destination'] = array ("any" => "", "port" => "{$aports}");
+ } else {
+ $rule['destination'] = array ("any" => "");
+ }
+ if (!empty($adest) && $list['autonot'] == "on")
+ $rule['destination']['not'] = "";
+ if (!empty($aproto))
+ $rule['protocol'] = "{$aproto}";
if ($pfb['config']['enable_log'] == "on" || $alias_log == "enabled")
$rule['log'] = "";
$deny_inbound[] = $rule;
@@ -1892,7 +2133,19 @@ function sync_package_pfblockerng($cron = "") {
$rule['direction'] = "any";
$rule['descr'] = "{$alias}{$pfb['suffix']}";
$rule['source'] = array ("address" => "{$alias}");
- $rule['destination'] = array ("any" => "");
+ if (!empty($adest) && !empty($aports)) {
+ $rule['destination'] = array ("address" => "{$adest}", "port" => "{$aports}");
+ } elseif (!empty($adest) && empty($aports)) {
+ $rule['destination'] = array ("address" => "{$adest}");
+ } elseif (empty($adest) && !empty($aports)) {
+ $rule['destination'] = array ("any" => "", "port" => "{$aports}");
+ } else {
+ $rule['destination'] = array ("any" => "");
+ }
+ if (!empty($adest) && $list['autonot'] == "on")
+ $rule['destination']['not'] = "";
+ if (!empty($aproto))
+ $rule['protocol'] = "{$aproto}";
if ($pfb['config']['enable_log'] == "on" || $alias_log == "enabled")
$rule['log'] = "";
$permit_inbound[] = $rule;
@@ -1920,25 +2173,37 @@ function sync_package_pfblockerng($cron = "") {
$rule['direction'] = "any";
$rule['descr'] = "{$alias}{$pfb['suffix']}";
$rule['source'] = array ("address" => "{$alias}");
- $rule['destination'] = array ("any" => "");
+ if (!empty($adest) && !empty($aports)) {
+ $rule['destination'] = array ("address" => "{$adest}", "port" => "{$aports}");
+ } elseif (!empty($adest) && empty($aports)) {
+ $rule['destination'] = array ("address" => "{$adest}");
+ } elseif (empty($adest) && !empty($aports)) {
+ $rule['destination'] = array ("any" => "", "port" => "{$aports}");
+ } else {
+ $rule['destination'] = array ("any" => "");
+ }
+ if (!empty($adest) && $list['autonot'] == "on")
+ $rule['destination']['not'] = "";
+ if (!empty($aproto))
+ $rule['protocol'] = "{$aproto}";
if ($pfb['config']['enable_log'] == "on" || $alias_log == "enabled")
$rule['log'] = "";
$match_inbound[] = $rule;
break;
}
}
- #mark pfctl aliastable for cleanup
+ // mark pfctl aliastable for cleanup
if (!in_array($alias, $aliases_list)) {
$aliases_list[] = "{$alias}";
}
} else {
- #unlink previous pfblockerNG alias list if any
+ // unlink previous pfblockerNG alias list if any
unlink_if_exists($pfb['aliasdir'] . '/' . $alias . '.txt');
}
}
}
}
- # Clear Variables
+ // Clear Variables
${$alias} = "";
@@ -1946,38 +2211,39 @@ function sync_package_pfblockerng($cron = "") {
# UPDATE pfSense ALIAS TABLES #
#########################################
- #update pfsense alias table
+ // update pfsense alias table
if (is_array($config['aliases']['alias'])) {
foreach ($config['aliases']['alias'] as $cbalias) {
- if (preg_match("/pfB_/",$cbalias['name'])) {
- #mark pfctl aliastable for cleaning
+ if (substr($cbalias['name'], 0, 4) == 'pfB_') {
+ // mark pfctl aliastable for cleaning
if (!in_array($cbalias['name'], $aliases_list)) {
- $aliases_list[] = $cbalias['name']; #mark aliastable for cleaning
+ $aliases_list[] = $cbalias['name']; // mark aliastable for cleaning
}
- #remove previous aliastable file if alias is not defined any more
+ // remove previous aliastable file if alias is not defined any more
if (!in_array($cbalias['name'], $new_aliases_list)) {
unlink_if_exists($pfb['aliasdir'] . '/' . $cbalias['name'] . ".txt");
}
} else {
$new_aliases[] = $cbalias;
- # Check Table Size
+ // Check Table Size
if (file_exists($pfb['aliasdir'] . '/' . $alias . '.txt') && $message == "") {
preg_match("/(\d+)/",exec("/usr/bin/grep -c ^ " . $pfb['aliasdir'] . '/' . $alias . '.txt'),$matches);
}
if (($matches[1] * 2.1) >= $pfb['table_limit']) {
- #alias table too large
+ // alias table too large
$message = "{$alias} alias table is too large. Reduce networks in list or increase 'Firewall Maximum Table Entries' value to at least " . (int)($matches[1] * 2.1) . ' in "system - advanced - Firewall/NAT" . ';
}
}
}
}
- #apply new alias table to xml
+ // apply new alias table to xml
if ($message == "") {
$config['aliases']['alias'] = $new_aliases;
+ $pfb['cron_mod'] = TRUE;
}
- # UNSET Variables
+ // UNSET Variables
unset($new_aliases, $cbalias);
@@ -1985,7 +2251,7 @@ function sync_package_pfblockerng($cron = "") {
# Assign Rules #
#########################
- # Only Execute if AutoRules are defined or if an Alias has been removed.
+ // Only Execute if AutoRules are defined or if an Alias has been removed.
if ($pfb['autorules'] || $pfb['enable'] == "" || $pfb['remove']) {
if (count($deny_inbound) > 0 || count($permit_inbound) > 0 || count($match_inbound) > 0) {
if ($pfb['inbound_interfaces'] == "") {
@@ -2007,9 +2273,9 @@ function sync_package_pfblockerng($cron = "") {
$fmatch_rules = array();
$fother_rules = array();
- # Collect All Existing Rules
+ // Collect All Existing Rules
$rules = $config['filter']['rule'];
- # Collect Existing pfSense Rules 'Pass', 'Match' and 'Other' pfSense rules into new Arrays.
+ // Collect Existing pfSense Rules 'Pass', 'Match' and 'Other' pfSense rules into new Arrays.
if (!empty($rules)) {
foreach ($rules as $rule) {
if (!preg_match("/pfB_.*" . $pfb['suffix'] . "/",$rule['descr'])) {
@@ -2083,7 +2349,7 @@ function sync_package_pfblockerng($cron = "") {
}
}
- # Define Inbound Interface Rules
+ // Define Inbound Interface Rules
if (!empty($pfb['inbound_interfaces'])) {
$counter = 0;
foreach ($pfb['inbound_interfaces'] as $inbound_interface) {
@@ -2099,7 +2365,7 @@ function sync_package_pfblockerng($cron = "") {
$new_rules[] = $cb_rules;
}
}
- # Match Inbound Rules defined as Floating Only.
+ // Match Inbound Rules defined as Floating Only.
if (!empty($match_inbound) && $counter == 0) {
foreach ($match_inbound as $cb_rules) {
$cb_rules['interface'] = $pfb['inbound_floating'];
@@ -2144,7 +2410,7 @@ function sync_package_pfblockerng($cron = "") {
}
}
- # Define Outbound Interface Rules
+ // Define Outbound Interface Rules
if (!empty($pfb['outbound_interfaces'])) {
$counter = 0;
foreach ($pfb['outbound_interfaces'] as $outbound_interface) {
@@ -2160,7 +2426,7 @@ function sync_package_pfblockerng($cron = "") {
$new_rules[] = $cb_rules;
}
}
- # Match Outbound Rules defined as Floating Only.
+ // Match Outbound Rules defined as Floating Only.
if (!empty($match_outbound) && $counter == 0) {
foreach ($match_outbound as $cb_rules) {
$cb_rules['interface'] = $pfb['outbound_floating'];
@@ -2238,30 +2504,29 @@ function sync_package_pfblockerng($cron = "") {
}
}
- # Save New Rule Order to Config
+ // Save New Rule Order to Config
$config['filter']['rule'] = $new_rules;
}
- $log = "\n {$message} \n";
- pfb_logger("{$log}","1");
+ if (!empty($message)) {
+ $log = "\n {$message}\n";
+ pfb_logger("{$log}","1");
+ }
- # UNSET arrays
+ // UNSET arrays
unset ($cb_rules,$permit_inbound,$permit_outbound,$deny_inbound,$deny_outbound,$match_inbound,$match_outbound);
unset ($other_rules,$fother_rules,$permit_rules,$fpermit_rules,$match_rules,$fmatch_rules);
}
+ // Set flag to Update config file.
+ if ($pfb['autorules'] && $rules != $new_rules) {
+ $pfb['cron_mod'] = TRUE;
+ }
#################################
- # Closing Processes #
+ # pfSense Integration #
#################################
- #uncheck Reusing Existing Downloads Check box
- if (!$pfb['save'] && $pfb['enable'] == "on")
- $config['installedpackages']['pfblockerng']['config'][0]['pfb_reuse'] = "";
-
- # Save all Changes to pfSense config file
- write_config();
-
- # If 'Rule Changes' are found, utilize the 'filter_configure()' function, if not, utilize 'pfctl replace' command
+ // If 'Rule Changes' are found, utilize the 'filter_configure()' function, if not, utilize 'pfctl replace' command
if ($pfb['autorules'] && $rules != $new_rules || $pfb['enable'] == "" || $pfb['remove']) {
require_once("filter.inc");
@@ -2269,79 +2534,88 @@ function sync_package_pfblockerng($cron = "") {
$log = "\n===[ Aliastables / Rules ]================================\n\n";
pfb_logger("{$log}","1");
- $log = "Firewall Rule Changes Found, Applying Filter Reload \n";
+ $log = "Firewall Rule Changes Found, Applying Filter Reload\n";
pfb_logger("{$log}","1");
}
- # Remove all pfBlockerNG Alias tables
+ // Remove all pfBlockerNG Alias tables
if (!empty($aliases_list)) {
foreach ($aliases_list as $table) {
exec ("/sbin/pfctl -t " . escapeshellarg($table) . " -T kill 2>&1", $pfb_null);
}
}
- #load filter file which will create the pfctl tables
+ // load filter file which will create the pfctl tables
filter_configure();
// Call function for NanoBSD/Ramdisk processes.
pfb_aliastables("update");
} else {
- # Don't Execute on User 'Save'
+ // Don't Execute on User 'Save'
if (!$pfb['save']) {
- $log = "\n===[ Aliastables / Rules ]================================\n\n";
+ $log = "\n\n===[ Aliastables / Rules ]================================\n\n";
pfb_logger("{$log}","1");
- $log = "No Changes to Firewall Rules, Skipping Filter Reload \n";
+ $log = "No Changes to Firewall Rules, Skipping Filter Reload\n";
pfb_logger("{$log}","1");
// Re-Save Only Aliases that have been updated only.
// When 'Reputation' is used, all Aliases Need to be Updated.
$final_alias = array();
if ($pfb['dedup'] == "on" || $pfb['pdup'] == "on") {
- if (!empty($pfb_alias_lists_all))
+ if (!empty($pfb_alias_lists_all)) {
$final_alias = array_unique($pfb_alias_lists_all);
+ }
} else {
- if (!empty($pfb_alias_lists))
+ if (!empty($pfb_alias_lists)) {
$final_alias = array_unique($pfb_alias_lists);
+ }
}
if (!empty($final_alias)) {
foreach ($final_alias as $final) {
- $log = "\n Updating: {$final} \n";
+ $log = "\n Updating: {$final}\n";
pfb_logger("{$log}","1");
$result_pfctl = "";
- exec ("/sbin/pfctl -t " . escapeshellarg($final) . " -T replace -f " . $pfb['aliasdir'] . "/" . escapeshellarg($final) . ".txt 2>&1", $result_pfctl);
- $log = implode($result_pfctl);
+ if (file_exists("{$pfb['aliasdir']}/{$final}.txt")) {
+ exec ("/sbin/pfctl -t " . escapeshellarg($final) . " -T replace -f " . $pfb['aliasdir'] . "/" . escapeshellarg($final) . ".txt 2>&1", $result_pfctl);
+ $log = implode($result_pfctl);
+ }
+ else {
+ $log = "Aliastable file not found\n";
+ }
pfb_logger("{$log}","1");
}
+ pfb_logger("\n","1");
// Call function for NanoBSD/Ramdisk processes.
pfb_aliastables("update");
} else {
- $log = "\nNo Changes to Aliases, Skipping pfctl Update \n";
+ $log = "No Changes to Aliases, Skipping pfctl Update\n";
pfb_logger("{$log}","1");
}
}
}
- # UNSET Variables
+ // UNSET Variables
unset($rules, $new_rules);
- #sync config
+ // sync config
pfblockerng_sync_on_changes();
+
#################################
# FINAL REPORTING #
#################################
- # Only run with CRON or Force Invoked Process
+ // Only run with CRON or Force Invoked Process
if ((!$pfb['save'] && $pfb['dupcheck'] && $pfb['enable'] == "on") || $pfb['summary']) {
- # Script to run Final Script Processes.
+ // Script to run Final Script Processes.
exec ("{$pfb['script']} closing {$pfb['dup']} >> {$pfb['log']} 2>&1");
}
- if ($pfb['enable'] == "on" && !$pfb['save']) {
- $log = "\n\n UPDATE PROCESS ENDED [ NOW ]\n";
+ if ($pfb['enable'] == "on" && !$pfb['save'] || $pfb['summary']) {
+ $log = "\n UPDATE PROCESS ENDED [ NOW ]\n";
pfb_logger("{$log}","1");
}
@@ -2350,32 +2624,40 @@ function sync_package_pfblockerng($cron = "") {
# Define/Apply CRON Jobs #
#########################################
- # Clear any existing pfBlockerNG Cron Jobs
- install_cron_job("pfblockerng.php cron", false);
-
- # Replace Cron job with any User Changes to $pfb_min
+ // Replace Cron job with any User Changes to $pfb_min
if ($pfb['enable'] == "on") {
- # Define pfBlockerNG CRON Job
+ // Define pfBlockerNG CRON Job
$pfb_cmd = "/usr/local/bin/php /usr/local/www/pfblockerng/pfblockerng.php cron >> {$pfb['log']} 2>&1";
- # $pfb['min'] ( User Defined Variable. Variable defined at start of Script )
- $pfb_hour = "*";
+ // $pfb['min'] ( User Defined Variable. Variable defined at start of Script )
+
+ // Define Cron hour (Cron Interval & Start Hour)
+ if ($pfb['interval'] == 1) {
+ $pfb_hour = "*";
+ } elseif ($pfb['interval'] == 24) {
+ $pfb_hour = $pfb['24hour'];
+ } else {
+ $pfb_hour = implode(",", pfb_cron_base_hour());
+ }
+
$pfb_mday = "*";
$pfb_month = "*";
$pfb_wday = "*";
$pfb_who = "root";
- install_cron_job($pfb_cmd, true, $pfb['min'], $pfb_hour, $pfb_mday, $pfb_month, $pfb_wday, $pfb_who);
+ // Determine if Cron Task requires updating
+ if (!pfblockerng_cron_exists($pfb_cmd, $pfb['min'], $pfb_hour)) {
+ install_cron_job($pfb_cmd, true, $pfb['min'], $pfb_hour, $pfb_mday, $pfb_month, $pfb_wday, $pfb_who);
+ }
+ }
+ else {
+ // Clear any existing pfBlockerNG Cron Jobs
+ install_cron_job("pfblockerng.php cron", false);
}
-
- # Clear any existing pfBlockerNG MaxMind CRON Job
- install_cron_job("pfblockerng.php dc", false);
if ($pfb['enable'] == "on") {
- # Define pfBlockerNG MaxMind CRON Job
+ // Define pfBlockerNG MaxMind CRON Job
$pfb_gcmd = "/usr/local/bin/php /usr/local/www/pfblockerng/pfblockerng.php dc >> {$pfb['geolog']} 2>&1";
-
- # MaxMind GeoIP Cron Hour is randomized between 0-23 Hour to minimize effect on MaxMind Website
-
+ // MaxMind GeoIP Cron Hour is randomized between 0-23 Hour to minimize effect on MaxMind Website
$pfb_gmin = "0";
$pfb_ghour = rand(0,23);
$pfb_gmday = "1,2,3,4,5,6,7";
@@ -2383,32 +2665,61 @@ function sync_package_pfblockerng($cron = "") {
$pfb_gwday = "2";
$pfb_gwho = "root";
- install_cron_job($pfb_gcmd, true, $pfb_gmin, $pfb_ghour, $pfb_gmday, $pfb_gmonth, $pfb_gwday, $pfb_gwho);
+ // Determine if Cron Task requires updating
+ if (!pfblockerng_cron_exists($pfb_gcmd, $pfb_gmin, 'maxmind')) {
+ install_cron_job($pfb_gcmd, true, $pfb_gmin, $pfb_ghour, $pfb_gmday, $pfb_gmonth, $pfb_gwday, $pfb_gwho);
+ }
+ }
+ else {
+ // Clear any existing pfBlockerNG Cron Jobs
+ install_cron_job("pfblockerng.php dc", false);
+ }
+
+
+ #################################
+ # Closing Processes #
+ #################################
+
+ // uncheck Reusing Existing Downloads Check box
+ if (!$pfb['save'] && $pfb['enable'] == "on" && $pfb['reuse'] == "on") {
+ $config['installedpackages']['pfblockerng']['config'][0]['pfb_reuse'] = "";
+ $pfb['cron_mod'] = TRUE;
+ }
+
+ // Only save config.xml changes if changes are found.
+ // Temporay to ensure all conditions are defined before fully enabling this feature
+ if ($pfb['cron_mod'] || !$pfb['cron_mod']) {
+ write_config("pfBlockerNG: Save settings");
}
}
function pfblockerng_validate_input($post, &$input_errors) {
global $config;
+
foreach ($post as $key => $value) {
- if (empty($value))
- continue;
- if ($key == "message_size_limit" && !is_numeric($value))
- $input_errors[] = "Message size limit must be numeric.";
- if ($key == "process_limit" && !is_numeric($value))
- $input_errors[] = "Process limit must be numeric.";
- if ($key == "freq" && (!preg_match("/^\d+(h|m|d)$/",$value) || $value == 0))
- $input_errors[] = "A valid number with a time reference is required for the field 'Frequency'";
- if (substr($key, 0, 2) == "dc" && !is_hostname($value))
- $input_errors[] = "{$value} is not a valid host name.";
- if (substr($key, 0, 6) == "domain" && is_numeric(substr($key, 6))) {
- if (!is_domain($value))
- $input_errors[] = "{$value} is not a valid domain name.";
- } else if (substr($key, 0, 12) == "mailserverip" && is_numeric(substr($key, 12))) {
- if (empty($post['domain' . substr($key, 12)]))
- $input_errors[] = "Domain for {$value} cannot be blank.";
- if (!is_ipaddr($value) && !is_hostname($value))
- $input_errors[] = "{$value} is not a valid IP address or host name.";
+
+ if (substr($key, 0, 3) == "url" && is_numeric( substr($key, 3, (strlen($key) - 3))) ) {
+ if (empty($value)) {
+ $input_url_empty = TRUE;
+ continue;
+ }
+ if (substr($value, 0, 1) == ' ') {
+ $input_errors[] = "Leading whitespace not allowed in URL field";
+ }
+ }
+
+ if (substr($key, 0, 6) == "header" && is_numeric( substr($key, 6, (strlen($key) - 6))) ) {
+ if ($input_url_empty && empty($value)) {
+ $input_url_empty = FALSE;
+ continue;
+ }
+ if ($input_url_empty && !empty($value)) {
+ $input_errors[] = "No URL Defined.";
+ }
+ if (substr($value, 0, 1) == ' ' || empty($value)) {
+ $input_errors[] = "Header field must be defined.";
+ }
}
}
}
@@ -2422,9 +2733,10 @@ function pfblockerng_php_install_command() {
// Remove previously used CC folder location if exists
@rmdir_recursive("{$pfb['dbdir']}/cc");
- # Uncompress Country Code File
- exec("/usr/bin/tar -jx -C {$pfb['ccdir']} -f {$pfb['dbdir']}/countrycodes.tar.bz2");
- # Download MaxMind Files and Create Country Code files and Build Continent XML Files
+ // Uncompress Country Code File
+ @copy("{$pfb['dbdir']}/countrycodes.tar.bz2", "{$pfb['ccdir']}/countrycodes.tar.bz2");
+ exec("/usr/bin/tar -jx -C {$pfb['ccdir']} -f {$pfb['ccdir']}/countrycodes.tar.bz2");
+ // Download MaxMind Files and Create Country Code files and Build Continent XML Files
update_output_window(gettext("Downloading MaxMind Country Databases. This may take a minute..."));
exec("/bin/sh /usr/local/pkg/pfblockerng/geoipupdate.sh all >> {$pfb['geolog']} 2>&1");
@@ -2441,7 +2753,7 @@ function pfblockerng_php_install_command() {
@unlink_if_exists("{$pfb['dbdir']}/GeoIPv6.csv");
@unlink_if_exists("{$pfb['dbdir']}/country_continent.csv");
- # Add Widget to Dashboard
+ // Add Widget to Dashboard
update_output_window(gettext("Adding pfBlockerNG Widget to Dashboard."));
if ($pfb['keep'] == "on" && !empty($pfb['widgets'])) {
// Restore previous Widget setting if "Keep" is enabled.
@@ -2463,16 +2775,16 @@ function pfblockerng_php_deinstall_command() {
require_once("config.inc");
global $config,$pfb;
- # Set these two variables to Disable pfBlockerNG on De-Install
+ // Set these two variables to Disable pfBlockerNG on De-Install
$pfb['save'] = TRUE;
$pfb['install'] = TRUE;
sync_package_pfblockerng();
rmdir_recursive("/usr/local/pkg/pfblockerng");
rmdir_recursive("/usr/local/www/pfblockerng");
- # Maintain pfBlockerNG Settings and Database Files if $pfb['keep'] is ON.
+ // Maintain pfBlockerNG Settings and Database Files if $pfb['keep'] is ON.
if ($pfb['keep'] != "on") {
- # Remove pfBlockerNG Log and DB Folder
+ // Remove pfBlockerNG Log and DB Folder
rmdir_recursive("{$pfb['dbdir']}");
rmdir_recursive("{$pfb['logdir']}");
@@ -2485,7 +2797,7 @@ function pfblockerng_php_deinstall_command() {
}
}
- # Remove Settings from Config
+ // Remove Settings from Config
if (is_array($config['installedpackages']['pfblockerng']))
unset($config['installedpackages']['pfblockerng']);
if (is_array($config['installedpackages']['pfblockerngglobal']))
@@ -2518,14 +2830,13 @@ function pfblockerng_php_deinstall_command() {
unset($config['installedpackages']['pfblockerngproxyandsatellite']);
}
- # Remove Widget (code from Snort deinstall)
+ // Remove Widget (code from Snort deinstall)
$pfb['widgets'] = $config['widgets']['sequence'];
if (!empty($pfb['widgets'])) {
$widgetlist = explode(",", $pfb['widgets']);
foreach ($widgetlist as $key => $widget) {
if (strstr($widget, "pfblockerng-container")) {
unset($widgetlist[$key]);
- break;
}
}
$config['widgets']['sequence'] = implode(",", $widgetlist);
@@ -2540,9 +2851,9 @@ function pfblockerng_sync_on_changes() {
// Create Array of Sync Settings and exit if Sync is Disabled.
