diff options
25 files changed, 411 insertions, 395 deletions
diff --git a/config/havp/antivirus.php b/config/havp/antivirus.php index 0d66a6b3..bf5f1879 100644 --- a/config/havp/antivirus.php +++ b/config/havp/antivirus.php @@ -204,7 +204,7 @@ if (pfsense_version_A() == '1') { $tab_array[] = array(gettext("General page"), true, "antivirus.php"); $tab_array[] = array(gettext("HTTP proxy"), false, "pkg_edit.php?xml=havp.xml&id=0"); $tab_array[] = array(gettext("Settings"), false, "pkg_edit.php?xml=havp_avset.xml&id=0"); - $tab_array[] = array(gettext("Log"), false, "havp_log.php"); + $tab_array[] = array(gettext("HAVP Log"), false, "havp_log.php"); display_top_tabs($tab_array); ?> diff --git a/config/havp/havp.inc b/config/havp/havp.inc index 8118f695..1648bcb0 100644 --- a/config/havp/havp.inc +++ b/config/havp/havp.inc @@ -633,7 +633,7 @@ function havp_config_havp() # log $conf[] = "\n# log "; $conf[] = "ACCESSLOG " . HVDEF_HAVP_ACCESSLOG; - $conf[] = "ERRORLOG " . HVDEF_HAVP_ERRORLOG; + $conf[] = "ERRORLOG " . ($havp_config[F_LOG] === 'true' ? HVDEF_HAVP_ERRORLOG : "/dev/null"); # syslog $conf[] = "\n# syslog"; $conf[] = "USESYSLOG {$havp_config[F_SYSLOG]}"; diff --git a/config/havp/havp.xml b/config/havp/havp.xml index 51356862..f5afc2fe 100644 --- a/config/havp/havp.xml +++ b/config/havp/havp.xml @@ -56,7 +56,7 @@ <url>/pkg_edit.php?xml=havp_avset.xml&id=0</url> </tab> <tab> - <text>Log</text> + <text>HAVP Log</text> <url>/havp_log.php</url> </tab> </tabs> @@ -293,16 +293,16 @@ <default_value>on</default_value> </field> <field> - <fielddescr>Log</fielddescr> + <fielddescr>HAVP Log</fielddescr> <fieldname>log</fieldname> - <description>Check this for enable log.</description> + <description>Check this for enable HAVP log.</description> <type>checkbox</type> <enablefields>syslog</enablefields> </field> <field> - <fielddescr>Syslog</fielddescr> + <fielddescr>HAVP Syslog</fielddescr> <fieldname>syslog</fieldname> - <description>Check this for enable Syslog.</description> + <description>Check this for enable HAVP Syslog.</description> <type>checkbox</type> </field> </fields> diff --git a/config/havp/havp_avset.xml b/config/havp/havp_avset.xml index 1b0d5c5d..041c6f64 100644 --- a/config/havp/havp_avset.xml +++ b/config/havp/havp_avset.xml @@ -24,7 +24,7 @@ <active/> </tab> <tab> - <text>Log</text> + <text>HAVP Log</text> <url>/havp_log.php</url> </tab> </tabs> diff --git a/config/havp/havp_log.php b/config/havp/havp_log.php index 60c02fbf..f4a2dc2e 100644 --- a/config/havp/havp_log.php +++ b/config/havp/havp_log.php @@ -79,7 +79,7 @@ include("head.inc"); $tab_array[] = array(gettext("General page"), false, "antivirus.php"); $tab_array[] = array(gettext("HTTP proxy"), false, "pkg_edit.php?xml=havp.xml&id=0"); $tab_array[] = array(gettext("Settings"), false, "pkg_edit.php?xml=havp_avset.xml&id=0"); - $tab_array[] = array(gettext("Log"), true, "havp_log.php"); + $tab_array[] = array(gettext("HAVP Log"), true, "havp_log.php"); display_top_tabs($tab_array); ?> </td></tr> diff --git a/config/openvpn-client-export/vpn_openvpn_export.php b/config/openvpn-client-export/vpn_openvpn_export.php index 12ce01d0..8703d2da 100755 --- a/config/openvpn-client-export/vpn_openvpn_export.php +++ b/config/openvpn-client-export/vpn_openvpn_export.php @@ -601,7 +601,7 @@ function useproxy_changed(obj) { <td width="78%" class="vtable"> <select name="server" id="server" class="formselect" onchange="server_changed()"> <?php foreach($ras_server as & $server): ?> - <option value="<?=$server['sindex'];?>"><?=$server['name'];?></option> + <option value="<?=$server['index'];?>"><?=$server['name'];?></option> <?php endforeach; ?> </select> </td> diff --git a/config/pfblockerng/pfblockerng.inc b/config/pfblockerng/pfblockerng.inc index bc2ccfe1..d612dbf1 100644 --- a/config/pfblockerng/pfblockerng.inc +++ b/config/pfblockerng/pfblockerng.inc @@ -56,12 +56,12 @@ function pfb_global() { $pfb['aliasdir'] = "{$g['vardb_path']}/aliastables"; $pfb['logdir'] = "{$g['varlog_path']}/pfblockerng"; $pfb['etdir'] = "{$pfb['dbdir']}/ET"; - $pfb['ccdir'] = "{$pfb['dbdir']}/cc"; $pfb['nativedir'] = "{$pfb['dbdir']}/native"; $pfb['denydir'] = "{$pfb['dbdir']}/deny"; $pfb['matchdir'] = "{$pfb['dbdir']}/match"; $pfb['permitdir'] = "{$pfb['dbdir']}/permit"; $pfb['origdir'] = "{$pfb['dbdir']}/original"; + $pfb['ccdir'] = "/usr/pbi/pfblockerng-" . php_uname("m") . "/share/GeoIP"; # Create Folders if not Exist. $folder_array = array ("{$pfb['dbdir']}","{$pfb['logdir']}","{$pfb['ccdir']}","{$pfb['origdir']}","{$pfb['nativedir']}","{$pfb['denydir']}","{$pfb['matchdir']}","{$pfb['permitdir']}","{$pfb['aliasdir']}"); @@ -240,6 +240,101 @@ function pfb_create_suppression_file() { } +// IPv6 Range to CIDR function used courtesey from: +// https://github.com/stilez/pfsense-leases/blob/50cc0fa81dba5fe91bcddaea016c245d1b8479cc/etc/inc/util.inc +function ip_range_to_subnet_array_temp2($ip1, $ip2) { + + if (is_ipaddrv4($ip1) && is_ipaddrv4($ip2)) { + $proto = 'ipv4'; // for clarity + $bits = 32; + $ip1bin = decbin(ip2long32($ip1)); + $ip2bin = decbin(ip2long32($ip2)); + } elseif (is_ipaddrv6($ip1) && is_ipaddrv6($ip2)) { + $proto = 'ipv6'; + $bits = 128; + $ip1bin = Net_IPv6::_ip2Bin($ip1); + $ip2bin = Net_IPv6::_ip2Bin($ip2); + } else + return array(); + + // it's *crucial* that binary strings are guaranteed the expected length; do this for certainty even though for IPv6 it's redundant + $ip1bin = str_pad($ip1bin, $bits, '0', STR_PAD_LEFT); + $ip2bin = str_pad($ip2bin, $bits, '0', STR_PAD_LEFT); + + if ($ip1bin === $ip2bin) + return array($ip1 . '/' . $bits); + + if (strcmp($ip1bin, $ip2bin) > 0) + list ($ip1bin, $ip2bin) = array($ip2bin, $ip1bin); // swap contents of ip1 <= ip2 + + $rangesubnets = array(); + $netsize = 0; + + do { + // at loop start, $ip1 is guaranteed strictly less than $ip2 (important for edge case trapping and preventing accidental binary wrapround) + // which means the assignments $ip1 += 1 and $ip2 -= 1 will always be "binary-wrapround-safe" + + // step #1 if start ip (as shifted) ends in any '1's, then it must have a single cidr to itself (any cidr would include the '0' below it) + + if (substr($ip1bin, -1, 1) == '1') { + // the start ip must be in a separate one-IP cidr range + $new_subnet_ip = substr($ip1bin, $netsize, $bits - $netsize) . str_repeat('0', $netsize); + $rangesubnets[$new_subnet_ip] = $bits - $netsize; + $n = strrpos($ip1bin, '0'); //can't be all 1's + $ip1bin = ($n == 0 ? '' : substr($ip1bin, 0, $n)) . '1' . str_repeat('0', $bits - $n - 1); // BINARY VERSION OF $ip1 += 1 + } + + // step #2, if end ip (as shifted) ends in any zeros then that must have a cidr to itself (as cidr cant span the 1->0 gap) + + if (substr($ip2bin, -1, 1) == '0') { + // the end ip must be in a separate one-IP cidr range + $new_subnet_ip = substr($ip2bin, $netsize, $bits - $netsize) . str_repeat('0', $netsize); + $rangesubnets[$new_subnet_ip] = $bits - $netsize; + $n = strrpos($ip2bin, '1'); //can't be all 0's + $ip2bin = ($n == 0 ? '' : substr($ip2bin, 0, $n)) . '0' . str_repeat('1', $bits - $n - 1); // BINARY VERSION OF $ip2 -= 1 + // already checked for the edge case where end = start+1 and start ends in 0x1, above, so it's safe + } + + // this is the only edge case arising from increment/decrement. + // it happens if the