aboutsummaryrefslogtreecommitdiffstats
path: root/config/pfblockerng
diff options
context:
space:
mode:
authorBBcan177 <bbcan177@gmail.com>2014-12-15 00:04:06 -0500
committerBBcan177 <bbcan177@gmail.com>2014-12-15 00:04:06 -0500
commit9cf706ced50e5bf66645a7661c995d2dccac256f (patch)
tree51deff0fe469993aaef63cb1aca6c62549347d44 /config/pfblockerng
parentb656811caaae572c5f59547ab3e530cb042271ef (diff)
downloadpfsense-packages-9cf706ced50e5bf66645a7661c995d2dccac256f.tar.gz
pfsense-packages-9cf706ced50e5bf66645a7661c995d2dccac256f.tar.bz2
pfsense-packages-9cf706ced50e5bf66645a7661c995d2dccac256f.zip
Mods to pfblockerng.php, .inc, _sync, _v4 and _v6 files.
pfblockerng.inc - - Remove redundant ['action'] argument in if() statements. - If no interfaces are selected, defined empty variable and Array. - Separate "Skip & Hold" List download functionality into its own ['state'] process. This allows more fine grain control of each individual list in an Alias. - Remove argument for empty Interfaces in the Rules Re-order process. pfblockerng_sync.xml - - Fix broken link in sync file. pfblockerng_v4lists.xml and _v6 - - Separate "Skip & Hold" List download functionality into its own ['state'] process. This allows more fine grain control of each individual list in an Alias. - Minor Text improvements.
Diffstat (limited to 'config/pfblockerng')
-rw-r--r--config/pfblockerng/pfblockerng.inc37
-rw-r--r--config/pfblockerng/pfblockerng.php9
-rw-r--r--config/pfblockerng/pfblockerng_sync.xml2
-rw-r--r--config/pfblockerng/pfblockerng_v4lists.xml42
-rw-r--r--config/pfblockerng/pfblockerng_v6lists.xml47
5 files changed, 83 insertions, 54 deletions
diff --git a/config/pfblockerng/pfblockerng.inc b/config/pfblockerng/pfblockerng.inc
index 2f0c90de..9f35397a 100644
--- a/config/pfblockerng/pfblockerng.inc
+++ b/config/pfblockerng/pfblockerng.inc
@@ -429,7 +429,7 @@ function sync_package_pfblockerng($cron = "") {
foreach ($continents as $continent => $pfb_alias) {
if (is_array($config['installedpackages']['pfblockerng' . strtolower(preg_replace('/ /','',$continent))]['config'])) {
$continent_config = $config['installedpackages']['pfblockerng' . strtolower(preg_replace('/ /','',$continent))]['config'][0];
- if ($continent_config['action'] != "Disabled" && $continent_config['action'] != "" && in_array($continent_config['action'],array('Deny_Both','Deny_Inbound','Deny_Outbound','Match_Both','Match_Inbound','Match_Outbound','Permit_Both','Permit_Inbound','Permit_Outbound'))) {
+ if ($continent_config['action'] != "Disabled" && in_array($continent_config['action'],array('Deny_Both','Deny_Inbound','Deny_Outbound','Match_Both','Match_Inbound','Match_Outbound','Permit_Both','Permit_Inbound','Permit_Outbound'))) {
$pfb['autorules'] = TRUE;
$pfb['found'] = TRUE;
break;
@@ -441,7 +441,7 @@ function sync_package_pfblockerng($cron = "") {
foreach ($list_type as $ip_type) {
if ($config['installedpackages'][$ip_type]['config'] != "" && !$pfb['found']) {
foreach($config['installedpackages'][$ip_type]['config'] as $list) {