if (is_array($config['installedpackages']['pfblockerngsync']['config'][0])) {
$pfb_sync = $config['installedpackages']['pfblockerngsync']['config'][0];
- if ($pfb_sync['varsynconchanges'] == "disabled" || $pfb_sync['varsynconchanges'] == "")
+ if ($pfb_sync['varsynconchanges'] == "disabled" || $pfb_sync['varsynconchanges'] == "") {
return;
-
+ }
$synctimeout = $pfb_sync['varsynctimeout'];
} else {
return;
@@ -2553,15 +2864,15 @@ function pfblockerng_sync_on_changes() {
if (is_array($config['installedpackages']['pfblockerngsync']['config'])) {
switch ($pfb_sync['varsynconchanges']) {
case "manual":
- if (is_array($pfb_sync[row])) {
- $rs = $pfb_sync[row];
+ if (is_array($pfb_sync['row'])) {
+ $rs = $pfb_sync['row'];
} else {
- log_error("[pfBlockerNG] XMLRPC sync is enabled but there are no replication targets configured.");
+ log_error("[pfBlockerNG] Manual XMLRPC sync is enabled but there are no replication targets configured.");
return;
}
break;
case "auto":
- if (is_array($config['installedpackages']['carpsettings']) && is_array($config['installedpackages']['carpsettings']['config'])){
+ if (is_array($config['installedpackages']['carpsettings']) && is_array($config['installedpackages']['carpsettings']['config'])) {
$system_carp = $config['installedpackages']['carpsettings']['config'][0];
$rs[0]['varsyncipaddress'] = $system_carp['synchronizetoip'];
$rs[0]['varsyncusername'] = $system_carp['username'];
@@ -2575,11 +2886,11 @@ function pfblockerng_sync_on_changes() {
}
if ($system_carp['synchronizetoip'] == "") {
- log_error("[pfBlockerNG] XMLRPC sync is enabled but there are no replication targets configured.");
+ log_error("[pfBlockerNG] XMLRPC sync is enabled but there is no sync IP address configured.");
return;
}
} else {
- log_error("[pfBlockerNG] XMLRPC sync is enabled but there are no replication targets configured.");
+ log_error("[pfBlockerNG] Auto XMLRPC sync is enabled but there are no replication targets configured.");
return;
}
break;
@@ -2605,8 +2916,9 @@ function pfblockerng_sync_on_changes() {
pfblockerng_do_xmlrpc_sync($sync_to_ip, $port, $protocol, $username, $password, $synctimeout);
}
}
- if ($success)
+ if ($success) {
log_error("[pfBlockerNG] XMLRPC sync completed successfully.");
+ }
}
}
}
@@ -2639,9 +2951,9 @@ function pfblockerng_do_xmlrpc_sync($sync_to_ip, $port, $protocol, $username, $p
}
/* Test key variables and set defaults if empty */
- if (empty($synctimeout))
+ if (empty($synctimeout)) {
$synctimeout = 150;
-
+ }
$url = "{$protocol}://{$sync_to_ip}";
if ($port == "") { $port = $config['system']['webgui']['port']; };
@@ -2656,26 +2968,37 @@ function pfblockerng_do_xmlrpc_sync($sync_to_ip, $port, $protocol, $username, $p
/* xml will hold the sections to sync */
$xml = array();
// If User Disabled, remove 'General Tab Customizations' from Sync
- if ($config['installedpackages']['pfblockerngsync']['config'][0]['syncinterfaces'] == "")
- $xml['pfblockerng'] = $config['installedpackages']['pfblockerng'];
- $xml['pfblockerngreputation'] = $config['installedpackages']['pfblockerngreputation'];
- $xml['pfblockernglistsv4'] = $config['installedpackages']['pfblockernglistsv4'];
- $xml['pfblockernglistsv6'] = $config['installedpackages']['pfblockernglistsv6'];
- $xml['pfblockerngtopspammers'] = $config['installedpackages']['pfblockerngtopspammers'];
- $xml['pfblockerngafrica'] = $config['installedpackages']['pfblockerngafrica'];
- $xml['pfblockerngantartica'] = $config['installedpackages']['pfblockerngantartica'];
- $xml['pfblockerngasia'] = $config['installedpackages']['pfblockerngasia'];
- $xml['pfblockerngeurope'] = $config['installedpackages']['pfblockerngeurope'];
- $xml['pfblockerngnorthamerica'] = $config['installedpackages']['pfblockerngnorthamerica'];
- $xml['pfblockerngoceania'] = $config['installedpackages']['pfblockerngoceania'];
- $xml['pfblockerngsouthamerica'] = $config['installedpackages']['pfblockerngsouthamerica'];
- $xml['pfblockerngproxyandsatellite'] = $config['installedpackages']['pfblockerngproxyandsatellite'];
+ if ($config['installedpackages']['pfblockerngsync']['config'][0]['syncinterfaces'] == "") {
+ if (is_array($config['installedpackages']['pfblockerng']))
+ $xml['pfblockerng'] = $config['installedpackages']['pfblockerng'];
+ }
+ if (is_array($config['installedpackages']['pfblockerngreputation']))
+ $xml['pfblockerngreputation'] = $config['installedpackages']['pfblockerngreputation'];
+ if (is_array($config['installedpackages']['pfblockernglistsv4']))
+ $xml['pfblockernglistsv4'] = $config['installedpackages']['pfblockernglistsv4'];
+ if (is_array($config['installedpackages']['pfblockernglistsv6']))
+ $xml['pfblockernglistsv6'] = $config['installedpackages']['pfblockernglistsv6'];
+ if (is_array($config['installedpackages']['pfblockerngtopspammers']))
+ $xml['pfblockerngtopspammers'] = $config['installedpackages']['pfblockerngtopspammers'];
+ if (is_array($config['installedpackages']['pfblockerngafrica']))
+ $xml['pfblockerngafrica'] = $config['installedpackages']['pfblockerngafrica'];
+ if (is_array($config['installedpackages']['pfblockerngantartica']))
+ $xml['pfblockerngantartica'] = $config['installedpackages']['pfblockerngantartica'];
+ if (is_array($config['installedpackages']['pfblockerngasia']))
+ $xml['pfblockerngasia'] = $config['installedpackages']['pfblockerngasia'];
+ if (is_array($config['installedpackages']['pfblockerngeurope']))
+ $xml['pfblockerngeurope'] = $config['installedpackages']['pfblockerngeurope'];
+ if (is_array($config['installedpackages']['pfblockerngnorthamerica']))
+ $xml['pfblockerngnorthamerica'] = $config['installedpackages']['pfblockerngnorthamerica'];
+ if (is_array($config['installedpackages']['pfblockerngoceania']))
+ $xml['pfblockerngoceania'] = $config['installedpackages']['pfblockerngoceania'];
+ if (is_array($config['installedpackages']['pfblockerngsouthamerica']))
+ $xml['pfblockerngsouthamerica'] = $config['installedpackages']['pfblockerngsouthamerica'];
+ if (is_array($config['installedpackages']['pfblockerngproxyandsatellite']))
+ $xml['pfblockerngproxyandsatellite'] = $config['installedpackages']['pfblockerngproxyandsatellite'];
/* assemble xmlrpc payload */
- $params = array(
- XML_RPC_encode($password),
- XML_RPC_encode($xml)
- );
+ $params = array(XML_RPC_encode($password), XML_RPC_encode($xml));
/* set a few variables needed for sync code borrowed from filter.inc */
log_error("[pfBlockerNG] XMLRPC syncing to {$url}:{$port}.");
@@ -2707,4 +3030,4 @@ function pfblockerng_do_xmlrpc_sync($sync_to_ip, $port, $protocol, $username, $p
}
return $success;
}
-?>
+?> \ No newline at end of file
diff --git a/config/pfblockerng/pfblockerng.php b/config/pfblockerng/pfblockerng.php
index 8c0c478d..f69983e2 100644
--- a/config/pfblockerng/pfblockerng.php
+++ b/config/pfblockerng/pfblockerng.php
@@ -146,10 +146,11 @@ function ip_range_to_subnet_array_temp($ip1, $ip2) {
return $out;
}
-# Set php Memory Limit
+// Set php Memory Limit
$uname = posix_uname();
-if ($uname['machine'] == "amd64")
+if ($uname['machine'] == "amd64") {
ini_set('memory_limit', '256M');
+}
function pfb_update_check($header_url, $list_url, $url_format, $pfbfolder) {
global $pfb;
@@ -220,13 +221,12 @@ function pfb_update_check($header_url, $list_url, $url_format, $pfbfolder) {
}
}
-
if ($argv[1] == 'update') {
sync_package_pfblockerng("cron");
}
if ($argv[1] == 'dc') {
- # (Options - 'bu' Binary Update for Reputation/Alerts Page, 'all' for Country update and 'bu' options.
+ // (Options - 'bu' Binary Update for Reputation/Alerts Page, 'all' for Country update and 'bu' options.
if ($pfb['cc'] == "") {
exec("/bin/sh /usr/local/pkg/pfblockerng/geoipupdate.sh all >> {$pfb['geolog']} 2>&1");
} else {
@@ -251,85 +251,13 @@ if ($argv[1] == 'gc') {
}
if ($argv[1] == 'cron') {
+
+ // Call Base Hour converter
+ $pfb_sch = pfb_cron_base_hour();
+
$hour = date('G');
$dow = date('N');
$pfb['update_cron'] = FALSE;
-
- # Start hour of the 'Once a day' Schedule
- $pfb['dailystart'] = $config['installedpackages']['pfblockerng']['config'][0]['pfb_dailystart'];
- # Start hour of the Scheduler
- if ($config['installedpackages']['pfblockerng']['config'][0]['pfb_hour'] != "") {
- $pfb['hour'] = $config['installedpackages']['pfblockerng']['config'][0]['pfb_hour'];
- } else {
- $pfb['hour'] = "1";
- }
- $updates = 0;
-
- # 2 Hour Schedule Converter
- $shour = intval(substr($pfb['hour'], 0, 2));
- $sch2 = strval($shour);
- for ($i=0; $i<11; $i++) {
- $shour += 2;
- if ($shour >= 24)
- $shour -= 24;
- $sch2 .= "," . strval($shour);
- }
-
- # 3 Hour Schedule Converter
- $shour = intval(substr($pfb['hour'], 0, 2));
- $sch3 = strval($shour);
- for ($i=0; $i<7; $i++) {
- $shour += 3;
- if ($shour >= 24)
- $shour -= 24;
- $sch3 .= "," . strval($shour);
- }
-
- # 4 Hour Schedule Converter
- $shour = intval(substr($pfb['hour'], 0, 2));
- $sch4 = strval($shour);
- for ($i=0; $i<5; $i++) {
- $shour += 4;
- if ($shour >= 24)
- $shour -= 24;
- $sch4 .= "," . strval($shour);
- }
-
- # 6 Hour Schedule Converter
- $shour = intval(substr($pfb['hour'], 0, 2));
- $sch6 = strval($shour);
- for ($i=0; $i<3; $i++) {
- $shour += 6;
- if ($shour >= 24)
- $shour -= 24;
- $sch6 .= "," . strval($shour);
- }
-
- # 8 Hour Schedule Converter
- $shour = intval(substr($pfb['hour'], 0, 2));
- $sch8 = strval($shour);
- for ($i=0; $i<2; $i++) {
- $shour += 8;
- if ($shour >= 24)
- $shour -= 24;
- $sch8 .= "," . strval($shour);
- }
-
- # 12 Hour Schedule Converter
- $shour = intval(substr($pfb['hour'], 0, 2));
- $sch12 = strval($shour) . ",";
- $shour += 12;
- if ($shour >= 24)
- $shour -= 24;
- $sch12 .= strval($shour);
-
- $e_sch2 = explode(",", $sch2);
- $e_sch3 = explode(",", $sch3);
- $e_sch4 = explode(",", $sch4);
- $e_sch6 = explode(",", $sch6);
- $e_sch8 = explode(",", $sch8);
- $e_sch12 = explode(",", $sch12);
-
$log = " CRON PROCESS START [ NOW ]\n";
pfb_logger("{$log}","1");
@@ -347,8 +275,8 @@ if ($argv[1] == 'cron') {
$header_url = "{$row['header']}_v6";
}
- # Determine Folder Location for Alias (return array $pfbarr)
- pfb_determine_list_detail($list['action']);
+ // Determine Folder Location for Alias (return array $pfbarr)
+ pfb_determine_list_detail($list['action'], "", "", "");
$pfbfolder = $pfbarr['folder'];
$list_cron = $list['cron'];
@@ -361,7 +289,7 @@ if ($argv[1] == 'cron') {
continue;
}
- # Check if List file exists, if not found run Update
+ // Check if List file exists, if not found run Update
if (!file_exists($pfbfolder . '/' . $header_url . '.txt')) {
$log = " Updates Found\n";
pfb_logger("{$log}","1");
@@ -370,42 +298,20 @@ if ($argv[1] == 'cron') {
}
switch ($list_cron) {
- case "01hour":
- pfb_update_check($header_url, $list_url, $url_format, $pfbfolder);
- break;
- case "02hours":
- if (in_array($hour, $e_sch2))
- pfb_update_check($header_url, $list_url, $url_format, $pfbfolder);
- break;
- case "03hours":
- if (in_array($hour, $e_sch3))
- pfb_update_check($header_url, $list_url, $url_format, $pfbfolder);
- break;
- case "04hours":
- if (in_array($hour, $e_sch4))
- pfb_update_check($header_url, $list_url, $url_format, $pfbfolder);
- break;
- case "06hours":
- if (in_array($hour, $e_sch6))
- pfb_update_check($header_url, $list_url, $url_format, $pfbfolder);
- break;
- case "08hours":
- if (in_array($hour, $e_sch8))
- pfb_update_check($header_url, $list_url, $url_format, $pfbfolder);
- break;
- case "12hours":
- if (in_array($hour, $e_sch12))
- pfb_update_check($header_url, $list_url, $url_format, $pfbfolder);
- break;
case "EveryDay":
- if ($hour == $pfb['dailystart'])
+ if ($hour == $pfb['24hour']) {
pfb_update_check($header_url, $list_url, $url_format, $pfbfolder);
+ }
break;
case "Weekly":
- if ($hour == $pfb['dailystart'] && $dow == $header_dow)
+ if ($hour == $pfb['24hour'] && $dow == $header_dow) {
pfb_update_check($header_url, $list_url, $url_format, $pfbfolder);
+ }
break;
default:
+ if ($pfb['interval'] == "1" || in_array($hour, $pfb_sch)) {
+ pfb_update_check($header_url, $list_url, $url_format, $pfbfolder);
+ }
break;
}
}
@@ -415,6 +321,30 @@ if ($argv[1] == 'cron') {
}
}
+ // If Continents are Defined, continue with Update Process to determine if further changes are required.
+ $continents = array ( "Africa" => "pfB_Africa",
+ "Antartica" => "pfB_Antartica",
+ "Asia" => "pfB_Asia",
+ "Europe" => "pfB_Europe",
+ "North America" => "pfB_NAmerica",
+ "Oceania" => "pfB_Oceania",
+ "South America" => "pfB_SAmerica",
+ "Top Spammers" => "pfB_Top",
+ "Proxy and Satellite" => "pfB_PS"
+ );
+
+ if (!$pfb['update_cron']) {
+ foreach ($continents as $continent => $pfb_alias) {
+ if (is_array($config['installedpackages']['pfblockerng' . strtolower(preg_replace('/ /','',$continent))]['config'])) {
+ $continent_config = $config['installedpackages']['pfblockerng' . strtolower(preg_replace('/ /','',$continent))]['config'][0];
+ if ($continent_config['action'] != "Disabled" && $pfb['enable'] == "on") {
+ $pfb['update_cron'] = TRUE;
+ break;
+ }
+ }
+ }
+ }
+
if ($pfb['update_cron']) {
sync_package_pfblockerng("cron");
} else {
@@ -423,7 +353,7 @@ if ($argv[1] == 'cron') {
pfb_logger("{$log}","1");
}
- # Call Log Mgmt Function
+ // Call Log Mgmt Function
// If Update GUI 'Manual view' is selected. Last output will be missed. So sleep for 5 secs.
sleep(5);
pfb_log_mgmt();
@@ -438,7 +368,7 @@ function pfblockerng_uc_countries() {
$maxmind_cc4 = "{$pfb['dbdir']}/GeoIPCountryWhois.csv";
$maxmind_cc6 = "{$pfb['dbdir']}/GeoIPv6.csv";
- # Create Folders if not Exist
+ // Create Folders if not Exist
$folder_array = array ("{$pfb['dbdir']}","{$pfb['logdir']}","{$pfb['ccdir']}");
foreach ($folder_array as $folder) {
safe_mkdir ("{$folder}",0755);
@@ -456,7 +386,7 @@ function pfblockerng_uc_countries() {
return;
}
- # Save Date/Time Stamp to MaxMind version file
+ // Save Date/Time Stamp to MaxMind version file
$maxmind_ver = "MaxMind GeoLite Date/Time Stamps \n\n";
$remote_tds = @implode(preg_grep("/Last-Modified/", get_headers("http://geolite.maxmind.com/download/geoip/database/GeoIPCountryCSV.zip")));
$maxmind_ver .= "MaxMind_v4 \t" . $remote_tds . "\n";
@@ -738,6 +668,7 @@ $xml = <<<EOF
<version>1.0</version>
<title>pfBlockerNG: {$cont}</title>
<include_file>/usr/local/pkg/pfblockerng/pfblockerng.inc</include_file>
+ <addedit_string>pfBlockerNG: Save {$cont} settings</addedit_string>
<menu>
<name>pfBlockerNG: {$cont_name}</name>
<tooltiptext>Configure pfBlockerNG</tooltiptext>
@@ -824,44 +755,57 @@ $xml = <<<EOF
</field>
<field>
<fielddescr>LINKS</fielddescr>
- <fieldname></fieldname>
- <description><![CDATA[<a href="/firewall_aliases.php">Firewall Alias</a> &nbsp;&nbsp;&nbsp; <a href="/firewall_rules.php">Firewall Rules</a> &nbsp;&nbsp;&nbsp; <a href="diag_logs_filter.php">Firewall Logs</a>]]>
+ <description><![CDATA[<a href="/firewall_aliases.php">Firewall Alias</a> &nbsp;&nbsp;&nbsp;
+ <a href="/firewall_rules.php">Firewall Rules</a> &nbsp;&nbsp;&nbsp; <a href="diag_logs_filter.php">Firewall Logs</a>]]>
</description>
<type>info</type>
</field>
- <field>
- <fielddescr><![CDATA[<br /><strong>IPv4</strong><br />Countries]]></fielddescr>
+ <field>
<fieldname>countries4</fieldname>
- <description>
- <![CDATA[Select IPv4 Countries you want to take an action on.<br />
- <strong>Use CTRL + CLICK to unselect countries</strong>]]>
- </description>
+ <fielddescr><![CDATA[<strong><center>Countries</center></strong><br />
+ <center>Use CTRL + CLICK to unselect countries</center>]]>
+ </fielddescr>
<type>select</type>
<options>
${'options4'}
</options>
<size>${'ftotal4'}</size>
<multiple/>
+
+EOF;
+
+// Adjust combinefields variable if IPv6 is empty.
+if (!empty (${'options6'})) {
+ $xml .= <<<EOF
+ <description><![CDATA[<center><br />IPv4 Countries</center>]]></description>
+ <usecolspan2/>
+ <combinefields>begin</combinefields>
</field>
EOF;
+} else {
+ $xml .= <<<EOF
+ <description><![CDATA[<br />IPv4 Countries]]></description>
+ </field>
+
+EOF;
+}
// Skip IPv6 when Null data found
if (!empty (${'options6'})) {
$xml .= <<<EOF
<field>
- <fielddescr><![CDATA[<br /><strong>IPv6</strong><br />Countries]]></fielddescr>
<fieldname>countries6</fieldname>
- <description>
- <![CDATA[Select IPv6 Countries you want to take an action on.<br />
- <strong>Use CTRL + CLICK to unselect countries</strong>]]>
- </description>
+ <description><![CDATA[<br /><center>IPv6 Countries</center>]]></description>
<type>select</type>
<options>
${'options6'}
</options>
<size>${'ftotal6'}</size>
<multiple/>
+ <usecolspan2/>
+ <dontdisplayname/>
+ <combinefields>end</combinefields>
</field>
EOF;
@@ -870,7 +814,7 @@ EOF;
$xml .= <<<EOF
<field>
<fielddescr>List Action</fielddescr>
- <description><![CDATA[<br />Default : <strong>Disabled</strong><br /><br />
+ <description><![CDATA[<br />Default: <strong>Disabled</strong><br /><br />
Select the <strong>Action</strong> for Firewall Rules on lists you have selected.<br /><br />
<strong><u>'Disabled' Rules:</u></strong> Disables selection and does nothing to selected Alias.<br /><br />
@@ -901,7 +845,7 @@ $xml .= <<<EOF
<li>'Alias Permit' and 'Alias Match' will be saved in the Same folder as the other Permit/Match Auto-Rules</li><br />
<li>'Alias Native' lists are kept in their Native format without any modifications.</li></ul>
<strong>When using 'Alias' rules, change (pfB_) to ( pfb_ ) in the beginning of rule description and use the 'Exact' spelling of
- the Alias (no trailing Whitespace)&nbsp;</strong> Custom 'Alias' rules with 'pfB_ xxx' description will be removed by package if
+ the Alias (no trailing Whitespace)</strong> Custom 'Alias' rules with 'pfB_ xxx' description will be removed by package if
using Auto Rule Creation.<br /><br /><strong>Tip</strong>: You can create the Auto Rules and remove "<u>auto rule</u>" from the Rule
Descriptions, then disable Auto Rules. This method will 'KEEP' these rules from being 'Deleted' which will allow editing for a Custom
Alias Configuration<br />]]>
@@ -928,9 +872,10 @@ $xml .= <<<EOF
<field>
<fielddescr>Enable Logging</fielddescr>
<fieldname>aliaslog</fieldname>
- <description><![CDATA[Default:<strong>Enable</strong><br />
+ <description><![CDATA[Default: <strong>Enable</strong><br />
Select - Logging to Status: System Logs: FIREWALL ( Log )<br />
- This can be overriden by the 'Global Logging' Option in the General Tab.]]></description>
+ This can be overriden by the 'Global Logging' Option in the General Tab.]]>
+ </description>
<type>select</type>
<options>
<option><name>Enable</name><value>enabled</value></option>
@@ -938,9 +883,87 @@ $xml .= <<<EOF
</options>
</field>
<field>
- <name><![CDATA[<ul>Click to SAVE Settings and/or Rule Edits. &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Changes are Applied via CRON or
- 'Force Update'</ul>]]>
- </name>
+ <name>Advanced Inbound Firewall Rule Settings</name>
+ <type>listtopic</type>
+ </field>
+ <field>
+ <type>info</type>
+ <description><![CDATA[<font color='red'>Note: </font>In general Auto-Rules are created as follows:<br />
+ <ul>Inbound &nbsp;&nbsp;- 'any' port, 'any' protocol and 'any' destination<br />
+ Outbound - 'any' port, 'any' protocol and 'any' destination address in the lists</ul>
+ Configuring the Adv. Inbound Rule settings, will allow for more customization of the Inbound Auto-Rules.<br />
+ <strong>Select the pfSense 'Port' and/or 'Destination' Alias below:</strong>]]>
+ </description>
+ </field>
+ <field>
+ <fieldname>autoports</fieldname>
+ <fielddescr>Enable Custom Port</fielddescr>
+ <type>checkbox</type>
+ <enablefields>aliasports</enablefields>
+ <usecolspan2/>
+ <combinefields>begin</combinefields>
+ </field>
+ <field>
+ <fielddescr>Define Alias</fielddescr>
+ <fieldname>aliasports</fieldname>
+ <description><![CDATA[<a href="/firewall_aliases.php?tab=port">Click Here to add/edit Aliases</a>
+ Do not manually enter port numbers. <br />Do not use 'pfB_' in the Port Alias name.]]>
+ </description>
+ <size>21</size>
+ <type>aliases</type>
+ <typealiases>port</typealiases>
+ <dontdisplayname/>
+ <usecolspan2/>
+ <combinefields>end</combinefields>
+ </field>
+ <field>
+ <fieldname>autodest</fieldname>
+ <fielddescr>Enable Custom Destination</fielddescr>
+ <type>checkbox</type>
+ <enablefields>aliasdest,autonot</enablefields>
+ <usecolspan2/>
+ <combinefields>begin</combinefields>
+ </field>
+ <field>
+ <fieldname>aliasdest</fieldname>
+ <description><![CDATA[<a href="/firewall_aliases.php?tab=ip">Click Here to add/edit Aliases</a>
+ Do not manually enter Addresses(es). <br />Do not use 'pfB_' in the 'IP Network Type' Alias name.]]>
+ </description>
+ <size>21</size>
+ <type>aliases</type>
+ <typealiases>network</typealiases>
+ <dontdisplayname/>
+ <usecolspan2/>
+ <combinefields/>
+ </field>
+ <field>
+ <fielddescr>Invert</fielddescr>
+ <fieldname>autonot</fieldname>
+ <description><![CDATA[<div style="padding-left: 22px;"><strong>Invert</strong> - Option to invert the sense of the match.<br />
+ ie - Not (!) Destination Address(es)</div>]]>
+ </description>
+ <type>checkbox</type>
+ <dontdisplayname/>
+ <usecolspan2/>
+ <combinefields>end</combinefields>
+ </field>
+ <field>
+ <fielddescr>Custom Protocol</fielddescr>
+ <fieldname>autoproto</fieldname>
+ <description><![CDATA[<strong>Default: any</strong><br />Select the Protocol used for Inbound Firewall Rule(s).]]></description>
+ <type>select</type>
+ <options>
+ <option><name>any</name><value></value></option>
+ <option><name>TCP</name><value>tcp</value></option>
+ <option><name>UDP</name><value>udp</value></option>
+ <option><name>TCP/UDP</name><value>tcp/udp</value></option>
+ </options>
+ <size>4</size>
+ <default_value></default_value>
+ </field>
+ <field>
+ <name><![CDATA[<center>Click to SAVE Settings and/or Rule Edits. &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Changes are Applied via CRON or
+ 'Force Update'</center>]]></name>
<type>listtopic</type>
</field>
</fields>
@@ -1042,6 +1065,7 @@ $xmlrep = <<<EOF
<version>1.0</version>
<title>pfBlockerNG: IPv4 Reputation</title>
<include_file>/usr/local/pkg/pfblockerng/pfblockerng.inc</include_file>
+ <addedit_string>pfBlockerNG: Save Reputation Settings</addedit_string>
<menu>
<name>pfBlockerNG</name>
<tooltiptext>Configure pfblockerNG</tooltiptext>
@@ -1122,14 +1146,13 @@ $xmlrep = <<<EOF
</field>
<field>
<fielddescr>LINKS</fielddescr>
- <fieldname></fieldname>
- <description><![CDATA[<a href="/firewall_aliases.php">Firewall Alias</a> &nbsp;&nbsp;&nbsp; <a href="/firewall_rules.php">Firewall Rules</a> &nbsp;&nbsp;&nbsp; <a href="diag_logs_filter.php">Firewall Logs</a>]]>
+ <description><![CDATA[<a href="/firewall_aliases.php">Firewall Alias</a> &nbsp;&nbsp;&nbsp;
+ <a href="/firewall_rules.php">Firewall Rules</a> &nbsp;&nbsp;&nbsp; <a href="diag_logs_filter.php">Firewall Logs</a>]]>
</description>
<type>info</type>
</field>
<field>
<fielddescr><![CDATA[<strong>Why Reputation Matters:</strong>]]></fielddescr>
- <fieldname></fieldname>
<type>info</type>
<description><![CDATA[By Enabling '<strong>Reputation</strong>', each Blocklist will be analyzed for Repeat Offenders in each IP Range.