range at start of loop is exactly 2 adjacent ips, that spanned the 1->0 gap. (we will have enumerated both by now) + + if (strcmp($ip2bin, $ip1bin) < 0) + continue; + + // step #3 the start and end ip MUST now end in '0's and '1's respectively + // so we have a non-trivial range AND the last N bits are no longer important for CIDR purposes. + + $shift = $bits - max(strrpos($ip1bin, '0'), strrpos($ip2bin, '1')); // num of low bits which are '0' in ip1 and '1' in ip2 + $ip1bin = str_repeat('0', $shift) . substr($ip1bin, 0, $bits - $shift); + $ip2bin = str_repeat('0', $shift) . substr($ip2bin, 0, $bits - $shift); + $netsize += $shift; + if ($ip1bin === $ip2bin) { + // we're done. + $new_subnet_ip = substr($ip1bin, $netsize, $bits - $netsize) . str_repeat('0', $netsize); + $rangesubnets[$new_subnet_ip] = $bits - $netsize; + continue; + } + + // at this point there's still a remaining range, and either startip ends with '1', or endip ends with '0'. So repeat cycle. + } while (strcmp($ip1bin, $ip2bin) < 0); + + // subnets are ordered by bit size. Re sort by IP ("naturally") and convert back to IPv4/IPv6 + + ksort($rangesubnets, SORT_STRING); + $out = array(); + + foreach ($rangesubnets as $ip => $netmask) { + if ($proto == 'ipv4') { + $i = str_split($ip, 8); + $out[] = implode('.', array( bindec($i[0]),bindec($i[1]),bindec($i[2]),bindec($i[3]))) . '/' . $netmask; + } else + $out[] = Net_IPv6::compress(Net_IPv6::_bin2Ip($ip)) . '/' . $netmask; + } + + return $out; +} + + # Main pfBlockerNG Function function sync_package_pfblockerng($cron = "") { @@ -362,14 +457,15 @@ function sync_package_pfblockerng($cron = "") { # Configure ARRAYS # ############################################# - $continents = array ( "Africa" => "pfB_Africa", - "Antartica" => "pfB_Antartica", - "Asia" => "pfB_Asia", - "Europe" => "pfB_Europe", - "North America" => "pfB_NAmerica", - "Oceania" => "pfB_Oceania", - "South America" => "pfB_SAmerica", - "Top Spammers" => "pfB_Top" + $continents = array ( "Africa" => "pfB_Africa", + "Antartica" => "pfB_Antartica", + "Asia" => "pfB_Asia", + "Europe" => "pfB_Europe", + "North America" => "pfB_NAmerica", + "Oceania" => "pfB_Oceania", + "South America" => "pfB_SAmerica", + "Top Spammers" => "pfB_Top", + "Proxy and Satellite" => "pfB_PS" ); #create rules vars and arrays @@ -1097,16 +1193,16 @@ function sync_package_pfblockerng($cron = "") { $log_tab = "\t\t"; } - # Collect Active Alias List (Used for pfctl Update when 'Reputation' is enabled. - $pfb_alias_lists_all[] = "{$alias}"; - // Empty Header Field Validation Check - if (empty($header_url)) { - $log = "\n [ {$row['url']} ] {$log_tab} Header Field cannot be Empty. *Skipping* \n"; + if (empty($header_url) || preg_match("/\W/",$header_url)) { + $log = "\n [ {$row['url']} ]\n ** TERMINATED - Header contains Blank/International/Special or Spaces\n"; pfb_logger("{$log}","2"); continue; } + # Collect Active Alias List (Used for pfctl Update when 'Reputation' is enabled. + $pfb_alias_lists_all[] = "{$alias}"; + if (file_exists($pfbfolder . '/' . $header_url . '.txt') && $pfb['reuse'] == "") { if ($row['state'] == "Hold") { $log = "\n[ {$header_url} ] {$log_tab} Static Hold [ NOW ]\n"; @@ -1280,7 +1376,7 @@ function sync_package_pfblockerng($cron = "") { foreach ($url_list as $line) { # Network range 192.168.0.0-192.168.0.254 if (preg_match($pfb['range'],$line,$matches)) { - $a_cidr = ip_range_to_subnet_array($matches[1],$matches[2]); + $a_cidr = ip_range_to_subnet_array_temp2($matches[1],$matches[2]); if (!empty($a_cidr)) { foreach ($a_cidr as $cidr) { $new_file .= preg_replace($pfb_ipreg,'',$cidr) . "\n"; @@ -1498,7 +1594,7 @@ function sync_package_pfblockerng($cron = "") { } # Network range 192.168.0.0-192.168.0.254 elseif (preg_match($pfb['range'],$line,$matches)) { - $a_cidr = ip_range_to_subnet_array($matches[1],$matches[2]); + $a_cidr = ip_range_to_subnet_array_temp2($matches[1],$matches[2]); if (!empty($a_cidr)) { foreach ($a_cidr as $cidr) { $new_file .= preg_replace($pfb_ipreg, '',$cidr) . "\n"; @@ -2235,12 +2331,19 @@ function pfblockerng_php_install_command() { global $config,$pfb; pfb_global(); + // Remove previously used CC folder location if exists + @rmdir_recursive("{$pfb['dbdir']}/cc"); + # Uncompress Country Code File and delete Archive after extraction. exec("cd /{$pfb['ccdir']}; /usr/bin/tar -jxvf {$pfb['ccdir']}/countrycodes.tar.bz2"); unlink_if_exists("{$pfb['ccdir']}/countrycodes.tar.bz2"); # Download MaxMind Files and Create Country Code files and Build Continent XML Files update_output_window(gettext("Downloading MaxMind Country Databases. This may take a minute...")); exec("/bin/sh /usr/local/pkg/pfblockerng/geoipupdate.sh all >> {$pfb['geolog']} 2>&1"); + + @rename("{$pfb['dbdir']}/GeoIP.dat", "{$pfb['ccdir']}/GeoIP.dat"); + @rename("{$pfb['dbdir']}/GeoIPv6.dat", "{$pfb['ccdir']}/GeoIPv6.dat"); + update_output_window(gettext("MaxMind Country Database downloads completed...")); update_output_window(gettext("Converting MaxMind Country Databases for pfBlockerNG. This may take a few minutes...")); pfblockerng_uc_countries(); @@ -2248,6 +2351,12 @@ function pfblockerng_php_install_command() { pfblockerng_get_countries(); update_output_window(gettext("Completed Creating pfBlockerNG Continenet XML Files...")); + // Remove Original Maxmind Database Files + @unlink_if_exists("{$pfb['dbdir']}/GeoIPCountryCSV.zip"); + @unlink_if_exists("{$pfb['dbdir']}/GeoIPCountryWhois.csv"); + @unlink_if_exists("{$pfb['dbdir']}/GeoIPv6.csv"); + @unlink_if_exists("{$pfb['dbdir']}/country_continent.csv"); + # Add Widget to Dashboard update_output_window(gettext("Adding pfBlockerNG Widget to Dashboard.")); if ($pfb['keep'] == "on" && !empty($pfb['widgets'])) { @@ -2312,6 +2421,8 @@ function pfblockerng_php_deinstall_command() { unset($config['installedpackages']['pfblockerngsouthamerica']); if (is_array($config['installedpackages']['pfblockerngtopspammers'])) unset($config['installedpackages']['pfblockerngtopspammers']); + if (is_array($config['installedpackages']['pfblockerngproxyandsatellite'])) + unset($config['installedpackages']['pfblockerngproxyandsatellite']); } # Remove Widget (code from Snort deinstall) diff --git a/config/pfblockerng/pfblockerng.php b/config/pfblockerng/pfblockerng.php index 20080aa4..1db36334 100644 --- a/config/pfblockerng/pfblockerng.php +++ b/config/pfblockerng/pfblockerng.php @@ -149,11 +149,12 @@ if ($uname['machine'] == "amd64") function pfb_update_check($header_url, $list_url, $url_format) { global $pfb; + $pfb['cron_update'] = FALSE; if ($url_format == "rsync" || $url_format == "html") { $log = "[ {$header_url} ]\n Skipping timestamp query\n"; pfb_logger("{$log}","1"); - return TRUE; + $pfb['cron_update'] = TRUE; } switch ($url_format) { @@ -195,14 +196,23 @@ function pfb_update_check($header_url, $list_url, $url_format) { $log = " Local timestamp: {$local_tds}\n"; pfb_logger("{$log}","1"); if ("{$remote_tds}" != "{$local_tds}") { - return TRUE; + $pfb['cron_update'] = TRUE; } else { $log = " Remote file unchanged. Download Terminated\n"; pfb_logger("{$log}","1"); - return FALSE; + $pfb['cron_update'] = FALSE; } } else { - return TRUE; + $pfb['cron_update'] = TRUE; + } + + if ($pfb['cron_update']) { + // Trigger CRON Process if Updates are Found. + $pfb['update_cron'] = TRUE; + + $log = " Updates Found\n"; + pfb_logger("{$log}","1"); + unlink_if_exists($pfbfolder . '/' . $header_url . '.txt'); } } @@ -233,6 +243,7 @@ if ($argv[1] == 'gc') { if ($argv[1] == 'cron') { $hour = date('H'); $dow = date('N'); + $pfb['update_cron'] = FALSE; # Start hour of the 'Once a day' Schedule $pfb['dailystart'] = $config['installedpackages']['pfblockerng']['config'][0]['pfb_dailystart']; @@ -344,101 +355,47 @@ if ($argv[1] == 'cron') { if (!file_exists($pfbfolder . '/' . $header_url . '.txt')) { $log = " Updates Found\n"; pfb_logger("{$log}","1"); - $updates++; + $pfb['update_cron'] = TRUE; continue; } switch ($list_cron) { case "01hour": - if (pfb_update_check($header_url, $list_url, $url_format)) { - $log = " Updates Found\n"; - pfb_logger("{$log}","1"); - unlink_if_exists($pfbfolder . '/' . $header_url . '.txt'); - $updates++; - } + pfb_update_check($header_url, $list_url, $url_format, $pfbfolder); break; case "02hours": - if (in_array($hour, $e_sch2)) { - if (pfb_update_check($header_url, $list_url, $url_format)) { - $log = " Updates Found\n"; - pfb_logger("{$log}","1"); - unlink_if_exists($pfbfolder . '/' . $header_url . '.txt'); - $updates++; - } - } + if (in_array($hour, $e_sch2)) + pfb_update_check($header_url, $list_url, $url_format, $pfbfolder); break; case "03hours": - if (in_array($hour, $e_sch3)) { - if (pfb_update_check($header_url, $list_url, $url_format)) { - $log = " Updates Found\n"; - pfb_logger("{$log}","1"); - unlink_if_exists($pfbfolder . '/' . $header_url . '.txt'); - $updates++; - } - } + if (in_array($hour, $e_sch3)) + pfb_update_check($header_url, $list_url, $url_format, $pfbfolder); break; case "04hours": - if (in_array($hour, $e_sch4)) { - if (pfb_update_check($header_url, $list_url, $url_format)) { - $log = " Updates Found\n"; - pfb_logger("{$log}","1"); - unlink_if_exists($pfbfolder . '/' . $header_url . '.txt'); - $updates++; - } - } + if (in_array($hour, $e_sch4)) + pfb_update_check($header_url, $list_url, $url_format, $pfbfolder); break; case "06hours": - if (in_array($hour, $e_sch6)) { - if (pfb_update_check($header_url, $list_url, $url_format)) { - $log = " Updates Found\n"; - pfb_logger("{$log}","1"); - unlink_if_exists($pfbfolder . '/' . $header_url . '.txt'); - $updates++; - } - } + if (in_array($hour, $e_sch6)) + pfb_update_check($header_url, $list_url, $url_format, $pfbfolder); break; case "08hours": - if (in_array($hour, $e_sch8)) { - if (pfb_update_check($header_url, $list_url, $url_format)) { - $log = " Updates Found\n"; - pfb_logger("{$log}","1"); - unlink_if_exists($pfbfolder . '/' . $header_url . '.txt'); - $updates++; - } - } + if (in_array($hour, $e_sch8)) + pfb_update_check($header_url, $list_url, $url_format, $pfbfolder); break; case "12hours": - if (in_array($hour, $e_sch12)) { - if (pfb_update_check($header_url, $list_url, $url_format)) { - $log = " Updates Found\n"; - pfb_logger("{$log}","1"); - unlink_if_exists($pfbfolder . '/' . $header_url . '.txt'); - $updates++; - } - } + if (in_array($hour, $e_sch12)) + pfb_update_check($header_url, $list_url, $url_format, $pfbfolder); break; case "EveryDay": - if ($hour == $pfb['dailystart']) { - if (pfb_update_check($header_url, $list_url, $url_format)) { - $log = " Updates Found\n"; - pfb_logger("{$log}","1"); - unlink_if_exists($pfbfolder . '/' . $header_url . '.txt'); - $updates++; - } - } + if ($hour == $pfb['dailystart']) + pfb_update_check($header_url, $list_url, $url_format, $pfbfolder); break; case "Weekly": - if ($hour == $pfb['dailystart'] && $dow == $header_dow) { - if (pfb_update_check($header_url, $list_url, $url_format)) { - $log = " Updates Found\n"; - pfb_logger("{$log}","1"); - unlink_if_exists($pfbfolder . '/' . $header_url . '.txt'); - $updates++; - } - } + if ($hour == $pfb['dailystart'] && $dow == $header_dow) + pfb_update_check($header_url, $list_url, $url_format, $pfbfolder); break; - default: { - } + default: break; } } @@ -448,7 +405,7 @@ if ($argv[1] == 'cron') { } } - if ($updates > 0) { + if ($pfb['update_cron']) { sync_package_pfblockerng("cron"); } else { $log = "\n No Updates required. \n\n"; @@ -465,14 +422,14 @@ if ($argv[1] == 'cron') { } +// Function to process the downloaded Maxmind Database and format into Continent txt files. function pfblockerng_uc_countries() { - global $g,$pfb; pfb_global(); - $maxmind_cont = "{$pfb['dbdir']}/country_continent.csv"; - $maxmind_cc4 = "{$pfb['dbdir']}/GeoIPCountryWhois.csv"; - $maxmind_cc6 = "{$pfb['dbdir']}/GeoIPv6.csv"; + $maxmind_cont = "{$pfb['dbdir']}/country_continent.csv"; + $maxmind_cc4 = "{$pfb['dbdir']}/GeoIPCountryWhois.csv"; + $maxmind_cc6 = "{$pfb['dbdir']}/GeoIPv6.csv"; # Create Folders if not Exist $folder_array = array ("{$pfb['dbdir']}","{$pfb['logdir']}","{$pfb['ccdir']}"); @@ -505,13 +462,12 @@ function pfblockerng_uc_countries() { $maxmind_ver .= "\nThese Timestamps should *match* \n"; @file_put_contents("{$pfb['logdir']}/maxmind_ver", $maxmind_ver); - // Collect ISO Codes for Each Continent - $log = "Processing Continent Data \n"; + $log = "Processing Continent Data\n"; print $log; pfb_logger("{$log}","3"); - $cont_array = array ( array($AF),array($AS),array($EU),array($NA),array($OC),array($SA)); + $cont_array = array ( array($AF),array($AS),array($EU),array($NA),array($OC),array($SA),array($AX)); if (($handle = fopen("{$maxmind_cont}",'r')) !== FALSE) { while (($cc = fgetcsv($handle)) !== FALSE) { @@ -560,244 +516,163 @@ function pfblockerng_uc_countries() { unset($cc); fclose($handle); - // Collect Country ISO Data IPv4 and Sort to Continent Array - $log = "Processing ISO IPv4 Continent/Country Data \n"; - print $log; - pfb_logger("{$log}","3"); + // Add Maxmind Anonymous Proxy and Satellite Providers to array + $cont_array[6]['continent'] = "Proxy and Satellite"; + $cont_array[6]['iso'] = "A1,A2"; + $cont_array[6]['file4'] = "{$pfb['ccdir']}/Proxy_Satellite_v4.txt"; + $cont_array[6]['file6'] = "{$pfb['ccdir']}/Proxy_Satellite_v6.txt"; - if (($handle = fopen("{$maxmind_cc4}",'r')) !== FALSE) { - while (($cc = fgetcsv($handle)) !== FALSE) { - - $ip1_key = $cc[0]; - $ip2_key = $cc[1]; - $var1_key = $cc[2]; - $var2_key = $cc[3]; - $cc_key = $cc[4]; - $country_key = $cc[5]; - $a_cidr = implode(",", ip_range_to_subnet_array_temp($cc[0],$cc[1])); - - $counter = 0; - foreach ($cont_array as $iso) { - if (preg_match("/\b$cc_key\b/", $iso['iso'])) { - $cont_array[$counter][$cc_key]['ip4'] .= $a_cidr . ","; - $cont_array[$counter][$cc_key]['country'] = $country_key; - continue; - } - $counter++; - } - } - } - unset($cc); - fclose($handle); + // Collect Country ISO data and sort to Continent arrays (IPv4 and IPv6) + foreach (array("4", "6") as $type) { + $log = "Processing ISO IPv{$type} Continent/Country Data\n"; + print $log; + pfb_logger("{$log}","3"); - // Build Continent IPv4 CIDR Files - $counter = 0; - foreach ($cont_array as $iso) { - $header = ""; - $pfb_file = ""; - $iso_key = ""; - $header .= "# Generated from MaxMind Inc. on: " . date("m/d/y G:i:s", time()) . "\n"; - $header .= "# Continent IPv4: " . $cont_array[$counter]['continent'] . "\n"; - $pfb_file = $cont_array[$counter]['file4']; - $iso_key = array_keys($iso); - foreach ($iso_key as $key) { - if (preg_match("/[A-Z]{2}/", $key)) { - $header .= "# Country: " . $iso[$key]['country'] . "\n"; - $header .= "# ISO Code: " . $key . "\n"; - $header .