aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rwxr-xr-x[-rw-r--r--]config/ipblocklist/convert-execute.sh27
-rwxr-xr-xconfig/ipblocklist/ipblocklist.inc12
-rwxr-xr-xconfig/ipblocklist/ipblocklist.tmp32
-rwxr-xr-xconfig/ipblocklist/ipblocklist.xml2
-rwxr-xr-xconfig/ipblocklist/purgeip.tmp8
-rwxr-xr-xpkg_config.7.xml6
-rwxr-xr-xpkg_config.8.xml8
-rwxr-xr-xpkg_config.8.xml.amd646
8 files changed, 63 insertions, 38 deletions
diff --git a/config/ipblocklist/convert-execute.sh b/config/ipblocklist/convert-execute.sh
index 00b8bb22..dd668baa 100644..100755
--- a/config/ipblocklist/convert-execute.sh
+++ b/config/ipblocklist/convert-execute.sh
@@ -1,9 +1,16 @@
+#Version 2
+
+#kill tables to elminate dups
pfctl -t ipblocklist -T kill
+pfctl -t ipblocklistW -T kill
sed -i -e '/ipblocklist/d' /tmp/rules.debug
+sed -i -e '/ipblocklistW/d' /tmp/rules.debug
-#ipfw -f -q flush (Version 0.1.4)
+#Generate lists to process
ls lists > file_list.txt
+ls Wlists > file_Wlist.txt
filelist="file_list.txt"
+Wfilelist="file_Wlist.txt"
#READ contents in file_list.txt and process as file
for fileline in $(cat $filelist); do
@@ -11,6 +18,13 @@ iplist="lists/$fileline"
iplistout="lists/ipfw.ipfw"
perl convert.pl $iplist $iplistout
done
+
+#Whitelist
+for Wfileline in $(cat $Wfilelist); do
+Wiplist="Wlists/$Wfileline"
+Wiplistout="Wlists/whitelist"
+perl convert.pl $Wiplist $Wiplistout
+done
#echo "ipfw made"
#clean up ipfw.ipfw (duplicates)
@@ -19,12 +33,18 @@ sort lists/ipfw.ipfw | uniq -u >> lists/ipfw.ipfwTEMP
mv lists/ipfw.ipfwTEMP lists/ipfw.ipfw
#echo "ipfw clean"
+#clean up whitelist (duplicates)
+rm Wlists/whitelistTEMP
+sort Wlists/whitelist | uniq -u >> Wlists/whitelistTEMP
+mv Wlists/whitelistTEMP Wlists/whitelist
+#echo "whitelist clean"
+
#Now edit /tmp/rules.debug
#find my line for table
-export i=`grep -n 'block quick from any to <snort2c>' /tmp/rules.debug | grep -o '[0-9]\{2\}'`
+export i=`grep -n 'block quick from any to <snort2c>' /tmp/rules.debug | grep -o '[0-9]\{2,4\}'`
export t=`grep -n 'User Aliases' /tmp/rules.debug |grep -o '[0-9]'`
i=$(($i+'1'))
@@ -62,6 +82,9 @@ while read line
echo "" >> /tmp/rules.debug.tmp
echo "#ipblocklist" >> /tmp/rules.debug.tmp
echo "table <ipblocklist> persist file '/usr/local/www/packages/ipblocklist/lists/ipfw.ipfw'" >> /tmp/rules.debug.tmp
+ echo "table <ipblocklistW> persist file '/usr/local/www/packages/ipblocklist/Wlists/whitelist'" >> /tmp/rules.debug.tmp
+ echo "pass quick from <ipblocklistW> to any label 'IP-Blocklist'" >> /tmp/rules.debug.tmp
+ echo "pass quick from any to <ipblocklistW> label 'IP-Blocklist'" >> /tmp/rules.debug.tmp
echo "block quick from <ipblocklist> to any label 'IP-Blocklist'" >> /tmp/rules.debug.tmp
echo "block quick from any to <ipblocklist> label 'IP-Blocklist'" >> /tmp/rules.debug.tmp
fi
diff --git a/config/ipblocklist/ipblocklist.inc b/config/ipblocklist/ipblocklist.inc
index a950d188..c5ce30f4 100755
--- a/config/ipblocklist/ipblocklist.inc
+++ b/config/ipblocklist/ipblocklist.inc
@@ -3,7 +3,7 @@
/*
/* ========================================================================== */
/*
- dnsblacklist.inc
+ ipblocklist.inc v2
Copyright (C) 2010 Tom Schaefer
All rights reserved.
