aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--config/pf-blocker/pfBlocker.widget.php64
-rwxr-xr-xconfig/pf-blocker/pfblocker.inc602
-rw-r--r--config/pf-blocker/pfblocker.php89
-rwxr-xr-xconfig/pf-blocker/pfblocker.xml128
-rwxr-xr-xconfig/pf-blocker/pfblocker_lists.xml237
-rw-r--r--config/pf-blocker/pfblocker_sync.xml6
-rw-r--r--config/pf-blocker/pfblocker_topspammers.xml28
-rw-r--r--pkg_config.8.xml7
-rw-r--r--pkg_config.8.xml.amd647
9 files changed, 707 insertions, 461 deletions
diff --git a/config/pf-blocker/pfBlocker.widget.php b/config/pf-blocker/pfBlocker.widget.php
index ec1d08a2..6830275a 100644
--- a/config/pf-blocker/pfBlocker.widget.php
+++ b/config/pf-blocker/pfBlocker.widget.php
@@ -33,49 +33,43 @@ echo "<table style=\"padding-top:0px; padding-bottom:0px; padding-left:0px; padd
cellspacing=\"0\"";
echo" <tr>";
-$in="";
-$out="";
-$white="";
+$pfb_table=array();
+$out="<img src ='/themes/{$g['theme']}/images/icons/icon_interface_down.gif'>";
+$in="<img src ='/themes/{$g['theme']}/images/icons/icon_interface_up.gif'>";
+if (is_array($config['aliases']['alias']))
+foreach ($config['aliases']['alias'] as $cbalias){
+ if (preg_match("/pfBlocker/",$cbalias['name'])){
+
+ if (file_exists('/var/db/aliastables/'.$cbalias['name'].'.txt')){
+ preg_match("/(\d+)/",exec("/usr/bin/wc -l /var/db/aliastables/".$cbalias['name'].".txt"),$matches);
+ $pfb_table[$cbalias['name']]=array("count" => $matches[1],
+ "img"=> $out);
+ }
+ }
+ }
$rules=$config['filter']['rule'];
#echo "<pre>";
foreach($rules as $rule){
- if ($rule['destination']['address'] == 'pfBlockerOutbound' && $out == ""){
- #print_r($rule);
- $out="<img src ='/themes/{$g['theme']}/images/icons/icon_interface_up.gif'>";
- }
-
- if ($rule['source']['address']== 'pfBlockerInbound' && $in == "")
- $in="<img src ='/themes/{$g['theme']}/images/icons/icon_interface_up.gif'>";
+ if (preg_match("/pfBlocker/",$rule['source']['address']))
+ $pfb_table[$rule['source']['address']]["img"]=$in;
- if ($rule['source']['address']== 'pfBlockerWL' && $white == "")
- $white="<img src ='/themes/{$g['theme']}/images/icons/icon_interface_up.gif'>";
-
- if ($rule['destination']['address']== 'pfBlockerWL' && $white == "")
- $white="<img src ='/themes/{$g['theme']}/images/icons/icon_interface_up.gif'>";
+ if (preg_match("/pfBlocker/",$rule['destination']['address']))
+ $pfb_table[$rule['destination']['address']]["img"]=$in;
}
+print "<pre>";
+#var_dump($pfb_table);
+#exit;
+ print "<td class=\"listlr\"><strong>Alias</strong></td>";
+ print "<td class=\"listlr\"><strong>CIDRs</strong></td>";
+ print "<td class=\"listlr\"><strong>Status</strong></td></tr>";
-$in=($in != ""?$in:"<img src ='/themes/{$g['theme']}/images/icons/icon_interface_down.gif'>");
-$out=($out != ""?$out:"<img src ='/themes/{$g['theme']}/images/icons/icon_interface_down.gif'>");
-$white=($white != ""?$white:"<img src ='/themes/{$g['theme']}/images/icons/icon_interface_down.gif'>");
-
-echo " <td class=\"listhdrr\">pfBlockerInbound".$in."</td>";
-echo " <td class=\"listhdrr\">pfBlockerOutbound".$out."</td>";
-echo " <td class=\"listhdrr\">pfBlockerWL".$white."</td>";
-echo" </tr>";
-echo" <tr>";
-if (file_exists("/usr/local/pkg/pfb_in.txt")) {
- $resultsIP = preg_match_all("/\//",file_get_contents("/usr/local/pkg/pfb_in.txt"),$matches);
- echo " <td class=\"listlr\">". count($matches[0])." Networks</td>";
+foreach ($pfb_table as $alias => $values){
+ print "<td class=\"listlr\">".$alias ."</td>";
+ print "<td class=\"listlr\">".$values["count"]."</td>";
+ print "<td class=\"listlr\">".$values["img"]."</td></tr>";
}
-if (file_exists("/usr/local/pkg/pfb_out.txt")) {
- $resultsIP = preg_match_all("/\//",file_get_contents("/usr/local/pkg/pfb_out.txt"),$matches);
- echo " <td class=\"listlr\">" . count($matches[0])." Networks</td>";
-}
-if (file_exists("/usr/local/pkg/pfb_w.txt")) {
- $resultsIP = preg_match_all("/\//",file_get_contents("/usr/local/pkg/pfb_w.txt"),$matches);
- echo " <td class=\"listlr\">" . count($matches[0])." Networks</td>";}
-
echo" </tr>";
echo"</table>";
+exit;
?> \ No newline at end of file
diff --git a/config/pf-blocker/pfblocker.inc b/config/pf-blocker/pfblocker.inc
index f9f6d951..ec017df8 100755
--- a/config/pf-blocker/pfblocker.inc
+++ b/config/pf-blocker/pfblocker.inc
@@ -72,9 +72,9 @@ function pfblocker_Range2CIDR($ip_min, $ip_max) {
function sync_package_pfblocker() {
global $config;
+ $pfblocker_enable=$config['installedpackages']['pfblocker']['config'][0]['enable_cb'];
$pfblocker_config=$config['installedpackages']['pfblocker']['config'][0];
- $continents= array("Africa","Antartica","Asia","Europe","North America","Oceania","South America");
-
+ $table_limit =($config['system']['maximumtableentries']!= ""?$config['system']['maximumtableentries']:"100000");
#get local web gui configuration
$web_local=($config['system']['webgui']['protocol'] != ""?$config['system']['webgui']['protocol']:"http");
$port = $config['system']['webgui']['port'];
@@ -86,304 +86,355 @@ function sync_package_pfblocker() {
}
$web_local .= "://127.0.0.1:".$port.'/pfblocker.php';
- #get all selected countries
- $countries=$config['installedpackages']['pfblockertopspammers']['config'][0]['countries'].",";
- foreach ($continents as $continent){
- if (is_array($config['installedpackages']['pfblocker'.strtolower(preg_replace('/ /','',$continent))]['config']))
- $countries.=$config['installedpackages']['pfblocker'.strtolower(preg_replace('/ /','',$continent))]['config'][0]['countries'].",";
- }
- $cb_files = explode(",", $countries);
-
- $pfbdir='/usr/local/pkg/pfblocker';
-
#check folders
+ $pfbdir='/usr/local/pkg/pfblocker';
+ $pfb_alias_dir='/usr/local/pkg/pfblocker_aliases';
if (!is_dir($pfbdir))
mkdir ($pfbdir,0755);
+ if (!is_dir($pfb_alias_dir))
+ mkdir ($pfb_alias_dir,0755);
if (! is_dir('/var/db/aliastables/'))
mkdir ('/var/db/aliastables/',0755);
-
- #get custom lists
- $whitelist=pfb_text_area_decode($pfblocker_config['whitelist']);
- $ips_in="";
- $ips_out="";
- foreach ($cb_files as $iso){
- if ($iso <> ""){
- if (file_exists($pfbdir.'/'.$iso.'.txt'))
- switch ($pfblocker_config['countryblock']){
- case "inbound":
- $ips_in.=file_get_contents($pfbdir.'/'.$iso.'.txt');
+
+ $continents= array( "Africa" => "pfBlockerAfrica",
+ "Antartica" => "pfBlockerAntartica",
+ "Asia" => "pfBlockerAsia",
+ "Europe" => "pfBlockerEurope",
+ "North America" => "pfBlockerNorthAmerica",
+ "Oceania" => "pfBlockerOceania",
+ "South America" => "pfBlockerSouthAmerica",
+ "Top Spammers" => "pfBlockerTopSpammers");
+
+ #create rules vars and arrays
+ $new_aliases=array();
+ $permit_inbound=array();
+ $permit_outbound=array();
+ $deny_inbound=array();
+ $deny_outbound=array();
+ $aliases_list=array();
+ #check if pfblocker is enabled or not.