= "# Total Networks: " . substr_count($iso[$key]['ip4'], ",") . "\n"; - $header .= str_replace(",", "\n", $iso[$key]['ip4']); - $iso[$key]['ip4'] = ""; - } + if ($type == "4") { + $maxmind_cc = "{$pfb['dbdir']}/GeoIPCountryWhois.csv"; + } else { + $maxmind_cc = "{$pfb['dbdir']}/GeoIPv6.csv"; } - $counter++; - @file_put_contents($pfb_file, $header, LOCK_EX); - } - - - // Collect Country ISO Data IPv6 and Sort to Continent Array - $log = "Processing ISO IPv6 Continent/Country Data \n"; - print $log; - pfb_logger("{$log}","3"); - - if (($handle = fopen("{$maxmind_cc6}",'r')) !== FALSE) { - while (($cc = fgetcsv($handle)) !== FALSE) { - - $ip1_key = $cc[0]; - $ip2_key = $cc[1]; - $var1_key = $cc[2]; - $var2_key = $cc[3]; - $cc_key = $cc[4]; - $country_key = $cc[5]; - $a_cidr = implode(",", ip_range_to_subnet_array_temp($cc[0],$cc[1])); - - $counter = 0; - foreach ($cont_array as $iso) { - if (preg_match("/\b$cc_key\b/", $iso['iso'])) { - $cont_array[$counter][$cc_key]['ip6'] .= $a_cidr . ","; - continue; + $iptype = "ip{$type}"; + $filetype = "file{$type}"; + + if (($handle = fopen("{$maxmind_cc}",'r')) !== FALSE) { + while (($cc = fgetcsv($handle)) !== FALSE) { + $cc_key = $cc[4]; + $country_key = $cc[5]; + $a_cidr = implode(",", ip_range_to_subnet_array_temp($cc[0],$cc[1])); + $counter = 0; + foreach ($cont_array as $iso) { + if (preg_match("/\b$cc_key\b/", $iso['iso'])) { + $cont_array[$counter][$cc_key][$iptype] .= $a_cidr . ","; + $cont_array[$counter][$cc_key]['country'] = $country_key; + continue; + } + $counter++; } - $counter++; } } - } - unset($cc); - fclose($handle); - - // Build Continent IPv6 Files - $counter = 0; - foreach ($cont_array as $iso) { - $header = ""; - $pfb_file = ""; - $iso_key = ""; - - $header .= "# Generated from MaxMind Inc. on: " . date("m/d/y G:i:s", time()) . "\n"; - $header .= "# Continent IPv6: " . $cont_array[$counter]['continent'] . "\n"; - $pfb_file = $cont_array[$counter]['file6']; - $iso_key = array_keys($iso); - foreach ($iso_key as $key) { - if (preg_match("/[A-Z]{2}/", $key)) { - $header .= "# Country: " . $iso[$key]['country'] . "\n"; - $header .= "# ISO Code: " . $key . "\n"; - $header .= "# Total Networks: " . substr_count($iso[$key]['ip6'], ",") . "\n"; - $header .= str_replace(",", "\n", $iso[$key]['ip6']); - $iso[$key]['ip6'] = ""; + unset($cc); + fclose($handle); + + // Build Continent Files + $counter = 0; + foreach ($cont_array as $iso) { + $header = ""; + $pfb_file = ""; + $iso_key = ""; + $header .= "# Generated from MaxMind Inc. on: " . date("m/d/y G:i:s", time()) . "\n"; + $header .= "# Continent IPv{$type}: " . $cont_array[$counter]['continent'] . "\n"; + $pfb_file = $cont_array[$counter][$filetype]; + $iso_key = array_keys($iso); + foreach ($iso_key as $key) { + if (preg_match("/[A-Z]{2}|A1|A2/", $key)) { + $header .= "# Country: " . $iso[$key]['country'] . "\n"; + $header .= "# ISO Code: " . $key . "\n"; + $header .= "# Total Networks: " . substr_count($iso[$key][$iptype], ",") . "\n"; + $header .= str_replace(",", "\n", $iso[$key][$iptype]); + $iso[$key][$iptype] = ""; + } } + $counter++; + @file_put_contents($pfb_file, $header, LOCK_EX); } - $counter++; - @file_put_contents($pfb_file, $header, LOCK_EX); } - unset($cont_array); } +// Function to process Continent txt files and create Country ISO files and to Generate GUI XML files. function pfblockerng_get_countries() { - global $g,$pfb; pfb_global(); - # These arrays are used to collect the <option> tags for the XML Continent Files - $roptions4 = array(); - $coptions4 = array(); - $roptions6 = array(); - $coptions6 = array(); - - $files4 = array ( "Africa" => "{$pfb['ccdir']}/Africa_v4.txt", - "Asia" => "{$pfb['ccdir']}/Asia_v4.txt", - "Europe" => "{$pfb['ccdir']}/Europe_v4.txt", - "North America" => "{$pfb['ccdir']}/North_America_v4.txt", - "Oceania" => "{$pfb['ccdir']}/Oceania_v4.txt", - "South America" => "{$pfb['ccdir']}/South_America_v4.txt" + $files = array ( "Africa" => "{$pfb['ccdir']}/Africa_v4.txt", + "Asia" => "{$pfb['ccdir']}/Asia_v4.txt", + "Europe" => "{$pfb['ccdir']}/Europe_v4.txt", + "North America" => "{$pfb['ccdir']}/North_America_v4.txt", + "Oceania" => "{$pfb['ccdir']}/Oceania_v4.txt", + "South America" => "{$pfb['ccdir']}/South_America_v4.txt", + "Proxy and Satellite" => "{$pfb['ccdir']}/Proxy_Satellite_v4.txt" ); - # IPv4 Collect Data to generate new continent XML Files. + // Collect Data to generate new continent XML Files. $log = "Building pfBlockerNG XML Files \n"; print $log; pfb_logger("{$log}","3"); - foreach ($files4 as $cont => $file) { - $log = "IPv4 " . $cont . "\n"; - print $log; - pfb_logger("{$log}","3"); - $ips = file_get_contents($file); - $convert = explode("\n", $ips); - $cont_name = preg_replace("/ /","",$cont); - $cont_name_lower = strtolower($cont_name); - $active = array( "$cont" => '<active/>'); - $total4 = 0; - $pfb['complete'] = FALSE; - - foreach ($convert as $line) { - if (preg_match("/#/",$line)) { - if ($pfb['complete']) { - $coptions4[] = $Country . '-' . $ISOCode . ' ('. $total4 .') ' . ' </name><value>' . $ISOCode . '</value></option>'; - $roptions4[] = $Country . '-' . $ISOCode . ' ('. $total4 .') ' . ' </name><value>' . $ISOCode . '</value></option>'; - - // Save ISO IPv4 Data - @file_put_contents($pfb['ccdir'] . '/' . $ISOCode . '_v4.txt',$pfb_v4,LOCK_EX); - - // Clear Variables and Restart Continent Collection process - $total4 = 0; - $pfb_v4 = ""; - $pfb['complete'] = FALSE; + foreach ($files as $cont => $file) { + // Process the following for IPv4 and IPv6 + foreach (array("4", "6") as $type) { + $log = "IPv{$type} " . $cont . "\n"; + print $log; + pfb_logger("{$log}","3"); + + if ($type == "6") + $file = preg_replace("/v4/", "v6", $file); + $convert = explode("\n", file_get_contents($file)); + $cont_name = preg_replace("/ /", "", $cont); + $cont_name_lower = strtolower($cont_name); + $active = array("$cont" => '<active/>'); + $lastkey = count ($convert) - 1; + $pfb['complete'] = FALSE; + $keycount = 1; + $total = 0; + + foreach ($convert as $line) { + if (preg_match("/#/",$line)) { + if ($pfb['complete']) { + ${'coptions' . $type}[] = $country . '-' . $isocode . ' ('. $total .') ' . ' </name><value>' . $isocode . '</value></option>'; + ${'roptions' . $type}[] = $country . '-' . $isocode . ' ('. $total .') ' . ' </name><value>' . $isocode . '</value></option>'; + + // Save ISO data + @file_put_contents($pfb['ccdir'] . '/' . $isocode . '_v' . $type . '.txt', $xml_data, LOCK_EX); + + // Clear variables and restart Continent collection process + unset($total, $xml_data); + $pfb['complete'] = FALSE; + } + if (preg_match("/Total Networks: 0/", $line)) { continue;} // Don't Display Countries with Null Data + if (preg_match("/Country:\s(.*)/",$line, $matches)) { $country = $matches[1];} + if (preg_match("/ISO Code:\s(.*)/",$line, $matches)) { $isocode = $matches[1];} + } + elseif (!preg_match("/#/",$line)) { + $total++; + if (!empty($line)) + $xml_data .= $line . "\n"; + $pfb['complete'] = TRUE; } - if (preg_match("/Country:\s(.*)/",$line, $matches)) { $Country = $matches[1];} - if (preg_match("/ISO Code:\s(.*)/",$line, $matches)) { $ISOCode = $matches[1];} - } elseif (!preg_match("/#/",$line)) { - $total4++; - if (!empty($line)) - $pfb_v4 .