- if ($list['action'] != "Disabled" && $list['action'] != "" && in_array($list['action'],array('Deny_Both','Deny_Inbound','Deny_Outbound','Match_Both','Match_Inbound','Match_Outbound','Permit_Both','Permit_Inbound','Permit_Outbound'))) {
+ if ($list['action'] != "Disabled" && in_array($list['action'],array('Deny_Both','Deny_Inbound','Deny_Outbound','Match_Both','Match_Inbound','Match_Outbound','Permit_Both','Permit_Inbound','Permit_Outbound'))) {
$pfb['autorules'] = TRUE;
break;
}
@@ -517,6 +517,10 @@ function sync_package_pfblockerng($cron = "") {
$base_rule = $base_rule_reg;
$pfb['inbound_interfaces'] = explode(",",$pfb['config']['inbound_interface']);
}
+ } else {
+ # Define Empty Variable/Array
+ $pfb['inbound_interfaces_float'] = "";
+ $pfb['inbound_interfaces'] = array();
}
if (!empty($pfb['config']['outbound_interface'])) {
@@ -545,6 +549,10 @@ function sync_package_pfblockerng($cron = "") {
if (!in_array("openvpn",$sort_interfaces))
array_push($pfb['outbound_interfaces'], "openvpn");
}
+ } else {
+ # Define Empty Variable/Array
+ $pfb['outbound_interfaces_float'] = "";
+ $pfb['outbound_interfaces'] = array();
}
@@ -581,7 +589,7 @@ function sync_package_pfblockerng($cron = "") {
foreach ($continents as $continent => $pfb_alias) {
if (is_array($config['installedpackages']['pfblockerng' . strtolower(preg_replace('/ /','',$continent))]['config']) && $pfb['enable'] == "on") {
$continent_config = $config['installedpackages']['pfblockerng' . strtolower(preg_replace('/ /','',$continent))]['config'][0];
- if ($continent_config['action'] != "Disabled" && $continent_config['action'] != "") {
+ if ($continent_config['action'] != "Disabled") {
$cont_type = array ("countries4" => "_v4", "countries6" => "_v6");
foreach ($cont_type as $c_type => $vtype) {
if ($continent_config[$c_type] != "") {
@@ -606,7 +614,7 @@ function sync_package_pfblockerng($cron = "") {
foreach ($list_type as $ip_type => $vtype) {
if ($config['installedpackages'][$ip_type]['config'] != "" && $pfb['enable'] == "on") {
foreach ($config['installedpackages'][$ip_type]['config'] as $list) {
- if (is_array($list['row']) && $list['action'] != "Disabled" && $list['action'] != "") {
+ if (is_array($list['row']) && $list['action'] != "Disabled") {
foreach ($list['row'] as $row) {
if ($vtype == "_v4") {
$pfb_alias = "{$row['header']}";
@@ -614,7 +622,7 @@ function sync_package_pfblockerng($cron = "") {
$pfb_alias = "{$row['header']}_v6";
}
# Collect Enabled Lists
- if ($row['url'] != "" && $row['format'] != "skip") {
+ if ($row['url'] != "" && $row['state'] != "Disabled") {
# Set Parameters for 'Match', 'Permit', 'Native' and 'Deny'
if (in_array($list['action'],array('Match_Both','Match_Inbound','Match_Outbound','Alias_Match'))) {
$pfb['existing']['match'][] = "{$pfb_alias}";
@@ -638,10 +646,10 @@ function sync_package_pfblockerng($cron = "") {
if ($config['installedpackages'][$ip_type]['config'] != "" && $pfb['enable'] == "on") {
$count = -1;
foreach ($config['installedpackages'][$ip_type]['config'] as $list) {
- if (is_array($list['row']) && $list['action'] != "Disabled" && $list['action'] != "") {
+ if (is_array($list['row']) && $list['action'] != "Disabled") {
$count++;