<ul>Example: &nbsp;&nbsp; x.x.x.1, x.x.x.2, x.x.x.3, x.x.x.4, x.x.x.5<br />
@@ -1150,7 +1173,6 @@ $xmlrep = <<<EOF
<type>listtopic</type>
</field>
<field>
- <fieldname></fieldname>
<fielddescr><![CDATA[<br /><strong>Individual List Reputation</strong><br /><br />]]></fielddescr>
<type>info</type>
<description></description>
@@ -1177,13 +1199,11 @@ $xmlrep = <<<EOF
</options>
</field>
<field>
- <fieldname></fieldname>
<fielddescr><![CDATA[<br /><strong>Collective List Reputation</strong><br /><br />]]></fielddescr>
<type>info</type>
<description></description>
</field>
<field>
- <fieldname></fieldname>
<type>info</type>
<description><![CDATA[Once all Blocklists are Downloaded, these two 'additional' processes <strong>[ pMax ] and [ dMax ]</strong><br />
Can be used to Further analyze for Repeat Offenders.<br />
@@ -1244,7 +1264,6 @@ $xmlrep = <<<EOF
<type>listtopic</type>
</field>
<field>
- <fieldname>INFO</fieldname>
<type>info</type>
<description><![CDATA[When performing Queries for Repeat Offenders, you can choose to <strong>ignore</strong> Repeat Offenders in select
Countries. The Original Blocklisted IPs remain intact. All other Repeat Offending Country Ranges will be processed.<br /><br />
@@ -1286,7 +1305,7 @@ $xmlrep = <<<EOF
</field>
<field>
<fielddescr><![CDATA[<br /><strong>IPv4</strong><br />Country Exclusion<br />
- <br />Geolite Data by:<br />MaxMind Inc.&nbsp;&nbsp;(ISO 3166)]]></fielddescr>
+ <br />Geolite Data by: <br />MaxMind Inc.&nbsp;&nbsp;(ISO 3166)]]></fielddescr>
<fieldname>ccexclude</fieldname>
<description>
<![CDATA[Select Countries you want to <strong>Exclude</strong> from the Reputation Process.<br />
@@ -1305,7 +1324,6 @@ $xmlrep = <<<EOF
</field>
<field>
<fielddescr>Subscription Pro. Blocklist</fielddescr>
- <fieldname>ETINFO</fieldname>
<type>info</type>
<description><![CDATA[<strong>Emerging Threats IQRisk</strong> is a Subscription Professional Reputation List.<br /><br />
ET IQRisk Blocklist must be entered in the Lists Tab using the following example:
@@ -1429,7 +1447,7 @@ $xmlrep = <<<EOF
<field>
<fielddescr>Update ET Categories</fielddescr>
<fieldname>et_update</fieldname>
- <description><![CDATA[Default:<strong>Disable</strong><br />
+ <description><![CDATA[Default: <strong>Disable</strong><br />
Select - Enable ET Update if Category Changes are Made.<br />
You can perform a 'Force Update' to enable these changes.<br />
Cron will also resync this list at the next Scheduled Update.]]>
@@ -1441,8 +1459,8 @@ $xmlrep = <<<EOF
</options>
</field>
<field>
- <name><![CDATA[<ul>Click to SAVE Settings and/or Rule Edits. &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Changes are Applied via CRON or
- 'Force Update'</ul>]]></name>
+ <name><![CDATA[<center>Click to SAVE Settings and/or Rule Edits. &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Changes are Applied via CRON or
+ 'Force Update'</center>]]></name>
<type>listtopic</type>
</field>
</fields>
diff --git a/config/pfblockerng/pfblockerng.priv.inc b/config/pfblockerng/pfblockerng.priv.inc
index 970ab25f..97cf6288 100644
--- a/config/pfblockerng/pfblockerng.priv.inc
+++ b/config/pfblockerng/pfblockerng.priv.inc
@@ -8,8 +8,6 @@ $priv_list['page-firewall-pfblockerng']['descr'] = "Allow access to pfBlockerNG
$priv_list['page-firewall-pfblockerng']['match'] = array();
$priv_list['page-firewall-pfblockerng']['match'][] = "pkg_edit.php?xml=pfblockerng.xml*";
$priv_list['page-firewall-pfblockerng']['match'][] = "pkg_edit.php?xml=pfblockerng/pfblockerng_reputation.xml*";
-$priv_list['page-firewall-pfblockerng']['match'][] = "pkg_edit.php?xml=pfblockerng/pfblockerng_v4lists.xml*";
-$priv_list['page-firewall-pfblockerng']['match'][] = "pkg_edit.php?xml=pfblockerng/pfblockerng_v6lists.xml*";
$priv_list['page-firewall-pfblockerng']['match'][] = "pkg_edit.php?xml=pfblockerng/pfblockerng_top20.xml*";
$priv_list['page-firewall-pfblockerng']['match'][] = "pkg_edit.php?xml=pfblockerng/pfblockerng_Africa.xml*";
$priv_list['page-firewall-pfblockerng']['match'][] = "pkg_edit.php?xml=pfblockerng/pfblockerng_Asia.xml*";
@@ -19,6 +17,10 @@ $priv_list['page-firewall-pfblockerng']['match'][] = "pkg_edit.php?xml=pfblocker
$priv_list['page-firewall-pfblockerng']['match'][] = "pkg_edit.php?xml=pfblockerng/pfblockerng_SouthAmerica.xml*";
$priv_list['page-firewall-pfblockerng']['match'][] = "pkg_edit.php?xml=pfblockerng/pfblockerng_ProxyandSatellite.xml*";
$priv_list['page-firewall-pfblockerng']['match'][] = "pkg_edit.php?xml=pfblockerng/pfblockerng_sync.xml*";
+
+$priv_list['page-firewall-pfblockerng']['match'][] = "pkg.php?xml=pfblockerng/pfblockerng_v4lists.xml*";
+$priv_list['page-firewall-pfblockerng']['match'][] = "pkg.php?xml=pfblockerng/pfblockerng_v6lists.xml*";
+
$priv_list['page-firewall-pfblockerng']['match'][] = "pfblockerng/pfblockerng_update.php*";
$priv_list['page-firewall-pfblockerng']['match'][] = "pfblockerng/pfblockerng_alerts.php*";
$priv_list['page-firewall-pfblockerng']['match'][] = "pfblockerng/pfblockerng_log.php*";
diff --git a/config/pfblockerng/pfblockerng.sh b/config/pfblockerng/pfblockerng.sh
index ba0c908b..fcfbcae1 100644
--- a/config/pfblockerng/pfblockerng.sh
+++ b/config/pfblockerng/pfblockerng.sh
@@ -24,7 +24,7 @@ fi
now=$(/bin/date +%m/%d/%y' '%T)
-# Application Paths
+# Application Locations
pathgrepcidr="${prefix}/bin/grepcidr"
pathgeoip="${prefix}/bin/geoiplookup"
@@ -165,7 +165,7 @@ fi
if [ -s "$matchfile" -a ! "$dedup" == "on" -a "$ccwhite" == "match" ]; then
mon=$(sed -e 's/^/^/' -e 's/\./\\\./g' $matchfile)
for ip in $mon; do
- grep $ip $tempfile >> $tempfile2
+ grep $ip $tempfile >> $tempfile2
done
mcount=$(grep -c ^ $tempfile2)
if [ "$ccwhite" == "match" ]; then
@@ -372,7 +372,7 @@ if [ -e "$pfbsuppression" ] && [ -s "$pfbsuppression" ]; then
fi
else
if [ "$cc" == "suppressheader" ]; then
- echo "===[ Suppression Stats ]========================================"; echo
+ echo; echo "===[ Suppression Stats ]========================================"; echo
printf "%-20s %-10s %-10s %-10s %-10s\n" "List" "Pre" "RFC1918" "Suppress" "Masterfile"
echo "----------------------------------------------------------------"
exitnow
@@ -675,7 +675,6 @@ if [ -s $pfborig$alias".gz" ]; then
$pathgunzip -c $pfborig$alias".gz" > $pfborig$alias".raw"
# ET CSV Format (IP, Category, Score)
- echo; echo "Processing [ $alias ]"
while IFS="," read a b c; do
# Some ET Categories are not in use (For Future Use)
case "$b" in
@@ -724,7 +723,7 @@ if [ -s $pfborig$alias".gz" ]; then
esac
done <"$pfborig$alias.raw"
data=$(ls $etdir)
- echo "Compiling ET IP IQRisk REP Lists based upon User Selected Categories"
+ echo; echo "Compiling ET IP IQRisk REP Lists based upon User Selected Categories"
printf "%-10s %-25s\n" " Action" "Category"
echo "-------------------------------------------"
@@ -795,7 +794,7 @@ if [ "$alias" == "on" ]; then
sort -o $masterfile $masterfile
sort -t . -k 1,1n -k 2,2n -k 3,3n -k 4,4n $mastercat > $tempfile; mv -f $tempfile $mastercat
- echo; echo; echo "===[ FINAL Processing ]====================================="; echo
+ echo; echo "===[ FINAL Processing ]====================================="; echo
echo " [ Original count ] [ $fcount ]"
count=$(grep -c ^ $masterfile)
echo; echo " [ Processed Count ] [ $count ]"; echo
@@ -976,4 +975,4 @@ case $1 in
exitnow
;;
esac
-exitnow
+exitnow \ No newline at end of file
diff --git a/config/pfblockerng/pfblockerng.widget.php b/config/pfblockerng/pfblockerng.widget.php
index 229e084b..c9522cd7 100644
--- a/config/pfblockerng/pfblockerng.widget.php
+++ b/config/pfblockerng/pfblockerng.widget.php
@@ -15,7 +15,7 @@
snort_alerts.widget.php
Copyright (C) 2009 Jim Pingle
mod 24-07-2012
- mod 28-02-2014 by Bill Meeks
+ mod 28-02-2015 by Bill Meeks
Javascript and Integration modifications by J. Nieuwenhuizen
@@ -42,58 +42,268 @@
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
*/
-
+$nocsrf = true;
@require_once("/usr/local/www/widgets/include/widget-pfblockerng.inc");
@require_once("/usr/local/pkg/pfblockerng/pfblockerng.inc");
@require_once("guiconfig.inc");
-@require_once("globals.inc");
-@require_once("pfsense-utils.inc");
-@require_once("functions.inc");
pfb_global();
-// Ackwnowlege Failed Downloads
+// Image source definition
+$pfb['down'] = "<img src ='/themes/{$g['theme']}/images/icons/icon_interface_down.gif' title='No Rules are Defined using this Alias' alt='' />";
+$pfb['up'] = "<img src ='/themes/{$g['theme']}/images/icons/icon_interface_up.gif' title='Rules are Defined using this Alias (# of fw rules defined)' alt='' />";
+$pfb['err'] = "<img src ='/themes/{$g['theme']}/images/icons/icon_wzd_nsaved.png' title='pf Errors found.' alt='' />";
+
+// Alternating line shading
+$pfb['RowOddClass'] = "style='background-color: #FFFFFF;'";
+$pfb['RowEvenClass'] = "style='background-color: #F0F0F0;'";
+$pfb['RowEvenClass2'] = "style='background-color: #D0D0D0;'";
+$pfb['ColClass'] = "listMRr";
+
+$pfb['global'] = &$config['installedpackages']['pfblockerngglobal'];
+
+// Define default widget customizations
+if (!isset($pfb['global']['widget-maxfails'])) {
+ $pfb['global']['widget-maxfails'] = '3';
+}
+if (!isset($pfb['global']['widget-maxpivot'])) {
+ $pfb['global']['widget-maxpivot'] = '200';
+}
+if (!isset($pfb['global']['widget-sortcolumn'])) {
+ $pfb['global']['widget-sortcolumn'] = 'none';
+}
+if (!isset($pfb['global']['widget-sortdir'])) {
+ $pfb['global']['widget-sortdir'] = 'asc';
+}
+if (!isset($pfb['global']['widget-popup'])) {
+ $pfb['global']['widget-popup'] = 'on';
+}
+
+// Collect variables
+if (is_array($pfb['global'])) {
+ $pfb['maxfails'] = $pfb['global']['widget-maxfails'];
+ $pfb['maxpivot'] = $pfb['global']['widget-maxpivot'];
+ $pfb['sortcolumn'] = $pfb['global']['widget-sortcolumn'];
+ $pfb['sortdir'] = $pfb['global']['widget-sortdir'];
+ $pfb['popup'] = $pfb['global']['widget-popup'];
+}
+
+// Save widget customizations
+if ($_POST) {
+ if (is_numeric($_POST['pfb_maxfails'])) {
+ $pfb['global']['widget-maxfails'] = $_POST['pfb_maxfails'];
+ }
+ if (is_numeric($_POST['pfb_maxpivot'])) {
+ $pfb['global']['widget-maxpivot'] = $_POST['pfb_maxpivot'];
+ }
+ if (!empty($_POST['pfb_popup'])) {
+ $pfb['global']['widget-popup'] = $_POST['pfb_popup'];
+ }
+ if (!empty($_POST['pfb_sortcolumn'])) {
+ $pfb['global']['widget-sortcolumn'] = $_POST['pfb_sortcolumn'];
+ }
+ if (!empty($_POST['pfb_sortdir'])) {
+ $pfb['global']['widget-sortdir'] = $_POST['pfb_sortdir'];
+ }
+ write_config("pfBlockerNG: Saved Widget customizations via Dashboard");
+ header("Location: ../../index.php");
+}
+
+// Ackwnowlege failed downloads
if (isset($_POST['pfblockerngack'])) {
- $clear = exec("/usr/bin/sed -i '' 's/FAIL/Fail/g' {$pfb['errlog']}");
+ exec("/usr/bin/sed -i '' 's/FAIL/Fail/g' {$pfb['errlog']}");
header("Location: ../../index.php");
}
-// This function will create the counts
-function pfBlockerNG_get_counts() {
- global $config, $g, $pfb;
+// Called by Ajax to update table contents
+if (isset($_GET['getNewCounts'])) {
+ pfBlockerNG_get_table("js");
+ return;
+}
- // Collect Alias Count and Update Date/Time
+// Sort widget table according to user configuration
+function pfbsort(&$array, $subkey="id", $sort_ascending=FALSE) {
+ if (empty($array)) {
+ return;
+ }
+ if (count($array)) {
+ $temp_array[key($array)] = array_shift($array);
+ }
+
+ foreach ($array as $key => $val) {
+ $offset = 0;
+ $found = FALSE;
+ foreach ($temp_array as $tmp_key => $tmp_val) {
+ if (!$found and strtolower($val[$subkey]) > strtolower($tmp_val[$subkey])) {
+ $temp_array = array_merge((array)array_slice($temp_array,0,$offset), array($key => $val), array_slice($temp_array,$offset));
+ $found = TRUE;
+ }
+ $offset++;
+ }
+ if (!$found) {
+ $temp_array = array_merge($temp_array, array($key => $val));
+ }
+ }
+
+ if ($sort_ascending) {
+ $array = array_reverse($temp_array);
+ } else {
+ $array = $temp_array;
+ }
+ return;
+}
+
+// Collect all pfBlockerNG statistics
+function pfBlockerNG_get_counts() {
+ global $config, $pfb;
$pfb_table = array();
- $out = "<img src ='/themes/{$g['theme']}/images/icons/icon_interface_down.gif' title=\"No Rules are Defined using this Alias\" alt=\"\" />";
- $in = "<img src ='/themes/{$g['theme']}/images/icons/icon_interface_up.gif' title=\"Rules are Defined using this Alias\" alt=\"\" />";
- if (is_array($config['aliases']['alias'])) {
- foreach ($config['aliases']['alias'] as $cbalias) {
- if (preg_match("/pfB_/", $cbalias['name'])) {
- if (file_exists("{$pfb['aliasdir']}/{$cbalias['name']}.txt")) {
- preg_match("/(\d+)/", exec("/usr/bin/grep -cv \"^1\.1\.1\.1\" {$pfb['aliasdir']}/{$cbalias['name']}.txt"), $matches);
- $pfb_table[$cbalias['name']] = array("count" => $matches[1], "img" => $out);
- $updates = exec("ls -ld {$pfb['aliasdir']}/{$cbalias['name']}.txt | awk '{ print $6,$7,$8 }'", $update);
- $pfb_table[$cbalias['name']]['up'] = $updates;
+
+ /* Alias Table Definitions - 'update' - Last Updated Timestamp
+ 'rule' - Total number of Firewall rules per alias
+ 'count' - Total Line Count per alias
+ 'packets' - Total number of pf packets per alias */
+
+ exec("/sbin/pfctl -vvsTables | grep -A4 'pfB_'", $pfb_pfctl);
+ if (!empty($pfb_pfctl)) {
+ foreach($pfb_pfctl as $line) {
+ $line = trim(str_replace(array( '[', ']' ), '', $line));
+ if (substr($line, 0, 1) == '-') {
+ $pfb_alias = trim(strstr($line, 'pfB', FALSE));
+ if (empty($pfb_alias)) {
+ unset($pfb_alias);
+ continue;
+ }
+ exec("/usr/bin/grep -cv '^1\.1\.1\.1' {$pfb['aliasdir']}/{$pfb_alias}.txt", $match);
+ $pfb_table[$pfb_alias] = array('count' => $match[1], 'img' => $pfb['down']);
+ exec("ls -ld {$pfb['aliasdir']}/{$pfb_alias}.txt | awk '{ print $6,$7,$8 }'", $update);
+ $pfb_table[$pfb_alias]['update'] = $update[0];
+ $pfb_table[$pfb_alias]['rule'] = 0;
+ unset($match, $update);
+ continue;
+ }
+
+ if (isset($pfb_alias)) {
+ if (substr($line, 0, 9) == 'Addresses') {
+ $addr = trim(substr(strrchr($line, ':'), 1));
+ $pfb_table[$pfb_alias]['count'] = $addr;
+ continue;
+ }
+ if (substr($line, 0, 11) == 'Evaluations') {
+ $packets = trim(substr(strrchr($line, ':'), 1));
+ $pfb_table[$pfb_alias]['packets'] = $packets;
+ unset($pfb_alias);
}
}
}
}
+ else {
+ // Error. No pf labels found.
+ $pfb['pfctl'] = TRUE;
+ }
- // Collect if Rules are defined using pfBlockerNG Aliases.
+ // Determine if firewall rules are defined
if (is_array($config['filter']['rule'])) {
foreach ($config['filter']['rule'] as $rule) {
- if (preg_match("/pfB_/",$rule['source']['address']) || preg_match("/pfb_/",$rule['source']['address'])) {
- $pfb_table[$rule['source']['address']]['img'] = $in;
+ // Skip disabled rules
+ if (isset($rule['disabled'])) {
+ continue;
+ }
+ if (stripos($rule['source']['address'], "pfb_") !== FALSE) {
+ $pfb_table[$rule['source']['address']]['img'] = $pfb['up'];
+ $pfb_table[$rule['source']['address']]['rule'] += 1;
}
- if (preg_match("/pfB_/",$rule['destination']['address']) || preg_match("/pfb_/",$rule['destination']['address'])) {
- $pfb_table[$rule['destination']['address']]['img'] = $in;
+ if (stripos($rule['destination']['address'], "pfb_") !== FALSE) {
+ $pfb_table[$rule['destination']['address']]['img'] = $pfb['up'];
+ $pfb_table[$rule['destination']['address']]['rule'] += 1;
}
}
- return $pfb_table;
}
+
+ // Collect packet fence rule numbers
+ exec("/sbin/pfctl -vv -sr | grep 'pfB_'", $pfrules);
+ if (!empty($pfrules)) {
+ foreach ($pfrules as $result) {
+ // Sample : @112(0) block return in log quick on em1 from any to <pfB_PRI1:160323> label "USER_RULE: pfB_PRI1"
+ if (preg_match("/@(\d+)\(\d+\).*\<(pfB_\w+):\d+\>/", $result, $rule)) {
+ $pfb_table[$rule[2]]['rules'] .= $rule[1] . '|';
+ }
+ }
+ }
+
+ // Sort tables per sort customization
+ if ($pfb['sortcolumn'] != "none") {
+ if ($pfb['sortdir'] == "asc") {
+ pfbsort($pfb_table, $pfb['sortcolumn'], TRUE);
+ } else {
+ pfbsort($pfb_table, $pfb['sortcolumn'], FALSE);
+ }
+ }
+ return $pfb_table;
}
-// Status Indicator if pfBlockerNG is Enabled/Disabled
+// Called on initial load and Ajax to update table contents
+function pfBlockerNG_get_table($mode="") {
+ global $pfb;
+ $counter = 0; $dcounter = 1; $response = '';
+
+ $pfb_table = pfBlockerNG_get_counts();
+ if (!empty($pfb_table)) {
+ foreach ($pfb_table as $pfb_alias => $values) {
+ // Add firewall rules count associated with alias
+ $values['img'] = $values['img'] . "<span title='Alias Firewall Rule count' ><small>({$values['rule']})</small></span>";
+
+ // If packet fence errors found, display error.
+ if ($pfb['pfctl']) {
+ $values['img'] = $pfb['err'];
+ }
+
+ // Alias table popup
+ if ($values['count'] > 0 && $pfb['popup'] == "on") {
+ $alias_popup = rule_popup($pfb_alias, '', '', '');
+ $alias_span = $alias_popup['src'];
+ $alias_span_end = $alias_popup['src_end'];
+ }
+ else {
+ $alias_span = '';
+ $alias_span_end = '';
+ }
+
+ // Packet column pivot to Alerts Tab
+ if ($values['packets'] > 0) {
+ $rules = rtrim($values['rules'], '|');
+ if ($values['packets'] > $pfb['maxpivot']) {
+ $aentries = $pfb['maxpivot'];
+ } else {
+ $aentries = $values['packets'];
+ }
+
+ $packets = "<a target='_new' href='/pfblockerng/pfblockerng_alerts.php?rule={$rules}&entries={$aentries}' ";
+ $packets .= "style='text-decoration: underline;' title='Click to view these packets in Alerts tab' >{$values['packets']}</a>";
+ }
+ else {
+ $packets = $values['packets'];
+ }
+
+ if ($mode == "js") {
+ echo $response = $alias_span . $pfb_alias . $alias_span_end . "||" . $values['count'] . "||" . $packets . "||" . $values['update']
+ . "||" . $values['img'] . "\n";
+ }
+ else {
+ $RowClass = $counter % 2 ? $pfb['RowEvenClass'] : $pfb['RowOddClass'];
+ $counter++;
+ echo (" <tr {$RowClass}>
+ <td class='listMRr ellipsis'>" . $alias_span . $pfb_alias . $alias_span_end . "</td>
+ <td class='listMRr' align='center'>{$values['count']}</td>
+ <td class='listMRr' sorttable_customkey='{$values['packets']}' align='center'>{$packets}</td>
+ <td class='listMRr' align='center'>{$values['update']}</td>
+ <td class='listMRr' align='center'>{$values['img']}</td>
+ </tr>");
+ }
+ }
+ }
+}
+
+// Status indicator if pfBlockerNG is enabled/disabled
if ("{$pfb['enable']}" == "on") {
$pfb_status = "/themes/{$g['theme']}/images/icons/icon_pass.gif";
$pfb_msg = "pfBlockerNG is Active.";
@@ -102,70 +312,78 @@ if ("{$pfb['enable']}" == "on") {
$pfb_msg = "pfBlockerNG is Disabled.";
}
-// Collect Total IP/Cidr Counts
+// Collect total IP/Cidr counts
$dcount = exec("cat {$pfb['denydir']}/*.txt | grep -cv '^#\|^$\|^1\.1\.1\.1'");
$pcount = exec("cat {$pfb['permitdir']}/*.txt | grep -cv '^#\|^$\|^1\.1\.1\.1'");
$mcount = exec("cat {$pfb['matchdir']}/*.txt | grep -cv '^#\|^$\|^1\.1\.1\.1'");
$ncount = exec("cat {$pfb['nativedir']}/*.txt | grep -cv '^#\|^$\|^1\.1\.1\.1'");
-// Collect Number of Suppressed Hosts
+// Collect number of suppressed hosts
if (file_exists("{$pfb['supptxt']}")) {
$pfbsupp_cnt = exec ("/usr/bin/grep -c ^ {$pfb['supptxt']}");
} else {
$pfbsupp_cnt = 0;
}
-#check rule count
-#(label, evaluations,packets total, bytes total, packets in, bytes in,packets out, bytes out)
-$packets = exec("/sbin/pfctl -s labels", $debug);
-if (!empty($debug)) {
- foreach ($debug as $line) {
- // Auto-Rules start with 'pfB_', Alias Rules should start with 'pfb_' and exact spelling of Alias Name.