+ $deny_action_inbound=($pfblocker_config['inbound_deny_action']!= ""?$pfblocker_config['inbound_deny_action']:"block");
+ $deny_action_outbound=($pfblocker_config['outbound_deny_action']!= ""?$pfblocker_config['outbound_deny_action']:"reject");
+ $base_rule= array( "id" => "",
+ "tag"=> "",
+ "tagged"=> "",
+ "max"=> "",
+ "max-src-nodes"=>"",
+ "max-src-conn"=> "",
+ "max-src-states"=>"",
+ "statetimeout"=>"",
+ "statetype"=>"keep state",
+ "os"=> "");
+#############################################
+# Assign Countries #
+#############################################
+ foreach ($continents as $continent => $pfb_alias){
+ ${$continent}="";
+ if (is_array($config['installedpackages']['pfblocker'.strtolower(preg_replace('/ /','',$continent))]['config'])){
+ $continent_config=$config['installedpackages']['pfblocker'.strtolower(preg_replace('/ /','',$continent))]['config'][0];
+ if ($continent_config['action'] != 'Disabled' && $continent_config['action'] != '' && $pfblocker_enable == "on")
+ foreach (explode(",", $continent_config['countries']) as $iso){
+ #var_dump ($iso);
+ if ($iso <> "" && file_exists($pfbdir.'/'.$iso.'.txt'))
+ ${$continent} .= file_get_contents($pfbdir.'/'.$iso.'.txt');
+ }
+ if($continent_config['countries'] != "" && $pfblocker_enable == "on"){
+ #write alias file
+ file_put_contents($pfb_alias_dir.'/'.$pfb_alias.'.txt',${$continent},LOCK_EX);
+ #Create alias config
+ $new_aliases[]=array("name"=> $pfb_alias,
+ "url"=> $web_local.'?pfb='.$pfb_alias,
+ "updatefreq"=> "32",
+ "address"=>"",
+ "descr"=> "pfBlocker country list",
+ "type"=> "urltable",
+ "detail"=> "DO NOT EDIT THIS ALIAS");
+ #force alias file update
+ if (file_exists($pfb_alias_dir.'/'.$pfb_alias.'.txt'))
+ file_put_contents($pfb_alias_dir.'/'.$pfb_alias.'.txt',${$continent}, LOCK_EX);
+ #Create rule if action permits
+ switch($continent_config['action']){
+ case "Deny_Outbound":
+ $rule = $base_rule;
+ $rule["type"] = $deny_action_outbound;
+ $rule["descr"]= "pfBlocker Outbound rule";
+ $rule["source"]=array("any"=>"");
+ $rule["destination"]= array("address"=> $pfb_alias);
+ if ($pfblocker_config['enable_log'])
+ $rule["log"]="";
+ $deny_outbound[]=$rule;
+ break;
+ case "Deny_Inbound":
+ $rule = $base_rule;
+ $rule["type"] = $deny_action_inbound;
+ $rule["descr"]= "pfBlocker Inbound rule";
+ $rule["source"]= array("address"=> $pfb_alias);
+ $rule["destination"]=array("any"=>"");
+ if ($pfblocker_config['enable_log'])
+ $rule["log"]="";
+ $deny_inbound[]=$rule;
break;
- case "outbound":
- $ips_out.=file_get_contents($pfbdir.'/'.$iso.'.txt');
+ case "Permit_Outbound":
+ $rule = $base_rule;
+ $rule["type"] = "pass";
+ $rule["descr"]= "pfBlocker Outbound rule";
+ $rule["source"]=array("any"=>"");
+ $rule["destination"]= array("address"=> $pfb_alias);
+ if ($pfblocker_config['enable_log'])
+ $rule["log"]="";
+ $permit_outbound[]=$rule;
break;
- case "both":
- $ips_in.=file_get_contents($pfbdir.'/'.$iso.'.txt');
- $ips_out.=file_get_contents($pfbdir.'/'.$iso.'.txt');
+ case "Permit_Inbound":
+ $rule = $base_rule;
+ $rule["type"] = "pass";
+ $rule["descr"]= "pfBlocker Inbound rule";
+ $rule["source"]= array("address"=> $pfb_alias);
+ $rule["destination"]=array("any"=>"");
+ if ($pfblocker_config['enable_log'])
+ $rule["log"]="";
+ $permit_inbound[]=$rule;
break;
- case "whitelist":
- $whitelist.=file_get_contents($pfbdir.'/'.$iso.'.txt');
- break;
}
+
}
}
+ #mark pfctl aliastable for cleanup
+ if (!in_array($pfb_alias, $aliases_list))
+ $aliases_list[]=$pfb_alias;
+ }
- #Assign IP range lists
- foreach ($pfblocker_config['row'] as $row){
- $md5_url = md5($row['url']);
- #print $row['action']."<br>";
- if (file_exists($pfbdir."/".$md5_url.".txt")){
- ${$row['action']}.= file_get_contents($pfbdir.'/'.$md5_url.'.txt');
- }
- else{
- if ($row['format'] == "gz")
- $url_list= gzfile($row['url']);
- else
- $url_list= file($row['url']);
- #extract range lists
- $new_file="";
- foreach ($url_list as $line){
- # CIDR format 192.168.0.0/16
- if (preg_match("/(\d+\.\d+\.\d+\.\d+\/\d+)/",$line,$matches)){
- ${$row['action']}.= $matches[1]."\n";
- $new_file.= $matches[1]."\n";
+ #############################################
+ # Assign lists #
+ #############################################
+ #print "<pre>";
+ if($config['installedpackages']['pfblockerlists']['config'] != "")
+ foreach($config['installedpackages']['pfblockerlists']['config'] as $list){
+ $alias="pfBlocker".preg_replace("/\W/","",$list['aliasname']);
+ #print $list['aliasname'].$list['action']." ".$alias." ".$row['url']."<br>";
+ if ($alias != "pfBlocker" && $list['action'] != "" && $list['action'] != 'Disabled' && $pfblocker_enable == "on"){
+ #remove empty lists files if any
+ if (is_array($list['row']))
+ foreach ($list['row'] as $row){
+ #print $list['aliasname'].$list['action'].$list['cron']." ".$alias." ".$row['url']."$update_local<br>";
+ if ($row['url'] != ""){
+ $md5_url = md5($row['url']);
+ if (file_exists($pfbdir."/".$md5_url.".txt")){
+ ${$alias}.= file_get_contents($pfbdir.'/'.$md5_url.'.txt');
+ }
+ else{
+ if ($row['format'] == "gz")
+ $url_list= gzfile($row['url']);
+ else
+ $url_list= file($row['url']);
+ #extract range lists
+ $new_file="";
+ if (is_array($url_list))
+ foreach ($url_list as $line){
+ # CIDR format 192.168.0.0/16
+ if (preg_match("/(\d+\.\d+\.\d+\.\d+\/\d+)/",$line,$matches)){
+ ${$alias}.= $matches[1]."\n";
+ $new_file.= $matches[1]."\n";
+ }
+ # Network range 192.168.0.0-192.168.0.254
+ if (preg_match("/(\d+\.\d+\.\d+\.\d+)-(\d+\.\d+\.\d+\.\d+)/",$line,$matches)){
+ $cidr= pfblocker_Range2CIDR($matches[1],$matches[2]);
+ if ($cidr != ""){
+ ${$alias}.= $cidr."\n";
+ $new_file.= $cidr."\n";
+ }
+ }
+ }
+ if ($new_file != "")
+ file_put_contents($pfbdir.'/'.$md5_url.'.txt',$new_file, LOCK_EX);
+ }
+ }
}
-
- # Network range 192.168.0.0-192.168.0.254
- if (preg_match("/(\d+\.\d+\.\d+\.\d+)-(\d+\.\d+\.\d+\.\d+)/",$line,$matches))
- $cidr= pfblocker_Range2CIDR($matches[1],$matches[2]);
- if ($cidr != ""){
- ${$row['action']}.= $cidr."\n";
- $new_file.= $cidr."\n";
+ #check custom network list
+ if (pfb_text_area_decode($list['custom']) != "")
+ ${$alias}.=pfb_text_area_decode($list['custom'])."\n";
+ #save alias file if not empty
+ if (${$alias} == ""){
+ if (file_exists($pfb_alias_dir.'/'.$alias.'.txt'))
+ unlink($pfb_alias_dir.'/'.$alias.'.txt');
}
+ else{
+ file_put_contents($pfb_alias_dir.'/'.$alias.'.txt',${$alias}, LOCK_EX);
+ #create alias
