aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rwxr-xr-xconfig/pf-blocker/pfblocker.inc23
-rw-r--r--config/pf-blocker/pfblocker.php17
-rwxr-xr-xconfig/pf-blocker/pfblocker_lists.xml16
-rw-r--r--config/pf-blocker/pfblocker_topspammers.xml16
-rw-r--r--pkg_config.8.xml2
-rw-r--r--pkg_config.8.xml.amd642
6 files changed, 56 insertions, 20 deletions
diff --git a/config/pf-blocker/pfblocker.inc b/config/pf-blocker/pfblocker.inc
index fcaad65f..3472aea8 100755
--- a/config/pf-blocker/pfblocker.inc
+++ b/config/pf-blocker/pfblocker.inc
@@ -167,6 +167,15 @@ function sync_package_pfblocker() {
"detail"=> "DO NOT EDIT THIS ALIAS");
#Create rule if action permits
switch($continent_config['action']){
+ case "Deny_Both":
+ $rule = $base_rule;
+ $rule["type"] = $deny_action_inbound;
+ $rule["descr"]= "$pfb_alias auto rule";
+ $rule["source"]= array("address"=> $pfb_alias);
+ $rule["destination"]=array("any"=>"");
+ if ($pfblocker_config['enable_log'])
+ $rule["log"]="";
+ $deny_inbound[]=$rule;
case "Deny_Outbound":
$rule = $base_rule;
$rule["type"] = $deny_action_outbound;
@@ -254,6 +263,11 @@ function sync_package_pfblocker() {
${$alias}.= $matches[1]."\n";
$new_file.= $matches[1]."\n";
}
+ # Single ip addresses
+ if (preg_match("/(\d+\.\d+\.\d+\.\d+)\s+/",$line,$matches)){
+ ${$alias}.= $matches[1]."/32\n";
+ $new_file.= $matches[1]."/32\n";
+ }
# Network range 192.168.0.0-192.168.0.254
if (preg_match("/(\d+\.\d+\.\d+\.\d+)-(\d+\.\d+\.\d+\.\d+)/",$line,$matches)){
$cidr= pfblocker_Range2CIDR($matches[1],$matches[2]);
@@ -289,6 +303,15 @@ function sync_package_pfblocker() {
"detail"=> "DO NOT EDIT THIS ALIAS");
#Create rule if action permits
switch($list['action']){
+ case "Deny_Both":
+ $rule = $base_rule;
+ $rule["type"] = $deny_action_inbound;
+ $rule["descr"]= "$alias auto rule";
+ $rule["source"]= array("address"=> $alias);
+ $rule["destination"]=array("any"=>"");
+ if ($pfblocker_config['enable_log'])
+ $rule["log"]="";
+ $deny_inbound[]=$rule;
case "Deny_Outbound":
$rule = $base_rule;
$rule["type"] = $deny_action_outbound;
diff --git a/config/pf-blocker/pfblocker.php b/config/pf-blocker/pfblocker.php
index e6fcd75e..dc9b58dd 100644
--- a/config/pf-blocker/pfblocker.php
+++ b/config/pf-blocker/pfblocker.php
@@ -11,7 +11,8 @@ function get_networks($pfb){
if (preg_match("/(\w+)/",$_REQUEST['pfb'],$matches))
get_networks($matches[1]);
#}
-
+if ($argv[1]=='uc')
+ pfblocker_get_countries();
if ($argv[1]=='cron'){
require_once("/etc/inc/util.inc");
require_once("/etc/inc/functions.inc");
@@ -215,17 +216,21 @@ $xml= <<<EOF
<fieldname>action</fieldname>
<description><![CDATA[Default:<strong>Disabled</strong><br>
Select action for countries you have selected in {$cont}<br><br>
- <strong>Note: </strong><br>'Deny Inbound' - Will deny access from selected countries to your network.<br>
- 'Deny Outbound' - Will deny access from your users to countries you selected to block<br>
+ <strong>Note: </strong><br>'Deny Both' - Will deny access on Both directions.<br>
+ 'Deny Inbound' - Will deny access from selected countries to your network.<br>
+ 'Deny Outbound' - Will deny access from your users to countries you selected to block.<br>
'Permit Inbound' - Will allow access from selected countries to your network.<br>
- 'Permit Outbound' - Will allow access from your users to countries you selected to block<br>
- 'Alias Only' - Will create alias <strong>{$cont}</strong> with selected countries to help custom rule assignments.<br>