- $line = str_replace("pfb_","pfB_",$line);
- if ("{$pfb['pfsenseversion']}" >= '2.2') {
- #USER_RULE: pfB_Top auto rule 8494 17 900 17 900 0 0 0
- if (preg_match("/USER_RULE: (\w+).*\s+\d+\s+(\d+)\s+\d+\s+\d+\s+\d+\s+\d+\s+\d+\s+\d+/", $line, $matches)) {
- if (isset($matches)) {
- ${$matches[1]}+=$matches[2];
- } else {
- ${$matches[1]} = 'Err';
- }
- }
- } else {
- #USER_RULE: pfB_Top auto rule 1656 0 0 0 0 0 0
- if (preg_match("/USER_RULE: (\w+).*\s+\d+\s+(\d+)\s+\d+\s+\d+\s+\d+\s+\d+\s+\d+/", $line, $matches)) {
- if (isset($matches)) {
- ${$matches[1]}+=$matches[2];
- } else {
- ${$matches[1]} = 'Err';
- }
- }
- }
- }
-}
+// Collect any failed downloads
+exec("grep $(date +%m/%d/%y) {$pfb['errlog']} | grep 'FAIL'", $results);
+$results = array_reverse($results);
-// Called by Ajax to update alerts table contents
-if (isset($_GET['getNewCounts'])) {
- $response = "";
- $pfb_table = pfBlockerNG_get_counts();
- if (!empty($pfb_table)) {
- foreach ($pfb_table as $alias => $values){
- if (!isset(${$alias})) { ${$alias} = "-";}
- $response .= $alias . "||" . $values['count'] . "||" . ${$alias} . "||" . $values['up'] . "||" . $values['img'] . "\n";
- }
- echo $response;
- return;
- }
-}
+?>
+ <!-- Widget customization settings icon -->
+ <input type="hidden" id="pfblockerng-config" name="pfblockerng-config" value="" />
+ <div id="pfblockerng-settings" class="widgetconfigdiv" style="display:none;outline: none;">
+ <form action="/widgets/widgets/pfblockerng.widget.php" method="post" name="pfb_iform">
+ <table id="widgettable" class="none" width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td width="22%" class="vncellt" valign="top" align="right" ><input type="checkbox" name="pfb_popup" class="formfld unknown" id="pfb_popup"
+ title="Enabling this option, will Popup a Table showing all of the Alias Table IPs"
+ value="on" <?php if ($pfb['popup'] == "on") echo 'checked'; ?> /></td>
+ <td width="78%" class="listr" ><?=gettext("Enable Alias Table Popup");?></td>
+ </tr>
+ <tr>
+ <td width="22%" class="vncellt" valign="top" ><input type="text" size="3" name="pfb_maxfails" class="formfld unknown" id="pfb_maxfails"
+ title="Tha maximum number of Failed Download Alerts to be shown. Refer to the error.log for add'l details"
+ value="<?= $pfb['maxfails'] ?>" /></td>
+ <td width="78%" class="listr" ><?=gettext("Enter number of download fails to display (default:3)");?></td>
+ </tr>
+ <tr>
+ <td width="22%" class="vncellt" valign="top" ><input type="text" size="3" name="pfb_maxpivot" class="formfld unknown" id="pfb_maxpivot"
+ title="The maximum number of Packets to pivot to the Alerts Tab"
+ value="<?= $pfb['maxpivot'] ?>" /></td>
+ <td width="78%" class="listr" ><?=gettext("Enter 'max' Packets for Alerts Tab pivot (default:200)");?></td>
+ </tr>
+ <tr>
+ <td width="22" class="vncellt" valign="top" >
+ <select name="pfb_sortcolumn" id="pfb_sortcolumn" class="formselect" title="The Column to be sorted" >
+ <?php
+ $pfbsort = array( 'none' => 'None', 'alias' => 'Alias', 'count' => 'Count',
+ 'packets' => 'Packets', 'updated' => 'Updated'
+ );
+ foreach ($pfbsort as $sort => $sorttype): ?>
+ <option value="<?=$sort; ?>" <?php if ($sort == $pfb['sortcolumn']) echo 'selected'; ?> ><?=$sorttype; ?></option>
+ <?php endforeach; ?>
+ </select></td>
+ <td width="78%" class="listr" ><?=gettext("Enter Sort Column");?></td>
+ </tr>
+ </table>
-// Report any Failed Downloads
-$results = array();
-$fails = exec("grep $(date +%m/%d/%y) {$pfb['errlog']} | grep 'FAIL'", $results);
+ <table id="widgettablesummary" width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td width="92%" class="vncellt" >&nbsp;<?=gettext("Sort");?>
+ <input name="pfb_sortdir" type="radio" value="asc" <?php if ($pfb['sortdir'] == "asc") echo 'checked'; ?> />
+ <?=gettext("Ascending");?>
+ <input name="pfb_sortdir" type="radio" value="des" <?php if ($pfb['sortdir'] == "des") echo 'checked'; ?> />
+ <?=gettext("Descending");?></td>
+ <td width="8%" class="vncellt" valign="top" ><input id="pfb_submit" name="pfb_submit" type="submit" class="formbtns" value="Save" /></td>
+ </tr>
+ </table>
+ </form>
+ </div>
-// Print widget Status Bar Items
-?>
+ <!-- Print widget status bar items -->
<div class="marinarea">
- <table border="0" cellspacing="0" cellpadding="0">
+ <table id="pfb_table" border="0" cellspacing="0" cellpadding="0">
<thead>
<tr>
<td valign="middle">&nbsp;<img src="<?= $pfb_status ?>" width="13" height="13" border="0" title="<?=gettext($pfb_msg) ?>" alt="" /></td>
@@ -187,12 +405,14 @@ $fails = exec("grep $(date +%m/%d/%y) {$pfb['errlog']} | grep 'FAIL'", $results)
<?=gettext("&nbsp;Supp:"); echo("&nbsp;<strong>" . $pfbsupp_cnt . "</strong>"); ?>
<?php endif; ?></td>
<td valign="middle">&nbsp;&nbsp;</td>
- <td valign="top"><a href="pfblockerng/pfblockerng_log.php"><img src="/themes/<?=$g['theme']; ?>/images/icons/icon_logs.gif" width="13" height="13" border="0" title="<?=gettext("View pfBlockerNG Logs TAB") ?>" alt="" /></a>&nbsp;
+ <td valign="top"><a href="pfblockerng/pfblockerng_log.php"><img src="/themes/<?=$g['theme']; ?>/images/icons/icon_logs.gif"
+ width="13" height="13" border="0" title="<?=gettext("View pfBlockerNG Logs TAB") ?>" alt="" /></a>&nbsp;
<td valign="top">
<?php if (!empty($results)): ?> <!--Hide "Ack" Button when Failed Downloads are Empty-->
<form action="/widgets/widgets/pfblockerng.widget.php" method="post" name="widget_pfblockerng_ack">
<input type="hidden" value="clearack" name="pfblockerngack" />
- <input class="vexpl" type="image" name="pfblockerng_ackbutton" src="/themes/<?=$g['theme']; ?>/images/icons/icon_x.gif" width="14" height="14" border="0" title="<?=gettext("Clear Failed Downloads") ?>"/>
+ <input class="vexpl" type="image" name="pfblockerng_ackbutton" src="/themes/<?=$g['theme']; ?>/images/icons/icon_x.gif"
+ width="14" height="14" border="0" title="<?=gettext("Clear Failed Downloads") ?>"/>
</form>
<?php endif; ?>
</td>
@@ -205,76 +425,53 @@ $fails = exec("grep $(date +%m/%d/%y) {$pfb['errlog']} | grep 'FAIL'", $results)
<tbody id="pfb-fails">
<?php
-if ("{$pfb['pfsenseversion']}" > '2.0') {
- $alertRowEvenClass = "listMReven";
- $alertRowOddClass = "listMRodd";
- $alertColClass = "listMRr";
-} else {
- $alertRowEvenClass = "listr";
- $alertRowOddClass = "listr";
- $alertColClass = "listr";
-}
-
-# Last errors first
-$results = array_reverse($results);
-
+// Report any failed downloads
$counter = 0;
-# Max errors to display
-$maxfailcount = 3;
if (!empty($results)) {
foreach ($results as $result) {
- $alertRowClass = $counter % 2 ? $alertRowEvenClass : $alertRowOddClass;
- if (!isset(${$alias})) { ${$alias} = "-";}
- echo(" <tr class='" . $alertRowClass . "'><td class='" . $alertColClass . "'>" . $result . "</td><tr>");
+ $RowClass = $counter % 2 ? $pfb['RowEvenClass'] : $pfb['RowOddClass'];
+ echo(" <tr " . $RowClass . "><td class='" . $pfb['ColClass'] . "'>" . $result . "</td><tr>");
$counter++;
- if ($counter > $maxfailcount) {
- # To many errors stop displaying
- echo(" <tr class='" . $alertRowClass . "'><td class='" . $alertColClass . "'>" . (count($results) - $maxfailcount) . " more error(s)...</td><tr>");
+ if ($counter > $pfb['maxfails']) {
+ // To many errors stop displaying
+ echo(" <tr " . $RowClass . "><td class='" . $pfb['ColClass'] . "'>" . (count($results) - $pfb['maxfails']) . " more error(s)...</td><tr>");
break;
}
}
}
-// Print Main Table Header
?>
+ <!-- Print main table header -->
</tbody>
</table>
- <table id="pfb-tbl" width="100%" border="0" cellspacing="0" cellpadding="0">
+ <table id="pfb-tbl" width="100%" class="sortable" border="0" cellspacing="0" cellpadding="0">
<thead>
- <tr>
- <th class="widgetsubheader" align="center"><?=gettext("Alias");?></th>
- <th title="The count can be a mixture of Single IPs or CIDR values" class="widgetsubheader" align="center"><?=gettext("Count");?></th>
- <th title="Packet Counts can be cleared by the pfSense filter_configure() function. Make sure Rule Descriptions start with 'pfB_'" class="widgetsubheader" align="center"><?=gettext("Packets");?></th>
- <th title="Last Update (Date/Time) of the Alias " class="widgetsubheader" align="center"><?=gettext("Updated");?></th>
- <th class="widgetsubheader" align="center"><?php echo $out; ?><?php echo $in; ?></th>
+ <tr class="sortableHeaderRowIdentifier">
+ <th class="widgetsubheader" axis="string" align="center"><?=gettext("Alias");?></th>
+ <th title="The count can be a mixture of Single IPs or CIDR values" class="widgetsubheader" axis="string"
+ align="center"><?=gettext("Count");?></th>
+ <th title="Packet Counts can be cleared by the pfSense filter_configure() function. Make sure Rule Descriptions start with 'pfB_'"
+ class="widgetsubheader" axis="string" align="center"><?=gettext("Packets");?></th>
+ <th title="Last Update (Date/Time) of the Alias " class="widgetsubheader" axis="string" align="center"><?=gettext("Updated");?></th>
+ <th class="widgetsubheader" axis="string" align="center"><?php echo $pfb['down']; ?><?php echo $pfb['up']; ?></th>
</tr>
</thead>
<tbody id="pfbNG-entries">
-<?php
-// Print Main Table Body
-$pfb_table = pfBlockerNG_get_counts();
-$counter=0;
-if (is_array($pfb_table)) {
- foreach ($pfb_table as $alias => $values) {
- $evenRowClass = $counter % 2 ? " listMReven" : " listMRodd";
- if (!isset(${$alias})) { ${$alias} = "-";}
- echo(" <tr class='" . $evenRowClass . "'>
- <td class='listMRr ellipsis'>{$alias}</td>
- <td class='listMRr' align='center'>{$values['count']}</td>
- <td class='listMRr' align='center'>{${$alias}}</td>
- <td class='listMRr' align='center'>{$values['up']}</td>
- <td class='listMRr' align='center'>{$values['img']}</td>
- </tr>");
- $counter++;
- }
-}
-?>
+<!-- Print main table body, subsequent refresh by javascript function -->
+<?php pfBlockerNG_get_table(); ?>
+
</tbody>
</table>
<script type="text/javascript">
//<![CDATA[
- var pfBlockerNGupdateDelay = 10000; // update every 10000 ms
+<!-- update every 10000 ms -->
+ var pfBlockerNGupdateDelay = 10000;
+
+<!-- needed to display the widget settings menu -->
+ selectIntLink = "pfblockerng-configure";
+ textlink = document.getElementById(selectIntLink);
+ textlink.style.display = "inline";
//]]>
</script> \ No newline at end of file
diff --git a/config/pfblockerng/pfblockerng.xml b/config/pfblockerng/pfblockerng.xml
index 67deab8d..218b22e1 100644
--- a/config/pfblockerng/pfblockerng.xml
+++ b/config/pfblockerng/pfblockerng.xml
@@ -49,9 +49,10 @@
<requirements>Describe your package requirements here</requirements>
<faq>Currently there are no FAQ items provided.</faq>
<name>pfblockerng</name>
- <version>1.08</version>
+ <version>1.09</version>
<title>pfBlockerNG: General Settings</title>
<include_file>/usr/local/pkg/pfblockerng/pfblockerng.inc</include_file>
+ <addedit_string>pfBlockerNG: Save General Settings</addedit_string>
<menu>
<name>pfBlockerNG</name>
<configfile>pfblockerng.xml</configfile>
@@ -219,45 +220,83 @@
<field>
<fielddescr>LINKS</fielddescr>
<fieldname></fieldname>
- <description><![CDATA[<a href="/firewall_aliases.php">Firewall Alias</a> &nbsp;&nbsp;&nbsp; <a href="/firewall_rules.php">Firewall Rules</a> &nbsp;&nbsp;&nbsp; <a href="diag_logs_filter.php">Firewall Logs</a>]]></description>
+ <description><![CDATA[<a href="/firewall_aliases.php">Firewall Alias</a> &nbsp;&nbsp;&nbsp;
+ <a href="/firewall_rules.php">Firewall Rules</a> &nbsp;&nbsp;&nbsp; <a href="diag_logs_filter.php">Firewall Logs</a>]]>
+ </description>
<type>info</type>
</field>
<field>
- <fielddescr><![CDATA[<strong>Enable pfBlockerNG</strong>]]></fielddescr>
+ <fielddescr>Enable pfBlockerNG</fielddescr>
<fieldname>enable_cb</fieldname>
<type>checkbox</type>
- <description><![CDATA[Note - with "Keep settings" enabled, pfBlockerNG will maintain run state on Installation/Upgrade<br />
- If "Keep Settings" is not "enabled" on pkg Install/De-Install, all Settings will be Wiped!]]></description>
+ <description><![CDATA[<div style="padding-right: 56px;">Enable/Disable</div>]]></description>
+ <usecolspan2/>
+ <combinefields>begin</combinefields>
</field>
<field>
- <fielddescr><![CDATA[<strong>Keep Settings</strong>/Lists After Disable/Re-Install/De-Install]]></fielddescr>
<fieldname>pfb_keep</fieldname>
<type>checkbox</type>
- <description>Keep Settings and Lists intact when pfBlockerNG is Disabled or After pfBlockerNG Re-Install/De-Install</description>
+ <description><![CDATA[Keep Settings: <br /><font color='red'>Note:</font> - with 'Keep settings' enabled, pfBlockerNG will maintain run state
+ on Installation/Upgrade<br />If 'Keep Settings' is not 'enabled' on pkg Install/De-Install, all Settings will be Wiped!<br /><br />
+ <font color='red'>Note: </font>To clear all downloaded lists, uncheck these two checkboxes and 'Save'.
+ re-check both boxes and run a 'Force Update']]>
+ </description>
<default_value>on</default_value>
+ <dontdisplayname/>
+ <usecolspan2/>
+ <combinefields>end</combinefields>
+ </field>
+ <field>
+ <fielddescr>CRON Settings</fielddescr>
+ <combinefields>begin</combinefields>
+ </field>
+ <field>
+ <fielddescr>Hour Interval</fielddescr>
+ <fieldname>pfb_interval</fieldname>
+ <description><![CDATA[Default: <strong>Every hour</strong><br />
+ Select the cron Hour Interval. The interval selected will be used with the Start min/hour below.<br />
+ <strong>Ensure that all List 'Update Settings' are within the selected Interval/Start Hour Settings.</strong>]]>
+ </description>
+ <type>select</type>
+ <options>
+ <option><name>Every hour</name><value>1</value></option>
+ <option><name>Every 2 hours</name><value>2</value></option>
+ <option><name>Every 3 hours</name><value>3</value></option>
+ <option><name>Every 4 hours</name><value>4</value></option>
+ <option><name>Every 6 hours</name><value>6</value></option>
+ <option><name>Every 8 hours</name><value>8</value></option>
+ <option><name>Every 12 hours</name><value>12</value></option>
+ <option><name>Once a day</name><value>24</value></option>
+ </options>
+ <default_value>1</default_value>
+ <combinefields/>
</field>
<field>
- <fielddescr>CRON MIN Start Time</fielddescr>
+ <fielddescr>Start Min</fielddescr>
<fieldname>pfb_min</fieldname>
- <description><![CDATA[Default: <strong> : 00</strong><br />
- Select Cron Update Minute ]]></description>
+ <description><![CDATA[Default: <strong>:00</strong><br />
+ Select Cron Update Minute]]>
+ </description>
<type>select</type>
<options>
- <option><name> : 00</name><value>0</value></option>
- <option><name> : 15</name><value>15</value></option>
- <option><name> : 30</name><value>30</value></option>
- <option><name> : 45</name><value>45</value></option>
+ <option><name>: 00</name><value>0</value></option>
+ <option><name>: 15</name><value>15</value></option>
+ <option><name>: 30</name><value>30</value></option>
+ <option><name>: 45</name><value>45</value></option>
</options>
+ <default_value>0</default_value>
+ <combinefields/>
</field>
<field>
- <fielddescr>CRON Base Hour Start Time</fielddescr>
+ <fielddescr>Start Hour</fielddescr>
<fieldname>pfb_hour</fieldname>
- <description><![CDATA[Default: <strong> 1 </strong><br />
- Select Cron Base Start Hour ]]></description>
+ <description><![CDATA[Default: <strong>0</strong><br />
+ Select the Start Hour]]>
+ </description>
<type>select</type>
<options>
- <option><name>1</name><value>0</value></option>
- <option><name>0</name><value>1</value></option>
+ <option><name>0</name><value>0</value></option>
+ <option><name>1</name><value>1</value></option>
<option><name>2</name><value>2</value></option>
<option><name>3</name><value>3</value></option>
<option><name>4</name><value>4</value></option>
@@ -281,17 +320,17 @@
<option><name>22</name><value>22</value></option>
<option><name>23</name><value>23</value></option>
</options>
+ <default_value>0</default_value>
+ <combinefields/>
</field>
<field>
- <fielddescr>'Daily/Weekly' Start Hour</fielddescr>
+ <fielddescr><![CDATA['Daily/Weekly'<br />Start Hour]]></fielddescr>
<fieldname>pfb_dailystart</fieldname>
- <description><![CDATA[Default: <strong> 1 </strong><br />
- Select 'Daily' Schedule Start Hour <br />
- This is used for the 'Daily/Weekly' Scheduler Only.]]></description>
+ <description><![CDATA[Default: <strong>0</strong><br />This is used for the 'Daily/Weekly' Scheduler Only.]]></description>
<type>select</type>
<options>
- <option><name>1</name><value>0</value></option>
- <option><name>0</name><value>1</value></option>
+ <option><name>0</name><value>0</value></option>
+ <option><name>1</name><value>1</value></option>
<option><name>2</name><value>2</value></option>
<option><name>3</name><value>3</value></option>
<option><name>4</name><value>4</value></option>
@@ -315,6 +354,8 @@
<option><name>22</name><value>22</value></option>
<option><name>23</name><value>23</value></option>
</options>
+ <default_value>0</default_value>
+ <combinefields>end</combinefields>
</field>
<field>
<fielddescr>Enable De-Duplication</fielddescr>
@@ -327,17 +368,20 @@
<fieldname>suppression</fieldname>
<type>checkbox</type>
<description><![CDATA[This will prevent Selected IPs from being Blocked. Only for IPv4 Lists (/32 and /24).<br />
- Country Blocking Lists cannot be Suppressed.<br />
- This will also remove any RFC1918 addresses from all Lists.<br /><br />
+ Country Blocking Lists cannot be Suppressed.<br />This will also remove any RFC1918 addresses from all Lists.<br /><br />
Alerts can be Suppressed using the '+' icon in the Alerts Tab and IPs added to the 'pfBlockerNGSuppress' Alias<br />
- A Blocked IP in a CIDR other than /24 will need to be Suppressed by an 'Permit Outbound' Firewall Rule]]>
+ A Blocked IP in a CIDR other than /32 or /24 will need a 'Whitelist Alias' w/ List Action: 'Permit Outbound' Firewall Rule
+ <br />Do not use the pfBlockerNGSuppress Alias in a Firewall Rule.
+ This alias is used during the cron download process only.]]>
</description>
</field>
<field>
<fielddescr>Global Enable Logging</fielddescr>
<fieldname>enable_log</fieldname>
<type>checkbox</type>
- <description>Enable Global Logging to Status: System Logs: FIREWALL ( Log ). This overrides any Log Settings in the Alias Tabs.</description>
+ <description><![CDATA[Firewall Rule logging - Enable Global Logging to [ Status: System Logs: FIREWALL Log ]<br />
+ This overrides any Log Settings in the Alias Tabs.]]>
+ </description>
</field>
<field>
<fielddescr>Disable MaxMind Country Database CRON Updates</fielddescr>
@@ -350,8 +394,9 @@
<field>
<fielddescr>Logfile Size</fielddescr>
<fieldname>log_maxlines</fieldname>
- <description><![CDATA[Default:<strong>20000</strong><br />
- Select number of Lines to Keep in Log File]]></description>
+ <description><![CDATA[Default: <strong>20000</strong><br />
+ Select number of Lines to keep in the pfblockerng.log and dnsbl.log files]]>
+ </description>
<type>select</type>
<options>
<option><name>20000</name><value>20000</value></option>
@@ -361,72 +406,89 @@
<option><name>100000</name><value>100000</value></option>
<option><name>No Limit</name><value>nolimit</value></option>
</options>
+ <default_value>20000</default_value>
</field>
<field>
- <name><![CDATA[Interface/Rules Configuration]]> </name>
+ <name><![CDATA[Interface/Rules Configuration]]></name>
<type>listtopic</type>
</field>
<field>
- <fielddescr>Inbound Interface(s)</fielddescr>
+ <fielddescr>Inbound Firewall Rules</fielddescr>
+ <combinefields>begin</combinefields>
+ </field>
+ <field>
<fieldname>inbound_interface</fieldname>
+ <fielddescr>Interface(s)</fielddescr>
<description>Select the Inbound interface(s) you want to Apply Auto Rules to</description>
<type>interfaces_selection</type>
<hideinterfaceregex>loopback</hideinterfaceregex>
<required/>
<multiple/>
+ <combinefields/>
</field>
<field>
- <fielddescr> - Rule Action</fielddescr>
+ <fielddescr>Rule Action</fielddescr>
<fieldname>inbound_deny_action</fieldname>
- <description><![CDATA[Default:<strong>Block</strong><br />
- Select 'Rule Action' for Inbound Rules]]></description>
+ <description><![CDATA[Default: <strong>Block</strong><br />Select 'Rule Action' for Inbound Rules]]></description>
<type>select</type>
<options>
<option><name>Block</name><value>block</value></option>
<option><name>Reject</name><value>reject</value></option>
</options>
+ <default_value>block</default_value>
+ <required/>
+ <combinefields>end</combinefields>
</field>
<field>
- <fielddescr>Outbound Interface(s)</fielddescr>
+ <fielddescr>Outbound Firewall Rules</fielddescr>
+ <combinefields>begin</combinefields>
+ </field>
+ <field>
+ <fielddescr>Interface(s)</fielddescr>
<fieldname>outbound_interface</fieldname>
<description>Select the Outbound interface(s) you want to Apply Auto Rules to</description>
<type>interfaces_selection</type>
<hideinterfaceregex>loopback</hideinterfaceregex>
<required/>
<multiple/>
+ <combinefields/>
</field>
<field>
- <fielddescr> - Rule Action</fielddescr>
+ <fielddescr>Rule Action</fielddescr>
<fieldname>outbound_deny_action</fieldname>
- <description><![CDATA[Default:<strong>Reject</strong><br />
- Select 'Rule Action' for Outbound rules]]></description>
+ <description><![CDATA[Default: <strong>Reject</strong><br />Select 'Rule Action' for Outbound rules]]></description>
<type>select</type>
<options>
<option><name>Reject</name><value>reject</value></option>
<option><name>Block</name><value>block</value></option>
</options>
+ <default_value>reject</default_value>
+ <required/>
+ <combinefields>end</combinefields>
</field>
<field>
- <fielddescr><![CDATA[<strong>OpenVPN Interface</strong>]]></fielddescr>
+ <fielddescr>OpenVPN Interface</fielddescr>
<fieldname>openvpn_action</fieldname>
<type>checkbox</type>
<description>Select to add Auto-Rules for OpenVPN. These will be added to 'Floating Rules' or OpenVPN Rules Tab.</description>
</field>
<field>
- <fielddescr><![CDATA[<strong>Floating Rules</strong>]]></fielddescr>
+ <fielddescr>Floating Rules</fielddescr>
<fieldname>enable_float</fieldname>
<type>checkbox</type>
- <description><![CDATA[<strong>Enabled:&nbsp;</strong> Auto-Rules will be generated in the 'Floating Rules' Tab<br /><br />
+ <description><![CDATA[<strong>Enabled:</strong> Auto-Rules will be generated in the 'Floating Rules' Tab<br /><br />
<strong>Disabled:</strong> Auto-Rules will be generated in the Selected Inbound/Outbound Interfaces<br /><br />
- <strong>Rules will be ordered by the selection below.</strong>]]></description>
+ <strong>Rules will be ordered by the selection below.</strong>]]>
+ </description>
</field>
<field>
- <fielddescr><![CDATA[<strong>Rule Order</strong>]]></fielddescr>
+ <fielddescr>Rule Order</fielddescr>
<fieldname>pass_order</fieldname>
- <description><![CDATA[<br />Default Order: <strong> | pfB_Block/Reject | All other Rules | (original format)<br /></strong><br />
+ <description><![CDATA[<br />Default Order:<strong> | pfB_Block/Reject | All other Rules | (original format)<br /></strong><br />
Select The '<strong>Order</strong>' of the Rules<br />
&nbsp;&nbsp;Selecting 'original format', sets pfBlockerNG rules at the top of the Firewall TAB.<br />
- &nbsp;&nbsp;Selecting any other 'Order' will re-order <strong>all the Rules to the format indicated!</strong>]]></description>
+ &nbsp;&nbsp;Selecting any other 'Order' will re-order <strong>all the Rules to the format indicated!</strong>]]>
+ </description>
<type>select</type>
<options>
<option><name>| pfB_Block/Reject | All other Rules | (original format)</name><value>order_0</value></option>
@@ -434,48 +496,48 @@
<option><name>| pfB_Pass/Match | pfSense Pass/Match | pfB_Block/Reject |</name><value>order_2</value></option>
<option><name>| pfB_Pass/Match | pfB_Block/Reject | pfSense Pass/Match |</name><value>order_3</value></option>
</options>
+ <default_value>order_0</default_value>
</field>
<field>
- <fielddescr><![CDATA[<strong>Auto Rule Suffix</strong>]]></fielddescr>
+ <fielddescr>Auto Rule Suffix</fielddescr>
<fieldname>autorule_suffix</fieldname>
- <description><![CDATA[Default:<strong>auto rule</strong><br />
- Select 'Auto Rule' Description Suffix for Auto Defined rules. pfBlockerNG Must be Disabled to Modify Suffix]]></description>
+ <description><![CDATA[Default: <strong>auto rule</strong><br />
+ Select 'Auto Rule' Description Suffix for Auto Defined rules. pfBlockerNG Must be Disabled to Modify Suffix]]>
+ </description>
<type>select</type>
<options>
<option><name>auto rule</name><value>autorule</value></option>
<option><name>Null (no suffix)</name><value>standard</value></option>
<option><name>AR</name><value>ar</value></option>
</options>
+ <default_value>autorule</default_value>
</field>
<field>
- <name><![CDATA[Acknowledgements]]> </name>
+ <name><![CDATA[Acknowledgements]]></name>
<type>listtopic</type>
</field>
<field>
<fielddescr>Credits</fielddescr>
<fieldname>credits</fieldname>
<type>info</type>
- <description><![CDATA[<strong>
- pfBlockerNG</strong> Created in 2015 by <a target=_new href='https://forum.pfsense.org/index.php?action=profile;u=238481'>BBcan177.</a>
- <br /><br />Based upon pfBlocker by Marcello Coutinho and Tom Schaefer.<br />
+ <description><![CDATA[<strong>pfBlockerNG </strong>
+ Created in 2015 by <a target=_new href='https://forum.pfsense.org/index.php?action=profile;u=238481'>BBcan177.</a><br /><br />
+ Based upon pfBlocker by Marcello Coutinho and Tom Schaefer.<br />
Country Database GeoLite distributed under the Creative Commons Attribution-ShareAlike 3.0 Unported License by:
MaxMind Inc. @ <a target=_new href='http://www.maxmind.com'>MaxMind.com</a>.