+ $new_aliases[]=array("name"=> $alias,
+ "url"=> $web_local.'?pfb='.$alias,
+ "updatefreq"=> "32",
+ "address"=>"",
+ "descr"=> "pfBlocker user list",
+ "type"=> "urltable",
+ "detail"=> "DO NOT EDIT THIS ALIAS");
+ #Create rule if action permits
+ switch($list['action']){
+ case "Deny_Outbound":
+ $rule = $base_rule;
+ $rule["type"] = $deny_action_outbound;
+ $rule["descr"]= "pfBlocker Outbound rule";
+ $rule["source"]=array("any"=>"");
+ $rule["destination"]= array("address"=> $alias);
+ if ($pfblocker_config['enable_log'])
+ $rule["log"]="";
+ $deny_outbound[]=$rule;
+ break;
+ case "Deny_Inbound":
+ $rule = $base_rule;
+ $rule["type"] = $deny_action_inbound;
+ $rule["descr"]= "pfBlocker Inbound rule";
+ $rule["source"]= array("address"=> $alias);
+ $rule["destination"]=array("any"=>"");
+ if ($pfblocker_config['enable_log'])
+ $rule["log"]="";
+ $deny_inbound[]=$rule;
+ break;
+ case "Permit_Outbound":
+ $rule = $base_rule;
+ $rule["type"] = "pass";
+ $rule["descr"]= "pfBlocker Outbound rule";
+ $rule["source"]=array("any"=>"");
+ $rule["destination"]= array("address"=> $alias);
+ if ($pfblocker_config['enable_log'])
+ $rule["log"]="";
+ $permit_outbound[]=$rule;
+ break;
+ case "Permit_Inbound":
+ $rule = $base_rule;
+ $rule["type"] = "pass";
+ $rule["descr"]= "pfBlocker Inbound rule";
+ $rule["source"]= array("address"=> $alias);
+ $rule["destination"]=array("any"=>"");
+ if ($pfblocker_config['enable_log'])
+ $rule["log"]="";
+ $permit_inbound[]=$rule;
+ break;
+ }
+ }
+ #mark pfctl aliastable for cleanup
+ if (!in_array($alias, $aliases_list))
+ $aliases_list[]=$alias;
+ }
+ else{
+ #unlink previous pfblocker alias list if any
+ if (file_exists($pfb_alias_dir.'/'.$alias.'.txt'))
+ unlink($pfb_alias_dir.'/'.$alias.'.txt');
}
- if ($new_file != "")
- file_put_contents($pfbdir.'/'.$md5_url.'.txt',$new_file, LOCK_EX);
- }
- #print $row['url']."<br>" .$md5_url.".txt<br>";
- #var_dump(gzfile($row['url']));
- }
-
- #create all country block lists based on gui
- file_put_contents('/usr/local/pkg/pfb_in.txt',$ips_in, LOCK_EX);
-
- #create all country block lists based on gui
- file_put_contents('/usr/local/pkg/pfb_out.txt',$ips_out, LOCK_EX);
-
- #write white_list to filesystem
- file_put_contents('/usr/local/pkg/pfb_w.txt',$whitelist, LOCK_EX);
-
-
- #edit or assign alias "pfblockerInbound", "pfblockerOutbound" and "pfblockerWL"
- $aliases=$config['aliases']['alias'];
- $new_aliases=array();
- $pfBlockerInbound='/var/db/aliastables/pfBlockerInbound.txt';
- if ($ips_in != "" && $config['installedpackages']['pfblocker']['config'][0]['enable_cb'] == "on"){
- #create or reaply alias
- $new_aliases[]=array("name"=> 'pfBlockerInbound',
- "url"=> $web_local.'?pfb=in',
- "updatefreq"=> "7",
- "address"=>"",
- "descr"=> "pfBlocker Inbound deny list",
- "type"=> "urltable",
- "detail"=> "DO NOT EDIT THIS ALIAS");
- #force alias file update
- if (file_exists($pfBlockerInbound))
- file_put_contents($pfBlockerInbound,$ips_in, LOCK_EX);
- }
- else{
- #remove previous aliastable if exist
- if (file_exists($pfBlockerInbound))
- unlink($pfBlockerInbound);
- }
- $pfBlockerOutbound='/var/db/aliastables/pfBlockerOutbound.txt';
- if ($ips_out != "" && $config['installedpackages']['pfblocker']['config'][0]['enable_cb'] == "on"){
- #create or reaply alias
- $new_aliases[]=array("name"=> 'pfBlockerOutbound',
- "url"=> $web_local.'?pfb=out',
- "updatefreq"=> "7",
- "address"=>"",
- "descr"=> "pfBlocker Outbound deny list",
- "type"=> "urltable",
- "detail"=> "DO NOT EDIT THIS ALIAS");
- #force alias file update
- if (file_exists($pfBlockerOutbound))
- file_put_contents($pfBlockerOutbound,$ips_out, LOCK_EX);
}
- else{
- #remove previous aliastable if exist
- if (file_exists($pfBlockerOutbound))
- unlink($pfBlockerOutbound);
- }
-
- $pfblockerWL='/var/db/aliastables/pfBlockerWL.txt';
- if ($whitelist != "" && $config['installedpackages']['pfblocker']['config'][0]['enable_cb'] == "on"){
- #create or reaply alias
- $new_aliases[]=array("name"=> 'pfBlockerWL',
- "url"=> $web_local.'?pfb=white',
- "updatefreq"=> "7",
- "address"=>"",
- "descr"=> "pfBlocker White list",
- "type"=> "urltable",
- "detail"=> "DO NOT EDIT THIS ALIAS");
- #force alias file update
- if (file_exists($pfblockerWL))
- file_put_contents($pfblockerWL,$whitelist, LOCK_EX);
+ #update pfsense alias table
+ $aliases=$config['aliases']['alias'];
+ foreach($aliases as $cbalias){
+ if (preg_match("/pfBlocker/",$cbalias['name'])){
+ #mark pfctl aliastable for cleaning
+ if (!in_array($cbalias['name'], $aliases_list))
+ $aliases_list[]=$cbalias['name']; #mark aliastable for cleaning
+ #remove previous aliastable file if exist
+ $aliastablefile="/var/db/aliastables/".$cbalias['name'].".txt";
+ if (file_exists($aliastablefile))
+ unlink($aliastablefile);
+ }
+ else{
+ $new_aliases[]= $cbalias;
+ if (file_exists($pfb_alias_dir.'/'.$alias.'.txt') && $message ==""){
+ preg_match("/(\d+)/",exec("/usr/bin/wc -l ".$pfb_alias_dir.'/'.$alias.'.txt'),$matches);
+ }
+ if (($matches[1] * 2.1)>= $table_limit )
+ #alias table too large
+ $message= $alias .' alias table is too large. Reduce networks in list or increase "Firewall Maximum Table Entries" value to at least '. (int)($matches[1] * 2.1) .' in "system - advanced - Firewall/NAT".';
+ }
}
- else{
- #remove previous aliastable if exist
- if (file_exists($pfblockerWL))
- unlink($pfblockerWL);
- }
+ #apply new alias table to xml
+ if ($message == "")
+ $config['aliases']['alias']=$new_aliases;
+ #exit;
+ #############################################
+ # Assign rules #
+ #############################################
+ #print "<pre>";
+ #var_dump($permit_inbound);
+ #var_dump($permit_outbound);
+ #var_dump($deny_inbound);
+ #var_dump($deny_outbound);
+ #var_dump($pfblocker_config['inbound_interface']);
+ #print count($deny_inbound) .count($deny_inbound);
- if (is_array($aliases))
- foreach($aliases as $cbalias){
- if (! preg_match("/pfBlocker.*list/",$cbalias['descr']))
- $new_aliases[]= $cbalias;
- }
- $config['aliases']['alias']=$new_aliases;
-
- # check pfBlocker filter options
- $ifaces = $pfblocker_config['inbound_interface'];
- if ($ifaces != "")
- foreach (explode(",", $ifaces) as $i => $iface) {
- if ($whitelist != "" && $iface != ""){
- ${$iface}[0]=array("id" => "",
- "type"=>"pass",
- "tag"=> "",
- "interface" => $iface,
- "tagged"=> "",
- "max"=> "",
- "max-src-nodes"=>"",
- "max-src-conn"=> "",
- "max-src-states"=>"",
- "statetimeout"=>"",