*/
@@ -29,7 +29,7 @@
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
-*/
+
function pkg_is_service_running($servicename)
{
@@ -45,7 +45,7 @@ function pkg_is_service_running($servicename)
return false;
}
}
-
+*/
function byte_convert( $bytes ) {
if ($bytes<=0)
return '0 Byte';
@@ -94,8 +94,8 @@ function php_install_command()
unlink_if_exists("/tmp/purge.tmp");
exec("cp /tmp/index.tmp /usr/local/www/packages/ipblocklist/index.php");
unlink_if_exists("/tmp/index.tmp");
- exec("cp /tmp/manual_add.tmp /usr/local/www/packages/ipblocklist/manual_add.php");
- unlink_if_exists("/tmp/manual_add.tmp");
+ exec("cp /tmp/whitelist.tmp /usr/local/www/packages/ipblocklist/whitelist.php");
+ unlink_if_exists("/tmp/whitelist.tmp");
exec("cp /tmp/purgeip.tmp /usr/local/www/packages/ipblocklist/purgeip.php");
unlink_if_exists("/tmp/purgeip.tmp");
//Get scripts
@@ -104,7 +104,7 @@ function php_install_command()
exec("cp /tmp/convert-execute.sh /usr/local/www/packages/ipblocklist/convert-execute.sh");
unlink_if_exists("/tmp/convert-execute.sh");
exec("cp /tmp/IP-Blocklist.sh /usr/local/etc/rc.d/IP-Blocklist.sh");
- unlink_if_exists("/tmp/convert-execute.sh");
+ unlink_if_exists("/tmp/IP-Blocklist.sh");
diff --git a/config/ipblocklist/ipblocklist.tmp b/config/ipblocklist/ipblocklist.tmp
index cf61bfc8..6387cb34 100755
--- a/config/ipblocklist/ipblocklist.tmp
+++ b/config/ipblocklist/ipblocklist.tmp
@@ -1,5 +1,5 @@
<?php
-
+ //Version 2
require_once('config.inc');
require("guiconfig.inc");
@@ -23,24 +23,34 @@ if (count($_POST)>0) {
//echo "enabled";
$config['installedpackages']['ipblocklist_settings']['config'][0]['enable'] = 1;
- //Load ipfw.ko
- //exec("kldload ipfw.ko"); (Version 0.1.4)
//Process list by downloading and extracting
$myFile = "lists.txt";
+ $myWFile = "wlists.txt";
$fileContents = file_get_contents($myFile);
+ $fileWContents = file_get_contents($myWFile);
$lines = explode(PHP_EOL, $fileContents);
+ $Wlines = explode(PHP_EOL, $fileWContents);
//Remove DIR lists to eliminate duplates
exec("rm -R lists");
+ exec("rm -R Wlists");
//Process each list URL, Extract, and put in DIR lists
exec("mkdir lists");
+ exec("mkdir Wlists");
foreach ($lines as $line) {
exec("fetch -o lists $line");
$filename = basename($line);
//Extract list
exec("gzip -d lists/$filename");
}
+ foreach ($Wlines as $Wline) {
+ exec("fetch -o Wlists $Wline");
+ $Wfilename = basename($Wline);
+ //Extract Whitelist
+ exec("gzip -d Wlists/$Wfilename");
+ }
//Prep pfctl
mwexec("touch lists/ipfw.ipfw");
+ mwexec("touch Wlists/whitelist");
//Now clear ipfw, and process each list to ipfw commands
mwexec("sh convert-execute.sh");
@@ -101,23 +111,15 @@ else {
<a href="http://iblocklist.whitacrecomputers.com/files/bt_level2.gz">Level2</a>,
<a href="http://iblocklist.whitacrecomputers.com/files/bt_level3.gz">Level3</a>)
<br/>
- Compressed lists should have .gz extention <br/>
- <br/>
- <!--
- <br/>
- Be Patient - <u>Level3</u> lists take about 5m. <u>Level1</u> lists take about 1h<br/>
-
-
- <br/>If you use a Level1 list or multiple lists, the webserver will become unresponsive <a href="http://forum.pfsense.org/index.php/topic,24769.0.html"><img src="../../themes/nervecenter/images/icons/icon_log.gif"></a>
- (version 0.1.4)
- -->
- <br/><span style="color:red">Warning!</span> - Apply after each reboot or firewall change. Use at your own risk.
+ Compressed lists should have .gz extention and follows PeerBlock syntax <br/>
+
+ <br/><span style="color:red">Warning!</span> - Apply after firewall change or state reset. Use at your own risk.