- The Database is Automatically Updated the First Tuesday of Each Month]]></description>
- </field>
- <field>
- <fielddescr>pfBlocker Validation Check</fielddescr>
- <fieldname>pfblocker_cb</fieldname>
- <type>checkbox</type>
- <description>Disable pfBlockerNG if the pfBlocker package is Enabled. Click to Disable this validation check.</description>
+ The Database is Automatically Updated the First Tuesday of Each Month]]>
+ </description>
</field>
<field>
- <fielddescr>Gold Membership</fielddescr>
+ <fielddescr>Support</fielddescr>
<type>info</type>
- <description><![CDATA[If you like this package, please Support pfSense by subscribing to a <a target=_new href='https://portal.pfsense.org/gold-subscription.php'>Gold Membership</a><br /> or support the developer @ BBCan177@gmail.com]]></description>
+ <description><![CDATA[This package has been developed by BBcan177.<br />
+ If you like this package, please support the developer @ BBCan177@gmail.com.]]>
+ </description>
</field>
<field>
- <name><![CDATA[<ul>Click to SAVE Settings and/or Rule Edits. &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Changes are Applied via CRON or
- 'Force Update'</ul>]]></name>
+ <name><![CDATA[<center>Click to SAVE Settings and/or Rule Edits. &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Changes are Applied via CRON or
+ 'Force Update'</center>]]></name>
<type>listtopic</type>
</field>
</fields>
@@ -493,4 +555,4 @@
$pfb['save'] = TRUE;
sync_package_pfblockerng();
</custom_php_resync_config_command>
-</packagegui>
+</packagegui> \ No newline at end of file
diff --git a/config/pfblockerng/pfblockerng_alerts.php b/config/pfblockerng/pfblockerng_alerts.php
index 0b251295..bfb15c07 100644
--- a/config/pfblockerng/pfblockerng_alerts.php
+++ b/config/pfblockerng/pfblockerng_alerts.php
@@ -57,7 +57,7 @@ if (isset($_REQUEST['getpfhostname'])) {
require_once("util.inc");
require_once("guiconfig.inc");
require_once("/usr/local/pkg/pfblockerng/pfblockerng.inc");
-global $rule_list;
+global $rule_list, $pfb_localsub;
pfb_global();
$pfs_version = substr(trim(file_get_contents("/etc/version")),0,3);
@@ -69,26 +69,25 @@ if ($pfs_version == "2.2") {
}
// Application Paths
-$pathgeoip = $prefix . "/bin/geoiplookup";
-$pathgeoip6 = $prefix . "/bin/geoiplookup6";
+$pathgeoip = "{$prefix}/bin/geoiplookup";
+$pathgeoip6 = "{$prefix}/bin/geoiplookup6";
// Define File Locations
$filter_logfile = "{$g['varlog_path']}/filter.log";
-$pathgeoipdat = $prefix . "/share/GeoIP/GeoIP.dat";
-$pathgeoipdat6 = $prefix . "/share/GeoIP/GeoIPv6.dat";
-
-// Define Alerts Log filter Rollup window variable. (Alert Filtering Code adapted from B.Meeks - Snort Package)
-$pfb['filterlogentries'] = FALSE;
+$pathgeoipdat = "{$prefix}/share/GeoIP/GeoIP.dat";
+$pathgeoipdat6 = "{$prefix}/share/GeoIP/GeoIPv6.dat";
// Emerging Threats IQRisk Header Name Reference
$pfb['et_header'] = TRUE;
$et_header = $config['installedpackages']['pfblockerngreputation']['config'][0]['et_header'];
-if (empty($et_header))
+if (empty($et_header)) {
$pfb['et_header'] = FALSE;
+}
// Collect pfBlockerNGSuppress Alias and Create pfbsuppression.txt
-if ($pfb['supp'] == "on")
+if ($pfb['supp'] == "on") {
pfb_create_suppression_file();
+}
// Collect Number of Suppressed Hosts
if (file_exists("{$pfb['supptxt']}")) {
@@ -97,62 +96,88 @@ if (file_exists("{$pfb['supptxt']}")) {
$pfbsupp_cnt = 0;
}
-// Collect pfBlockerNG Rule Names and Number
-$rule_list = array();
-$results = array();
-$data = exec ("/sbin/pfctl -vv -sr | grep 'pfB_'", $results);
-
-if (!isset($config['installedpackages']['pfblockerngglobal']['pfbdenycnt']))
- $config['installedpackages']['pfblockerngglobal']['pfbdenycnt'] = '25';
-if (!isset($config['installedpackages']['pfblockerngglobal']['pfbpermitcnt']))
- $config['installedpackages']['pfblockerngglobal']['pfbpermitcnt'] = '5';
-if (!isset($config['installedpackages']['pfblockerngglobal']['pfbmatchcnt']))
- $config['installedpackages']['pfblockerngglobal']['pfbmatchcnt'] = '5';
-if (empty($config['installedpackages']['pfblockerngglobal']['alertrefresh']))
- $config['installedpackages']['pfblockerngglobal']['alertrefresh'] = 'off';
-if (empty($config['installedpackages']['pfblockerngglobal']['hostlookup']))
- $config['installedpackages']['pfblockerngglobal']['hostlookup'] = 'off';
+$pfb['global'] = &$config['installedpackages']['pfblockerngglobal'];
-if (isset($_POST['save'])) {
- if (!is_array($config['installedpackages']['pfblockerngglobal']))
- $config['installedpackages']['pfblockerngglobal'] = array();
- $config['installedpackages']['pfblockerngglobal']['alertrefresh'] = $_POST['alertrefresh'] ? 'on' : 'off';
- $config['installedpackages']['pfblockerngglobal']['hostlookup'] = $_POST['hostlookup'] ? 'on' : 'off';
- if (is_numeric($_POST['pfbdenycnt']))
- $config['installedpackages']['pfblockerngglobal']['pfbdenycnt'] = $_POST['pfbdenycnt'];
- if (is_numeric($_POST['pfbpermitcnt']))
- $config['installedpackages']['pfblockerngglobal']['pfbpermitcnt'] = $_POST['pfbpermitcnt'];
- if (is_numeric($_POST['pfbmatchcnt']))
- $config['installedpackages']['pfblockerngglobal']['pfbmatchcnt'] = $_POST['pfbmatchcnt'];
+if (!isset($pfb['global']['pfbdenycnt'])) {
+ $pfb['global']['pfbdenycnt'] = '25';
+}
+if (!isset($pfb['global']['pfbpermitcnt'])) {
+ $pfb['global']['pfbpermitcnt'] = '5';
+}
+if (!isset($pfb['global']['pfbmatchcnt'])) {
+ $pfb['global']['pfbmatchcnt'] = '5';
+}
+if (!isset($pfb['global']['pfbdnscnt'])) {
+ $pfb['global']['pfbdnscnt'] = '5';
+}
+if (empty($pfb['global']['alertrefresh'])) {
+ $pfb['global']['alertrefresh'] = 'off';
+}
+if (empty($pfb['global']['hostlookup'])) {
+ $pfb['global']['hostlookup'] = 'off';
+}
+if (isset($_POST['save'])) {
+ if (!is_array($pfb['global'])) {
+ $pfb['global'] = array();
+ }
+ $pfb['global']['alertrefresh'] = $_POST['alertrefresh'] ? 'on' : 'off';
+ $pfb['global']['hostlookup'] = $_POST['hostlookup'] ? 'on' : 'off';
+ if (is_numeric($_POST['pfbdenycnt'])) {
+ $pfb['global']['pfbdenycnt'] = $_POST['pfbdenycnt'];
+ }
+ if (is_numeric($_POST['pfbpermitcnt'])) {
+ $pfb['global']['pfbpermitcnt'] = $_POST['pfbpermitcnt'];
+ }
+ if (is_numeric($_POST['pfbmatchcnt'])) {
+ $pfb['global']['pfbmatchcnt'] = $_POST['pfbmatchcnt'];
+ }
+ if (is_numeric($_POST['pfbdnscnt'])) {
+ $pfb['global']['pfbdnscnt'] = $_POST['pfbdnscnt'];
+ }
write_config("pfBlockerNG pkg: updated ALERTS tab settings.");
header("Location: " . $_SERVER['PHP_SELF']);
exit;
}
-if (is_array($config['installedpackages']['pfblockerngglobal'])) {
- $alertrefresh = $config['installedpackages']['pfblockerngglobal']['alertrefresh'];
- $hostlookup = $config['installedpackages']['pfblockerngglobal']['hostlookup'];
- $pfbdenycnt = $config['installedpackages']['pfblockerngglobal']['pfbdenycnt'];
- $pfbpermitcnt = $config['installedpackages']['pfblockerngglobal']['pfbpermitcnt'];
- $pfbmatchcnt = $config['installedpackages']['pfblockerngglobal']['pfbmatchcnt'];
+if (is_array($pfb['global'])) {
+ $alertrefresh = $pfb['global']['alertrefresh'];
+ $hostlookup = $pfb['global']['hostlookup'];
+ $pfbdenycnt = $pfb['global']['pfbdenycnt'];
+ $pfbpermitcnt = $pfb['global']['pfbpermitcnt'];
+ $pfbmatchcnt = $pfb['global']['pfbmatchcnt'];
+ $pfbdnscnt = $pfb['global']['pfbdnscnt'];
+}
+
+
+// Define Alerts Log filter Rollup window variable and collect Widget Alert Pivot details
+if (isset($_REQUEST['rule'])) {
+ $filterfieldsarray[0] = $_REQUEST['rule'];
+ $pfbdenycnt = $pfbpermitcnt = $pfbmatchcnt = $_REQUEST['entries'];
+ $pfb['filterlogentries'] = TRUE;
+}
+else {
+ $pfb['filterlogentries'] = FALSE;
}
function pfb_match_filter_field($flent, $fields) {
foreach ($fields as $key => $field) {
- if ($field == null)
+ if ($field == null) {
continue;
+ }
if ((strpos($field, '!') === 0)) {
$field = substr($field, 1);
$field_regex = str_replace('/', '\/', str_replace('\/', '/', $field));
- if (@preg_match("/{$field_regex}/i", $flent[$key]))
+ if (@preg_match("/{$field_regex}/i", $flent[$key])) {
return false;
+ }
}
else {
$field_regex = str_replace('/', '\/', str_replace('\/', '/', $field));
- if (!@preg_match("/{$field_regex}/i", $flent[$key]))
+ if (!@preg_match("/{$field_regex}/i", $flent[$key])) {
return false;
+ }
}
}
return true;
@@ -185,23 +210,22 @@ if ($_POST['filterlogentries_clear']) {
}
-// Collect pfBlockerNG Firewall Rules
+// Collect pfBlockerNG Rule Names and Number
+$rule_list = array();
+exec("/sbin/pfctl -vv -sr | grep 'pfB_'", $results);
if (!empty($results)) {
foreach ($results as $result) {
- # Find Rule Descriptions
+ // Find Rule Descriptions
$descr = "";
- if (preg_match("/USER_RULE: (\w+)/",$result,$desc))
+ if (preg_match("/USER_RULE: (\w+)/",$result,$desc)) {
$descr = $desc[1];
-
- if ($pfb['pfsenseversion'] >= '2.2') {
- preg_match ("/@(\d+)\(/",$result, $rule);
- } else {
- preg_match ("/@(\d+)\s/",$result, $rule);
}
+ preg_match ("/@(\d+)\(/",$result, $rule);
+
$id = $rule[1];
- # Create array of Rule Description and pfctl Rule Number
+ // Create array of Rule Description and pfctl Rule Number
$rule_list['id'][] = $id;
$rule_list[$id]['name'] = $descr;
}
@@ -291,8 +315,9 @@ if (isset($_POST['addsuppress'])) {
}
// Call Function to Create Suppression Alias if not found.
- if (!$pfb['found'])
+ if (!$pfb['found']) {
pfb_create_suppression_alias();
+ }
// Save New Suppress IP to pfBlockerNGSuppress Alias
if (in_array($ip . '/' . $cidr, $pfb_sup_list)) {
@@ -332,12 +357,13 @@ if (isset($_POST['addsuppress'])) {
if ($pfb['found'] || $pfb['update']) {
// Save all Changes to pfsense config file
- write_config();
+ write_config("pfBlockerNG: Added {$ip} to IP Suppress List");
}
}
}
}
+
// Host Resolve Function lookup
function getpfbhostname($type = 'src', $hostip, $countme = 0) {
$hostnames['src'] = '';
@@ -347,10 +373,18 @@ function getpfbhostname($type = 'src', $hostip, $countme = 0) {
}
-// Determine if Alert Host 'Dest' is within the Local Lan IP Range.
-function check_lan_dest($lan_ip,$lan_mask,$dest_ip,$dest_mask="32") {
- $result = check_subnets_overlap($lan_ip, $lan_mask, $dest_ip, $dest_mask);
- return $result;
+// For subnet addresses - Determine if Alert Host 'Dest' is within a Local IP Range.
+function ip_in_pfb_localsub($subnet) {
+ global $pfb_localsub;
+
+ if (!empty($pfb_localsub)) {
+ foreach ($pfb_localsub as $line) {
+ if (ip_in_subnet($subnet, $line)) {
+ return true;
+ }
+ }
+ }
+ return false;
}
@@ -373,16 +407,18 @@ function conv_log_filter_lite($logfile, $nentries, $tail, $pfbdenycnt, $pfbpermi
$pfbalert = array();
$log_split = "";
- if (!preg_match("/(.*)\s(.*)\sfilterlog:\s(.*)$/", $logent, $log_split))
+ if (!preg_match("/(.*)\s(.*)\sfilterlog:\s(.*)$/", $logent, $log_split)) {
continue;
+ }
list($all, $pfbalert[99], $host, $rule) = $log_split;
$rule_data = explode(",", $rule);
$pfbalert[0] = $rule_data[0]; // Rulenum
// Skip Alert if Rule is not a pfBNG Alert
- if (!in_array($pfbalert[0], $rule_list['id']))
+ if (!in_array($pfbalert[0], $rule_list['id'])) {
continue;
+ }
$pfbalert[1] = $rule_data[4]; // Realint
$pfbalert[3] = $rule_data[6]; // Act
@@ -415,8 +451,9 @@ function conv_log_filter_lite($logfile, $nentries, $tail, $pfbdenycnt, $pfbpermi
}
// Skip Repeated Alerts
- if (($pfbalert[3] . $pfbalert[8] . $pfbalert[10]) == $previous_dstip || ($pfbalert[3] . $pfbalert[7] . $pfbalert[9]) == $previous_srcip)
+ if (($pfbalert[3] . $pfbalert[8] . $pfbalert[10]) == $previous_dstip || ($pfbalert[3] . $pfbalert[7] . $pfbalert[9]) == $previous_srcip) {
continue;
+ }
$pfbalert[2] = convert_real_interface_to_friendly_descr($rule_data[4]); // Friendly Interface Name
$pfbalert[6] = str_replace("TCP", "TCP-", strtoupper($pfbalert[6]), $pfbalert[6]) . $pfbalert[11]; // Protocol Flags
@@ -474,12 +511,14 @@ include_once("head.inc");
include_once("fbegin.inc");
/* refresh every 60 secs */
-if ($alertrefresh == 'on')
+if ($alertrefresh == 'on') {
echo "<meta http-equiv=\"refresh\" content=\"60;url={$_SERVER['PHP_SELF']}\" />\n";
+}
if ($savemsg) {
print_info_box($savemsg);
}
+$skipcount = 0; $counter = 0;
?>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
@@ -518,17 +557,22 @@ if ($savemsg) {
<tr>
<td width="10%" class="vncell"><?php echo gettext('Alert Settings'); ?></td>
<td width="90%" class="vtable">
- <input name="pfbdenycnt" type="text" class="formfld unknown" id="pdbdenycnt" size="1" title="Enter the number of 'Deny' Alerts to Show" value="<?=htmlspecialchars($pfbdenycnt);?>"/>
+ <input name="pfbdenycnt" type="text" class="formfld unknown" id="pdbdenycnt" size="1"
+ title="Enter the number of 'Deny' Alerts to Show" value="<?=htmlspecialchars($pfbdenycnt);?>"/>
<?php printf(gettext('%sDeny%s.&nbsp;&nbsp;') , '<strong>', '</strong>'); ?>
- <input name="pfbpermitcnt" type="text" class="formfld unknown" id="pdbpermitcnt" size="1" title="Enter the number of 'Permit' Alerts to Show" value="<?=htmlspecialchars($pfbpermitcnt);?>"/>
+ <input name="pfbpermitcnt" type="text" class="formfld unknown" id="pdbpermitcnt" size="1"
+ title="Enter the number of 'Permit' Alerts to Show" value="<?=htmlspecialchars($pfbpermitcnt);?>"/>
<?php printf(gettext('%sPermit%s.&nbsp;&nbsp;'), '<strong>', '</strong>'); ?>
- <input name="pfbmatchcnt" type="text" class="formfld unknown" id="pdbmatchcnt" size="1" title="Enter the number of 'Match' Alerts to Show" value="<?=htmlspecialchars($pfbmatchcnt); ?>"/>
+ <input name="pfbmatchcnt" type="text" class="formfld unknown" id="pdbmatchcnt" size="1"
+ title="Enter the number of 'Match' Alerts to Show" value="<?=htmlspecialchars($pfbmatchcnt); ?>"/>
<?php printf(gettext('%sMatch%s.'), '<strong>', '</strong>'); ?>
- <?php echo gettext('&nbsp;&nbsp;&nbsp;&nbsp;Click to Auto-Refresh');?>&nbsp;&nbsp;<input name="alertrefresh" type="checkbox" value="on" title="Click to enable Auto-Refresh of this Tab once per minute"
+ <?php echo gettext('&nbsp;&nbsp;&nbsp;&nbsp;Click to Auto-Refresh');?>&nbsp;&nbsp;<input name="alertrefresh" type="checkbox" value="on"
+ title="Click to enable Auto-Refresh of this Tab once per minute"
<?php if ($config['installedpackages']['pfblockerngglobal']['alertrefresh']=="on") echo "checked"; ?>/>&nbsp;
- <?php echo gettext('&nbsp;Click to Auto-Resolve');?>&nbsp;&nbsp;<input name="hostlookup" type="checkbox" value="on" title="Click to enable Auto-Resolve of Hostnames. Country Blocks/Permit/Match Lists will not auto-resolve"
+ <?php echo gettext('&nbsp;Click to Auto-Resolve');?>&nbsp;&nbsp;<input name="hostlookup" type="checkbox" value="on"
+ title="Click to enable Auto-Resolve of Hostnames. Country Blocks/Permit/Match Lists will not auto-resolve"
<?php if ($config['installedpackages']['pfblockerngglobal']['hostlookup']=="on") echo "checked"; ?>/>&nbsp;&nbsp;&nbsp;
<input name="save" type="submit" class="formbtns" value="Save" title="<?=gettext('Save settings');?>"/><br />
@@ -542,7 +586,8 @@ if ($savemsg) {
<tr id="filter_enable_row" style="display:<?php if (!$pfb['filterlogentries']) {echo "table-row;";} else {echo "none;";} ?>">
<td width="10%" class="vncell"><?php echo gettext('Filter Options'); ?></td>
<td width="90%" class="vtable">
- <input name="show_filter" id="show_filter" type="button" class="formbtns" value="<?=gettext("Show Filter");?>" onclick="enable_showFilter();" />
+ <input name="show_filter" id="show_filter" type="button" class="formbtns" value="<?=gettext("Show Filter");?>"
+ onclick="enable_showFilter();" />
&nbsp;&nbsp;<?=gettext("Click to display advanced filtering options dialog");?>
</td>
</tr>
@@ -552,48 +597,67 @@ if ($savemsg) {
<tr>
<td valign="top">
<div align="center"><?=gettext("Date");?></div>
- <div align="center"><input id="filterlogentries_date" name="filterlogentries_date" class="formfld search" type="text" size="15" value="<?= $filterfieldsarray[99] ?>" /></div>
+ <div align="center"><input id="filterlogentries_date" name="filterlogentries_date" class="formfld search"
+ type="text" size="15" value="<?= $filterfieldsarray[99] ?>" /></div>
</td>
<td valign="top">
- <div align="center"><?=gettext("Interface");?></div>
- <div align="center"><input id="filterlogentries_int" name="filterlogentries_int" class="formfld search" type="text" size="15" value="<?= $filterfieldsarray[2] ?>" /></div>
+ <div align="center"><?=gettext("Source IP Address");?></div>
+ <div align="center"><input id="filterlogentries_srcip" name="filterlogentries_srcip" class="formfld search"
+ type="text" size="28" value="<?= $filterfieldsarray[7] ?>" /></div>
</td>
<td valign="top">
- <div align="center"><?=gettext("Rule Number Only");?></div>
- <div align="center"><input id="filterlogentries_rule" name="filterlogentries_rule" class="formfld search" type="text" size="15" value="<?= $filterfieldsarray[0] ?>" /></div>
+ <div align="center"><?=gettext("Source Port");?></div>
+ <div align="center"><input id="filterlogentries_srcport" name="filterlogentries_srcport" class="formfld search"
+ type="text" size="5" value="<?= $filterfieldsarray[9] ?>" /></div>
</td>
<td valign="top">
- <div align="center"><?=gettext("Protocol");?></div>
- <div align="center"><input id="filterlogentries_proto" name="filterlogentries_proto" class="formfld search" type="text" size="15" value="<?= $filterfieldsarray[6] ?>" /></div>
+ <div align="center"><?=gettext("Interface");?></div>
+ <div align="center"><input id="filterlogentries_int" name="filterlogentries_int" class="formfld search"
+ type="text" size="15" value="<?= $filterfieldsarray[2] ?>" /></div>
</td>
</tr>
<tr>
<td valign="top">
- <div align="center"><?=gettext("Source IP Address");?></div>
- <div align="center"><input id="filterlogentries_srcip" name="filterlogentries_srcip" class="formfld search" type="text" size="28" value="<?= $filterfieldsarray[7] ?>" /></div>
- </td>
- <td valign="top">
- <div align="center"><?=gettext("Source Port");?></div>
- <div align="center"><input id="filterlogentries_srcport" name="filterlogentries_srcport" class="formfld search" type="text" size="5" value="<?= $filterfieldsarray[9] ?>" /></div>
+ <div align="center"><?=gettext("Rule Number Only");?></div>
+ <div align="center"><input id="filterlogentries_rule" name="filterlogentries_rule" class="formfld search"
+ type="text" size="15" value="<?= $filterfieldsarray[0] ?>" /></div>
</td>
<td valign="top">
<div align="center"><?=gettext("Destination IP Address");?></div>
- <div align="center"><input id="filterlogentries_dstip" name="filterlogentries_dstip" class="formfld search" type="text" size="28" value="<?= $filterfieldsarray[8] ?>" /></div>
+ <div align="center"><input id="filterlogentries_dstip" name="filterlogentries_dstip" class="formfld search"
+ type="text" size="28" value="<?= $filterfieldsarray[8] ?>" /></div>
</td>
<td valign="top">
<div align="center"><?=gettext("Destination Port");?></div>
- <div align="center"><input id="filterlogentries_dstport" name="filterlogentries_dstport" class="formfld search" type="text" size="5" value="<?= $filterfieldsarray[10] ?>" /></div>
+ <div align="center"><input id="filterlogentries_dstport" name="filterlogentries_dstport" class="formfld search"
+ type="text" size="5" value="<?= $filterfieldsarray[10] ?>" /></div>
+ </td>
+ <td valign="top">
+ <div align="center"><?=gettext("Protocol");?></div>
+ <div align="center"><input id="filterlogentries_proto" name="filterlogentries_proto" class="formfld search"
+ type="text" size="15" value="<?= $filterfieldsarray[6] ?>" /></div>
+ </td>
+ <td valign="top" colspan="3">
+ &nbsp;
</td>
</tr>
- <td colspan="5" style="vertical-align:bottom">
- <br /><?printf(gettext('Regex Style Matching Only! %1$s Regular Expression Help link%2$s.'), '<a target="_blank" href="http://www.php.net/manual/en/book.pcre.php">', '</a>');?>&nbsp;&nbsp; <?=gettext("Precede with exclamation (!) as first character to exclude match.) ");?>
+ <tr>
+ <td colspan="3" style="vertical-align:bottom">
+ <br /><?printf(gettext('Regex Style Matching Only! %1$s Regular Expression Help link%2$s.'), '
+ <a target="_blank" href="http://www.php.net/manual/en/book.pcre.php">', '</a>');?>&nbsp;&nbsp;
+ <?=gettext("Precede with exclamation (!) as first character to exclude match.) ");?>
<br /><?printf(gettext("Example: ( ^80$ - Match Port 80, ^80$|^8080$ - Match both port 80 & 8080 ) "));?><br />
+ </td>
</tr>
<tr>
- <td colspan="1" style="vertical-align:bottom">
- <div align="left"><input id="filterlogentries_submit" name="filterlogentries_submit" type="submit" class="formbtns" value="<?=gettext("Apply Filter");?>" title="<?=gettext("Apply filter"); ?>" />
- &nbsp;&nbsp;&nbsp;<input id="filterlogentries_clear" name="filterlogentries_clear" type="submit" class="formbtns" value="<?=gettext("Clear");?>" title="<?=gettext("Remove filter");?>" />
- &nbsp;&nbsp;&nbsp;<input id="filterlogentries_hide" name="filterlogentries_hide" type="button" class="formbtns" value="<?=gettext("Hide");?>" onclick="enable_hideFilter();" title="<?=gettext("Hide filter options");?>" /></div>
+ <td colspan="3" style="vertical-align:bottom">
+ <div align="left"><input id="filterlogentries_submit" name="filterlogentries_submit" type="submit"
+ class="formbtns" value="<?=gettext("Apply Filter");?>" title="<?=gettext("Apply filter"); ?>" />
+ &nbsp;&nbsp;&nbsp;<input id="filterlogentries_clear" name="filterlogentries_clear" type="submit"
+ class="formbtns" value="<?=gettext("Clear");?>" title="<?=gettext("Remove filter");?>" />
+ &nbsp;&nbsp;&nbsp;<input id="filterlogentries_hide" name="filterlogentries_hide" type="button"
+ class="formbtns" value="<?=gettext("Hide");?>" onclick="enable_hideFilter();"
+ title="<?=gettext("Hide filter options");?>" /></div>
</td>
</tr>
</table>
@@ -601,7 +665,7 @@ if ($savemsg) {
</tr>
<!--Create Three Output Windows 'Deny', 'Permit' and 'Match'-->
-<?php foreach (array ("Deny" => $pfb['denydir'] . " " . $pfb['nativedir'], "Permit" => $pfb['permitdir'], "Match" => $pfb['matchdir']) as $type => $pfbfolder ):
+<?php foreach (array ( "Deny" => $pfb['denydir'] . " " . $pfb['nativedir'], "Permit" => $pfb['permitdir'], "Match" => $pfb['matchdir']) as $type => $pfbfolder ):
switch($type) {
case "Deny":
$rtype = "block";
@@ -612,15 +676,16 @@ if ($savemsg) {
$pfbentries = "{$pfbpermitcnt}";
break;
case "Match":
- if ($pfb['pfsenseversion'] >= '2.2') {
- $rtype = "unkn(%u)";
- } else {
- $rtype = "unkn(11)";
- }
+ $rtype = "unkn(%u)";
$pfbentries = "{$pfbmatchcnt}";
break;
}
+ // Skip Table output if $pfbentries is zero.