- "statetype"=>"keep state",
- "os"=> "",
- "source"=>array("address"=>"pfBlockerWL"),
- "destination"=>array("any"=>""),
- "descr"=>"pfBlocker Whitelist rule");
-
- if ($pfblocker_config['enable_log'])
- ${$iface}[0]["log"]="";
- }
- if ($ips_in != "" && $iface != ""){
- $action=($pfblocker_config['inbound_deny_action']!= ""?$pfblocker_config['inbound_deny_action']:"block");
- ${$iface}[1]=array( "id" => "",
- "type"=>$action,
- "tag"=> "",
- "interface" => $iface,
- "tagged"=> "",
- "max"=> "",
- "max-src-nodes"=>"",
- "max-src-conn"=> "",
- "max-src-states"=>"",
- "statetimeout"=>"",
- "statetype"=>"keep state",
- "os"=> "",
- "source"=>array("address"=>"pfBlockerInbound"),
- "destination"=>array("any"=>""),
- "descr"=>"pfBlocker Inbound deny rule");
-
- if ($pfblocker_config['enable_log'])
- ${$iface}[1]["log"]="";
+ # Inbound filter options
+ $inbound_interface = $pfblocker_config['inbound_interface'];
+ if (count($deny_inbound) > 0 || count($permit_inbound) > 0){
+ if($inbound_interface == "")
+ $message="Unable to apply rules.Inbound Interface option not configured.";
+ if ($inbound_interface == "lo0")
+ $message="Floating rules are not implemented in pfBlocker yet, choose Inbound Interface other than loopback or change action to Alias only.";
}
- }
- $ifaces = $pfblocker_config['outbound_interface'];
- if ($ifaces != "")
- foreach (explode(",", $ifaces) as $i => $iface) {
- if ($whitelist != "" && $iface != ""){
- ${$iface}[2]=array( "id" => "",
- "type"=>"pass",
- "tag"=> "",
- "interface" => $iface,
- "tagged"=> "",
- "max"=> "",
- "max-src-nodes"=>"",
- "max-src-conn"=> "",
- "max-src-states"=>"",
- "statetimeout"=>"",
- "statetype"=>"keep state",
- "os"=> "",
- "source"=>array("any"=>""),
- "destination"=>array("address"=>"pfBlockerWL"),
- "descr"=>"pfBlocker Whitelist rule");
- if ($pfblocker_config['enable_log'])
- ${$iface}[2]["log"]="";
- }
- if ($ips_out != "" && $iface != ""){
- $action=($pfblocker_config['outbound_deny_action']!= ""?$pfblocker_config['outbound_deny_action']:"block");
- ${$iface}[3]= array("id" => "",
- "type"=>$action,
- "tag"=> "",
- "interface" => $iface,
- "tagged"=> "",
- "max"=> "",
- "max-src-nodes"=>"",
- "max-src-conn"=> "",
- "max-src-states"=>"",
- "statetimeout"=>"",
- "statetype"=>"keep state",
- "os"=> "",
- "source"=>array("any"=>""),
- "destination"=>array("address"=>"pfBlockerOutbound"),
- "descr"=>"pfBlocker Outbound deny rule");
- if ($pfblocker_config['enable_log'])
- ${$iface}[3]["log"]="";
-
+
+ # Outbound filter options
+ $outbound_interface = $pfblocker_config['outbound_interface'];
+ if (count($deny_outbound) > 0 || count($permit_outbound) > 0){
+ if($outbound_interface == "")
+ $message="Unable to apply rules.Outbound Interface option not configured.";
+ if ($outbound_interface == "lo0")
+ $message="Floating rules are not implemented in pfBlocker yet, choose Outbound Interface other than loopback or change action to Alias only.";
}
-
- }
- $last_iface="";
- $rules=$config['filter']['rule'];
- foreach ($rules as $rule){
- if ($rule['interface'] <> $last_iface){
- $last_iface = $rule['interface'];
- #apply pfblocker rules if enabled
- if ($config['installedpackages']['pfblocker']['config'][0]['enable_cb'] == "on" && is_array(${$rule['interface']}))
- foreach (${$rule['interface']} as $cb_rules)
- $new_rules[]=$cb_rules;
+
+ if ($message == "")
+ {
+ $last_iface="";
+ $rules=$config['filter']['rule'];
+ $new_rules=array();
+ foreach ($rules as $rule){
+ if ($rule['interface'] <> $last_iface){
+ $last_iface = $rule['interface'];
+ #apply pfblocker rules if enabled
+
+ #Inbound
+ if (preg_match("/$last_iface/",$inbound_interface)){
+ #permit rules
+ if (is_array($permit_inbound))
+ foreach ($permit_inbound as $cb_rules){
+ $cb_rules['interface']=$rule['interface'];
+ $new_rules[]=$cb_rules;
+ }
+ #deny rules
+ if (is_array($deny_inbound))
+ foreach ($deny_inbound as $cb_rules){
+ $cb_rules['interface']=$rule['interface'];
+ $new_rules[]=$cb_rules;
+ }
+ }
+ #Outbound
+ if (preg_match("/$last_iface/",$outbound_interface)){
+ #permit rules
+ if (is_array($permit_outbound))
+ foreach ($permit_outbound as $cb_rules){
+ $cb_rules['interface']=$rule['interface'];
+ $new_rules[]=$cb_rules;
+ }
+ #deny rules
+ if (is_array($deny_outbound))
+ foreach ($deny_outbound as $cb_rules){
+ $cb_rules['interface']=$rule['interface'];
+ $new_rules[]=$cb_rules;
+ }
+ }
+ }
+ #include all rules that is not from pfBlocker
+ if (!preg_match("/pfBlocker.*rule/",$rule['descr']) && $rule['interface'] != "")
+ $new_rules[]=$rule;
}
- if (!preg_match("/pfBlocker.*rule/",$rule['descr']))
- $new_rules[]=$rule;
- }
- $config['filter']['rule']=$new_rules;
-
- #check aliastable size
- preg_match("/(\d+)/",exec("/usr/bin/wc -l /usr/local/pkg/pfb_in.txt"),$matches);
- $count_ips_in = $matches[1];
- preg_match("/(\d+)/",exec("/usr/bin/wc -l /usr/local/pkg/pfb_out.txt"),$matches);
- $count_ips_out = $matches[1];
- preg_match("/(\d+)/",exec("/usr/bin/wc -l /usr/local/pkg/pfb_w.txt"),$matches);
- $count_ips_w = $matches[1];
-
- #get higher value
- $max=$count_ips_in;
- if ($max < $count_ips_out)
- $max = $count_ips_out;
- if ($max < $count_ips_w)
- $max = $count_ips_w;
- $sum=($count_ips_in + $count_ips_out + $count_ips_w);
- #check table size client option
- $table_limit =($config['system']['maximumtableentries']!= ""?$config['system']['maximumtableentries']:"100000");
+ $config['filter']['rule']=$new_rules;
+ }
- #check for possible table size erros
- $error_message="";
- if ($count_ips_in >= $table_limit )
- $message='pfBlockerInbound alias table is too large. Reduce Inbound list or increase "Firewall Maximum Table Entries" value to at least '.($sum +1000).' in "system - advanced - Firewall/NAT".';
- if ($count_ips_out >= $table_limit )
- $message='pfBlockerOutbound alias table is too large. Reduce Outbound List or increase "Firewall Maximum Table Entries" value to at least '.($sum +1000).' in "system - advanced - Firewall/NAT".';
- if ($count_ips_w >= $table_limit )
- $message='pfBlockerWL alias table is too large. Reduce whitelist or increase "Firewall Maximum Table Entries" value to at least '.($sum +1000).' in "system - advanced - Firewall/NAT ".';
-
if ($message == ""){
- #save and apply all changes*/
+ #save and apply all changes
+ # to be removed in final version
+ $aliases_list[]="pfBlockerInbound"; #remove previous version lists
+ $aliases_list[]="pfBlockerOutbound";#remove previous version lists