<?php
echo "<br/><br/>Current Status = ";
ob_start();
$results = exec("pfctl -s rules | grep -c ipblocklist");
ob_end_clean();
- if ($results == '2') echo "Running";
+ if ($results > '2') echo "Running";
else
echo "<span style='color:red'>NOT running</span>";
diff --git a/config/ipblocklist/ipblocklist.xml b/config/ipblocklist/ipblocklist.xml
index 55c0bf24..16c26c3e 100755
--- a/config/ipblocklist/ipblocklist.xml
+++ b/config/ipblocklist/ipblocklist.xml
@@ -102,7 +102,7 @@
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/ipblocklist/manual_add.tmp</item>
+ <item>http://www.pfsense.com/packages/config/ipblocklist/whitelist.tmp</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
diff --git a/config/ipblocklist/purgeip.tmp b/config/ipblocklist/purgeip.tmp
index 3622797a..449cb262 100755
--- a/config/ipblocklist/purgeip.tmp
+++ b/config/ipblocklist/purgeip.tmp
@@ -4,12 +4,12 @@ $line = $_GET["line"];
//echo("$line");
//exec("more ips.ipfw > temp_ips.ipfw");
if ($line == 0) {
- exec("rm ips.ipfw");
+ exec("rm wlists.txt");
} else {
- exec("sed $line'd' ips.ipfw > temp_ips.ipfw");
+ exec("sed $line'd' wlists.txt > temp_wlists.txt");
}
-exec("more temp_ips.ipfw > ips.ipfw");
-exec("rm temp_ips.ipfw");
+exec("more temp_wlists.txt > wlists.txt");
+exec("rm temp_wlists.txt");
?>
diff --git a/pkg_config.7.xml b/pkg_config.7.xml
index be8eb617..d43a0cd1 100755
--- a/pkg_config.7.xml
+++ b/pkg_config.7.xml
@@ -2,15 +2,15 @@
<!-- pfSense packages -->
<pfsensepkgs>
<packages>
- <package>
+ <package>
<name>IP-Blocklist</name>
<website/>
- <descr>IP-Blocklist is like PeerGuardian2. IP lists are used to add deny rules to the firewall.</descr>
+ <descr>IP-Blocklist is like PeerGuardian2. IP lists are used to add deny/allow rules to the firewall for in & out traffic.</descr>
<category>Firewall</category>
<pkginfolink>http://forum.pfsense.org/index.php/topic,24769.0.html</pkginfolink>
<config_file>http://pfsense.org/packages/config/ipblocklist/ipblocklist.xml</config_file>
<depends_on_package_base_url>http://files.pfsense.org/packages/7/All/</depends_on_package_base_url>
- <version>0.1.9</version>
+ <version>0.2.0</version>
<status>Beta</status>
<required_version>1.2.2</required_version>
<maintainer>tom@tomschaefer.org</maintainer>
diff --git a/pkg_config.8.xml b/pkg_config.8.xml
index 92833f82..0438ed73 100755
--- a/pkg_config.8.xml
+++ b/pkg_config.8.xml
@@ -2,15 +2,15 @@
<!-- pfSense packages -->
<pfsensepkgs>
<packages>
- <package>
+ <package>
<name>IP-Blocklist</name>
<website/>
- <descr>IP-Blocklist is like PeerGuardian2. IP lists are used to add deny rules to the firewall.</descr>
+ <descr>IP-Blocklist is like PeerGuardian2. IP lists are used to add deny/allow rules to the firewall for in & out traffic.</descr>
<category>Firewall</category>
<pkginfolink>http://forum.pfsense.org/index.php/topic,24769.0.html</pkginfolink>
<config_file>http://pfsense.org/packages/config/ipblocklist/ipblocklist.xml</config_file>
- <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url>
- <version>0.1.9</version>
+ <depends_on_package_base_url>http://files.pfsense.org/packages/7/All/</depends_on_package_base_url>
+ <version>0.2.0</version>
<status>Beta</status>
<required_version>1.2.2</required_version>
<maintainer>tom@tomschaefer.org</maintainer>
diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64
index 02ddbe6b..ab01b838 100755
--- a/pkg_config.8.xml.amd64
+++ b/pkg_config.8.xml.amd64
@@ -2,15 +2,15 @@
<!-- pfSense packages -->
<pfsensepkgs>
<packages>
- <package>
+ <package>
<name>IP-Blocklist</name>
<website/>
- <descr>IP-Blocklist is like PeerGuardian2. IP lists are used to add deny rules to the firewall.</descr>
+ <descr>IP-Blocklist is like PeerGuardian2. IP lists are used to add deny/allow rules to the firewall for in & out traffic.</descr>
<category>Firewall</category>
<pkginfolink>http://forum.pfsense.org/index.php/topic,24769.0.html</pkginfolink>
<config_file>http://pfsense.org/packages/config/ipblocklist/ipblocklist.xml</config_file>
<depends_on_package_base_url>http://files.pfsense.org/packages/7/All/</depends_on_package_base_url>
- <version>0.1.9</version>
+ <version>0.2.0</version>
<status>Beta</status>
<required_version>1.2.2</required_version>
<maintainer>tom@tomschaefer.org</maintainer>