+ if ($pfbentries == 0 && $skipcount != 2) {
+ $skipcount++;
+ continue;
+ }
?>
<table id="maintable" class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="6">
<tr>
@@ -660,30 +725,27 @@ if ($savemsg) {
<?php
$pfb['runonce'] = TRUE;
-if (isset($pfb['load']))
+if (isset($pfb['load'])) {
$pfb['runonce'] = FALSE;
+}
// Execute the following once per refresh
if ($pfb['runonce']) {
$pfb['load'] = TRUE;
+ $resolvecounter = 0;
$fields_array = array();
- // pfSense versions below 2.2 have the Logfiles in two lines.
- if ($pfb['pfsenseversion'] >= '2.2') {
- $pfblines = exec("/usr/local/sbin/clog {$filter_logfile} | /usr/bin/grep -c ^");
- } else {
- $pfblines = (exec("/usr/local/sbin/clog {$filter_logfile} | /usr/bin/grep -c ^") /2 );
- }
-
+ $pfblines = exec("/usr/local/sbin/clog {$filter_logfile} | /usr/bin/grep -c ^");
$fields_array = conv_log_filter_lite($filter_logfile, $pfblines, $pfblines, $pfbdenycnt, $pfbpermitcnt, $pfbmatchcnt);
$continents = array('pfB_Africa','pfB_Antartica','pfB_Asia','pfB_Europe','pfB_NAmerica','pfB_Oceania','pfB_SAmerica','pfB_Top');
- $supp_ip_txt .= "Clicking this Suppression Icon, will immediately remove the Block.\n\nSuppressing a /32 CIDR is better than Suppressing the full /24";
+ $supp_ip_txt = "Clicking this Suppression Icon, will immediately remove the Block.\n\nSuppressing a /32 CIDR is better than Suppressing the full /24";
$supp_ip_txt .= " CIDR.\nThe Host will be added to the pfBlockerNG Suppress Alias Table.\n\nOnly 32 or 24 CIDR IPs can be Suppressed with the '+' Icon.";
$supp_ip_txt .= "\nTo manually add Host(s), edit the 'pfBlockerNGSuppress' Alias in the Alias Tab.\nManual entries will not remove existing Blocked Hosts";
// Array of all Local IPs for Alert Analysis
$pfb_local = array();
+ $pfb_localsub = array();
// Collect Gateway IP Addresses for Inbound/Outbound List matching
$int_gateway = get_interfaces_with_gateway();
@@ -697,12 +759,16 @@ if ($pfb['runonce']) {
// Collect Virtual IP Aliases for Inbound/Outbound List Matching
if (is_array($config['virtualip']['vip'])) {
foreach ($config['virtualip']['vip'] as $list) {
- if ($list['type'] == "single" && $list['subnet_bits'] == "32")
- $pfb_local[] = $list['subnet'];
- elseif ($list['type'] == "single" || $list['type'] == "network")
- $pfb_local = array_merge (subnet_expand ("{$list['subnet']}/{$list['subnet_bits']}"), $pfb_local);
+ if ($list['subnet'] != "" && $list['subnet_bits'] != "") {
+ if ($list['subnet_bits'] >= 24) {
+ $pfb_local = array_merge(subnetv4_expand("{$list['subnet']}/{$list['subnet_bits']}"), $pfb_local);
+ } else {
+ $pfb_localsub[] = "{$list['subnet']}/{$list['subnet_bits']}";
+ }
+ }
}
}
+
// Collect NAT IP Addresses for Inbound/Outbound List Matching
if (is_array($config['nat']['rule'])) {
foreach ($config['nat']['rule'] as $natent) {
@@ -711,7 +777,7 @@ if ($pfb['runonce']) {
}
// Collect 1:1 NAT IP Addresses for Inbound/Outbound List Matching
- if(is_array($config['nat']['onetoone'])) {
+ if (is_array($config['nat']['onetoone'])) {
foreach ($config['nat']['onetoone'] as $onetoone) {
$pfb_local[] = $onetoone['source']['address'];
}
@@ -729,17 +795,27 @@ if ($pfb['runonce']) {
}
}
}
- // Remove any Duplicate IPs
- $pfb_local = array_unique($pfb_local);
- // Determine Lan IP Address and Mask
- if (is_array($config['interfaces']['lan'])) {
- $lan_ip = $config['interfaces']['lan']['ipaddr'];
- $lan_mask = $config['interfaces']['lan']['subnet'];
+ // Collect all Interface Addresses for Inbound/Outbound List Matching
+ if (is_array($config['interfaces'])) {
+ foreach ($config['interfaces'] as $int) {
+ if ($int['ipaddr'] != "dhcp") {
+ if ($int['ipaddr'] != "" && $int['subnet'] != "") {
+ if ($int['subnet'] >= 24) {
+ $pfb_local = array_merge(subnetv4_expand("{$int['ipaddr']}/{$int['subnet']}"), $pfb_local);
+ } else {
+ $pfb_localsub[] = "{$int['ipaddr']}/{$int['subnet']}";
+ }
+ }
+ }
+ }
}
+
+ // Remove any Duplicate IPs
+ $pfb_local = array_unique($pfb_local);
+ $pfb_localsub = array_unique($pfb_localsub);
}
-$counter = 0;
// Process Fields_array and generate Output
if (!empty($fields_array[$type]) && !empty($rule_list)) {
$key = 0;
@@ -774,19 +850,19 @@ if (!empty($fields_array[$type]) && !empty($rule_list)) {
}
// Add DNS Resolve and Suppression Icons to External IPs only. GeoIP Code to External IPs only.
- if (in_array($fields[8], $pfb_local) || check_lan_dest($lan_ip,$lan_mask,$fields[8],"32")) {
+ if (in_array($fields[8], $pfb_local) || ip_in_pfb_localsub($fields[8])) {
// Destination is Gateway/NAT/VIP
$rule = $rule_list[$rulenum]['name'] . "<br />(" . $rulenum .")";
$host = $fields[7];
- $alert_ip .= "<a href='/pfblockerng/pfblockerng_diag_dns.php?host={$host}' title=\" " . gettext("Resolve host via Rev. DNS lookup");
- $alert_ip .= "\"> <img src=\"/themes/{$g['theme']}/images/icons/icon_log.gif\" width=\"11\" height=\"11\" border=\"0\" ";
- $alert_ip .= "alt=\"Icon Reverse Resolve with DNS\" style=\"cursor: pointer;\"/></a>";
+ $alert_ip = "<a href='/pfblockerng/pfblockerng_diag_dns.php?host={$host}' title=\" " . gettext("Resolve host via Rev. DNS lookup");
+ $alert_ip .= "\"> <img src=\"/themes/{$g['theme']}/images/icons/icon_log.gif\" width='11' height='11' border='0' ";
+ $alert_ip .= "alt=\"Icon Reverse Resolve with DNS\" style=\"cursor: pointer;\" /></a>";
if ($pfb_query != "Country" && $rtype == "block" && $pfb['supp'] == "on") {
- $supp_ip .= "<input type='image' name='addsuppress[]' onclick=\"hostruleid('{$host}','{$rule_list[$rulenum]['name']}');\" ";
+ $supp_ip = "<input type='image' name='addsuppress[]' onclick=\"hostruleid('{$host}','{$rule_list[$rulenum]['name']}');\" ";
$supp_ip .= "src=\"../themes/{$g['theme']}/images/icons/icon_pass_add.gif\" title=\"";
- $supp_ip .= gettext($supp_ip_txt) . "\" border=\"0\" width='11' height='11'/>";
+ $supp_ip .= gettext($supp_ip_txt) . "\" border='0' width='11' height='11' />";
}
if ($pfb_query != "Country" && $rtype == "block" && $hostlookup == "on") {
@@ -802,14 +878,14 @@ if (!empty($fields_array[$type]) && !empty($rule_list)) {
$rule = $rule_list[$rulenum]['name'] . "<br />(" . $rulenum .")";
$host = $fields[8];
- $alert_ip .= "<a href='/pfblockerng/pfblockerng_diag_dns.php?host={$host}' title=\"" . gettext("Resolve host via Rev. DNS lookup");
- $alert_ip .= "\"> <img src=\"/themes/{$g['theme']}/images/icons/icon_log.gif\" width=\"11\" height=\"11\" border=\"0\" ";
- $alert_ip .= "alt=\"Icon Reverse Resolve with DNS\" style=\"cursor: pointer;\"/></a>";
+ $alert_ip = "<a href='/pfblockerng/pfblockerng_diag_dns.php?host={$host}' title=\"" . gettext("Resolve host via Rev. DNS lookup");
+ $alert_ip .= "\"> <img src=\"/themes/{$g['theme']}/images/icons/icon_log.gif\" width='11' height='11' border='0' ";
+ $alert_ip .= "alt=\"Icon Reverse Resolve with DNS\" style=\"cursor: pointer;\" /></a>";
if ($pfb_query != "Country" && $rtype == "block" && $pfb['supp'] == "on") {
- $supp_ip .= "<input type='image' name='addsuppress[]' onclick=\"hostruleid('{$host}','{$rule_list[$rulenum]['name']}');\" ";
+ $supp_ip = "<input type='image' name='addsuppress[]' onclick=\"hostruleid('{$host}','{$rule_list[$rulenum]['name']}');\" ";
$supp_ip .= "src=\"../themes/{$g['theme']}/images/icons/icon_pass_add.gif\" title=\"";
- $supp_ip .= gettext($supp_ip_txt) . "\" border=\"0\" width='11' height='11'/>";
+ $supp_ip .= gettext($supp_ip_txt) . "\" border='0' width='11' height='11' />";
}
if ($pfb_query != "Country" && $rtype == "block" && $hostlookup == "on") {
@@ -829,7 +905,7 @@ if (!empty($fields_array[$type]) && !empty($rule_list)) {
$country = substr(exec("$pathgeoip6 -f $pathgeoipdat6 $host"),26,2);
}
- # IP Query Grep Exclusion
+ // IP Query Grep Exclusion
$pfb_ex1 = "grep -v 'pfB\_\|\_v6\.txt'";
$pfb_ex2 = "grep -v 'pfB\_\|/32\|/24\|\_v6\.txt' | grep -m1 '/'";
@@ -857,8 +933,9 @@ if (!empty($fields_array[$type]) && !empty($rule_list)) {
$host3 = $host2 - $cnt . '\'';
$pfb_query = exec("/usr/bin/grep -rH {$host1}{$host3} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex2}");
// Break out of loop if found.
- if (!empty($pfb_query))
+ if (!empty($pfb_query)) {
$cnt = 6;
+ }
}
}
// Search for First Three Octets
@@ -886,10 +963,11 @@ if (!empty($fields_array[$type]) && !empty($rule_list)) {
}
// Default to "No Match" if not found.
- if (empty($pfb_query))
+ if (empty($pfb_query)) {
$pfb_query = "No Match";
+ }
- # Split List Column into Two lines.
+ // Split List Column into Two lines.
unset ($pfb_match);
if ($pfb_query == "No Match") {
$pfb_match[1] = "{$pfb_query}";
@@ -921,43 +999,44 @@ if (!empty($fields_array[$type]) && !empty($rule_list)) {
}
// Print Alternating Line Shading
- if ($pfb['pfsenseversion'] > '2.0') {
- $alertRowEvenClass = "listMReven";
- $alertRowOddClass = "listMRodd";
- } else {
- $alertRowEvenClass = "listr";
- $alertRowOddClass = "listr";
- }
+ $alertRowEvenClass = "style='background-color: #D8D8D8;'";
+ $alertRowOddClass = "style='background-color: #E8E8E8;'";
$alertRowClass = $counter % 2 ? $alertRowEvenClass : $alertRowOddClass;
- echo "<tr class='{$alertRowClass}'>
+ echo "<tr {$alertRowClass}>
<td class='listMRr' align='center'>{$fields[99]}</td>
<td class='listMRr' align='center'>{$fields[2]}</td>
<td class='listMRr' align='center' title='The pfBlockerNG Rule that Blocked this Host.'>{$rule}</td>
<td class='listMRr' align='center'>{$fields[6]}</td>
- <td class='listMRr' align='center' style='sorttable_customkey:{$fields[7]};' sorttable_customkey='{$fields[7]}'>{$src_icons}{$fields[97]}{$srcport}<br /><small>{$hostname['src']}</small></td>
- <td class='listMRr' align='center' style='sorttable_customkey:{$fields[8]};' sorttable_customkey='{$fields[8]}'>{$dst_icons}{$fields[98]}{$dstport}<br /><small>{$hostname['dst']}</small></td>
+ <td class='listMRr' align='center' sorttable_customkey='{$fields[97]}'>{$src_icons}{$fields[97]}{$srcport}<br /><small>{$hostname['src']}</small></td>
+ <td class='listMRr' align='center' sorttable_customkey='{$fields[98]}'>{$dst_icons}{$fields[98]}{$dstport}<br /><small>{$hostname['dst']}</small></td>
<td class='listMRr' align='center'>{$country}</td>
<td class='listbg' align='center' title='{$pfb_matchtitle}' style=\"font-size: 10px word-wrap:break-word;\">{$pfb_match[1]}<br />{$pfb_match[2]}</td></tr>";
$counter++;
- if ($counter > 0 && $rtype == "block") {
- $mycounter = $counter;
- } else {
- $mycounter = 0;
+ if ($rtype == "block") {
+ $resolvecounter = $counter;
}
}
}
}
?>
</tbody>
+ <tr>
+ <!--Print Final Table Info-->
+ <?php
+ if ($pfbentries != $counter) {
+ $msg = " - Insufficient Firewall Alerts found.";
+ }
+ echo (" <td colspan='8' style='font-size:10px; background-color: #F0F0F0;' >Found {$counter} Alert Entries {$msg}</td>");
+ $counter = 0; $msg = '';
+ ?>
+ </tr>
</table>
</table>
<?php endforeach; ?> <!--End - Create Three Output Windows 'Deny', 'Permit' and 'Match'-->
<?php unset ($fields_array); ?>
</td></tr>
</table>
-
-</div>
</td>
<script type="text/javascript">
@@ -991,7 +1070,7 @@ function findhostnames(counter) {
)
}
-var alertlines = <?php echo $mycounter; ?>;
+var alertlines = <?php echo $resolvecounter; ?>;
var autoresolve = "<?php echo $config['installedpackages']['pfblockerngglobal']['hostlookup']; ?>";
if ( autoresolve == "on" ) {
for (alertcount = 0; alertcount < alertlines; alertcount++) {
@@ -1014,4 +1093,4 @@ function enable_hideFilter() {
<?php include("fend.inc"); ?>
</form>
</body>
-</html>
+</html> \ No newline at end of file
diff --git a/config/pfblockerng/pfblockerng_diag_dns.php b/config/pfblockerng/pfblockerng_diag_dns.php
index b44bc71c..fa238b7a 100644
--- a/config/pfblockerng/pfblockerng_diag_dns.php
+++ b/config/pfblockerng/pfblockerng_diag_dns.php
@@ -56,15 +56,6 @@ foreach ($a_aliases as $a) {
$counter++;
}
-# Collect pfSense Version
-$pfs_version = substr(trim(file_get_contents("/etc/version")), 0, 3);
-
-if ($pfs_version > '2.2') {
- $cmd = '/usr/bin/drill';
-} else {
- $cmd = '/usr/bin/dig';
-}
-
if (isset($_POST['create_alias']) && (is_hostname($host) || is_ipaddr($host))) {
if ($_POST['override']) {
$override = true;
@@ -73,7 +64,7 @@ if (isset($_POST['create_alias']) && (is_hostname($host) || is_ipaddr($host))) {
$type = "hostname";
if ($resolved) {
$resolved = array();
- exec("{$cmd} {$host_esc} A | /usr/bin/grep {$host_esc} | /usr/bin/grep -v ';' | /usr/bin/awk '{ print $5 }'", $resolved);
+ exec("/usr/bin/drill {$host_esc} A | /usr/bin/grep {$host_esc} | /usr/bin/grep -v ';' | /usr/bin/awk '{ print $5 }'", $resolved);
$isfirst = true;
foreach ($resolved as $re) {
if ($re <> "") {
@@ -120,7 +111,7 @@ if ($_POST) {
$dns_servers = array();
exec("/usr/bin/grep nameserver /etc/resolv.conf | /usr/bin/cut -f2 -d' '", $dns_servers);
foreach ($dns_servers as $dns_server) {
- $query_time = exec("{$cmd} {$host_esc} " . escapeshellarg("@" . trim($dns_server)) . " | /usr/bin/grep Query | /usr/bin/cut -d':' -f2");
+ $query_time = exec("/usr/bin/drill {$host_esc} " . escapeshellarg("@" . trim($dns_server)) . " | /usr/bin/grep Query | /usr/bin/cut -d':' -f2");
if ($query_time == "") {
$query_time = gettext("No response");
}
@@ -149,7 +140,7 @@ if ($_POST) {
$resolved = gethostbyname($host);
if ($resolved) {
$resolved = array();
- exec("{$cmd} {$host_esc} A | /usr/bin/grep {$host_esc} | /usr/bin/grep -v ';' | /usr/bin/awk '{ print $5 }'", $resolved);
+ exec("/usr/bin/drill {$host_esc} A | /usr/bin/grep {$host_esc} | /usr/bin/grep -v ';' | /usr/bin/awk '{ print $5 }'", $resolved);
}
$hostname = $host;
if ($host != $resolved) {
@@ -208,7 +199,7 @@ include("head.inc"); ?>
<input name="host" type="text" class="formfld unknown" id="host" size="20" value="<?=htmlspecialchars($host);?>">
</td>
<?php if ($resolved && $type) { ?>
- <td valign="middle">&nbsp;=&nbsp;</td><td>
+ <td valign="middle">&nbsp;&nbsp;</td><td>
<font size="+1">
<?php
$found = 0;
@@ -244,8 +235,8 @@ include("head.inc"); ?>
</tr>
<?php if ($_POST): ?>
<tr>
- <td width="22%" valign="top" class="vncell"><?=gettext("Resolution time per server");?></td>
- <td width="78%" class="vtable">
+ <td width="22%" valign="top" class="vncell"><?=gettext("Resolution time per server");?></td>
+ <td width="78%" class="vtable">
<table width="170" border="0" cellpadding="6" cellspacing="0" summary="resolution time">
<tr>
<td class="listhdrr">
@@ -271,7 +262,7 @@ include("head.inc"); ?>
endforeach;
?>
</table>
- </td>
+ </td>
</tr>
<?php endif; ?>
<?php if (!$input_errors && $ipaddr) { ?>
diff --git a/config/pfblockerng/pfblockerng_log.php b/config/pfblockerng/pfblockerng_log.php
index 4c25ce29..a235f20a 100644
--- a/config/pfblockerng/pfblockerng_log.php
+++ b/config/pfblockerng/pfblockerng_log.php
@@ -52,13 +52,13 @@ require_once("/usr/local/pkg/pfblockerng/pfblockerng.inc");
pfb_global();
-# Get log files from directory
+// Get log files from directory
function getlogs($logdir, $log_extentions = array('log')) {
if (!is_array($log_extentions)) {
$log_extentions = array($log_extentions);
}
- # Get logfiles
+ // Get logfiles
$log_filenames = array();
foreach ($log_extentions as $extention) {
if ($extention <> '*') {
@@ -68,7 +68,7 @@ function getlogs($logdir, $log_extentions = array('log')) {
}
}
- # Convert to filenames only
+ // Convert to filenames only
if (count($log_filenames) > 0) {
$log_totalfiles = count($log_filenames);
for ($cnt = 0; $cnt < $log_totalfiles; $cnt++) {
@@ -76,18 +76,19 @@ function getlogs($logdir, $log_extentions = array('log')) {
}
}
- # Sort the filename
+ // Sort the filename
asort($log_filenames);
- # Done
+ // Done
return $log_filenames;
}
-# Define logtypes
-# name => Displayname of the type
-# ext => Log extentions (array for multiple extentions)
-# logdir=> Log directory
-# clear => Add clear button (TRUE/FALSE)
+/* Define logtypes:
+ name => Displayname of the type
+ ext => Log extentions (array for multiple extentions)
+ logdir => Log directory
+ clear => Add clear button (TRUE/FALSE) */
+
$pfb_logtypes = array( 'defaultlogs' => array('name' => 'Log Files',
'logdir' => "{$pfb['logdir']}/",
'logs' => array("pfblockerng.log", "error.log", "geoip.log", "maxmind_ver"),
@@ -153,7 +154,7 @@ $pfb_logtypes = array( 'defaultlogs' => array('name' => 'Log Files',
)
);
-# Check logtypes
+// Check logtypes
$logtypeid = 'defaultlogs';
if (isset($_POST['logtype'])) {
$logtypeid = $_POST['logtype'];
@@ -161,13 +162,13 @@ if (isset($_POST['logtype'])) {
$logtypeid = htmlspecialchars($_GET['logtype']);
}
-# Check if POST has been set
+// Check if POST has been set
if (isset($_POST['file'])) {
clearstatcache();
$pfb_logfilename = $_POST['file'];
$pfb_ext = pathinfo($pfb_logfilename, PATHINFO_EXTENSION);
- # Load log
+ // Load log
if ($_POST['action'] == 'load') {
if (!is_file($pfb_logfilename)) {
echo "|3|" . gettext("Log file is empty or does not exist") . ".|";
@@ -187,12 +188,12 @@ if (isset($_POST['file'])) {
if (isset($_POST['logFile'])) {
$s_logfile = $_POST['logFile'];
- # Clear selected file
+ // Clear selected file
if (isset($_POST['clear'])) {
unlink_if_exists($s_logfile);
}
- # Download log
+ // Download log
if (isset($_POST['download'])) {
if (file_exists($s_logfile)) {
ob_start(); //important or other posts will fail
diff --git a/config/pfblockerng/pfblockerng_sync.xml b/config/pfblockerng/pfblockerng_sync.xml
index f6cee305..03b86dce 100644
--- a/config/pfblockerng/pfblockerng_sync.xml
+++ b/config/pfblockerng/pfblockerng_sync.xml
@@ -52,6 +52,7 @@
<version>1.0</version>
<title>pfBlockerNG: XMLRPC Sync</title>
<include_file>/usr/local/pkg/pfblockerng/pfblockerng.inc</include_file>
+ <addedit_string>pfBlockerNG: Save XMLRPC Sync settings</addedit_string>
<menu>
<name>pfBlockerNG</name>
<tooltiptext>Configure pfBlockerNG</tooltiptext>
@@ -124,7 +125,7 @@
<url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_sync.xml&amp;id=0</url>
<active/>
</tab>
- </tabs>
+ </tabs>
<fields>
<field>
<name>pfBlockerNG XMLRPC Sync Settings</name>
@@ -132,8 +133,8 @@
</field>
<field>
<fielddescr>LINKS</fielddescr>
- <fieldname>none</fieldname>
- <description><![CDATA[<a href="/firewall_aliases.php">Firewall Alias</a> &nbsp;&nbsp;&nbsp; <a href="/firewall_rules.php">Firewall Rules</a> &nbsp;&nbsp;&nbsp; <a href="diag_logs_filter.php">Firewall Logs</a>]]>
+ <description><![CDATA[<a href="/firewall_aliases.php">Firewall Alias</a> &nbsp;&nbsp;&nbsp;
+ <a href="/firewall_rules.php">Firewall Rules</a> &nbsp;&nbsp;&nbsp; <a href="diag_logs_filter.php">Firewall Logs</a>]]>
</description>
<type>info</type>
</field>
@@ -173,7 +174,6 @@
</field>
<field>
<fielddescr>Replication Targets</fielddescr>
- <fieldname>none</fieldname>
<type>rowhelper</type>
<rowhelper>
<rowhelperfield>
@@ -217,15 +217,15 @@
<rowhelperfield>
<fielddescr>Target Password</fielddescr>
<fieldname>varsyncpassword</fieldname>
- <description><![CDATA[Password of the user "admin" on the destination host.]]></description>
+ <description><![CDATA[Password of the user 'admin' on the destination host.]]></description>
<type>password</type>
<size>20</size>
</rowhelperfield>
</rowhelper>
</field>
<field>
- <name><![CDATA[<ul>Click to SAVE Settings and/or Rule Edits. &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Changes are Applied via CRON or
- 'Force Update'</ul>]]></name>
+ <name><![CDATA[<center>Click to SAVE Settings and/or Rule Edits. &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Changes are Applied via CRON or
+ 'Force Update'</center>]]></name>
<type>listtopic</type>
</field>
</fields>
diff --git a/config/pfblockerng/pfblockerng_top20.xml b/config/pfblockerng/pfblockerng_top20.xml
index db898112..32ed52e8 100644
--- a/config/pfblockerng/pfblockerng_top20.xml
+++ b/config/pfblockerng/pfblockerng_top20.xml
@@ -52,13 +52,14 @@
<version>1.0</version>
<title>pfBlockerNG: Top 20 Spammer Countries</title>
<include_file>/usr/local/pkg/pfblockerng/pfblockerng.inc</include_file>
+ <addedit_string>pfBlockerNG: Save Top20 settings</addedit_string>
<menu>
<name>pfBlockerNG</name>
<tooltiptext>Configure pfblockerNG</tooltiptext>
<section>Firewall</section>
<url>pkg_edit.php?xml=pfblockerng.xml&amp;id=0</url>
</menu>
- <tabs>
+ <tabs>
<tab>
<text>General</text>
<url>/pkg_edit.php?xml=pfblockerng.xml&amp;id=0</url>
@@ -124,7 +125,7 @@
<text>Sync</text>
<url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_sync.xml&amp;id=0</url>
</tab>
- </tabs>
+ </tabs>
<fields>
<field>
<name><![CDATA[TOP 20 - Spammer Countries&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; (Geolite Data by Maxmind Inc. - ISO 3166)]]></name>
@@ -132,20 +133,19 @@
</field>
<field>
<fielddescr>LINKS</fielddescr>
- <fieldname>none</fieldname>
- <description><![CDATA[<a href="/firewall_aliases.php">Firewall Alias</a> &nbsp;&nbsp;&nbsp; <a href="/firewall_rules.php">Firewall Rules</a> &nbsp;&nbsp;&nbsp; <a href="diag_logs_filter.php">Firewall Logs</a>]]>
+ <description><![CDATA[<a href="/firewall_aliases.php">Firewall Alias</a> &nbsp;&nbsp;&nbsp;
+ <a href="/firewall_rules.php">Firewall Rules</a> &nbsp;&nbsp;&nbsp; <a href="diag_logs_filter.php">Firewall Logs</a>]]>
</description>
<type>info</type>
- </field>
+ </field>
<field>
- <fielddescr><![CDATA[<br /><strong>Top 20 IPv4</strong><br />Spammer Countries]]></fielddescr>
<fieldname>countries4</fieldname>
- <description>
- <![CDATA[Select Top IPv4 Spammer Countries you want to take an action on.<br />
- <strong>Use CTRL + CLICK to unselect countries</strong>]]>
- </description>
+ <fielddescr><![CDATA[<strong><center>Top 20<br /> Spammer Countries</center></strong><br />
+ <center>Use CTRL + CLICK to unselect countries</center>]]>
+ </fielddescr>
+ <description><![CDATA[<center><br />IPv4 Countries</center>]]></description>
<type>select</type>
- <options>
+ <options>
<option><name>China-CN</name><value>CN</value></option>
<option><name>Russia-RU</name><value>RU</value></option>
<option><name>Japan-JP</name><value>JP</value></option>
@@ -169,14 +169,12 @@
</options>
<size>20</size>
<multiple/>
+ <usecolspan2/>
+ <combinefields>begin</combinefields>
</field>
<field>
- <fielddescr><![CDATA[<br /><strong>Top 20 IPv6</strong><br />Spammer Countries]]></fielddescr>
<fieldname>countries6</fieldname>
- <description>
- <![CDATA[Select Top IPv6 Spammer Countries you want to take an action on.<br />
- <strong>Use CTRL + CLICK to unselect countries</strong>]]>
- </description>
+ <description><![CDATA[<br /><center>IPv6 Countries</center>]]></description>
<type>select</type>
<options>
<option><name>China-CN</name><value>CN</value></option>
@@ -199,13 +197,16 @@
<option><name>Taiwan-TW</name><value>TW</value></option>
<option><name>Mexico-MX</name><value>MX</value></option>
<option><name>Chilie-CL</name><value>CL</value></option>
- </options>
- <size>20</size>
- <multiple/>
+ </options>
+ <size>20</size>
+ <multiple/>
+ <usecolspan2/>
+ <dontdisplayname/>
+ <combinefields>end</combinefields>
</field>
<field>
<fielddescr>List Action</fielddescr>
- <description><![CDATA[<br />Default : <strong>Disabled</strong><br /><br />
+ <description><![CDATA[<br />Default: <strong>Disabled</strong><br /><br />
Select the <strong>Action</strong> for Firewall Rules on lists you have selected.<br /><br />
<strong><u>'Disabled' Rules:</u></strong> Disables selection and does nothing to selected Alias.<br /><br />
@@ -231,12 +232,12 @@
<strong><u>'Alias' Rules:</u></strong><br />
<strong>'Alias'</strong> rules create an <a href="/firewall_aliases.php">alias</a> for the list (and do nothing else).