# Check if 'Emerging Threats Update' Needs Updating before next CRON Event.
- if (is_array($list['row']) && $pfb['etupdate'] == "enabled" && $vtype == "_v4") {
+ if (is_array($list['row']) && $row['state'] != "Disabled" && $pfb['etupdate'] == "enabled" && $vtype == "_v4") {
foreach ($list['row'] as $row) {
$aliasname = $row['header'];
if ($row['format'] == "et") {
@@ -810,7 +818,7 @@ function sync_package_pfblockerng($cron = "") {
foreach ($continents as $continent => $pfb_alias) {
if (is_array($config['installedpackages']['pfblockerng' . strtolower(preg_replace('/ /','',$continent))]['config'])) {
$continent_config = $config['installedpackages']['pfblockerng' . strtolower(preg_replace('/ /','',$continent))]['config'][0];
- if ($continent_config['action'] != "Disabled" && $continent_config['action'] != "" && $pfb['enable'] == "on") {
+ if ($continent_config['action'] != "Disabled" && $pfb['enable'] == "on") {
# Determine Folder Location for Alias (return array $pfbarr)
pfb_determine_list_detail($continent_config['action']);
@@ -1065,11 +1073,11 @@ function sync_package_pfblockerng($cron = "") {
foreach ($list_type as $ip_type => $vtype) {
if ($config['installedpackages'][$ip_type]['config'] != "") {
foreach ($config['installedpackages'][$ip_type]['config'] as $list) {
- if ($list['action'] != "Disabled" && $list['action'] != "" && $pfb['enable'] == "on" && !$pfb['save'] && is_array($list['row'])) {
+ if ($list['action'] != "Disabled" && $pfb['enable'] == "on" && !$pfb['save'] && is_array($list['row'])) {
# Capture Alias Name
$alias = "pfB_" . preg_replace("/\W/","",$list['aliasname']);
foreach ($list['row'] as $row) {
- if ($row['url'] != "" && $row['format'] != "skip") {
+ if ($row['url'] != "" && $row['state'] != "Disabled") {
# Determine Folder Location for Alias (return array $pfbarr)
pfb_determine_list_detail($list['action']);
@@ -1100,8 +1108,9 @@ function sync_package_pfblockerng($cron = "") {
}
if (file_exists($pfbfolder . '/' . $header_url . '.txt') && $pfb['reuse'] == "") {
- if ($row['format'] == "hold") {
+ if ($row['state'] == "Hold") {
$log = "\n[ {$header_url} ] {$log_tab} Static Hold [ NOW ]\n";
+ $row['format'] = "Hold";
} else {
$log = "\n[ {$header_url} ] {$log_tab} exists, Reloading File [ NOW ]\n";
}
@@ -1576,13 +1585,13 @@ function sync_package_pfblockerng($cron = "") {
$final_alias = array_unique($pfb_alias_lists);
}
- if ($list['action'] != "Disabled" && $list['action'] != "") {
+ if ($list['action'] != "Disabled") {
#remove empty lists files if any
if (is_array($list['row'])) {
$update = 0;
${$alias} = "";
foreach ($list['row'] as $row) {
- if ($row['url'] != "" && $row['format'] != "skip") {
+ if ($row['url'] != "" && $row['state'] != "Disabled") {
if ($vtype == "_v4") {
$header_url = "{$row['header']}";