= $line . "\n"; - $pfb['complete'] = TRUE; - } - } - unset ($ips, $convert); - - // Sort IPv4 Countries Alphabetically and Build XML <option> Data for Continents Tab - sort($coptions4, SORT_STRING); - $ftotal4 = count($coptions4); - $count = 1; - $options4 = ""; - - foreach ($coptions4 as $option4) { - if ($count == 1) { $options4 .= "\t" . '<option><name>' . $option4 . "\n"; $count++; continue;} - if ($ftotal4 == $count) { - $options4 .= "\t\t\t\t" . '<option><name>' . $option4; - } else { - $options4 .= "\t\t\t\t" . '<option><name>' . $option4 . "\n"; - } - $count++; - } - unset ($coptions4); - // IPv6 Collect Data to generate new continent XML Files. - $file6 = preg_replace("/v4/", "v6", $file); - $ips = file_get_contents($file6); - $convert = explode("\n", $ips); - $log = "IPv6 " . $cont . "\n"; - pfb_logger("{$log}","3"); - $total6 = 0; - $pfb['complete'] = FALSE; - - foreach ($convert as $line) { - if (preg_match("/#/",$line)) { - if ($pfb['complete']) { - $coptions6[] = $Country . '-' . $ISOCode . ' ('. $total6 .') ' . ' </name><value>' . $ISOCode . '</value></option>'; - $roptions6[] = $Country . '-' . $ISOCode . ' ('. $total6 .') ' . ' </name><value>' . $ISOCode . '</value></option>'; - - // Save ISO IPv6 Data - @file_put_contents($pfb['ccdir'] . '/' . $ISOCode . '_v6.txt',$pfb_v6,LOCK_EX); - - // Clear Variables and Restart Continent Collection process - $total6 = 0; - $pfb_v6 = ""; - $pfb['complete'] = FALSE; + // Save last EOF ISO IP data + if ($keycount == $lastkey) { + if (preg_match("/Total Networks: 0/", $line)) { continue;} // Dont Display Countries with Null Data + ${'coptions' . $type}[] = $country . '-' . $isocode . ' ('. $total .') ' . ' </name><value>' . $isocode . '</value></option>'; + ${'roptions' . $type}[] = $country . '-' . $isocode . ' ('. $total .') ' . ' </name><value>' . $isocode . '</value></option>'; + @file_put_contents($pfb['ccdir'] . '/' . $isocode . '_v' . $type . '.txt', $xml_data, LOCK_EX); + unset($total, $xml_data); } - if (preg_match("/Country:\s(.*)/",$line, $matches)) { $Country = $matches[1];} - if (preg_match("/ISO Code:\s(.*)/",$line, $matches)) { $ISOCode = $matches[1];} - } elseif (!preg_match("/#/",$line)) { - $total6++; - if (!empty($line)) - $pfb_v6 .= $line . "\n"; - $pfb['complete'] = TRUE; + $keycount++; } - } - - // Sort IPv6 Countries Alphabetically for Continents Tab - sort($coptions6, SORT_STRING); - $ftotal6 = count($coptions6); - $count = 1; - $options6 = ""; - - foreach ($coptions6 as $option6) { - if ($count == 1) { $options6 .= "\t" . '<option><name>' . $option6 . "\n"; $count++; continue;} - if ($ftotal6 == $count) { - $options6 .= "\t\t\t\t" . '<option><name>' . $option6; - } else { - $options6 .= "\t\t\t\t" . '<option><name>' . $option6 . "\n"; + unset ($ips, $convert); + + // Sort IP Countries alphabetically and build XML <option> data for Continents tab + if (!empty (${'coptions' . $type})) { + sort(${'coptions' . $type}, SORT_STRING); + ${'ftotal' . $type} = count(${'coptions' . $type}); + $count = 1; + ${'options' . $type} = ""; + + foreach (${'coptions' . $type} as $option) { + if ($count == 1) { ${'options' . $type} .= "\t" . '<option><name>' . $option . "\n"; $count++; continue;} + if (${'ftotal' . $type} == $count) { + ${'options' . $type} .= "\t\t\t\t" . '<option><name>' . $option; + } else { + ${'options' . $type} .= "\t\t\t\t" . '<option><name>' . $option . "\n"; + } + $count++; + } } - $count++; + unset (${'coptions' . $type}); } - unset ($coptions6); - $xml = <<<EOF <?xml version="1.0" encoding="utf-8" ?> @@ -888,7 +763,6 @@ $xml = <<<EOF <tab> <text>Top 20</text> <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_top20.xml&id=0</url> - {$active['top']} </tab> <tab> <text>Africa</text> @@ -921,6 +795,11 @@ $xml = <<<EOF {$active['South America']} </tab> <tab> + <text>P.S.</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_ProxyandSatellite.xml&id=0</url> + {$active['Proxy and Satellite']} + </tab> + <tab> <text>Logs</text> <url>/pfblockerng/pfblockerng_log.php</url> </tab> @@ -950,11 +829,17 @@ $xml = <<<EOF </description> <type>select</type> <options> - {$options4} + ${'options4'} </options> - <size>{$ftotal4}</size> + <size>${'ftotal4'}</size> <multiple/> </field> + +EOF; + +// Skip IPv6 when Null data found +if (!empty (${'options6'})) { + $xml .= <<<EOF <field> <fielddescr><![CDATA[<br /><strong>IPv6</strong><br />Countries]]></fielddescr> <fieldname>countries6</fieldname> @@ -964,11 +849,16 @@ $xml = <<<EOF </description> <type>select</type> <options> - {$options6} + ${'options6'} </options> - <size>{$ftotal6}</size> + <size>${'ftotal6'}</size> <multiple/> </field> + +EOF; +} + +$xml .= <<<EOF <field> <fielddescr>List Action</fielddescr> <description><![CDATA[<br />Default : <strong>Disabled</strong><br /><br /> @@ -1062,19 +952,23 @@ $xml = <<<EOF </packagegui> EOF; - // Update Each Continent XML file. - @file_put_contents('/usr/local/pkg/pfblockerng/pfblockerng_'.$cont_name.'.xml',$xml,LOCK_EX); + // Update Each Continent XML file. + @file_put_contents('/usr/local/pkg/pfblockerng/pfblockerng_'.$cont_name.'.xml',$xml,LOCK_EX); - } // End foreach 'Six Continents' Update XML Process + // Unset Arrays + unset (${'options4'}, ${'options6'}, $xml); + } // End foreach 'Six Continents and Proxy/Satellite' Update XML Process // Sort Countries IPv4 Alphabetically and Build XML <option> Data for Reputation Tab (IPv6 not used by ET IQRisk) - sort($roptions4, SORT_STRING); - $eoa = count($roptions4); + + $type = "4"; + sort(${'roptions' . $type}, SORT_STRING); + $eoa = count(${'roptions' . $type}); $count = 1; - $options4 = ""; + $etoptions = ""; - foreach ($roptions4 as $option4) { + foreach (${'roptions' . $type} as $option4) { if ($count == 1) { $et_options .= "\t" . '<option><name>' . $option4 . "\n"; $count++; continue; } if ($eoa == $count) { $et_options .= "\t\t\t\t" . '<option><name>' . $option4; @@ -1084,10 +978,8 @@ EOF; $count++; } - // Update pfBlockerNG_Reputation.xml file with Country Code Changes - $xmlrep = <<<EOF <?xml version="1.0" encoding="utf-8" ?> <!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> @@ -1203,6 +1095,10 @@ $xmlrep = <<<EOF <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_SouthAmerica.xml&id=0</url> </tab> <tab> + <text>P.S.</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_ProxyandSatellite.xml&id=0</url> + </tab> + <tab> <text>Logs</text> <url>/pfblockerng/pfblockerng_log.php</url> </tab> @@ -1558,22 +1454,22 @@ $xmlrep = <<<EOF </custom_php_resync_config_command> </packagegui> EOF; - # Unset Arrays - unset ($options4, $options6, $et_options); - $log = "Saving pfBlockerNG Reputation TAB \n"; print $log; pfb_logger("{$log}","3"); // Save pfBlockerng_reputation.xml file - @file_put_contents('/usr/local/pkg/pfblockerng/pfblockerng_reputation.xml',$xmlrep,LOCK_EX); + @file_put_contents('/usr/local/pkg/pfblockerng/pfblockerng_reputation.xml', $xmlrep, LOCK_EX); + $log = "\n Country Code - XML File Update completed.\n"; print $log; pfb_logger("{$log}","3"); - $now = date("m/d/y G.i:s", time()); $log = "Country Code Update Ended - [ NOW ]\n"; print "Country Code Update Ended - [ $now ]\n"; pfb_logger("{$log}","3"); + + // Unset Arrays + unset ($et_options, $xmlrep); } ?>