- 'Disabled' - Will just keep selection and do nothing to selected countries.<br>]]></description>
+ 'Permit Outbound' - Will allow access from your users to countries you selected to block.<br>
+ 'Disabled' - Will just keep selection and do nothing to selected countries.<br>
+ 'Alias Only' - Will create alias <strong>pfBlocker{$cont}</strong> with selected countries to help custom rule assignments.<br><br>
+ <strong>While creating rules with this alias, keep aliasname in the beggining of rule description and do not end description with 'rule'.<br></strong>
+ Custom rules with 'Aliasname something rule' description will be removed by package.]]></description>
<type>select</type>
<options>
<option><name>Disabled</name><value>Disabled</value></option>
<option><name>Deny Inbound</name><value>Deny_Inbound</value></option>
<option><name>Deny Outbound</name><value>Deny_Outbound</value></option>
+ <option><name>Deny Both</name><value>Deny_Both</value></option>
<option><name>Permit Inbound</name><value>Permit_Inbound</value></option>
<option><name>Permit Outbound</name><value>Permit_Outbound</value></option>
<option><name>Alias only</name><value>Alias_only</value></option>
diff --git a/config/pf-blocker/pfblocker_lists.xml b/config/pf-blocker/pfblocker_lists.xml
index 90e2d07f..42f1c0ae 100755
--- a/config/pf-blocker/pfblocker_lists.xml
+++ b/config/pf-blocker/pfblocker_lists.xml
@@ -176,17 +176,21 @@
<fielddescr>List Action</fielddescr>
<description><![CDATA[Default:<strong>Deny Inbound</strong><br>
Select action for network on lists you have selected.<br><br>
- <strong>Note: </strong><br>'Deny Inbound' - Will deny access from selected countries to your network.<br>
- 'Deny Outbound' - Will deny access from your users to countries you selected to block<br>
- 'Permit Inbound' - Will allow access from selected countries to your network.<br>
- 'Permit Outbound' - Will allow access from your users to countries you selected to block<br>
- 'Alias Only' - Will create an alias with selected countries to help custom rule assignments.<br>
- 'Disabled' - Will just keep selection and do nothing to selected countries.<br>]]></description>
+ <strong>Note: </strong><br>'Deny Both' - Will deny access on Both directions.<br>
+ 'Deny Inbound' - Will deny access from selected lists to your network.<br>
+ 'Deny Outbound' - Will deny access from your users to ip lists you selected to block.<br>
+ 'Permit Inbound' - Will allow access from selected lists to your network.<br>
+ 'Permit Outbound' - Will allow access from your users to ip lists you selected to block.<br>
+ 'Disabled' - Will just keep selection and do nothing to selected Lists.<br>
+ 'Alias Only' - Will create an alias with selected Lists to help custom rule assignments.<br><br>
+ <strong>While creating rules with this list, keep aliasname in the beggining of rule description and do not end description with 'rule'.<br></strong>
+ custom rules with 'Aliasname something rule' description will be removed by package.]]></description>
<fieldname>action</fieldname>
<type>select</type>
<options>
<option><name>Deny Inbound</name><value>Deny_Inbound</value></option>
<option><name>Deny Outbound</name><value>Deny_Outbound</value></option>
+ <option><name>Deny Both</name><value>Deny_Both</value></option>
<option><name>Permit Inbound</name><value>Permit_Inbound</value></option>
<option><name>Permit Outbound</name><value>Permit_Outbound</value></option>
<option><name>Alias only</name><value>Alias_only</value></option>