} else {
@@ -1829,7 +1838,7 @@ function sync_package_pfblockerng($cron = "") {
# Collect Existing pfSense Rules 'Pass', 'Match' and 'Other' pfSense rules into new Arrays.
if (!empty($rules)) {
foreach ($rules as $rule) {
- if (!preg_match("/pfB_.*" . $pfb['suffix'] . "/",$rule['descr']) && ($rule['interface'] != "")) {
+ if (!preg_match("/pfB_.*" . $pfb['suffix'] . "/",$rule['descr'])) {
// Floating rules collection 'Floating Pass/Match'. Balance to 'other'
if ($pfb['float'] == "on") {
if ($rule['type'] == "pass" && $rule['floating'] == "yes") {
diff --git a/config/pfblockerng/pfblockerng.php b/config/pfblockerng/pfblockerng.php
index 7539e9fd..4e643cd6 100644
--- a/config/pfblockerng/pfblockerng.php
+++ b/config/pfblockerng/pfblockerng.php
@@ -304,9 +304,9 @@ if ($argv[1] == 'cron') {
foreach ($list_type as $ip_type => $vtype) {
if ($config['installedpackages'][$ip_type]['config'] != "") {
foreach ($config['installedpackages'][$ip_type]['config'] as $list) {
- if (is_array($list['row']) && $list['action'] != "Disabled" && $list['action'] != "") {
+ if (is_array($list['row']) && $list['action'] != "Disabled") {
foreach ($list['row'] as $row) {
- if ($row['url'] != "" && $row['format'] != "hold" && $row['format'] != "skip") {
+ if ($row['url'] != "" && $row['state'] != "Disabled") {
if ($vtype == "_v4") {
$header_url = "{$row['header']}";
@@ -323,6 +323,11 @@ if ($argv[1] == 'cron') {
$header_dow = $list['dow'];
$url_format = $row['format'];
+ // Bypass update if state is defined as "Hold" and list file exists
+ if (file_exists($pfbfolder . '/' . $header_url . '.txt') && $row['state'] == "Hold") {
+ continue;
+ }
+
# Check if List file exists, if not found run Update
if (!file_exists($pfbfolder . '/' . $header_url . '.txt')) {
$log = " Updates Found\n";
diff --git a/config/pfblockerng/pfblockerng_sync.xml b/config/pfblockerng/pfblockerng_sync.xml
index 3401ff31..c5777dcf 100644
--- a/config/pfblockerng/pfblockerng_sync.xml
+++ b/config/pfblockerng/pfblockerng_sync.xml
@@ -77,7 +77,7 @@
</tab>
<tab>
<text>IPv4</text>
- <url>/pkg.php?xml=/pfblockerng/pfblockerng_v4.xml</url>
+ <url>/pkg.php?xml=/pfblockerng/pfblockerng_v4lists.xml</url>
</tab>
<tab>
<text>IPv6</text>
diff --git a/config/pfblockerng/pfblockerng_v4lists.xml b/config/pfblockerng/pfblockerng_v4lists.xml
index 469607e6..17f1a14d 100644
--- a/config/pfblockerng/pfblockerng_v4lists.xml
+++ b/config/pfblockerng/pfblockerng_v4lists.xml
@@ -26,11 +26,11 @@
1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
+ this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
@@ -197,7 +197,7 @@
<field>
<fielddescr><![CDATA[<strong>IPv4</strong> Lists]]></fielddescr>
<fieldname>none</fieldname>
- <description><![CDATA[<br /><strong>'Format'</strong> - Choose the file format that URL will retrieve.<br />
+ <description><![CDATA[<br /><strong>'Format'</strong> - Select the file format that URL will retrieve.<br />
<ul><li><strong>'txt'</strong> Plain txt Lists</li><br />
<li><strong>'gz'</strong> - IBlock GZ Lists in Range Format only.</li><br />
@@ -208,15 +208,14 @@
<li><strong>'html'</strong> - Web Links</li><br />
<li><strong>'xlsx'</strong> - Excel Lists</li><br />
<li><strong>'rsync'</strong> - RSync Lists</li><br />
- <li><strong>'ET IQRisk'</strong> - Only</li><br />
- <li><strong>'SKIP'</strong> - This format can be used to 'Disable' an Individual List.</li><br />
- <li><strong>'HOLD'</strong> - Once a List has been Downloaded, you can change to 'HOLD' to keep this list Static.</li><br />
-
- <strong>Note: </strong><br />
- Downloaded or pfsense local file must have only one network per line and follows the syntax below:<br />
- Network ranges: <strong>172.16.1.0-172.16.1.255</strong><br />
+ <li><strong>'ET' IQRisk</strong> - Only</li></ul>
+ <strong>'State'</strong> - Select the Run State for each list.<br />
+ <ul><li><strong>'ON/OFF'</strong> - Enabled / Disabled</li><br />