\ No newline at end of file diff --git a/config/pfblockerng/pfblockerng.priv.inc b/config/pfblockerng/pfblockerng.priv.inc index 092c34ae..970ab25f 100644 --- a/config/pfblockerng/pfblockerng.priv.inc +++ b/config/pfblockerng/pfblockerng.priv.inc @@ -17,6 +17,7 @@ $priv_list['page-firewall-pfblockerng']['match'][] = "pkg_edit.php?xml=pfblocker $priv_list['page-firewall-pfblockerng']['match'][] = "pkg_edit.php?xml=pfblockerng/pfblockerng_NorthAmerica.xml*"; $priv_list['page-firewall-pfblockerng']['match'][] = "pkg_edit.php?xml=pfblockerng/pfblockerng_Oceania.xml*"; $priv_list['page-firewall-pfblockerng']['match'][] = "pkg_edit.php?xml=pfblockerng/pfblockerng_SouthAmerica.xml*"; +$priv_list['page-firewall-pfblockerng']['match'][] = "pkg_edit.php?xml=pfblockerng/pfblockerng_ProxyandSatellite.xml*"; $priv_list['page-firewall-pfblockerng']['match'][] = "pkg_edit.php?xml=pfblockerng/pfblockerng_sync.xml*"; $priv_list['page-firewall-pfblockerng']['match'][] = "pfblockerng/pfblockerng_update.php*"; $priv_list['page-firewall-pfblockerng']['match'][] = "pfblockerng/pfblockerng_alerts.php*"; diff --git a/config/pfblockerng/pfblockerng.sh b/config/pfblockerng/pfblockerng.sh index c09d52e1..cc11be6b 100644 --- a/config/pfblockerng/pfblockerng.sh +++ b/config/pfblockerng/pfblockerng.sh @@ -35,7 +35,7 @@ etblock=$(echo $8 | sed 's/,/, /g') etmatch=$(echo $9 | sed 's/,/, /g') # File Locations -pathgeoipdat=/var/db/pfblockerng/GeoIP.dat +pathgeoipdat=/usr/pbi/pfblockerng-$mtype/share/GeoIP/GeoIP.dat pfbsuppression=/var/db/pfblockerng/pfbsuppression.txt masterfile=/var/db/pfblockerng/masterfile mastercat=/var/db/pfblockerng/mastercat diff --git a/config/pfblockerng/pfblockerng.xml b/config/pfblockerng/pfblockerng.xml index 9442bc7f..e2f4b508 100644 --- a/config/pfblockerng/pfblockerng.xml +++ b/config/pfblockerng/pfblockerng.xml @@ -199,6 +199,10 @@ <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_SouthAmerica.xml&id=0</url> </tab> <tab> + <text>P.S.</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_ProxyandSatellite.xml&id=0</url> + </tab> + <tab> <text>Logs</text> <url>/pfblockerng/pfblockerng_log.php</url> </tab> diff --git a/config/pfblockerng/pfblockerng_alerts.php b/config/pfblockerng/pfblockerng_alerts.php index 541d1e03..7b84bca8 100644 --- a/config/pfblockerng/pfblockerng_alerts.php +++ b/config/pfblockerng/pfblockerng_alerts.php @@ -53,8 +53,8 @@ $pathgeoip6 = "/usr/pbi/pfblockerng-" . php_uname("m") . "/bin/geoiplookup6"; // Define File Locations $filter_logfile = "{$g['varlog_path']}/filter.log"; -$pathgeoipdat = "{$pfb['dbdir']}/GeoIP.dat"; -$pathgeoipdat6 = "{$pfb['dbdir']}/GeoIPv6.dat"; +$pathgeoipdat = "/usr/pbi/pfblockerng-" . php_uname("m") . "/share/GeoIP/GeoIP.dat"; +$pathgeoipdat6 = "/usr/pbi/pfblockerng-" . php_uname("m") . "/share/GeoIP/GeoIPv6.dat"; // Emerging Threats IQRisk Header Name Reference $pfb['et_header'] = TRUE; @@ -334,6 +334,7 @@ if ($savemsg) { $tab_array[] = array(gettext("N.A."), false, "/pkg_edit.php?xml=/pfblockerng/pfblockerng_NorthAmerica.xml&id=0"); $tab_array[] = array(gettext("Oceania"), false, "/pkg_edit.php?xml=/pfblockerng/pfblockerng_Oceania.xml&id=0"); $tab_array[] = array(gettext("S.A."), false, "/pkg_edit.php?xml=/pfblockerng/pfblockerng_SouthAmerica.xml&id=0"); + $tab_array[] = array(gettext("P.S."), false, "/pkg_edit.php?xml=/pfblockerng/pfblockerng_ProxyandSatellite.xml&id=0"); $tab_array[] = array(gettext("Logs"), false, "/pfblockerng/pfblockerng_log.php"); $tab_array[] = array(gettext("Sync"), false, "/pkg_edit.php?xml=/pfblockerng/pfblockerng_sync.xml&id=0"); display_top_tabs($tab_array, true); diff --git a/config/pfblockerng/pfblockerng_log.php b/config/pfblockerng/pfblockerng_log.php index 39f9eb06..74f513a2 100644 --- a/config/pfblockerng/pfblockerng_log.php +++ b/config/pfblockerng/pfblockerng_log.php @@ -144,6 +144,12 @@ $pfb_logtypes = array( 'defaultlogs' => array('name' => 'Log Files', 'logdir' => "{$pfb['etdir']}/", 'download' => TRUE, 'clear' => FALSE + ), + 'country' => array('name' => 'Country Files', + 'ext' => 'txt', + 'logdir' => "{$pfb['ccdir']}/", + 'download' => TRUE, + 'clear' => FALSE ) ); @@ -288,6 +294,7 @@ if ($savemsg) { $tab_array[] = array(gettext("N.A."), false, "/pkg_edit.php?xml=/pfblockerng/pfblockerng_NorthAmerica.xml&id=0"); $tab_array[] = array(gettext("Oceania"), false, "/pkg_edit.php?xml=/pfblockerng/pfblockerng_Oceania.xml&id=0"); $tab_array[] = array(gettext("S.A."), false, "/pkg_edit.php?xml=/pfblockerng/pfblockerng_SouthAmerica.xml&id=0"); + $tab_array[] = array(gettext("P.S."), false, "/pkg_edit.php?xml=/pfblockerng/pfblockerng_ProxyandSatellite.xml&id=0"); $tab_array[] = array(gettext("Logs"), true, "/pfblockerng/pfblockerng_log.php"); $tab_array[] = array(gettext("Sync"), false, "/pkg_edit.php?xml=/pfblockerng/pfblockerng_sync.xml&id=0"); display_top_tabs($tab_array, true); diff --git a/config/pfblockerng/pfblockerng_sync.xml b/config/pfblockerng/pfblockerng_sync.xml index 856af2f4..00186af8 100644 --- a/config/pfblockerng/pfblockerng_sync.xml +++ b/config/pfblockerng/pfblockerng_sync.xml @@ -112,6 +112,10 @@ <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_SouthAmerica.xml&id=0</url> </tab> <tab> + <text>P.S.</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_ProxyandSatellite.xml&id=0</url> + </tab> + <tab> <text>Logs</text> <url>/pfblockerng/pfblockerng_log.php</url> </tab> diff --git a/config/pfblockerng/pfblockerng_top20.xml b/config/pfblockerng/pfblockerng_top20.xml index 4974c488..ccaf68a0 100644 --- a/config/pfblockerng/pfblockerng_top20.xml +++ b/config/pfblockerng/pfblockerng_top20.xml @@ -113,6 +113,10 @@ <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_SouthAmerica.xml&id=0</url> </tab> <tab> + <text>P.S.</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_ProxyandSatellite.xml&id=0</url> + </tab> + <tab> <text>Logs</text> <url>/pfblockerng/pfblockerng_log.php</url> </tab> diff --git a/config/pfblockerng/pfblockerng_update.php b/config/pfblockerng/pfblockerng_update.php index dc0fab85..99480900 100644 --- a/config/pfblockerng/pfblockerng_update.php +++ b/config/pfblockerng/pfblockerng_update.php @@ -128,7 +128,7 @@ function pfb_cron_update($type) { while (!feof($f)) { $pfb_buffer = fread($f, 2048); - $pfb_output .= str_replace( "\r", "", $pfb_buffer); + $pfb_output .= str_replace( array ("\r", "\")"), "", $pfb_buffer); // Refresh on new lines only. This allows Scrolling. if ($lastpos != $lastpos_old) @@ -184,6 +184,7 @@ include_once("head.inc"); $tab_array[] = array(gettext("N.A."), false, "/pkg_edit.php?xml=/pfblockerng/pfblockerng_NorthAmerica.xml&id=0"); $tab_array[] = array(gettext("Oceania"), false, "/pkg_edit.php?xml=/pfblockerng/pfblockerng_Oceania.xml&id=0"); $tab_array[] = array(gettext("S.A."), false, "/pkg_edit.php?xml=/pfblockerng/pfblockerng_SouthAmerica.xml&id=0"); + $tab_array[] = array(gettext("P.S."), false, "/pkg_edit.php?xml=/pfblockerng/pfblockerng_ProxyandSatellite.xml&id=0"); $tab_array[] = array(gettext("Logs"), false, "/pfblockerng/pfblockerng_log.php"); $tab_array[] = array(gettext("Sync"), false, "/pkg_edit.php?xml=/pfblockerng/pfblockerng_sync.xml&id=0"); display_top_tabs($tab_array, true); @@ -378,7 +379,7 @@ if (isset($_POST['pfbview'])) { while (!feof($f)) { $pfb_buffer = fread($f, 4096); - $pfb_output .= str_replace( "\r", "", $pfb_buffer); + $pfb_output .