This enables a pfBlockerNG list to be used by name, in any firewall rule or pfSense function, as desired.
- <ul><li><strong>Options &nbsp;&nbsp; - Alias Deny,&nbsp; Alias Permit,&nbsp; Alias Match,&nbsp; Alias Native</strong></li><br />
+ <ul><li><strong>Options - Alias Deny,&nbsp; Alias Permit,&nbsp; Alias Match,&nbsp; Alias Native</strong></li><br />
<li>'Alias Deny' can use De-Duplication and Reputation Processes if configured.</li><br />
<li>'Alias Permit' and 'Alias Match' will be saved in the Same folder as the other Permit/Match Auto-Rules</li><br />
<li>'Alias Native' lists are kept in their Native format without any modifications.</li></ul>
<strong>When using 'Alias' rules, change (pfB_) to ( pfb_ ) in the beginning of rule description and Use the 'Exact' spelling of
- the Alias (no trailing Whitespace)&nbsp;</strong> Custom 'Alias' rules with 'pfB_ xxx' description will be removed by package if
+ the Alias (no trailing Whitespace)</strong> Custom 'Alias' rules with 'pfB_ xxx' description will be removed by package if
using Auto Rule Creation.<br /><br /><strong>Tip</strong>: You can create the Auto Rules and remove "<u>auto rule</u>" from the Rule
Descriptions, then disable Auto Rules. This method will 'KEEP' these rules from being 'Deleted' which will allow editing for a Custom
Alias Configuration<br />]]>
@@ -262,7 +263,7 @@
<field>
<fielddescr>Enable Logging</fielddescr>
<fieldname>aliaslog</fieldname>
- <description><![CDATA[Default:<strong>Enable</strong><br />
+ <description><![CDATA[Default: <strong>Enable</strong><br />
Select - Logging to Status: System Logs: FIREWALL ( Log )]]>
</description>
<type>select</type>
@@ -272,8 +273,87 @@
</options>
</field>
<field>
- <name><![CDATA[<ul>Click to SAVE Settings and/or Rule Edits. &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Changes are Applied via CRON or
- 'Force Update'</ul>]]> </name>
+ <name>Advanced Inbound Firewall Rule Settings</name>
+ <type>listtopic</type>
+ </field>
+ <field>
+ <type>info</type>
+ <description><![CDATA[<font color='red'>Note: </font>In general Auto-Rules are created as follows:<br />
+ <ul>Inbound &nbsp;&nbsp;- 'any' port, 'any' protocol and 'any' destination<br />
+ Outbound - 'any' port, 'any' protocol and 'any' destination address in the lists</ul>
+ Configuring the Adv. Inbound Rule settings, will allow for more customization of the Inbound Auto-Rules.<br />
+ <strong>Select the pfSense 'Port' and/or 'Destination' Alias below:</strong>]]>
+ </description>
+ </field>
+ <field>
+ <fieldname>autoports</fieldname>
+ <fielddescr>Enable Custom Port</fielddescr>
+ <type>checkbox</type>
+ <enablefields>aliasports</enablefields>
+ <usecolspan2/>
+ <combinefields>begin</combinefields>
+ </field>
+ <field>
+ <fielddescr>Define Alias</fielddescr>
+ <fieldname>aliasports</fieldname>
+ <description><![CDATA[<a href="/firewall_aliases.php?tab=port">Click Here to add/edit Aliases</a>
+ Do not manually enter port numbers. <br />Do not use 'pfB_' in the Port Alias name.]]>
+ </description>
+ <size>21</size>
+ <type>aliases</type>
+ <typealiases>port</typealiases>
+ <dontdisplayname/>
+ <usecolspan2/>
+ <combinefields>end</combinefields>
+ </field>
+ <field>
+ <fieldname>autodest</fieldname>
+ <fielddescr>Enable Custom Destination</fielddescr>
+ <type>checkbox</type>
+ <enablefields>aliasdest,autonot</enablefields>
+ <usecolspan2/>
+ <combinefields>begin</combinefields>
+ </field>
+ <field>
+ <fieldname>aliasdest</fieldname>
+ <description><![CDATA[<a href="/firewall_aliases.php?tab=ip">Click Here to add/edit Aliases</a>
+ Do not manually enter Addresses(es). <br />Do not use 'pfB_' in the 'IP Network Type' Alias name.]]>
+ </description>
+ <size>21</size>
+ <type>aliases</type>
+ <typealiases>network</typealiases>
+ <dontdisplayname/>
+ <usecolspan2/>
+ <combinefields/>
+ </field>
+ <field>
+ <fielddescr>Invert</fielddescr>
+ <fieldname>autonot</fieldname>
+ <description><![CDATA[<div style="padding-left: 22px;"><strong>Invert</strong> - Option to invert the sense of the match.<br />
+ ie - Not (!) Destination Address(es)</div>]]>
+ </description>
+ <type>checkbox</type>
+ <dontdisplayname/>
+ <usecolspan2/>
+ <combinefields>end</combinefields>
+ </field>
+ <field>
+ <fielddescr>Custom Protocol</fielddescr>
+ <fieldname>autoproto</fieldname>
+ <description><![CDATA[<strong>Default: any</strong><br />Select the Protocol used for Inbound Firewall Rule(s).]]></description>
+ <type>select</type>
+ <options>
+ <option><name>any</name><value></value></option>
+ <option><name>TCP</name><value>tcp</value></option>
+ <option><name>UDP</name><value>udp</value></option>
+ <option><name>TCP/UDP</name><value>tcp/udp</value></option>
+ </options>
+ <size>4</size>
+ <default_value></default_value>
+ </field>
+ <field>
+ <name><![CDATA[<center>Click to SAVE Settings and/or Rule Edits. &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Changes are Applied via CRON or
+ 'Force Update'</center>]]></name>
<type>listtopic</type>
</field>
</fields>
diff --git a/config/pfblockerng/pfblockerng_update.php b/config/pfblockerng/pfblockerng_update.php
index f3a18231..e63d04dc 100644
--- a/config/pfblockerng/pfblockerng_update.php
+++ b/config/pfblockerng/pfblockerng_update.php
@@ -76,7 +76,6 @@ function pfbupdate_status($status) {
// Function to perform a Force Update, Cron or Reload
function pfb_cron_update($type) {
-
global $pfb;
// Query for any Active pfBlockerNG CRON Jobs
@@ -87,8 +86,9 @@ function pfb_cron_update($type) {
exit;
}
- if (!file_exists("{$pfb['log']}"))
+ if (!file_exists("{$pfb['log']}")) {
touch("{$pfb['log']}");
+ }
// Update Status Window with correct Task
if ($type == "update") {
@@ -102,7 +102,6 @@ function pfb_cron_update($type) {
// Remove any existing pfBlockerNG CRON Jobs
install_cron_job("pfblockerng.php cron", false);
- write_config();
// Execute PHP Process in the Background
mwexec_bg("/usr/local/bin/php /usr/local/www/pfblockerng/pfblockerng.php {$type} >> {$pfb['log']} 2>&1");
@@ -121,18 +120,19 @@ function pfb_cron_update($type) {
$lastpos = $len;
} else {
$f = fopen($pfb['log'], "rb");
- if ($f === false)
+ if ($f === false) {
die();
+ }
fseek($f, $lastpos);
while (!feof($f)) {
$pfb_buffer = fread($f, 2048);
$pfb_output .= str_replace( array ("\r", "\")"), "", $pfb_buffer);
-
// Refresh on new lines only. This allows Scrolling.
- if ($lastpos != $lastpos_old)
+ if ($lastpos != $lastpos_old) {
pfbupdate_output($pfb_output);
+ }
$lastpos_old = $lastpos;
ob_flush();
flush();
@@ -151,7 +151,7 @@ function pfb_cron_update($type) {
ob_flush();
flush();
fclose($f);
- # Call Log Mgmt Function
+ // Call Log Mgmt Function
pfb_log_mgmt();
die();
}
@@ -207,61 +207,112 @@ include_once("head.inc");
<tr>
<td colspan="2" class="listr">
<?php
- // Collect Existing CRON settings
- if (is_array($config['cron']['item'])) {
- foreach ($config['cron']['item'] as $cron) {
- if (preg_match("/usr.local.www.pfblockerng.pfblockerng.php cron/",$cron["command"])) {
- $pfb_min = "{$cron['minute']}";
- break;
+ if ($pfb['enable'] == "on") {
+
+ /* Legend - Time Variables
+
+ $pfb['interval'] Hour interval setting (1,2,3,4,6,8,12,24)
+ $pfb['min'] Cron minute start time (0-23)
+ $pfb['hour'] Cron start hour (0-23)
+ $pfb['24hour'] Cron daily/wk start hr (0-23)
+
+ $currenthour Current hour
+ $currentmin Current minute
+ $cron_hour_begin First cron hour setting (interval 2-24)
+ $cron_hour_next Next cron hour setting (interval 2-24)
+
+ $max_min_remain Max minutes to next cron (not including currentmin)
+ $min_remain Total minutes remaining to next cron
+ $min_final The minute component in hour:min
+
+ $nextcron Next cron event in hour:mins
+ $cronreal Time remaining to next cron in hours:mins */
+
+ $currenthour = date('G');
+ $currentmin = date('i');
+
+ if ($pfb['interval'] == 1) {
+ if (($currenthour + ($currentmin/60)) <= ($pfb['hour'] + ($pfb['min']/60))) {
+ $cron_hour_next = $currenthour;
+ } else {
+ $cron_hour_next = $currenthour + 1;
+ }
+ if (($currenthour + ($pfb['min']/60)) >= 24) {
+ $cron_hour_next = $pfb['hour'];
}
+ $max_min_remain = 60 + $pfb['min'];
}
- }
- // Calculate Minutes Remaining till next CRON Event.
- $currentmin = date('i');
- switch ($pfb_min) {
- case "0":
- $min_remain = (60 - $currentmin);
- break;
- case "15":
- if ($currentmin < 15) {
- $min_remain = (15 - $currentmin);
- } else {
- $min_remain = (75 - $currentmin);
+ elseif ($pfb['interval'] == 24) {
+ $cron_hour_next = $cron_hour_begin = $pfb['24hour'] != '' ? $pfb['24hour'] : '00';
+ }
+ else {
+ // Find Next Cron hour schedule
+ $crondata = pfb_cron_base_hour();
+ if (!empty($crondata)) {
+ foreach ($crondata as $key => $line) {
+ if ($key == 0) {
+ $cron_hour_begin = $line;
+ }
+ if ($line > $currenthour) {
+ $cron_hour_next = $line;
+ break;
+ }
+ }
}
- break;
- case "30":
- if ($currentmin < 30) {
- $min_remain = (30 - $currentmin);
- } else {
- $min_remain = (90 - $currentmin);
+
+ // Roll over to First cron hour setting
+ if (!isset($cron_hour_next)) {
+ if (empty($cron_hour_begin)) {
+ // $cron_hour_begin is hour '0'
+ $cron_hour_next = (24 - $currenthour);
+ } else {
+ $cron_hour_next = $cron_hour_begin;
+ }
}
- break;
- case "45":
- if ($currentmin < 45) {
- $min_remain = (45 - $currentmin);
+ }
+
+ if ($pfb['interval'] != 1) {
+ if (($currenthour + ($currentmin/60)) <= ($cron_hour_next + ($pfb['min']/60))) {
+ $max_min_remain = (($cron_hour_next - $currenthour) * 60) + $pfb['min'];
} else {
- $min_remain = (105 - $currentmin);
+ $max_min_remain = ((24 - $currenthour + $cron_hour_begin) * 60) + $pfb['min'];
+ $cron_hour_next = $cron_hour_begin;
}
- break;
- }
+ }
- // Default to "< 1 minute" if empty
- if (empty($min_remain))
- $min_remain = "< 1";
+ $min_remain = ($max_min_remain - $currentmin);
+ $min_final = ($min_remain % 60);
+ $sec_final = (60 - date('s'));
- // Next Scheduled Cron Time
- if ($pfb_min == "0")
- $pfb_min = "00";
- $nextcron = (date('H') +1) . ":{$pfb_min}";
+ if (strlen($sec_final) == 1) {
+ $sec_final = '0' . $sec_final;
+ }
+ if (strlen($min_final) == 1) {
+ $min_final = '0' . $min_final;
+ }
+ if (strlen($cron_hour_next) == 1) {
+ $cron_hour_next = '0' . $cron_hour_next;
+ }
+
+ if ($min_remain > 59) {
+ $nextcron = floor($min_remain / 60) . ':' . $min_final . ':' . $sec_final;
+ } else {
+ $nextcron = '00:' . $min_final . ':' . $sec_final;
+ }
+
+ if ($pfb['min'] == 0) {
+ $pfb['min'] = '00';
+ }
+ $cronreal = "{$cron_hour_next}:{$pfb['min']}";
+ }
- // If pfBlockerNG is Disabled or Cron Task is Missing
- if (empty($pfb['enable']) || empty($pfb_min)) {
- $min_remain = " -- ";
- $nextcron = " [ Disabled ] ";
+ if (empty($pfb['enable']) || empty($cron_hour_next)) {
+ $cronreal = ' [ Disabled ]';
+ $nextcron = '--';
}
- echo "NEXT Scheduled CRON Event will run at <font size=\"3\">&nbsp;{$nextcron}</font>&nbsp; in<font size=\"3\">
- <span class=\"red\">&nbsp;{$min_remain}&nbsp;</span></font> Minutes.";
+ echo "NEXT Scheduled CRON Event will run at <font size=\"3\">&nbsp;{$cronreal}</font>&nbsp; with
+ <font size=\"3\"><span class=\"red\">&nbsp;{$nextcron}&nbsp;</span></font> time remaining.";
// Query for any Active pfBlockerNG CRON Jobs
$result_cron = array();
@@ -272,7 +323,7 @@ include_once("head.inc");
echo "<img src = '/themes/{$g['theme']}/images/icons/icon_pass.gif' width='15' height='15'
border='0' title='pfBockerNG Cron Task is Running.'/>";
}
- echo "<br /><font size=\"3\"><span class=\"red\">Refresh</span></font> to update current Status and Minute(s) remaining";
+ echo "<br /><font size=\"3\"><span class=\"red\">Refresh</span></font> to update current Status and time remaining";
?>
</td>
</tr>
@@ -348,8 +399,9 @@ include("fend.inc");
// Execute the Viewer output Window
if (isset($_POST['pfbview'])) {
- if (!file_exists("{$pfb['log']}"))
+ if (!file_exists("{$pfb['log']}")) {
touch("{$pfb['log']}");
+ }
// Reference: http://stackoverflow.com/questions/3218895/php-how-to-read-a-file-live-that-is-constantly-being-written-to
pfbupdate_status(gettext("Log Viewing in progress. ** Press 'END VIEW' to Exit ** "));
@@ -372,8 +424,9 @@ if (isset($_POST['pfbview'])) {
$lastpos = $len;
} else {
$f = fopen($pfb['log'], "rb");
- if ($f === false)
+ if ($f === false) {
die();
+ }
fseek($f, $lastpos);
while (!feof($f)) {
@@ -415,8 +468,9 @@ if (isset($_POST['pfbcron']) && $pfb['enable'] == "on") {
// Execute a Reload of all Aliases and Lists
if (isset($_POST['pfbreload']) && $pfb['enable'] == "on") {
+ // Set 'Reuse' Flag for Reload process
$config['installedpackages']['pfblockerng']['config'][0]['pfb_reuse'] = "on";
- write_config();
+ write_config("pfBlockerNG: Executing Force Reload");
pfb_cron_update(reload);
}
diff --git a/config/pfblockerng/pfblockerng_v4lists.xml b/config/pfblockerng/pfblockerng_v4lists.xml
index febfd597..00747a24 100644
--- a/config/pfblockerng/pfblockerng_v4lists.xml
+++ b/config/pfblockerng/pfblockerng_v4lists.xml
@@ -54,6 +54,7 @@
<version>1.0</version>
<title>pfBlockerNG: IPv4 Alias/List Configuration</title>
<include_file>/usr/local/pkg/pfblockerng/pfblockerng.inc</include_file>
+ <addedit_string>pfBlockerNG: Save IPv4 settings</addedit_string>
<menu>
<name>pfBlockerNG</name>
<tooltiptext></tooltiptext>
@@ -149,6 +150,8 @@
<fielddescr>Logging</fielddescr>
<fieldname>aliaslog</fieldname>
</columnitem>
+ <addtext>Add a new Alias</addtext>
+ <movable>on</movable>
</adddeleteeditpagefields>
<fields>
<field>
@@ -158,15 +161,15 @@
</field>
<field>
<fielddescr>LINKS</fielddescr>
- <fieldname>none</fieldname>
- <description><![CDATA[<a href="/firewall_aliases.php">Firewall Alias</a> &nbsp;&nbsp;&nbsp; <a href="/firewall_rules.php">Firewall Rules</a> &nbsp;&nbsp;&nbsp; <a href="diag_logs_filter.php">Firewall Logs</a>]]>
+ <description><![CDATA[<a href="/firewall_aliases.php">Firewall Alias</a> &nbsp;&nbsp;&nbsp;
+ <a href="/firewall_rules.php">Firewall Rules</a> &nbsp;&nbsp;&nbsp; <a href="diag_logs_filter.php">Firewall Logs</a>]]>
</description>
<type>info</type>
</field>
<field>
<fielddescr>Alias Name</fielddescr>
<fieldname>aliasname</fieldname>
- <description><![CDATA[Enter lists Alias Names.<br />
+ <description><![CDATA[Enter Alias Name.<br />
Example: Badguys<br />
Do not include <strong>'pfBlocker' or 'pfB_'</strong> in the Alias Name, it's done by package.<br />
<strong>International, special or space characters will be ignored in firewall alias names.
@@ -182,40 +185,37 @@
<size>90</size>
</field>
<field>
- <fieldname>InfoLists</fieldname>
<type>info</type>
- <description><![CDATA[<strong><u>'Format'</u></strong> : Select the Format Type<br /><br />
- <strong><u>'URL'</u></strong> : Add direct link to list:
+ <description><![CDATA[<strong><u>'Format'</u></strong>: Select the Format Type<br /><br />
+ <strong><u>'URL'</u></strong>: Add direct link to list:
Example: <a target=_new href='http://list.iblocklist.com/?list=bt_ads&fileformat=p2p&archiveformat=gz'>Ads</a>,
<a target=_new href='http://list.iblocklist.com/?list=bt_spyware&fileformat=p2p&archiveformat=gz'>Spyware</a>,
- <a target=_new href='http://list.iblocklist.com/?list=bt_proxy&fileformat=p2p&archiveformat=gz'>Proxies</a> )<br /><br />
- <strong><u>'pfSense Local File'</u></strong> Format :<br /><br />
- &nbsp;&nbsp;http(s)://127.0.0.1/NAME_OF_FILE &nbsp;&nbsp;<strong>or</strong>&nbsp;&nbsp;
+ <a target=_new href='http://list.iblocklist.com/?list=bt_proxy&fileformat=p2p&archiveformat=gz'>Proxies</a><br /><br />
+ <strong><u>'pfSense Local File'</u></strong> Format:<br /><br />
+ &nbsp;&nbsp;http(s)://127.0.0.1/NAME_OF_FILE &nbsp;&nbsp;<strong>or</strong>&nbsp;&nbsp;
/usr/local/www/NAME_OF_FILE &nbsp;&nbsp; (Files can also be placed in the /var/db/pfblockerng folders)<br /><br />
- <strong><u>'Header'</u></strong> : The <u>'Header' Field</u> must be <u>Unique</u>, it will
+ <strong><u>'Header'</u></strong>: The <u>'Header' Field</u> must be <u>Unique</u>, it will
name the List File and it will be referenced in the pfBlockerNG Widget.
Use a Unique Prefix per 'Alias Category' followed by a unique descriptor for each List.<br /><br />]]>
</description>
</field>
<field>
<fielddescr><![CDATA[<strong>IPv4</strong> Lists]]></fielddescr>
- <fieldname>none</fieldname>
<description><![CDATA[<br /><strong>'Format'</strong> - Select the file format that URL will retrieve.<br />
-
- <ul><li><strong>'txt'</strong> Plain txt Lists</li><br />
- <li><strong>'gz'</strong> - IBlock GZ Lists in Range Format only.</li><br />
- <li><strong>'gz_2'</strong> - Other GZ Lists in IP or CIDR only.</li><br />
- <li><strong>'gz_lg'</strong> - Large IBlock GZ Lists in Range Format only.</li><br />
- <li><strong>'zip'</strong> - ZIP'd Lists</li><br />
- <li><strong>'block'</strong>- IP x.x.x.0 Block type</li><br />
- <li><strong>'html'</strong> - Web Links</li><br />
- <li><strong>'xlsx'</strong> - Excel Lists</li><br />
- <li><strong>'rsync'</strong> - RSync Lists</li><br />
+ <ul><li><strong>'txt'</strong> Plain txt Lists</li>
+ <li><strong>'gz'</strong> - IBlock GZ Lists in Range Format only</li>
+ <li><strong>'gz_2'</strong> - Other GZ Lists in IP or CIDR only</li>
+ <li><strong>'gz_lg'</strong> - Large IBlock GZ Lists in Range Format only</li>
+ <li><strong>'zip'</strong> - ZIP'd Lists</li>
+ <li><strong>'block'</strong>- IP x.x.x.0 Block type</li>
+ <li><strong>'html'</strong> - Web Links</li>
+ <li><strong>'xlsx'</strong> - Excel Lists</li>
+ <li><strong>'rsync'</strong> - RSync Lists</li>
<li><strong>'ET' IQRisk</strong> - Only</li></ul>
- <strong>'State'</strong> - Select the Run State for each list.<br />
- <ul><li><strong>'ON/OFF'</strong> - Enabled / Disabled</li><br />
- <li><strong>'HOLD'</strong> - Once a List has been Downloaded, list will remain Static.</li></ul>
+ <strong>'State'</strong> - Select the Run State for each list<br />
+ <ul><li><strong>'ON/OFF'</strong> - Enabled / Disabled</li>
+ <li><strong>'HOLD'</strong> - Once a List has been Downloaded, list will remain Static</li></ul>
<strong>'Note' -</strong> Downloaded or pfsense local file must have only one network per line and follows the syntax below:
<ul>Network ranges: <strong>172.16.1.0-172.16.1.255</strong><br />
IP Address: <strong>172.16.1.10</strong><br />
@@ -223,50 +223,50 @@
</description>
<type>rowhelper</type>
<rowhelper>
- <rowhelperfield>
- <fielddescr>Format</fielddescr>
- <fieldname>format</fieldname>
- <type>select</type>
- <options>
- <option><name>txt</name><value>txt</value></option>
- <option><name>gz</name><value>gz</value></option>
- <option><name>gz_2</name><value>gz_2</value></option>
- <option><name>gz_lg</name><value>gz_lg</value></option>
- <option><name>zip</name><value>zip</value></option>
- <option><name>block</name><value>block</value></option>
- <option><name>html</name><value>html</value></option>
- <option><name>xlsx</name><value>xlsx</value></option>
- <option><name>RSync</name><value>rsync</value></option>
- <option><name>ET</name><value>et</value></option>
- </options>
- </rowhelperfield>
- <rowhelperfield>
- <fielddescr>State</fielddescr>
- <fieldname>state</fieldname>
- <type>select</type>
- <options>
- <option><name>ON</name><value>Enabled</value></option>
- <option><name>OFF</name><value>Disabled</value></option>
- <option><name>HOLD</name><value>Hold</value></option>
- </options>
- </rowhelperfield>
- <rowhelperfield>
- <fielddescr>URL or pfSense local file</fielddescr>
- <fieldname>url</fieldname>
- <type>input</type>
- <size>50</size>
- </rowhelperfield>
- <rowhelperfield>
- <fielddescr>Header</fielddescr>
- <fieldname>header</fieldname>
- <type>input</type>
- <size>15</size>
- </rowhelperfield>
+ <rowhelperfield>
+ <fielddescr>Format</fielddescr>
+ <fieldname>format</fieldname>
+ <type>select</type>
+ <options>
+ <option><name>txt</name><value>txt</value></option>
+ <option><name>gz</name><value>gz</value></option>
+ <option><name>gz_2</name><value>gz_2</value></option>
+ <option><name>gz_lg</name><value>gz_lg</value></option>
+ <option><name>zip</name><value>zip</value></option>
+ <option><name>block</name><value>block</value></option>
+ <option><name>html</name><value>html</value></option>
+ <option><name>xlsx</name><value>xlsx</value></option>
+ <option><name>RSync</name><value>rsync</value></option>
+ <option><name>ET</name><value>et</value></option>
+ </options>
+ </rowhelperfield>
+ <rowhelperfield>
+ <fielddescr>State</fielddescr>
+ <fieldname>state</fieldname>
+ <type>select</type>
+ <options>
+ <option><name>ON</name><value>Enabled</value></option>
+ <option><name>OFF</name><value>Disabled</value></option>
+ <option><name>HOLD</name><value>Hold</value></option>
+ </options>
+ </rowhelperfield>
+ <rowhelperfield>
+ <fielddescr>URL or pfSense local file</fielddescr>
+ <fieldname>url</fieldname>
+ <type>input</type>
+ <size>50</size>
+ </rowhelperfield>
+ <rowhelperfield>
+ <fielddescr>Header</fielddescr>
+ <fieldname>header</fieldname>
+ <type>input</type>
+ <size>15</size>
+ </rowhelperfield>
</rowhelper>
</field>
<field>
<fielddescr>List Action</fielddescr>
- <description><![CDATA[<br />Default : <strong>Disabled</strong><br /><br />
+ <description><![CDATA[<br />Default: <strong>Disabled</strong><br /><br />
Select the <strong>Action</strong> for Firewall Rules on lists you have selected.<br /><br />
<strong><u>'Disabled' Rules:</u></strong> Disables selection and does nothing to selected Alias.<br /><br />
@@ -292,12 +292,12 @@
<strong><u>'Alias' Rules:</u></strong><br />
<strong>'Alias'</strong> rules create an <a href="/firewall_aliases.php">alias</a> for the list (and do nothing else).