+ $aliases_list[]="pfBlockerWL"; #remove previous version lists
+ #exit;
#update pfctrl tables
- $tables = array ('pfBlockerOutbound' => 'pfb_out.txt',
- 'pfBlockerInbound' => 'pfb_in.txt',
- 'pfBlockerWL' => 'pfb_w.txt');
- foreach ($tables as $table => $pfb_file)
- exec("/sbin/pfctl -t " . escapeshellarg($table) . " -T replace -f /usr/local/pkg/" . escapeshellarg($pfb_file) . " 2>&1", $result_pfb);
+ foreach ($aliases_list as $table)
+ exec("/sbin/pfctl -t " . escapeshellarg($table) . " -T kill 2>&1", $result_pfb);
#write config
write_config();
@@ -485,6 +536,7 @@ function pfblocker_do_xmlrpc_sync($sync_to_ip, $password) {
/* xml will hold the sections to sync */
$xml = array();
$xml['pfblocker'] = $config['installedpackages']['pfblocker'];
+ $xml['pfblockerlists'] = $config['installedpackages']['pfblockerlists'];
$xml['pfblockertopspammers'] = $config['installedpackages']['pfblockertopspammers'];
$xml['pfblockerafrica'] = $config['installedpackages']['pfblockerafrica'];
$xml['pfblockerantartica'] = $config['installedpackages']['pfblockerantartica'];
diff --git a/config/pf-blocker/pfblocker.php b/config/pf-blocker/pfblocker.php
index f1dd85f5..b6c595ab 100644
--- a/config/pf-blocker/pfblocker.php
+++ b/config/pf-blocker/pfblocker.php
@@ -1,29 +1,27 @@
<?php
function get_networks($pfb){
- if ($pfb==1)
- $return= file_get_contents('/usr/local/pkg/pfb_in.txt');
- if ($pfb==2)
- $return= file_get_contents('/usr/local/pkg/pfb_out.txt');
- if ($pfb==3)
- $return=file_get_contents('/usr/local/pkg/pfb_w.txt');
- #print "<pre>";
- print $return;
+ $file='/usr/local/pkg/pfblocker_aliases/'.$pfb.'.txt';
+ if ($file)
+ $return= file_get_contents($file);
+ print $return;
}
# to be uncomented when this packages gets stable state
#if($_SERVER['REMOTE_ADDR']== '127.0.0.1'){
-switch ($_REQUEST['pfb']){
- case "in":
- get_networks(1);
- break;
- case "out":
- get_networks(2);
- break;
- case "white":
- get_networks(3);
- break;
-}
+if (preg_match("/(\w+)/",$_REQUEST['pfb'],$matches))
+ get_networks($matches[1]);
#}
+
+if ($argv[1]=='cron' && preg_match("/\d+/",$argv[2],$matches)){
+ #require_once("/etc/inc/util.inc");
+ #require_once("/etc/inc/functions.inc");
+ #require_once("/etc/inc/etpkg-utils.inc");
+ #require_once("/etc/inc/globals.inc");
+ #require_once("/etc/inc/filter.inc");
+ include "/usr/local/pkg/pfblocker.inc";
+ print "id".$argv[2];
+ sync_package_pfblocker($argv[2]);
+ }
function pfblocker_get_countries(){
$files= array ( "Africa" => "/usr/local/pkg/Africa_cidr.txt",
@@ -124,6 +122,10 @@ $xml= <<<EOF
<url>/pkg_edit.php?xml=pfblocker.xml&amp;id=0</url>
</tab>
<tab>
+ <text>Lists</text>
+ <url>/pkg.php?xml=pfblocker_lists.xml</url>
+ </tab>
+ <tab>
<text>Top Spammers</text>
<url>/pkg_edit.php?xml=pfblocker_topspammers.xml&amp;id=0</url>
{$active['top']}
@@ -166,22 +168,45 @@ $xml= <<<EOF
</tabs>
<fields>
<field>
- <name>Continent {$cont}</name>
- <type>listtopic</type>
+ <name>Continent {$cont}</name>
+ <type>listtopic</type>
+ </field>
+ <field>
+ <fielddescr>Countries</fielddescr>
+ <fieldname>countries</fieldname>
+ <description>
+ <![CDATA[Select Countries you want to take an action.<br>
+ <strong>Use CTRL + CLICK to unselect countries</strong>]]>
+ </description>
+ <type>select</type>
+ <options>
+ {$options}
+ </options>
+ <size>{$total}</size>
+ <multiple/>
</field>
<field>
- <fielddescr>Countries</fielddescr>
- <fieldname>countries</fieldname>
- <description>
- <![CDATA[Select Countries you want to block.]]>
- </description>
+ <fielddescr>Action</fielddescr>
+ <fieldname>action</fieldname>
+ <description><![CDATA[Default:<strong>Disabled</strong><br>
+ Select action for countries you have selected in {$cont}<br><br>
+ <strong>Note: </strong><br>'Deny Inbound' - Will deny access from selected countries to your network.<br>
+ 'Deny Outbound' - Will deny access from your users to countries you selected to block<br>
+ 'Permit Inbound' - Will allow access from selected countries to your network.<br>
+ 'Permit Outbound' - Will allow access from your users to countries you selected to block<br>
+ 'Alias Only' - Will create alias <strong>{$cont}</strong> with selected countries to help custom rule assignments.<br>
+ 'Disabled' - Will just keep selection and do nothing to selected countries.<br>]]></description>
<type>select</type>
<options>
- {$options}
- </options>
- <size>{$total}</size>
- <multiple/>
- </field> </fields>
+ <option><name>Disabled</name><value>Disabled</value></option>
+ <option><name>Deny Inbound</name><value>Deny_Inbound</value></option>
+ <option><name>Deny Outbound</name><value>Deny_Outbound</value></option>
+ <option><name>Permit Inbound</name><value>Permit_Inbound</value></option>
+ <option><name>Permit Outbound</name><value>Permit_Outbound</value></option>
+ <option><name>Alias only</name><value>Alias_only</value></option>
+ </options>
+ </field>
+ </fields>
<custom_php_install_command>
pfblocker_php_install_command();
</custom_php_install_command>
@@ -201,4 +226,4 @@ EOF;
}
}
-?> \ No newline at end of file
+?>
diff --git a/config/pf-blocker/pfblocker.xml b/config/pf-blocker/pfblocker.xml
index 77a81e24..eef4c882 100755
--- a/config/pf-blocker/pfblocker.xml
+++ b/config/pf-blocker/pfblocker.xml
@@ -50,7 +50,7 @@
<name>pfBlocker</name>
<tooltiptext>Configure pfblocker</tooltiptext>
<section>Firewall</section>
- <url>pkg_edit.php?xml=pfblocker.xml&amp;id=0</url>
+ <url>pkg_edit.php?xml=pfblocker.xml</url>
</menu>
<additional_files_needed>
<item>http://www.pfsense.org/packages/config/pf-blocker/pfblocker.inc</item>
@@ -73,6 +73,11 @@
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
+ <item>http://www.pfsense.org/packages/config/pf-blocker/pfblocker_lists.xml</item>
+ <prefix>/usr/local/pkg/</prefix>
+ <chmod>0755</chmod>
+ </additional_files_needed>
+ <additional_files_needed>
<item>http://www.pfsense.org/packages/config/pf-blocker/pfblocker_sync.xml</item>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
@@ -114,6 +119,11 @@
<active/>
</tab>
<tab>
+ <text>Lists</text>
+ <url>/pkg.php?xml=pfblocker_lists.xml</url>
+ </tab>
+
+ <tab>
<text>Top Spammers</text>
<url>/pkg_edit.php?xml=pfblocker_topspammers.xml&amp;id=0</url>
</tab>
@@ -169,8 +179,7 @@
<field>
<fielddescr>Inbound Interface(s)</fielddescr>
<fieldname>inbound_interface</fieldname>
- <description><![CDATA[Default: <strong>WAN</strong><br>Select interface(s) that you want to block incoming traffic.<br>
