diff options
-rwxr-xr-x[-rw-r--r--] | config/ipblocklist/convert-execute.sh | 27 | ||||
-rwxr-xr-x | config/ipblocklist/ipblocklist.inc | 12 | ||||
-rwxr-xr-x | config/ipblocklist/ipblocklist.tmp | 32 | ||||
-rwxr-xr-x | config/ipblocklist/ipblocklist.xml | 2 | ||||
-rwxr-xr-x | config/ipblocklist/purgeip.tmp | 8 | ||||
-rwxr-xr-x | pkg_config.7.xml | 6 | ||||
-rwxr-xr-x | pkg_config.8.xml | 8 | ||||
-rwxr-xr-x | pkg_config.8.xml.amd64 | 6 |
8 files changed, 63 insertions, 38 deletions
diff --git a/config/ipblocklist/convert-execute.sh b/config/ipblocklist/convert-execute.sh index 00b8bb22..dd668baa 100644..100755 --- a/config/ipblocklist/convert-execute.sh +++ b/config/ipblocklist/convert-execute.sh @@ -1,9 +1,16 @@ +#Version 2 + +#kill tables to elminate dups pfctl -t ipblocklist -T kill +pfctl -t ipblocklistW -T kill sed -i -e '/ipblocklist/d' /tmp/rules.debug +sed -i -e '/ipblocklistW/d' /tmp/rules.debug -#ipfw -f -q flush (Version 0.1.4) +#Generate lists to process ls lists > file_list.txt +ls Wlists > file_Wlist.txt filelist="file_list.txt" +Wfilelist="file_Wlist.txt" #READ contents in file_list.txt and process as file for fileline in $(cat $filelist); do @@ -11,6 +18,13 @@ iplist="lists/$fileline" iplistout="lists/ipfw.ipfw" perl convert.pl $iplist $iplistout done + +#Whitelist +for Wfileline in $(cat $Wfilelist); do +Wiplist="Wlists/$Wfileline" +Wiplistout="Wlists/whitelist" +perl convert.pl $Wiplist $Wiplistout +done #echo "ipfw made" #clean up ipfw.ipfw (duplicates) @@ -19,12 +33,18 @@ sort lists/ipfw.ipfw | uniq -u >> lists/ipfw.ipfwTEMP mv lists/ipfw.ipfwTEMP lists/ipfw.ipfw #echo "ipfw clean" +#clean up whitelist (duplicates) +rm Wlists/whitelistTEMP +sort Wlists/whitelist | uniq -u >> Wlists/whitelistTEMP +mv Wlists/whitelistTEMP Wlists/whitelist +#echo "whitelist clean" + #Now edit /tmp/rules.debug #find my line for table -export i=`grep -n 'block quick from any to <snort2c>' /tmp/rules.debug | grep -o '[0-9]\{2\}'` +export i=`grep -n 'block quick from any to <snort2c>' /tmp/rules.debug | grep -o '[0-9]\{2,4\}'` export t=`grep -n 'User Aliases' /tmp/rules.debug |grep -o '[0-9]'` i=$(($i+'1')) @@ -62,6 +82,9 @@ while read line echo "" >> /tmp/rules.debug.tmp echo "#ipblocklist" >> /tmp/rules.debug.tmp echo "table <ipblocklist> persist file '/usr/local/www/packages/ipblocklist/lists/ipfw.ipfw'" >> /tmp/rules.debug.tmp + echo "table <ipblocklistW> persist file '/usr/local/www/packages/ipblocklist/Wlists/whitelist'" >> /tmp/rules.debug.tmp + echo "pass quick from <ipblocklistW> to any label 'IP-Blocklist'" >> /tmp/rules.debug.tmp + echo "pass quick from any to <ipblocklistW> label 'IP-Blocklist'" >> /tmp/rules.debug.tmp echo "block quick from <ipblocklist> to any label 'IP-Blocklist'" >> /tmp/rules.debug.tmp echo "block quick from any to <ipblocklist> label 'IP-Blocklist'" >> /tmp/rules.debug.tmp fi diff --git a/config/ipblocklist/ipblocklist.inc b/config/ipblocklist/ipblocklist.inc index a950d188..c5ce30f4 100755 --- a/config/ipblocklist/ipblocklist.inc +++ b/config/ipblocklist/ipblocklist.inc @@ -3,7 +3,7 @@ /* /* ========================================================================== */ /* - dnsblacklist.inc + ipblocklist.inc v2 Copyright (C) 2010 Tom Schaefer All rights reserved. */ @@ -29,7 +29,7 @@ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -*/ + function pkg_is_service_running($servicename) { @@ -45,7 +45,7 @@ function pkg_is_service_running($servicename) return false; } } - +*/ function byte_convert( $bytes ) { if ($bytes<=0) return '0 Byte'; @@ -94,8 +94,8 @@ function php_install_command() unlink_if_exists("/tmp/purge.tmp"); exec("cp /tmp/index.tmp /usr/local/www/packages/ipblocklist/index.php"); unlink_if_exists("/tmp/index.tmp"); - exec("cp /tmp/manual_add.tmp /usr/local/www/packages/ipblocklist/manual_add.php"); - unlink_if_exists("/tmp/manual_add.tmp"); + exec("cp /tmp/whitelist.tmp /usr/local/www/packages/ipblocklist/whitelist.php"); + unlink_if_exists("/tmp/whitelist.tmp"); exec("cp /tmp/purgeip.tmp /usr/local/www/packages/ipblocklist/purgeip.php"); unlink_if_exists("/tmp/purgeip.tmp"); //Get scripts @@ -104,7 +104,7 @@ function php_install_command() exec("cp /tmp/convert-execute.sh /usr/local/www/packages/ipblocklist/convert-execute.sh"); unlink_if_exists("/tmp/convert-execute.sh"); exec("cp /tmp/IP-Blocklist.sh /usr/local/etc/rc.d/IP-Blocklist.sh"); - unlink_if_exists("/tmp/convert-execute.sh"); + unlink_if_exists("/tmp/IP-Blocklist.sh"); diff --git a/config/ipblocklist/ipblocklist.tmp b/config/ipblocklist/ipblocklist.tmp index cf61bfc8..6387cb34 100755 --- a/config/ipblocklist/ipblocklist.tmp +++ b/config/ipblocklist/ipblocklist.tmp @@ -1,5 +1,5 @@ <?php - + //Version 2 require_once('config.inc'); require("guiconfig.inc"); @@ -23,24 +23,34 @@ if (count($_POST)>0) { //echo "enabled"; $config['installedpackages']['ipblocklist_settings']['config'][0]['enable'] = 1; - //Load ipfw.ko - //exec("kldload ipfw.ko"); (Version 0.1.4) //Process list by downloading and extracting $myFile = "lists.txt"; + $myWFile = "wlists.txt"; $fileContents = file_get_contents($myFile); + $fileWContents = file_get_contents($myWFile); $lines = explode(PHP_EOL, $fileContents); + $Wlines = explode(PHP_EOL, $fileWContents); //Remove DIR lists to eliminate duplates exec("rm -R lists"); + exec("rm -R Wlists"); //Process each list URL, Extract, and put in DIR lists exec("mkdir lists"); + exec("mkdir Wlists"); foreach ($lines as $line) { exec("fetch -o lists $line"); $filename = basename($line); //Extract list exec("gzip -d lists/$filename"); } + foreach ($Wlines as $Wline) { + exec("fetch -o Wlists $Wline"); + $Wfilename = basename($Wline); + //Extract Whitelist + exec("gzip -d Wlists/$Wfilename"); + } //Prep pfctl mwexec("touch lists/ipfw.ipfw"); + mwexec("touch Wlists/whitelist"); //Now clear ipfw, and process each list to ipfw commands mwexec("sh convert-execute.sh"); @@ -101,23 +111,15 @@ else { <a href="http://iblocklist.whitacrecomputers.com/files/bt_level2.gz">Level2</a>, <a href="http://iblocklist.whitacrecomputers.com/files/bt_level3.gz">Level3</a>) <br/> - Compressed lists should have .gz extention <br/> - <br/> - <!-- - <br/> - Be Patient - <u>Level3</u> lists take about 5m. <u>Level1</u> lists take about 1h<br/> - - - <br/>If you use a Level1 list or multiple lists, the webserver will become unresponsive <a href="http://forum.pfsense.org/index.php/topic,24769.0.html"><img src="../../themes/nervecenter/images/icons/icon_log.gif"></a> - (version 0.1.4) - --> - <br/><span style="color:red">Warning!</span> - Apply after each reboot or firewall change. Use at your own risk. + Compressed lists should have .gz extention and follows PeerBlock syntax <br/> + + <br/><span style="color:red">Warning!</span> - Apply after firewall change or state reset. Use at your own risk. <?php echo "<br/><br/>Current Status = "; ob_start(); $results = exec("pfctl -s rules | grep -c ipblocklist"); ob_end_clean(); - if ($results == '2') echo "Running"; + if ($results > '2') echo "Running"; else echo "<span style='color:red'>NOT running</span>"; diff --git a/config/ipblocklist/ipblocklist.xml b/config/ipblocklist/ipblocklist.xml index 55c0bf24..16c26c3e 100755 --- a/config/ipblocklist/ipblocklist.xml +++ b/config/ipblocklist/ipblocklist.xml @@ -102,7 +102,7 @@ <additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/ipblocklist/manual_add.tmp</item>