This enables a pfBlockerNG list to be used by name, in any firewall rule or pfSense function, as desired.
- <ul><li><strong>Options &nbsp;&nbsp; - Alias Deny,&nbsp; Alias Permit,&nbsp; Alias Match,&nbsp; Alias Native</strong></li><br />
+ <ul><li><strong>Options - Alias Deny,&nbsp; Alias Permit,&nbsp; Alias Match,&nbsp; Alias Native</strong></li><br />
<li>'Alias Deny' can use De-Duplication and Reputation Processes if configured.</li><br />
<li>'Alias Permit' and 'Alias Match' will be saved in the Same folder as the other Permit/Match Auto-Rules</li><br />
<li>'Alias Native' lists are kept in their Native format without any modifications.</li></ul>
<strong>When using 'Alias' rules, change (pfB_) to ( pfb_ ) in the beginning of rule description and Use the 'Exact' spelling of
- the Alias (no trailing Whitespace)&nbsp;</strong> Custom 'Alias' rules with 'pfB_ xxx' description will be removed by package if
+ the Alias (no trailing Whitespace)</strong> Custom 'Alias' rules with 'pfB_ xxx' description will be removed by package if
using Auto Rule Creation.<br /><br /><strong>Tip</strong>: You can create the Auto Rules and remove "<u>auto rule</u>" from the Rule
Descriptions, then disable Auto Rules. This method will 'KEEP' these rules from being 'Deleted' which will allow editing for a Custom
Alias Configuration<br />]]>
@@ -324,8 +324,8 @@
<field>
<fielddescr>Update Frequency</fielddescr>
<fieldname>cron</fieldname>
- <description><![CDATA[Default:<strong>Never</strong><br />
- Select how often List files will be downloaded]]>
+ <description><![CDATA[Default: <strong>Never</strong><br />
+ Select how often List files will be downloaded. <strong>This must be within the Cron Interval/Start Hour settings.</strong>]]>
</description>
<type>select</type>
<options>
@@ -344,7 +344,7 @@
<field>
<fielddescr>Weekly (Day of Week)</fielddescr>
<fieldname>dow</fieldname>
- <description><![CDATA[Default:<strong>1</strong><br />
+ <description><![CDATA[Default: <strong>Monday</strong><br />
Select the 'Weekly' ( Day of the Week ) to Update <br />
This is only required for the 'Weekly' Frequency Selection. The 24 Hour Download 'Time' will be used.]]>
</description>
@@ -362,7 +362,7 @@
<field>
<fielddescr>Enable Logging</fielddescr>
<fieldname>aliaslog</fieldname>
- <description><![CDATA[Default:<strong>Enable</strong><br />
+ <description><![CDATA[Default: <strong>Enable</strong><br />
Select - Logging to Status: System Logs: FIREWALL ( Log )<br />
This can be overriden by the 'Global Logging' Option in the General Tab.]]>
</description>
@@ -373,6 +373,85 @@
</options>
</field>
<field>
+ <name>Advanced Inbound Firewall Rule Settings</name>
+ <type>listtopic</type>
+ </field>
+ <field>
+ <type>info</type>
+ <description><![CDATA[<font color='red'>Note: </font>In general Auto-Rules are created as follows:<br />
+ <ul>Inbound &nbsp;&nbsp;- 'any' port, 'any' protocol and 'any' destination<br />
+ Outbound - 'any' port, 'any' protocol and 'any' destination address in the lists</ul>
+ Configuring the Adv. Inbound Rule settings, will allow for more customization of the Inbound Auto-Rules.<br />
+ <strong>Select the pfSense 'Port' and/or 'Destination' Alias below:</strong>]]>
+ </description>
+ </field>
+ <field>
+ <fieldname>autoports</fieldname>
+ <fielddescr>Enable Custom Port</fielddescr>
+ <type>checkbox</type>
+ <enablefields>aliasports</enablefields>
+ <usecolspan2/>
+ <combinefields>begin</combinefields>
+ </field>
+ <field>
+ <fielddescr>Define Alias</fielddescr>
+ <fieldname>aliasports</fieldname>
+ <description><![CDATA[<a href="/firewall_aliases.php?tab=port">Click Here to add/edit Aliases</a>
+ Do not manually enter port numbers. <br />Do not use 'pfB_' in the Port Alias name.]]>
+ </description>
+ <size>21</size>
+ <type>aliases</type>
+ <typealiases>port</typealiases>
+ <dontdisplayname/>
+ <usecolspan2/>
+ <combinefields>end</combinefields>
+ </field>
+ <field>
+ <fieldname>autodest</fieldname>
+ <fielddescr>Enable Custom Destination</fielddescr>
+ <type>checkbox</type>
+ <enablefields>aliasdest,autonot</enablefields>
+ <usecolspan2/>
+ <combinefields>begin</combinefields>
+ </field>
+ <field>
+ <fieldname>aliasdest</fieldname>
+ <description><![CDATA[<a href="/firewall_aliases.php?tab=ip">Click Here to add/edit Aliases</a>
+ Do not manually enter Addresses(es). <br />Do not use 'pfB_' in the 'IP Network Type' Alias name.]]>
+ </description>
+ <size>21</size>
+ <type>aliases</type>
+ <typealiases>network</typealiases>
+ <dontdisplayname/>
+ <usecolspan2/>
+ <combinefields/>
+ </field>
+ <field>
+ <fielddescr>Invert</fielddescr>
+ <fieldname>autonot</fieldname>
+ <description><![CDATA[<div style="padding-left: 22px;"><strong>Invert</strong> - Option to invert the sense of the match.<br />
+ ie - Not (!) Destination Address(es)</div>]]>
+ </description>
+ <type>checkbox</type>
+ <dontdisplayname/>
+ <usecolspan2/>
+ <combinefields>end</combinefields>
+ </field>
+ <field>
+ <fielddescr>Custom Protocol</fielddescr>
+ <fieldname>autoproto</fieldname>
+ <description><![CDATA[<strong>Default: any</strong><br />Select the Protocol used for Inbound Firewall Rule(s).]]></description>
+ <type>select</type>
+ <options>
+ <option><name>any</name><value></value></option>
+ <option><name>TCP</name><value>tcp</value></option>
+ <option><name>UDP</name><value>udp</value></option>
+ <option><name>TCP/UDP</name><value>tcp/udp</value></option>
+ </options>
+ <size>4</size>
+ <default_value></default_value>
+ </field>
+ <field>
<name>IPv4 Custom list</name>
<type>listtopic</type>
</field>
@@ -394,18 +473,19 @@
<field>
<fielddescr>Update Custom List</fielddescr>
<fieldname>custom_update</fieldname>
- <description><![CDATA[Default:<strong>Disable</strong><br />
- select - Enable Update if changes are made to this List. Cron will also resync this list at the next Scheduled Update.]]>
+ <description><![CDATA[Select - '<strong>Default</strong>' to update Custom List as per Update Frequency setting.<br />
+ Select - '<strong>Update Custom List</strong>' followed by a 'Force Update' to apply Custom List Changes.<br />
+ Cron will also resync this Custom List at the next Update Frequency.]]>
</description>
<type>select</type>
<options>
- <option><name>Disable</name><value>disabled</value></option>
- <option><name>Enable</name><value>enabled</value></option>
+ <option><name>Default</name><value>disabled</value></option>
+ <option><name>Update Custom List</name><value>enabled</value></option>
</options>
</field>
<field>
- <name><![CDATA[<ul>Click to SAVE Settings and/or Rule Edits. &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Changes are Applied via CRON or
- 'Force Update'</ul>]]></name>
+ <name><![CDATA[<center>Click to SAVE Settings and/or Rule Edits. &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Changes are Applied via CRON or
+ 'Force Update'</center>]]></name>
<type>listtopic</type>
</field>
</fields>
diff --git a/config/pfblockerng/pfblockerng_v6lists.xml b/config/pfblockerng/pfblockerng_v6lists.xml
index 10a866c0..3e9dbe6f 100644
--- a/config/pfblockerng/pfblockerng_v6lists.xml
+++ b/config/pfblockerng/pfblockerng_v6lists.xml
@@ -54,6 +54,7 @@
<version>1.0</version>
<title>pfBlockerNG: IPv6 Alias/List Configuration</title>
<include_file>/usr/local/pkg/pfblockerng/pfblockerng.inc</include_file>
+ <addedit_string>pfBlockerNG: Save IPv6 settings</addedit_string>
<menu>
<name>pfBlockerNG</name>
<tooltiptext></tooltiptext>
@@ -118,7 +119,7 @@
<tab>
<text>P.S.</text>
<url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_ProxyandSatellite.xml&amp;id=0</url>
- </tab>
+ </tab>
<tab>
<text>Logs</text>
<url>/pfblockerng/pfblockerng_log.php</url>
@@ -149,6 +150,8 @@
<fielddescr>Logging</fielddescr>
<fieldname>aliaslog</fieldname>
</columnitem>
+ <addtext>Add a new Alias</addtext>
+ <movable>on</movable>
</adddeleteeditpagefields>
<fields>
<field>
@@ -157,15 +160,15 @@
</field>
<field>
<fielddescr>LINKS</fielddescr>
- <fieldname>none</fieldname>
- <description><![CDATA[<a href="/firewall_aliases.php">Firewall Alias</a> &nbsp;&nbsp;&nbsp; <a href="/firewall_rules.php">Firewall Rules</a> &nbsp;&nbsp;&nbsp; <a href="diag_logs_filter.php">Firewall Logs</a>]]>
+ <description><![CDATA[<a href="/firewall_aliases.php">Firewall Alias</a> &nbsp;&nbsp;&nbsp;
+ <a href="/firewall_rules.php">Firewall Rules</a> &nbsp;&nbsp;&nbsp; <a href="diag_logs_filter.php">Firewall Logs</a>]]>
</description>
<type>info</type>
</field>
<field>
<fielddescr>Alias Name</fielddescr>
<fieldname>aliasname</fieldname>
- <description><![CDATA[Enter lists Alias Names.<br />
+ <description><![CDATA[Enter Alias Name.<br />
Example: Badguys<br />
Do not include <strong>'pfBlocker' or 'pfB_'</strong> in the Alias Name, it's done by package.<br />
<strong>International, special or space characters will be ignored in firewall alias names.
@@ -181,38 +184,35 @@
<size>90</size>
</field>
<field>
- <fieldname>InfoLists</fieldname>
<type>info</type>
- <description><![CDATA[<strong><u>'Format'</u></strong> : Select the Format Type<br /><br />
- <strong><u>'URL'</u></strong> : Add direct link to list:
+ <description><![CDATA[<strong><u>'Format'</u></strong>: Select the Format Type<br /><br />
+ <strong><u>'URL'</u></strong>: Add direct link to list:
Example: <a target=_new href='http://list.iblocklist.com/?list=bt_ads&fileformat=p2p&archiveformat=gz'>Ads</a>,
<a target=_new href='http://list.iblocklist.com/?list=bt_spyware&fileformat=p2p&archiveformat=gz'>Spyware</a>,
<a target=_new href='http://list.iblocklist.com/?list=bt_proxy&fileformat=p2p&archiveformat=gz'>Proxies</a><br /><br />
- <strong><u>'pfSense Local File'</u></strong> Format :<br /><br />
- &nbsp;&nbsp;http(s)://127.0.0.1/NAME_OF_FILE &nbsp;&nbsp;<strong>or</strong>&nbsp;&nbsp;
+ <strong><u>'pfSense Local File'</u></strong> Format:<br /><br />
+ &nbsp;&nbsp;http(s)://127.0.0.1/NAME_OF_FILE &nbsp;&nbsp;<strong>or</strong>&nbsp;&nbsp;
/usr/local/www/NAME_OF_FILE &nbsp;&nbsp; (Files can also be placed in the /var/db/pfblockerng folders)<br /><br />
- <strong><u>'Header'</u></strong> : The <u>'Header' Field</u> must be <u>Unique</u>, it will
+ <strong><u>'Header'</u></strong>: The <u>'Header' Field</u> must be <u>Unique</u>, it will
name the List File and it will be referenced in the pfBlockerNG Widget.
Use a Unique Prefix per 'Alias Category' followed by a unique descriptor for each List.<br /><br />]]>
</description>
</field>
<field>
<fielddescr><![CDATA[<strong>IPv6</strong> Lists]]></fielddescr>
- <fieldname>none</fieldname>
- <description><![CDATA[<br /><strong>'Format'</strong> - Choose the file format that URL will retrieve.<br />
-
- <ul><li><strong>'txt'</strong> Plain txt Lists</li><br />
- <li><strong>'gz'</strong> - IBlock GZ Lists in Range Format only.</li><br />
- <li><strong>'gz_2'</strong> - Other GZ Lists in IP or CIDR only.</li><br />
- <li><strong>'zip'</strong> - ZIP'd Lists</li><br />
- <li><strong>'block'</strong>- IP x.x.x.0 Block type</li><br />
- <li><strong>'html'</strong> - Web Links</li><br />
- <li><strong>'xlsx'</strong> - Excel Lists</li><br />
- <li><strong>'rsync'</strong> - RSync Lists</li><br />
- <strong>'State'</strong> - Select the Run State for each list.<br />
- <ul><li><strong>'ON/OFF'</strong> - Enabled / Disabled</li><br />
- <li><strong>'HOLD'</strong> - Once a List has been Downloaded, list will remain Static.</li></ul>
+ <description><![CDATA[<br /><strong>'Format'</strong> - Select the file format that URL will retrieve.<br />
+ <ul><li><strong>'txt'</strong> Plain txt Lists</li>
+ <li><strong>'gz'</strong> - IBlock GZ Lists in Range Format only</li>
+ <li><strong>'gz_2'</strong> - Other GZ Lists in IP or CIDR only</li>
+ <li><strong>'zip'</strong> - ZIP'd Lists</li>
+ <li><strong>'block'</strong>- IP x.x.x.0 Block type</li>
+ <li><strong>'html'</strong> - Web Links</li>
+ <li><strong>'xlsx'</strong> - Excel Lists</li>
+ <li><strong>'rsync'</strong> - RSync Lists</li>
+ <strong>'State'</strong> - Select the Run State for each list<br />
+ <ul><li><strong>'ON/OFF'</strong> - Enabled / Disabled</li>
+ <li><strong>'HOLD'</strong> - Once a List has been Downloaded, list will remain Static</li></ul>
<strong>'Note' -</strong> Downloaded or pfsense local file must have only one network per line and follows the syntax below:
<ul>Network ranges: <strong> TBC </strong><br />
IP Address: <strong> TBC </strong><br />
@@ -220,48 +220,48 @@
</description>
<type>rowhelper</type>
<rowhelper>
- <rowhelperfield>
- <fielddescr>Format</fielddescr>
- <fieldname>format</fieldname>
- <type>select</type>
- <options>
- <option><name>txt</name><value>txt</value></option>
- <option><name>gz</name><value>gz</value></option>
- <option><name>gz_2</name><value>gz_2</value></option>
- <option><name>zip</name><value>zip</value></option>
- <option><name>block</name><value>block</value></option>
- <option><name>html</name><value>html</value></option>
- <option><name>xlsx</name><value>xlsx</value></option>
- <option><name>RSync</name><value>rsync</value></option>
- </options>
- </rowhelperfield>
- <rowhelperfield>
- <fielddescr>State</fielddescr>
- <fieldname>state</fieldname>
- <type>select</type>
- <options>
- <option><name>ON</name><value>Enabled</value></option>
- <option><name>OFF</name><value>Disabled</value></option>
- <option><name>HOLD</name><value>Hold</value></option>
- </options>
- </rowhelperfield>
- <rowhelperfield>
- <fielddescr>URL or pfSense local file</fielddescr>
- <fieldname>url</fieldname>
- <type>input</type>
- <size>50</size>
- </rowhelperfield>
- <rowhelperfield>
- <fielddescr>Header</fielddescr>
- <fieldname>header</fieldname>
- <type>input</type>
- <size>15</size>
- </rowhelperfield>
+ <rowhelperfield>
+ <fielddescr>Format</fielddescr>
+ <fieldname>format</fieldname>
+ <type>select</type>
+ <options>
+ <option><name>txt</name><value>txt</value></option>
+ <option><name>gz</name><value>gz</value></option>
+ <option><name>gz_2</name><value>gz_2</value></option>
+ <option><name>zip</name><value>zip</value></option>
+ <option><name>block</name><value>block</value></option>
+ <option><name>html</name><value>html</value></option>
+ <option><name>xlsx</name><value>xlsx</value></option>
+ <option><name>RSync</name><value>rsync</value></option>
+ </options>
+ </rowhelperfield>
+ <rowhelperfield>
+ <fielddescr>State</fielddescr>
+ <fieldname>state</fieldname>
+ <type>select</type>
+ <options>
+ <option><name>ON</name><value>Enabled</value></option>
+ <option><name>OFF</name><value>Disabled</value></option>
+ <option><name>HOLD</name><value>Hold</value></option>
+ </options>
+ </rowhelperfield>
+ <rowhelperfield>
+ <fielddescr>URL or pfSense local file</fielddescr>
+ <fieldname>url</fieldname>
+ <type>input</type>
+ <size>50</size>
+ </rowhelperfield>
+ <rowhelperfield>
+ <fielddescr>Header</fielddescr>
+ <fieldname>header</fieldname>
+ <type>input</type>
+ <size>15</size>
+ </rowhelperfield>
</rowhelper>
</field>
<field>
<fielddescr>List Action</fielddescr>
- <description><![CDATA[<br />Default : <strong>Disabled</strong><br /><br />
+ <description><![CDATA[<br />Default: <strong>Disabled</strong><br /><br />
Select the <strong>Action</strong> for Firewall Rules on lists you have selected.<br /><br />
<strong><u>'Disabled' Rules:</u></strong> Disables selection and does nothing to selected Alias.<br /><br />
@@ -287,7 +287,7 @@
<strong><u>'Alias' Rules:</u></strong><br />
<strong>'Alias'</strong> rules create an <a href="/firewall_aliases.php">alias</a> for the list (and do nothing else).
This enables a pfBlockerNG list to be used by name, in any firewall rule or pfSense function, as desired.
- <ul><li><strong>Options &nbsp;&nbsp; - Alias Deny,&nbsp; Alias Permit,&nbsp; Alias Match,&nbsp; Alias Native</strong></li><br />
+ <ul><li><strong>Options - Alias Deny,&nbsp; Alias Permit,&nbsp; Alias Match,&nbsp; Alias Native</strong></li><br />
<li>'Alias Deny' can use De-Duplication and Reputation Processes if configured.</li><br />
<li>'Alias Permit' and 'Alias Match' will be saved in the Same folder as the other Permit/Match Auto-Rules</li><br />
<li>'Alias Native' lists are kept in their Native format without any modifications.</li></ul>
@@ -319,8 +319,8 @@
<field>
<fielddescr>Update Frequency</fielddescr>
<fieldname>cron</fieldname>
- <description><![CDATA[Default:<strong>Never</strong><br />
- Select how often List files will be downloaded]]>
+ <description><![CDATA[Default: <strong>Never</strong><br />
+ Select how often List files will be downloaded. <strong>This must be within the Cron Interval/Start Hour settings.</strong>]]>
</description>
<type>select</type>
<options>
@@ -339,7 +339,7 @@
<field>
<fielddescr>Weekly (Day of Week)</fielddescr>
<fieldname>dow</fieldname>
- <description><![CDATA[Default:<strong>1</strong><br />
+ <description><![CDATA[Default: <strong>Monday</strong><br />
Select the 'Weekly' ( Day of the Week ) to Update <br />
This is only required for the 'Weekly' Frequency Selection. The 24 Hour Download 'Time' will be used.]]>
</description>
@@ -357,7 +357,7 @@
<field>
<fielddescr>Enable Logging</fielddescr>
<fieldname>aliaslog</fieldname>
- <description><![CDATA[Default:<strong>Enable</strong><br />
+ <description><![CDATA[Default: <strong>Enable</strong><br />
Select - Logging to Status: System Logs: FIREWALL ( Log )<br />
This can be overriden by the 'Global Logging' Option in the General Tab.]]>
</description>
@@ -368,6 +368,85 @@
</options>
</field>
<field>
+ <name>Advanced Inbound Firewall Rule Settings</name>
+ <type>listtopic</type>
+ </field>
+ <field>
+ <type>info</type>
+ <description><![CDATA[<font color='red'>Note: </font>In general Auto-Rules are created as follows:<br />
+ <ul>Inbound &nbsp;&nbsp;- 'any' port, 'any' protocol and 'any' destination<br />
+ Outbound - 'any' port, 'any' protocol and 'any' destination address in the lists</ul>
+ Configuring the Adv. Inbound Rule settings, will allow for more customization of the Inbound Auto-Rules.<br />
+ <strong>Select the pfSense 'Port' and/or 'Destination' Alias below:</strong>]]>
+ </description>
+ </field>
+ <field>
+ <fieldname>autoports</fieldname>
+ <fielddescr>Enable Custom Port</fielddescr>
+ <type>checkbox</type>
+ <enablefields>aliasports</enablefields>
+ <usecolspan2/>
+ <combinefields>begin</combinefields>
+ </field>
+ <field>
+ <fielddescr>Define Alias</fielddescr>
+ <fieldname>aliasports</fieldname>
+ <description><![CDATA[<a href="/firewall_aliases.php?tab=port">Click Here to add/edit Aliases</a>
+ Do not manually enter port numbers. <br />Do not use 'pfB_' in the Port Alias name.]]>
+ </description>
+ <size>21</size>
+ <type>aliases</type>
+ <typealiases>port</typealiases>
+ <dontdisplayname/>
+ <usecolspan2/>
+ <combinefields>end</combinefields>
+ </field>
+ <field>
+ <fieldname>autodest</fieldname>
+ <fielddescr>Enable Custom Destination</fielddescr>
+ <type>checkbox</type>
+ <enablefields>aliasdest,autonot</enablefields>
+ <usecolspan2/>
+ <combinefields>begin</combinefields>
+ </field>
+ <field>
+ <fieldname>aliasdest</fieldname>
+ <description><![CDATA[<a href="/firewall_aliases.php?tab=ip">Click Here to add/edit Aliases</a>
+ Do not manually enter Addresses(es). <br />Do not use 'pfB_' in the 'IP Network Type' Alias name.]]>
+ </description>
+ <size>21</size>
+ <type>aliases</type>
+ <typealiases>network</typealiases>
+ <dontdisplayname/>
+ <usecolspan2/>
+ <combinefields/>
+ </field>
+ <field>
+ <fielddescr>Invert</fielddescr>
+ <fieldname>autonot</fieldname>
+ <description><![CDATA[<div style="padding-left: 22px;"><strong>Invert</strong> - Option to invert the sense of the match.<br />
+ ie - Not (!) Destination Address(es)</div>]]>
+ </description>
+ <type>checkbox</type>
+ <dontdisplayname/>
+ <usecolspan2/>
+ <combinefields>end</combinefields>
+ </field>
+ <field>
+ <fielddescr>Custom Protocol</fielddescr>
+ <fieldname>autoproto</fieldname>
+ <description><![CDATA[<strong>Default: any</strong><br />Select the Protocol used for Inbound Firewall Rule(s).]]></description>
+ <type>select</type>
+ <options>
+ <option><name>any</name><value></value></option>
+ <option><name>TCP</name><value>tcp</value></option>
+ <option><name>UDP</name><value>udp</value></option>
+ <option><name>TCP/UDP</name><value>tcp/udp</value></option>
+ </options>
+ <size>4</size>
+ <default_value></default_value>
+ </field>
+ <field>
<name>IPv6 Custom list</name>
<type>listtopic</type>
</field>
@@ -389,18 +468,19 @@
<field>
<fielddescr>Update Custom List</fielddescr>
<fieldname>custom_update</fieldname>
- <description><![CDATA[Default:<strong>Disable</strong><br />
- Select - Enable Update if changes are made to this List. Cron will also resync this list at the next Scheduled Update.]]>
+ <description><![CDATA[Select - '<strong>Default</strong>' to update Custom List as per Update Frequency setting.<br />
+ Select - '<strong>Update Custom List</strong>' followed by a 'Force Update' to apply Custom List Changes.<br />
+ Cron will also resync this Custom List at the next Update Frequency.]]>
</description>
<type>select</type>
<options>
- <option><name>Disable</name><value>disabled</value></option>
- <option><name>Enable</name><value>enabled</value></option>
+ <option><name>Default</name><value>disabled</value></option>
+ <option><name>Update Custom List</name><value>enabled</value></option>
</options>
</field>
<field>
- <name><![CDATA[<ul>Click to SAVE Settings and/or Rule Edits. &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Changes are Applied via CRON or
- 'Force Update'</ul>]]></name>
+ <name><![CDATA[<center>Click to SAVE Settings and/or Rule Edits. &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Changes are Applied via CRON or
+ 'Force Update'</center>]]></name>
<type>listtopic</type>
</field>
</fields>