- If you want to create custom inbound rules for blocked countries based on pfBlocker firewall alias, leave this list empty.]]></description>
+ <description><![CDATA[Default: <strong>WAN</strong><br>Select interface(s) that you want to block incoming traffic.]]></description>
<type>interfaces_selection</type>
<required/>
<multiple/>
@@ -189,8 +198,7 @@
<field>
<fielddescr>Outbound Interface(s)</fielddescr>
<fieldname>outbound_interface</fieldname>
- <description><![CDATA[Default:<strong>LAN</strong> or none.<br>Select interface(s) that you do not want to send outgoing traffic.<br>
- If you want to create custom outbound rules for blocked countries based on pfBlocker firewall alias, leave this list empty.]]></description>
+ <description><![CDATA[Default:<strong>LAN</strong> or none.<br>Select interface(s) that you do not want to send outgoing traffic.]]></description>
<type>interfaces_selection</type>
<required/>
<multiple/>
@@ -206,115 +214,7 @@
<option><name>Block</name><value>block</value></option>
</options>
</field>
-
- <field>
- <name>Network ranges / CIDR lists</name>
- <type>listtopic</type>
- </field>
-
- <field>
- <fielddescr>Country Action</fielddescr>
- <fieldname>countryblock</fieldname>
- <description><![CDATA[Default:<strong>Block Inbound</strong><br>
- Select action for countries you have selected<br><br>
- <strong>Note: </strong><br>'Deny Inbound' traffic will deny access from selected countries to your network.<br>
- 'Deny Outgoing' traffic will deny access from your users to countries you selected to block<br>
- 'Whitelist' will allow access from and to selected countries to your network.<br>
- 'None' will not apply rules to selected countries.]]></description>
- <type>select</type>
- <options>
- <option><name>Deny Inbound</name><value>inbound</value></option>
- <option><name>Deny Outbound</name><value>outbound</value></option>
- <option><name>Deny Inbound and Outbound</name><value>both</value></option>
- <option><name>whitelist</name><value>whitelist</value></option>
- <option><name>None</name><value>none</value></option>
- </options>
- </field>
- <field>
- <fielddescr>Update frequency</fielddescr>
- <fieldname>update</fieldname>
- <description><![CDATA[Default:<strong>Never</strong><br>
- Select how often pfsense will download List files]]></description>
- <type>select</type>
- <options>
- <option><name>Never</name><value>never</value></option>
- <option><name>Every 4 Hours</name><value>4hours</value></option>
- <option><name>Every 12 Hours</name><value>12hours</value></option>
- <option><name>Once a day</name><value>day</value></option>
- <option><name>Once a week</name><value>week</value></option>
- </options>
- </field>
- <field>
- <fielddescr><![CDATA[Lists]]></fielddescr>
- <fieldname>none</fieldname>
- <description><![CDATA[In 'list action' choose the way you want to use the list and in 'Format' choose the file format on url.<br>
- ON url field, add direct link to list (Example: <a target=_new href='http://list.iblocklist.com/?list=bt_ads&fileformat=p2p&archiveformat=gz'>Ads</a>,
- <a target=_new href='http://list.iblocklist.com/?list=bt_spyware&fileformat=p2p&archiveformat=gz'>Spyware</a>,
- <a target=_new href='http://list.iblocklist.com/?list=bt_proxy&fileformat=p2p&archiveformat=gz'>Proxies</a> )<br>
- Compressed lists must be in gz format.<br>
- File must have only one network per line and could follows PeerBlock syntax or this below:<br>
- Network ranges: <strong>172.16.1.0-172.16.1.255</strong><br>
- CIDR: <strong>172.16.1.0/24</strong>
- ]]></description>
- <type>rowhelper</type>
- <rowhelper>
- <rowhelperfield>
- <fielddescr>List Action</fielddescr>
- <fieldname>action</fieldname>
- <type>select</type>
- <options>
- <option><name>Deny Inbound</name><value>ips_in</value></option>
- <option><name>Deny Outbound</name><value>ips_out</value></option>
- <option><name>whitelist</name><value>whitelist</value></option>
- <option><name>None</name><value>none</value></option>
- </options>
- </rowhelperfield>
- <rowhelperfield>
- <fielddescr>Format</fielddescr>
- <fieldname>format</fieldname>
- <type>select</type>
- <options>
- <option><name>gz</name><value>gz</value></option>
- <option><name>txt</name><value>txt</value></option>
- </options>
- </rowhelperfield>
- <rowhelperfield>
- <fielddescr>Url</fielddescr>
- <fieldname>url</fieldname>
- <type>input</type>
- <size>55</size>
- </rowhelperfield>
- </rowhelper>
- </field>
- <field>
- <name>List info help</name>
- <fieldname>list_info</fieldname>
- <description><![CDATA[In 'list action' choose the way you want to use the list and in 'Format' choose the file format on url.<br>
- ON url field, add direct link to list (Example: <a target=_new href='http://list.iblocklist.com/?list=bt_ads&fileformat=p2p&archiveformat=gz'>Ads</a>,
- <a target=_new href='http://list.iblocklist.com/?list=bt_spyware&fileformat=p2p&archiveformat=gz'>Spyware</a>,
- <a target=_new href='http://list.iblocklist.com/?list=bt_proxy&fileformat=p2p&archiveformat=gz'>Proxies</a> )<br>
- Compressed lists must be in gz format.<br>
- File must have only one network per line and could follows PeerBlock syntax or this below:<br>
- Network ranges: <strong>172.16.1.0-172.16.1.255</strong><br>
- CIDR: <strong>172.16.1.0/24</strong>
- ]]></description>
- <type>checkbox</type>
-
- </field>
- <field>
- <name>Custom list</name>
- <type>listtopic</type>
- </field>
- <field>
- <fielddescr>Whitelist</fielddescr>
- <fieldname>whitelist</fieldname>
- <description><![CDATA[Enter network you want to whitlist in CIDR format. One network per line.<br>
- Example: 192.168.1.0/24]]></description>
- <type>textarea</type>
- <cols>50</cols>
- <rows>06</rows>
- <encoding>base64</encoding>
- </field>
+
</fields>
<custom_php_install_command>
pfblocker_php_install_command();
diff --git a/config/pf-blocker/pfblocker_lists.xml b/config/pf-blocker/pfblocker_lists.xml
new file mode 100755
index 00000000..08574783
--- /dev/null
+++ b/config/pf-blocker/pfblocker_lists.xml
@@ -0,0 +1,237 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd">
+<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?>
+<packagegui>
+ <copyright>
+ <![CDATA[
+/* ========================================================================== */
+/*
+ pfblocker_lists.xml
+ part of pfSense (http://www.pfSense.com)
+ Copyright (C) 2010 Scott Ullrich <sullrich@gmail.com>
+ Copyright (C) 2011 Marcello Coutinho
+
+ All rights reserved.