+ <li><strong>'HOLD'</strong> - Once a List has been Downloaded, list will remain Static.</li></ul>
+ <strong>'Note' -</strong> Downloaded or pfsense local file must have only one network per line and follows the syntax below:
+ <ul>Network ranges: <strong>172.16.1.0-172.16.1.255</strong><br />
IP Address: <strong>172.16.1.10</strong><br />
- CIDR: <strong>172.16.1.0/24</strong></ul><br /><br />]]>
+ CIDR: <strong>172.16.1.0/24</strong></ul>]]>
</description>
<type>rowhelper</type>
<rowhelper>
@@ -234,16 +233,24 @@
<option><name>html</name><value>html</value></option>
<option><name>xlsx</name><value>xlsx</value></option>
<option><name>RSync</name><value>rsync</value></option>
- <option><name>ET IQRisk</name><value>et</value></option>
- <option><name>SKIP</name><value>skip</value></option>
- <option><name>HOLD</name><value>hold</value></option>
+ <option><name>ET</name><value>et</value></option>
</options>
</rowhelperfield>
<rowhelperfield>
+ <fielddescr>State</fielddescr>
+ <fieldname>state</fieldname>
+ <type>select</type>
+ <options>
+ <option><name>ON</name><value>Enabled</value></option>
+ <option><name>OFF</name><value>Disabled</value></option>
+ <option><name>HOLD</name><value>Hold</value></option>
+ </options>
+ </rowhelperfield>
+ <rowhelperfield>
<fielddescr>URL or pfSense local file</fielddescr>
<fieldname>url</fieldname>
<type>input</type>
- <size>75</size>
+ <size>50</size>
</rowhelperfield>
<rowhelperfield>
<fielddescr>Header</fielddescr>
@@ -314,7 +321,8 @@
<fielddescr>Update Frequency</fielddescr>
<fieldname>cron</fieldname>
<description><![CDATA[Default:<strong>Never</strong><br />
- Select how often List files will be downloaded]]></description>
+ Select how often List files will be downloaded]]>
+ </description>
<type>select</type>
<options>
<option><name>Never</name><value>Never</value></option>
diff --git a/config/pfblockerng/pfblockerng_v6lists.xml b/config/pfblockerng/pfblockerng_v6lists.xml
index c324b310..2a381451 100644
--- a/config/pfblockerng/pfblockerng_v6lists.xml
+++ b/config/pfblockerng/pfblockerng_v6lists.xml
@@ -28,7 +28,6 @@
1. Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
-
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
@@ -61,7 +60,7 @@
<section>Firewall</section>
<configfile>pfblockerng_v6lists.xml</configfile>
</menu>
- <tabs>
+ <tabs>
<tab>
<text>General</text>
<url>/pkg_edit.php?xml=pfblockerng.xml&amp;id=0</url>
@@ -124,7 +123,7 @@
<text>Sync</text>
<url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_sync.xml&amp;id=0</url>
</tab>
- </tabs>
+ </tabs>
<adddeleteeditpagefields>
<columnitem>
<fielddescr>Alias Name</fielddescr>
@@ -182,12 +181,12 @@
<type>info</type>
<description><![CDATA[<strong><u>'Format'</u></strong> : Select the Format Type<br /><br />
<strong><u>'URL'</u></strong> : Add direct link to list:
- (Example: <a target=_new href='http://list.iblocklist.com/?list=bt_ads&fileformat=p2p&archiveformat=gz'>Ads</a>,
+ Example: <a target=_new href='http://list.iblocklist.com/?list=bt_ads&fileformat=p2p&archiveformat=gz'>Ads</a>,
<a target=_new href='http://list.iblocklist.com/?list=bt_spyware&fileformat=p2p&archiveformat=gz'>Spyware</a>,
- <a target=_new href='http://list.iblocklist.com/?list=bt_proxy&fileformat=p2p&archiveformat=gz'>Proxies</a> )<br /><br />
+ <a target=_new href='http://list.iblocklist.com/?list=bt_proxy&fileformat=p2p&archiveformat=gz'>Proxies</a><br /><br />
<strong><u>'pfSense Local File'</u></strong> Format :<br /><br />
&nbsp;&nbsp;http(s)://127.0.0.1/NAME_OF_FILE &nbsp;&nbsp;<strong>or</strong>&nbsp;&nbsp;
- /usr/local/www/NAME_OF_FILE &nbsp;&nbsp; ((Files can also be placed in the /var/db/pfblockerng folders)<br /><br />
+ /usr/local/www/NAME_OF_FILE &nbsp;&nbsp; (Files can also be placed in the /var/db/pfblockerng folders)<br /><br />
<strong><u>'Header'</u></strong> : The <u>'Header' Field</u> must be <u>Unique</u>, it will
name the List File and it will be referenced in the pfBlockerNG Widget.