= str_replace( array ("\r", "\")"), "", $pfb_buffer); // Refresh on new lines only. This allows scrolling. if ($lastpos != $lastpos_old) { diff --git a/config/pfblockerng/pfblockerng_v4lists.xml b/config/pfblockerng/pfblockerng_v4lists.xml index ce92f4be..6df839ed 100644 --- a/config/pfblockerng/pfblockerng_v4lists.xml +++ b/config/pfblockerng/pfblockerng_v4lists.xml @@ -116,6 +116,10 @@ <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_SouthAmerica.xml&id=0</url> </tab> <tab> + <text>P.S.</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_ProxyandSatellite.xml&id=0</url> + </tab> + <tab> <text>Logs</text> <url>/pfblockerng/pfblockerng_log.php</url> </tab> diff --git a/config/pfblockerng/pfblockerng_v6lists.xml b/config/pfblockerng/pfblockerng_v6lists.xml index 6f507057..15d788cf 100644 --- a/config/pfblockerng/pfblockerng_v6lists.xml +++ b/config/pfblockerng/pfblockerng_v6lists.xml @@ -116,6 +116,10 @@ <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_SouthAmerica.xml&id=0</url> </tab> <tab> + <text>P.S.</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_ProxyandSatellite.xml&id=0</url> + </tab> + <tab> <text>Logs</text> <url>/pfblockerng/pfblockerng_log.php</url> </tab> diff --git a/config/squid3/34/squid.inc b/config/squid3/34/squid.inc index a058927e..69a50125 100755 --- a/config/squid3/34/squid.inc +++ b/config/squid3/34/squid.inc @@ -42,13 +42,8 @@ if(!function_exists("filter_configure")) require_once("filter.inc"); $shortcut_section = "squid"; -if (is_dir('/usr/pbi/squid-' . php_uname("m"))) { - define('SQUID_BASE', '/usr/pbi/squid-' . php_uname("m")); - define('SQUID_LOCALBASE', SQUID_BASE . "/local"); -} else { - define('SQUID_BASE', '/usr/local'); - define('SQUID_LOCALBASE', '/usr/local'); -} +define('SQUID_BASE', '/usr/pbi/squid-' . php_uname("m")); +define('SQUID_LOCALBASE', SQUID_BASE . "/local"); define('SQUID_CONFBASE', SQUID_LOCALBASE .'/etc/squid'); define('SQUID_CONFFILE', SQUID_CONFBASE . '/squid.conf'); diff --git a/config/squid3/34/squid.xml b/config/squid3/34/squid.xml index 8103ce2c..57dfc938 100644 --- a/config/squid3/34/squid.xml +++ b/config/squid3/34/squid.xml @@ -46,7 +46,7 @@ <requirements>Describe your package requirements here</requirements> <faq>Currently there are no FAQ items provided.</faq> <name>squid</name> - <version>3.4.10_2 pkg 0.2.4</version> + <version>3.4.10_2 pkg 0.2.6</version> <title>Proxy server: General settings</title> <include_file>/usr/local/pkg/squid.inc</include_file> <menu> diff --git a/config/squidGuard/squidguard_configurator.inc b/config/squidGuard/squidguard_configurator.inc index 66ad88a3..d3448c5d 100644 --- a/config/squidGuard/squidguard_configurator.inc +++ b/config/squidGuard/squidguard_configurator.inc @@ -92,10 +92,10 @@ define('CONFIG_SG_HEADER', " # squid config options # ------------------------------------------------------------------------------ define('REDIRECTOR_OPTIONS_REM', '# squidGuard options'); -define('REDIRECTOR_PROGRAM_OPT', 'url_rewrite_program'); -define('REDIRECT_BYPASS_OPT', 'url_rewrite_bypass'); +define('REDIRECTOR_PROGRAM_OPT', 'redirect_program'); +define('REDIRECT_BYPASS_OPT', 'redirector_bypass'); define('REDIRECT_CHILDREN_OPT', 'url_rewrite_children'); -define('REDIRECTOR_PROCESS_COUNT', '16 startup=8 idle=4 concurrency=0'); # redirector processes count will started +define('REDIRECTOR_PROCESS_COUNT', '5'); # redirector processes count will started # ------------------------------------------------------------------------------ # squidguard config options diff --git a/config/suricata/suricata_global.php b/config/suricata/suricata_global.php index eb657465..8eea8d2d 100644 --- a/config/suricata/suricata_global.php +++ b/config/suricata/suricata_global.php @@ -236,13 +236,13 @@ if ($input_errors) <tr> <td valign="top" width="8%"><input name="enable_etopen_rules" type="checkbox" value="on" onclick="enable_et_rules();" <?php if ($config['installedpackages']['suricata']['config'][0]['enable_etopen_rules']=="on") echo "checked"; ?>/></td> - <td><span class="vexpl"><?php echo gettext("ETOpen is an open source set of Snort rules whose coverage " . + <td><span class="vexpl"><?php echo gettext("ETOpen is an open source set of Suricata rules whose coverage " . "is more limited than ETPro."); ?></span></td> </tr> <tr> <td valign="top" width="8%"><input name="enable_etpro_rules" type="checkbox" value="on" onclick="enable_pro_rules();" <?php if ($config['installedpackages']['suricata']['config'][0]['enable_etpro_rules']=="on") echo "checked"; ?>/></td> - <td><span class="vexpl"><?php echo gettext("ETPro for Snort offers daily updates and extensive coverage of current malware threats."); ?></span></td> + <td><span class="vexpl"><?php echo gettext("ETPro for Suricata offers daily updates and extensive coverage of current malware threats."); ?></span></td> </tr> <tr> <td> </td> diff --git a/pkg_config.10.xml b/pkg_config.10.xml index 394cb595..735f166a 100644 --- a/pkg_config.10.xml +++ b/pkg_config.10.xml @@ -106,22 +106,6 @@ <configurationfile>filemgr.xml</configurationfile> </package> <package> - <name>pfBlocker</name> - <website/> - <descr><![CDATA[Introduce Enhanced Aliastable Feature to pfsense.<br /> - Assign many IP urls lists from sites like I-blocklist to a single alias and then choose rule action to take.<br /> - This package also Block countries and IP ranges.<br /> - pfBlocker replaces Countryblock and IPblocklist.]]></descr> - <category>Firewall</category> - <pkginfolink>https://forum.pfsense.org/index.php/topic,42543.0.html</pkginfolink> - <config_file>https://packages.pfsense.org/packages/config/pf-blocker/pfblocker.xml</config_file> - <version>1.0.3</version> - <status>Release</status> - <required_version>2.2</required_version> - <maintainer>tom@tomschaefer.org marcellocoutinho@gmail.com</maintainer> - <configurationfile>pfblocker.xml</configurationfile> - </package> - <package> <name>pfBlockerNG</name> <website/> <descr><![CDATA[pfBlockerNG is the Next Generation of pfBlocker.<br /> @@ -131,11 +115,11 @@ Provision to download from diverse List formats. Advanced Integration<br /> for Emerging Threats IQRisk IP Reputation Threat Sources.]]></descr> <category>Firewall</category> - <pkginfolink></pkginfolink> + <pkginfolink>https://forum.pfsense.org/index.php?topic=86212.msg483663#msg483663</pkginfolink> <config_file>https://packages.pfsense.org/packages/config/pfblockerng/pfblockerng.xml</config_file> - <version>0.99</version> + <version>1.01</version> <status>Beta</status> - <required_version>3.0</required_version> + <required_version>2.2</required_version> <maintainer>BBCan177@gmail.com</maintainer> <configurationfile>pfblockerng.xml</configurationfile> <depends_on_package_pbi>pfblockerng-1.6.3_1-##ARCH##.pbi</depends_on_package_pbi> @@ -183,7 +167,7 @@ <configurationfile>apache_virtualhost.xml</configurationfile> <build_pbi> <custom_name>proxy_mod_security</custom_name> - <ports_before>devel/gettext misc/help2man databases/db42 databases/gdbm devel/apr1 www/p5-LWP-UserAgent-Determined www/p5-LWP-Protocol-https security/gnupg security/p5-GnuPG net/spread textproc/p5-XML-Smart lang/p5-Switch www/p5-Data-Validate-URI devel/p5-Data-Types devel/p5-Acme-Comment</ports_before> + <ports_before>devel/gettext misc/help2man databases/db5 databases/gdbm devel/apr1 www/p5-LWP-UserAgent-Determined www/p5-LWP-Protocol-https security/gnupg security/p5-GnuPG net/spread