+*/
+/* ========================================================================== */
+/*
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
+/* ========================================================================== */
+ ]]>
+ </copyright>
+ <description>Describe your package here</description>
+ <requirements>Describe your package requirements here</requirements>
+ <faq>Currently there are no FAQ items provided.</faq>
+ <name>pfblockerlists</name>
+ <version>1.0</version>
+ <title>Firewall: pfBlocker</title>
+ <include_file>/usr/local/pkg/pfblocker.inc</include_file>
+ <menu>
+ <name>pfBlocker </name>
+ <tooltiptext></tooltiptext>
+ <section>Firewall</section>
+ <configfile>pfblocker_lists.xml</configfile>
+ </menu>
+<tabs>
+ <tab>
+ <text>General</text>
+ <url>/pkg_edit.php?xml=pfblocker.xml&amp;id=0</url>
+ </tab>
+ <tab>
+ <text>Lists</text>
+ <url>/pkg.php?xml=pfblocker_lists.xml</url>
+ <active/>
+ </tab>
+
+ <tab>
+ <text>Top Spammers</text>
+ <url>/pkg_edit.php?xml=pfblocker_topspammers.xml&amp;id=0</url>
+ </tab>
+
+ <tab>
+ <text>Africa</text>
+ <url>/pkg_edit.php?xml=pfblocker_Africa.xml&amp;id=0</url>
+
+ </tab>
+ <tab>
+ <text>Asia</text>
+ <url>/pkg_edit.php?xml=pfblocker_Asia.xml&amp;id=0</url>
+
+ </tab>
+ <tab>
+ <text>Europe</text>
+ <url>/pkg_edit.php?xml=pfblocker_Europe.xml&amp;id=0</url>
+ </tab>
+ <tab>
+ <text>North America</text>
+ <url>/pkg_edit.php?xml=pfblocker_NorthAmerica.xml&amp;id=0</url>
+ </tab>
+ <tab>
+ <text>Oceania</text>
+ <url>/pkg_edit.php?xml=pfblocker_Oceania.xml&amp;id=0</url>
+ </tab>
+ <tab>
+ <text>South America</text>
+ <url>/pkg_edit.php?xml=pfblocker_SouthAmerica.xml&amp;id=0</url>
+ </tab>
+ <tab>
+ <text>XMLRPC Sync</text>
+ <url>/pkg_edit.php?xml=pfblocker_sync.xml&amp;id=0</url>
+ </tab>
+</tabs>
+ <adddeleteeditpagefields>
+ <columnitem>
+ <fielddescr>Alias</fielddescr>
+ <fieldname>aliasname</fieldname>
+ </columnitem>
+ <columnitem>
+ <fielddescr>Description</fielddescr>
+ <fieldname>description</fieldname>
+ </columnitem>
+
+ <columnitem>
+ <fielddescr>Action</fielddescr>
+ <fieldname>action</fieldname>
+ </columnitem>
+ <columnitem>
+ <fielddescr>Update Frequency</fielddescr>
+ <fieldname>cron</fieldname>
+ </columnitem>
+ </adddeleteeditpagefields>
+ <fields>
+ <field>
+ <name>Network ranges / CIDR lists</name>
+ <type>listtopic</type>
+ </field>
+ <field>
+ <fielddescr>Alias Name</fielddescr>
+ <fieldname>aliasname</fieldname>
+ <description><![CDATA[Enter lists Alias Names.<br>
+ Example: Badguys<br>
+ Do not include pfBlocker name, it's done by package.<br>
+ <strong>International, special or space caracters will be ignored in pfsense alias name.</strong><br>]]></description>
+ <type>input</type>
+ <size>20</size>
+ </field>
+ <field>
+ <fielddescr>List Description</fielddescr>
+ <fieldname>description</fieldname>
+ <type>input</type>
+ <size>90</size>
+ </field>
+ <field>
+ <fielddescr><![CDATA[Lists]]></fielddescr>
+ <fieldname>none</fieldname>
+ <description><![CDATA['Format' - Choose the file format that url will retrieve or local file format.<br>
+ 'Url or local file' - Add direct link to list (Example: <a target=_new href='http://list.iblocklist.com/?list=bt_ads&fileformat=p2p&archiveformat=gz'>Ads</a>,
+ <a target=_new href='http://list.iblocklist.com/?list=bt_spyware&fileformat=p2p&archiveformat=gz'>Spyware</a>,
+ <a target=_new href='http://list.iblocklist.com/?list=bt_proxy&fileformat=p2p&archiveformat=gz'>Proxies</a> )<br>
+ <br><strong>Note: </strong><br>
+ Compressed lists must be in gz format.<br>
+ Downloaded or local file must have only one network per line and could follows PeerBlock syntax or this below:<br>
+ Network ranges: <strong>172.16.1.0-172.16.1.255</strong><br>
+ IP Address: <strong>172.16.1.10</strong><br>
+ CIDR: <strong>172.16.1.0/24</strong>
+ ]]></description>
+ <type>rowhelper</type>
+ <rowhelper>
+ <rowhelperfield>
+ <fielddescr>Format</fielddescr>
+ <fieldname>format</fieldname>
+ <type>select</type>
+ <options>
+ <option><name>gz</name><value>gz</value></option>
+ <option><name>txt</name><value>txt</value></option>
+ </options>
+ </rowhelperfield>
+ <rowhelperfield>
+ <fielddescr>Url or localfile</fielddescr>
+ <fieldname>url</fieldname>
+ <type>input</type>
+ <size>75</size>
+ </rowhelperfield>
+ </rowhelper>
+ </field>
+ <field>
+ <fielddescr>List Action</fielddescr>
+ <description><![CDATA[Default:<strong>Deny Inbound</strong><br>
+ Select action for network on lists you have selected.<br><br>
+ <strong>Note: </strong><br>'Deny Inbound' - Will deny access from selected countries to your network.<br>
+ 'Deny Outbound' - Will deny access from your users to countries you selected to block<br>
+ 'Permit Inbound' - Will allow access from selected countries to your network.<br>
+ 'Permit Outbound' - Will allow access from your users to countries you selected to block<br>
+ 'Alias Only' - Will create an alias with selected countries to help custom rule assignments.<br>
+ 'Disabled' - Will just keep selection and do nothing to selected countries.<br>]]></description>
+ <fieldname>action</fieldname>
+ <type>select</type>
+ <options>
+ <option><name>Deny Inbound</name><value>Deny_Inbound</value></option>
+ <option><name>Deny Outbound</name><value>Deny_Outbound</value></option>
+ <option><name>Permit Inbound</name><value>Permit_Inbound</value></option>
+ <option><name>Permit Outbound</name><value>Permit_Outbound</value></option>
+ <option><name>Alias only</name><value>Alias_only</value></option>
+ <option><name>Disabled</name><value>Disabled</value></option>
+ </options>
+ </field>
+ <field>
+ <fielddescr>Update frequency</fielddescr>
+ <fieldname>cron</fieldname>
+ <description><![CDATA[Default:<strong>Never</strong><br>
+ Select how often pfsense will download List files]]></description>
+ <type>select</type>
+ <options>
+ <option><name>Never</name><value>Never</value></option>
+ <option><name>Every 4 Hours</name><value>04hours</value></option>
+ <option><name>Every 12 Hours</name><value>12hours</value></option>