@@ -200,21 +199,20 @@
<description><![CDATA[<br /><strong>'Format'</strong> - Choose the file format that URL will retrieve.<br />
<ul><li><strong>'txt'</strong> Plain txt Lists</li><br />
- <li><strong>'gz'</strong> - IBlock GZ Lists in Range Format</li><br />
- <li><strong>'gz_2'</strong> - Other GZ Lists in IP or CIDR only</li><br />
+ <li><strong>'gz'</strong> - IBlock GZ Lists in Range Format only.</li><br />
+ <li><strong>'gz_2'</strong> - Other GZ Lists in IP or CIDR only.</li><br />
<li><strong>'zip'</strong> - ZIP'd Lists</li><br />
<li><strong>'block'</strong>- IP x.x.x.0 Block type</li><br />
<li><strong>'html'</strong> - Web Links</li><br />
<li><strong>'xlsx'</strong> - Excel Lists</li><br />
<li><strong>'rsync'</strong> - RSync Lists</li><br />
- <li><strong>'SKIP'</strong> - This format can be used to 'Disable' an Individual List.</li><br />
- <li><strong>'HOLD'</strong> - Once a List has been Downloaded, you can change to 'HOLD' to keep this list Static.</li><br />
-
- <strong>Note: </strong><br />
- Downloaded or pfSense local file must have only one network per line and follows the syntax below:<br />
- Network ranges: <strong> TBC </strong><br />
+ <strong>'State'</strong> - Select the Run State for each list.<br />
+ <ul><li><strong>'ON/OFF'</strong> - Enabled / Disabled</li><br />
+ <li><strong>'HOLD'</strong> - Once a List has been Downloaded, list will remain Static.</li></ul>
+ <strong>'Note' -</strong> Downloaded or pfsense local file must have only one network per line and follows the syntax below:
+ <ul>Network ranges: <strong> TBC </strong><br />
IP Address: <strong> TBC </strong><br />
- CIDR: <strong> TBC </strong></ul><br /><br />]]>
+ CIDR: <strong> TBC </strong></ul>]]>
</description>
<type>rowhelper</type>
<rowhelper>
@@ -231,15 +229,23 @@
<option><name>html</name><value>html</value></option>
<option><name>xlsx</name><value>xlsx</value></option>
<option><name>RSync</name><value>rsync</value></option>
- <option><name>SKIP</name><value>skip</value></option>
- <option><name>HOLD</name><value>hold</value></option>
</options>
</rowhelperfield>
<rowhelperfield>
+ <fielddescr>State</fielddescr>
+ <fieldname>state</fieldname>
+ <type>select</type>
+ <options>
+ <option><name>ON</name><value>Enabled</value></option>
+ <option><name>OFF</name><value>Disabled</value></option>
+ <option><name>HOLD</name><value>Hold</value></option>
+ </options>
+ </rowhelperfield>
+ <rowhelperfield>
<fielddescr>URL or pfSense local file</fielddescr>
<fieldname>url</fieldname>
<type>input</type>
- <size>75</size>
+ <size>50</size>
</rowhelperfield>
<rowhelperfield>
<fielddescr>Header</fielddescr>
@@ -349,7 +355,8 @@
<fieldname>aliaslog</fieldname>
<description><![CDATA[Default:<strong>Enable</strong><br />
Select - Logging to Status: System Logs: FIREWALL ( Log )<br />
- This can be overriden by the 'Global Logging' Option in the General Tab.]]></description>
+ This can be overriden by the 'Global Logging' Option in the General Tab.]]>
+ </description>
<type>select</type>
<options>
<option><name>Enable</name><value>enabled</value></option>
@@ -389,7 +396,7 @@
</field>
<field>
<name><![CDATA[<ul>Click to SAVE Settings and/or Rule Edits. &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Changes are Applied via CRON or
- 'Force Update'</ul>]]></name>
+ 'Force Update'</ul>]]></name>
<type>listtopic</type>
</field>
</fields>