+ <item>http://www.pfsense.com/packages/config/ipblocklist/whitelist.tmp</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
diff --git a/config/ipblocklist/purgeip.tmp b/config/ipblocklist/purgeip.tmp index 3622797a..449cb262 100755 --- a/config/ipblocklist/purgeip.tmp +++ b/config/ipblocklist/purgeip.tmp @@ -4,12 +4,12 @@ $line = $_GET["line"]; //echo("$line"); //exec("more ips.ipfw > temp_ips.ipfw"); if ($line == 0) { - exec("rm ips.ipfw"); + exec("rm wlists.txt"); } else { - exec("sed $line'd' ips.ipfw > temp_ips.ipfw"); + exec("sed $line'd' wlists.txt > temp_wlists.txt"); } -exec("more temp_ips.ipfw > ips.ipfw"); -exec("rm temp_ips.ipfw"); +exec("more temp_wlists.txt > wlists.txt"); +exec("rm temp_wlists.txt"); ?> diff --git a/pkg_config.7.xml b/pkg_config.7.xml index be8eb617..d43a0cd1 100755 --- a/pkg_config.7.xml +++ b/pkg_config.7.xml @@ -2,15 +2,15 @@ <!-- pfSense packages --> <pfsensepkgs> <packages> - <package> + <package> <name>IP-Blocklist</name> <website/> - <descr>IP-Blocklist is like PeerGuardian2. IP lists are used to add deny rules to the firewall.</descr> + <descr>IP-Blocklist is like PeerGuardian2. IP lists are used to add deny/allow rules to the firewall for in & out traffic.</descr> <category>Firewall</category> <pkginfolink>http://forum.pfsense.org/index.php/topic,24769.0.html</pkginfolink> <config_file>http://pfsense.org/packages/config/ipblocklist/ipblocklist.xml</config_file> <depends_on_package_base_url>http://files.pfsense.org/packages/7/All/</depends_on_package_base_url> - <version>0.1.9</version> + <version>0.2.0</version> <status>Beta</status> <required_version>1.2.2</required_version> <maintainer>tom@tomschaefer.org</maintainer> diff --git a/pkg_config.8.xml b/pkg_config.8.xml index 92833f82..0438ed73 100755 --- a/pkg_config.8.xml +++ b/pkg_config.8.xml @@ -2,15 +2,15 @@ <!-- pfSense packages --> <pfsensepkgs> <packages> - <package> + <package> <name>IP-Blocklist</name> <website/> - <descr>IP-Blocklist is like PeerGuardian2. IP lists are used to add deny rules to the firewall.</descr> + <descr>IP-Blocklist is like PeerGuardian2. IP lists are used to add deny/allow rules to the firewall for in & out traffic.</descr> <category>Firewall</category> <pkginfolink>http://forum.pfsense.org/index.php/topic,24769.0.html</pkginfolink> <config_file>http://pfsense.org/packages/config/ipblocklist/ipblocklist.xml</config_file> - <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> - <version>0.1.9</version> + <depends_on_package_base_url>http://files.pfsense.org/packages/7/All/</depends_on_package_base_url> + <version>0.2.0</version> <status>Beta</status> <required_version>1.2.2</required_version> <maintainer>tom@tomschaefer.org</maintainer> diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64 index 02ddbe6b..ab01b838 100755 --- a/pkg_config.8.xml.amd64 +++ b/pkg_config.8.xml.amd64 @@ -2,15 +2,15 @@ <!-- pfSense packages --> <pfsensepkgs> <packages> - <package> + <package> <name>IP-Blocklist</name> <website/> - <descr>IP-Blocklist is like PeerGuardian2. IP lists are used to add deny rules to the firewall.</descr> + <descr>IP-Blocklist is like PeerGuardian2. IP lists are used to add deny/allow rules to the firewall for in & out traffic.</descr> <category>Firewall</category> <pkginfolink>http://forum.pfsense.org/index.php/topic,24769.0.html</pkginfolink> <config_file>http://pfsense.org/packages/config/ipblocklist/ipblocklist.xml</config_file> <depends_on_package_base_url>http://files.pfsense.org/packages/7/All/</depends_on_package_base_url> - <version>0.1.9</version> + <version>0.2.0</version> <status>Beta</status> <required_version>1.2.2</required_version> <maintainer>tom@tomschaefer.org</maintainer> |