+ <option><name>Once a day</name><value>Day</value></option>
+ <option><name>Once a week</name><value>Week</value></option>
+ </options>
+ </field>
+ <field>
+ <name>Custom list</name>
+ <type>listtopic</type>
+ </field>
+ <field>
+ <fielddescr>CIDR</fielddescr>
+ <fieldname>custom</fieldname>
+ <description><![CDATA[Enter networks you want to include in this alias. One network per line in CIDR format.<br>
+ Example: 192.168.1.0/24]]></description>
+ <type>textarea</type>
+ <cols>50</cols>
+ <rows>10</rows>
+ <encoding>base64</encoding>
+ </field>
+ </fields>
+ <custom_php_install_command>
+ pfblocker_php_install_command();
+ </custom_php_install_command>
+ <custom_php_deinstall_command>
+ pfblocker_php_deinstall_command();
+ </custom_php_deinstall_command>
+ <custom_php_validation_command>
+ pfblocker_validate_input($_POST, &amp;$input_errors);
+ </custom_php_validation_command>
+ <custom_php_resync_config_command>
+ sync_package_pfblocker();
+ </custom_php_resync_config_command>
+</packagegui> \ No newline at end of file
diff --git a/config/pf-blocker/pfblocker_sync.xml b/config/pf-blocker/pfblocker_sync.xml
index 43cca1f9..41e5403c 100644
--- a/config/pf-blocker/pfblocker_sync.xml
+++ b/config/pf-blocker/pfblocker_sync.xml
@@ -57,9 +57,15 @@
<url>/pkg_edit.php?xml=pfblocker.xml&amp;id=0</url>
</tab>
<tab>
+ <text>Lists</text>
+ <url>/pkg.php?xml=pfblocker_lists.xml</url>
+ </tab>
+
+ <tab>
<text>Top Spammers</text>
<url>/pkg_edit.php?xml=pfblocker_topspammers.xml&amp;id=0</url>
</tab>
+
<tab>
<text>Africa</text>
<url>/pkg_edit.php?xml=pfblocker_Africa.xml&amp;id=0</url>
diff --git a/config/pf-blocker/pfblocker_topspammers.xml b/config/pf-blocker/pfblocker_topspammers.xml
index dcb02524..f6bf8664 100644
--- a/config/pf-blocker/pfblocker_topspammers.xml
+++ b/config/pf-blocker/pfblocker_topspammers.xml
@@ -58,6 +58,10 @@
<url>/pkg_edit.php?xml=pfblocker.xml&amp;id=0</url>
</tab>
<tab>
+ <text>Lists</text>
+ <url>/pkg.php?xml=pfblocker_lists.xml</url>
+ </tab>
+ <tab>
<text>Top Spammers</text>
<url>/pkg_edit.php?xml=pfblocker_topspammers.xml&amp;id=0</url>
<active/>
@@ -102,7 +106,8 @@
<fielddescr>Top Spammers</fielddescr>
<fieldname>countries</fieldname>
<description>
- <![CDATA[Select top spammers countries you want to block.]]>
+ <![CDATA[Select top spammers countries you want to take an action.<br>
+ <strong>Use CTRL + CLICK to unselect countries</strong>]]>
</description>
<type>select</type>
<options>
@@ -120,6 +125,27 @@
<size>10</size>
<multiple/>
</field>
+ <field>
+ <fielddescr>Action</fielddescr>
+ <fieldname>action</fieldname>
+ <description><![CDATA[Default:<strong>Deny Inbound</strong><br>
+ Select action for countries you have selected.<br><br>
+ <strong>Note: </strong><br>'Deny Inbound' - Will deny access from selected countries to your network.<br>
+ 'Deny Outbound' - Will deny access from your users to countries you selected to block<br>
+ 'Permit Inbound' - Will allow access from selected countries to your network.<br>
+ 'Permit Outbound' - Will allow access from your users to countries you selected to block<br>
+ 'Alias Only' - Will create alias <strong>pfBlockerTopSpammers</strong> with selected countries to help custom rule assignments.
+ 'Disabled' - Will just keep selection and do nothing to selected countries.<br>]]></description>
+ <type>select</type>
+ <options>
+ <option><name>Deny Inbound</name><value>Deny_Inbound</value></option>
+ <option><name>Deny Outbound</name><value>Deny_Outbound</value></option>
+ <option><name>Permit Inbound</name><value>Permit_Inbound</value></option>
+ <option><name>Permit Outbound</name><value>Permit_Outbound</value></option>
+ <option><name>Alias only</name><value>Alias_only</value></option>
+ <option><name>Disabled</name><value>Disabled</value></option>
+ </options>
+ </field>
</fields>
<custom_php_install_command>
pfblocker_php_install_command();
diff --git a/pkg_config.8.xml b/pkg_config.8.xml
index a2c8d8b3..31da5095 100644
--- a/pkg_config.8.xml
+++ b/pkg_config.8.xml
@@ -61,12 +61,15 @@
<package>
<name>pfBlocker-dev</name>
<website/>
- <descr>Block countries and IP ranges. Replaces Countryblock and IPblocklist</descr>
+ <descr><![CDATA[Introduce Enhanced Aliastable Feature to pfsense.<br>
+ Assign many IP urls lists from sites like I-blocklist to a single alias and then choose rule action to take.<br>
+ This package also Block countries and IP ranges.<br>
+ pfBlocker replaces Countryblock and IPblocklist.]]></descr>
<category>Firewall</category>
<pkginfolink>http://forum.pfsense.org/index.php/topic,25732.0.html</pkginfolink>
<config_file>http://pfsense.org/packages/config/pf-blocker/pfblocker.xml</config_file>
<depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url>
- <version>0.1.3</version>
+ <version>0.1.4</version>
<status>Beta</status>
<required_version>2.0</required_version>
<maintainer>tom@tomschaefer.org marcellocoutinho@gmail.com</maintainer>
diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64
index 6db67733..4d41ac1c 100644
--- a/pkg_config.8.xml.amd64
+++ b/pkg_config.8.xml.amd64
@@ -135,12 +135,15 @@
<package>
<name>pfBlocker-dev</name>
<website/>
- <descr>Block countries and IP ranges. Replaces Countryblock and IPblocklist</descr>
+ <descr><![CDATA[Introduce Enhanced Aliastable Feature to pfsense.<br>
+ Assign many IP urls lists from sites like I-blocklist to a single alias and then choose rule action to take.<br>
+ This package also Block countries and IP ranges.<br>
+ pfBlocker replaces Countryblock and IPblocklist]]></descr>
<category>Firewall</category>
<pkginfolink>http://forum.pfsense.org/index.php/topic,25732.0.html</pkginfolink>
<config_file>http://pfsense.org/packages/config/pf-blocker/pfblocker.xml</config_file>
<depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url>
- <version>0.1.3</version>
+ <version>0.1.4</version>
<status>Beta</status>
<required_version>2.0</required_version>
<maintainer>tom@tomschaefer.org marcellocoutinho@gmail.com</maintainer>