diff --git a/config/pf-blocker/pfblocker_topspammers.xml b/config/pf-blocker/pfblocker_topspammers.xml
index f6bf8664..2536cf80 100644
--- a/config/pf-blocker/pfblocker_topspammers.xml
+++ b/config/pf-blocker/pfblocker_topspammers.xml
@@ -129,17 +129,21 @@
<fielddescr>Action</fielddescr>
<fieldname>action</fieldname>
<description><![CDATA[Default:<strong>Deny Inbound</strong><br>
- Select action for countries you have selected.<br><br>
- <strong>Note: </strong><br>'Deny Inbound' - Will deny access from selected countries to your network.<br>
- 'Deny Outbound' - Will deny access from your users to countries you selected to block<br>
+ Select action for network on lists you have selected.<br><br>
+ <strong>Note: </strong><br>'Deny Both' - Will deny access on Both directions.<br>
+ 'Deny Inbound' - Will deny access from selected countries to your network.<br>
+ 'Deny Outbound' - Will deny access from your users to countries you selected to block.<br>
'Permit Inbound' - Will allow access from selected countries to your network.<br>
- 'Permit Outbound' - Will allow access from your users to countries you selected to block<br>
- 'Alias Only' - Will create alias <strong>pfBlockerTopSpammers</strong> with selected countries to help custom rule assignments.
- 'Disabled' - Will just keep selection and do nothing to selected countries.<br>]]></description>
+ 'Permit Outbound' - Will allow access from your users to countries you selected to block.<br>
+ 'Disabled' - Will just keep selection and do nothing to selected countries.<br>
+ 'Alias Only' - Will create alias <strong>pfBlockerTopSpammers</strong> with selected countries to help custom rule assignments.<br><br>
+ <strong>While creating rules with this alias, keep aliasname in the beggining of rule description and do not end description with 'rule'.<br></strong>
+ Custom rules with 'Aliasname something rule' description will be removed by package.]]></description>
<type>select</type>
<options>
<option><name>Deny Inbound</name><value>Deny_Inbound</value></option>
<option><name>Deny Outbound</name><value>Deny_Outbound</value></option>
+ <option><name>Deny Both</name><value>Deny_Both</value></option>
<option><name>Permit Inbound</name><value>Permit_Inbound</value></option>
<option><name>Permit Outbound</name><value>Permit_Outbound</value></option>
<option><name>Alias only</name><value>Alias_only</value></option>
diff --git a/pkg_config.8.xml b/pkg_config.8.xml
index 417aff93..a8b4d357 100644
--- a/pkg_config.8.xml
+++ b/pkg_config.8.xml
@@ -55,7 +55,7 @@
<pkginfolink>http://forum.pfsense.org/index.php/topic,42543.0.html</pkginfolink>
<config_file>http://pfsense.org/packages/config/pf-blocker/pfblocker.xml</config_file>
<depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url>
- <version>1.0</version>
+ <version>1.0.1</version>
<status>Release</status>
<required_version>2.0</required_version>
<maintainer>tom@tomschaefer.org marcellocoutinho@gmail.com</maintainer>
diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64
index 1de281a2..6cd8f92c 100644
--- a/pkg_config.8.xml.amd64
+++ b/pkg_config.8.xml.amd64
@@ -134,7 +134,7 @@
<pkginfolink>http://forum.pfsense.org/index.php/topic,42543.0.html</pkginfolink>
<config_file>http://pfsense.org/packages/config/pf-blocker/pfblocker.xml</config_file>
<depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url>
- <version>1.0</version>
+ <version>1.0.1</version>
<status>Release</status>
<required_version>2.0</required_version>
<maintainer>tom@tomschaefer.org marcellocoutinho@gmail.com</maintainer>