textproc/p5-XML-Smart lang/p5-Switch www/p5-Data-Validate-URI devel/p5-Data-Types devel/p5-Acme-Comment</ports_before> <port>www/apache24</port> <ports_after>www/mod_security www/mod_memcache</ports_after> </build_pbi> @@ -204,7 +188,7 @@ <configurationfile>apache_mod_security.xml</configurationfile> <build_pbi> <custom_name>proxy_mod_security</custom_name> - <ports_before>devel/gettext misc/help2man databases/db42 databases/gdbm devel/apr1 www/p5-LWP-UserAgent-Determined www/p5-LWP-Protocol-https security/gnupg security/p5-GnuPG net/spread textproc/p5-XML-Smart lang/p5-Switch www/p5-Data-Validate-URI devel/p5-Data-Types devel/p5-Acme-Comment</ports_before> + <ports_before>devel/gettext misc/help2man databases/db5 databases/gdbm devel/apr1 www/p5-LWP-UserAgent-Determined www/p5-LWP-Protocol-https security/gnupg security/p5-GnuPG net/spread textproc/p5-XML-Smart lang/p5-Switch www/p5-Data-Validate-URI devel/p5-Data-Types devel/p5-Acme-Comment</ports_before> <port>www/apache22-worker-mpm</port> <ports_after>www/mod_security www/mod_memcache</ports_after> </build_pbi> @@ -783,11 +767,11 @@ On pfSense docs there is a how-to which could help you on porting users.]]></descr> <pkginfolink>https://doc.pfsense.org/index.php/FreeRADIUS_2.x_package</pkginfolink> <category>System</category> - <version>2.1.12_1/2.2.5_3 pkg v1.6.10</version> + <version>2.1.12_1/2.2.6_3 pkg v1.6.10</version> <status>RC1</status> <required_version>2.2</required_version> <maintainer>nachtfalkeaw@web.de</maintainer> - <depends_on_package_pbi>freeradius-2.2.5_3-##ARCH##.pbi</depends_on_package_pbi> + <depends_on_package_pbi>freeradius-2.2.6_3-##ARCH##.pbi</depends_on_package_pbi> <config_file>https://packages.pfsense.org/packages/config/freeradius2/freeradius.xml</config_file> <configurationfile>freeradius.xml</configurationfile> <after_install_info>Please visit Services: FreeRADIUS</after_install_info> @@ -985,12 +969,12 @@ <website>http://www.squidGuard.org/</website> <maintainer>dv_serg@mail.ru</maintainer> <category>Network Management</category> - <version>1.4_7 pkg v.1.9.9</version> + <version>1.4_7 pkg v.1.9.10</version> <status>Beta</status> <required_version>2.2</required_version> <depends_on_package_pbi>squidguard-1.4_7-##ARCH##.pbi</depends_on_package_pbi> <build_pbi> - <ports_before>databases/db41 security/cyrus-sasl2</ports_before> + <ports_before>databases/db5 security/cyrus-sasl2</ports_before> <port>www/squidguard</port> </build_pbi> <build_options>squidGuard_UNSET_FORCE=SQUID32 SQUID33;squidGuard_SET_FORCE=SAMPLE_BL SASL LDAP SQUID27;squid_UNSET_FORCE=DNS_HELPER IPFILTER PINGER STACKTRACES STRICT_HTTP_DESC USERAGENT_LOG WCCPV2;squid_SET_FORCE=PF LDAP_AUTH NIS_AUTH SASL_AUTH ARP_ACL AUFS CACHE_DIGESTS CARP COSS DELAY_POOLS FOLLOW_XFF HTCP IDENT KERB_AUTH KQUEUE LARGEFILE REFERER_LOG SNMP SSL VIA_DB WCCP;SQUID_UID=proxy;SQUID_GID=proxy</build_options> @@ -1008,7 +992,7 @@ <required_version>2.2</required_version> <depends_on_package_pbi>squidguard-devel-1.5_1-##ARCH##.pbi</depends_on_package_pbi> <build_pbi> - <ports_before>databases/db46</ports_before> + <ports_before>databases/db5</ports_before> <port>www/squidguard-devel</port> <custom_name>squidguard-devel</custom_name> </build_pbi> @@ -1022,12 +1006,12 @@ <website>http://www.squidGuard.org/</website> <maintainer>dv_serg@mail.ru</maintainer> <category>Network Management</category> - <version>1.4_4 pkg v.1.9.6</version> + <version>1.4_7 pkg v.1.9.6</version> <status>Beta</status> <required_version>2.2</required_version> - <depends_on_package_pbi>squidguard-squid3-1.4_4-##ARCH##.pbi</depends_on_package_pbi> + <depends_on_package_pbi>squidguard-squid3-1.4_7-##ARCH##.pbi</depends_on_package_pbi> <build_pbi> - <ports_before>www/squid33 databases/db41 security/cyrus-sasl2</ports_before> + <ports_before>www/squid33 databases/db5 security/cyrus-sasl2</ports_before> <port>www/squidguard</port> <custom_name>squidguard-squid3</custom_name> </build_pbi> @@ -1060,7 +1044,7 @@ <ports_after>security/clamav</ports_after> </build_pbi> <build_options>CLAMAVUSER=havp;CLAMAVGROUP=havp</build_options> - <version>0.91_3 pkg v1.04</version> + <version>0.91_3 pkg v1.05</version> <status>BETA</status> <required_version>2.2</required_version> <config_file>https://packages.pfsense.org/packages/config/havp/havp.xml</config_file> @@ -1452,7 +1436,7 @@ <website>http://suricata-ids.org/</website> <descr><![CDATA[High Performance Network IDS, IPS and Security Monitoring engine by OISF.]]></descr> <category>Security</category> - <version>2.0.4 pkg v2.1.3</version> + <version>2.0.6 pkg v2.1.3</version> <status>Stable</status> <required_version>2.2</required_version> <config_file>https://packages.pfsense.org/packages/config/suricata/suricata.xml</config_file> @@ -1461,8 +1445,8 @@ <port>security/suricata</port> <ports_after>security/barnyard2</ports_after> </build_pbi> - <build_options>barnyard2_UNSET=ODBC PGSQL PRELUDE;barnyard2_SET=GRE IPV6 MPLS MYSQL PORT_PCAP BRO;suricata_SET=IPFW PORTS_PCAP GEOIP JSON;suricata_UNSET=PRELUDE TESTS HTP_PORT</build_options> - <depends_on_package_pbi>suricata-2.0.4-##ARCH##.pbi</depends_on_package_pbi> + <build_options>barnyard2_UNSET=ODBC PGSQL PRELUDE;barnyard2_SET=GRE IPV6 MPLS MYSQL PORT_PCAP BRO;suricata_SET=IPFW PORTS_PCAP GEOIP JSON NSS LUAJIT HTP_PORT;suricata_UNSET=PRELUDE TESTS SC LUA</build_options> + <depends_on_package_pbi>suricata-2.0.6-##ARCH##.pbi</depends_on_package_pbi> </package> </packages> </pfsensepkgs> diff --git a/pkg_config.8.xml b/pkg_config.8.xml index 7b54e3c7..49133dd0 100644 --- a/pkg_config.8.xml +++ b/pkg_config.8.xml @@ -1268,7 +1268,7 @@ <website>http://www.squidGuard.org/</website> <maintainer>dv_serg@mail.ru</maintainer> <category>Network Management</category> - <version>1.4_4 pkg v.1.9.9</version> + <version>1.4_4 pkg v.1.9.10</version> <status>Beta</status> <required_version>1.1</required_version> <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> @@ -1394,7 +1394,7 @@ <depends_on_package_pbi>havp-0.91_1-i386.pbi</depends_on_package_pbi> <build_port_path>/usr/ports/www/havp</build_port_path> <build_options>CLAMAVUSER=havp;CLAMAVGROUP=havp</build_options> - <version>0.91_1 pkg v1.04</version> + <version>0.91_1 pkg v1.05</version> <status>BETA</status> <required_version>1.2.2</required_version> <config_file>https://packages.pfsense.org/packages/config/havp/havp.xml</config_file> diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64 index fd49ef3f..4bf12782 100644 --- a/pkg_config.8.xml.amd64 +++ b/pkg_config.8.xml.amd64 @@ -1255,7 +1255,7 @@ <website>http://www.squidGuard.org/</website> <maintainer>dv_serg@mail.ru</maintainer> <category>Network Management</category> - <version>1.4_4 pkg v.1.9.9</version> + <version>1.4_4 pkg v.1.9.10</version> <status>Beta</status> <required_version>1.1</required_version> <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> @@ -1381,7 +1381,7 @@ <depends_on_package_pbi>havp-0.91_1-amd64.pbi</depends_on_package_pbi> <build_port_path>/usr/ports/www/havp</build_port_path> <build_options>CLAMAVUSER=havp;CLAMAVGROUP=havp</build_options> - <version>0.91_1 pkg v1.04</version> + <version>0.91_1 pkg v1.05</version> <status>BETA</status> <required_version>1.2.2</required_version> <config_file>https://packages.pfsense.org/packages/config/havp/havp.xml</config_file> |