diff options
-rw-r--r-- | config/dansguardian/dansguardian.xml | 211 | ||||
-rw-r--r-- | config/dansguardian/dansguardian_config.xml | 228 | ||||
-rwxr-xr-x | config/dansguardian/dansguardian_filters.xml | 241 | ||||
-rw-r--r-- | config/dansguardian/dansguardian_limits.xml | 161 | ||||
-rwxr-xr-x | config/dansguardian/dansguardian_lists.xml | 329 | ||||
-rw-r--r-- | config/dansguardian/dansguardian_log.xml | 215 | ||||
-rwxr-xr-x | config/dansguardian/dansguardian_sync.xml | 124 | ||||
-rw-r--r-- | config/squid-reverse/squid.inc | 77 | ||||
-rw-r--r-- | config/squid-reverse/squid.xml | 5 | ||||
-rw-r--r-- | config/squid-reverse/swapstate_check.php | 48 | ||||
-rw-r--r-- | pkg_config.8.xml | 2 | ||||
-rw-r--r-- | pkg_config.8.xml.amd64 | 2 |
12 files changed, 1618 insertions, 25 deletions
diff --git a/config/dansguardian/dansguardian.xml b/config/dansguardian/dansguardian.xml new file mode 100644 index 00000000..f81be0e3 --- /dev/null +++ b/config/dansguardian/dansguardian.xml @@ -0,0 +1,211 @@ +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<packagegui> + <copyright> + <![CDATA[ +/* $Id$ */ +/* ========================================================================== */ +/* + pfblocker.xml + part of the dansguardian for pfSense + Copyright (C) 2012 Marcello Coutinho + + All rights reserved. + */ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + </copyright> + <description>Describe your package here</description> + <requirements>Describe your package requirements here</requirements> + <faq>Currently there are no FAQ items provided.</faq> + <name>dansguardian</name> + <version>1.0</version> + <title>Services: Sansguardian</title> + <include_file>/usr/local/pkg/dansguardian.inc</include_file> + <menu> + <name>dansguardian</name> + <tooltiptext>Configure dansguardian</tooltiptext> + <section>Firewall</section> + <url>pkg_edit.php?xml=dansguardian.xml</url> + </menu> + <additional_files_needed> + <item>http:/www.pfsense.org/packages/config/pf-blocker/dansguardian.inc</item> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + </additional_files_needed> + <additional_files_needed> + <item>http://www.pfsense.org/packages/config/pf-blocker/dansguardian.php</item> + <prefix>/usr/local/www/</prefix> + <chmod>0755</chmod> + </additional_files_needed> + <additional_files_needed> + <item>http://www.pfsense.org/packages/config/pf-blocker/dansguardian.widget.php</item> + <prefix>/usr/local/www/widgets/widgets/</prefix> + <chmod>0755</chmod> + </additional_files_needed> + <additional_files_needed> + <item>http://www.pfsense.org/packages/config/dansguardian/dansguardian_limits.xml</item> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + </additional_files_needed> + <additional_files_needed> + <item>http://www.pfsense.org/packages/config/dansguardian/dansguardian_lists.xml</item> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + </additional_files_needed> + <additional_files_needed> + <item>http://www.pfsense.org/packages/config/dansguardian/dansguardian_config.xml</item> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + </additional_files_needed> + <additional_files_needed> + <item>http://www.pfsense.org/packages/config/dansguardian/dansguardian_sync.xml</item> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + </additional_files_needed> + <tabs> + <tab> + <text>Daemon</text> + <url>/pkg_edit.php?xml=dansguardian.xml&id=0</url> + <active/> + </tab> + <tab> + <text>General</text> + <url>/pkg_edit.php?xml=dansguardian_config.xml&id=0</url> + </tab> + <tab> + <text>Limits</text> + <url>/pkg_edit.php?xml=dansguardian_limits.xml&id=0</url> + </tab> + <tab> + <text>Filter Groups</text> + <url>/pkg.php?xml=dansguardian_lists.xml</url> + </tab> + <tab> + <text>Report and Log</text> + <url>/pkg_edit.php?xml=dansguardian_log.xml&id=0</url> + </tab> + <tab> + <text>XMLRPC Sync</text> + <url>/pkg_edit.php?xml=dansguardian_sync.xml&id=0</url> + </tab> + <tab> + <text>About</text> + <url>/pkg_edit.php?xml=dansguardian.php&id=0</url> + </tab> +</tabs> + <fields> + <field> + <name>Listening Settings</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Enable dansguardian</fielddescr> + <fieldname>enable_cb</fieldname> + <type>checkbox</type> + <description></description> + </field> + <field> + <fielddescr>Listen Interface(s)</fielddescr> + <fieldname>inbound_interface</fieldname> + <description><![CDATA[Default: <strong>WAN</strong><br>Select interface(s) that you want to block incoming traffic.]]></description> + <type>interfaces_selection</type> + <required/> + <multiple/> + </field> + <field> + <fielddescr>Listen port</fielddescr> + <fieldname>filterports</fieldname> + <type>input</type> + <size>10</size> + <description><![CDATA[Default: <strong>8080</strong><br>The port(s) that DansGuardian listens to.]]></description> + </field> + <field> + <fielddescr>Daemon Options</fielddescr> + <fieldname>daemon_options</fieldname> + <description><![CDATA[Daemon Options. Default values are in ( )]]></description> + <type>select</type> + <options> + <option><name>nodaemon (off)</name><value>nodaemon</value></option> + <option><name>softrestart (on)</name><value>softrestart</value></option> + </options> + <multiple/> + <size>3</size> + </field> + <field> + <fielddescr>Min/Max Children</fielddescr> + <fieldname>children</fieldname> + <type>input</type> + <size>10</size> + <description><![CDATA[Default: <strong>8/120</strong><br> + Sets the minimun and maximum number of processes to spawn to handle the incoming connections.<br> + Max value usually 250 depending on OS.<br> + On large sites you might want to try 32/180.]]></description> + </field> + <field> + <fielddescr>Min/Max Spare Children</fielddescr> + <fieldname>minsparechildren</fieldname> + <type>input</type> + <size>10</size> + <description><![CDATA[Default: <strong>4/32</strong><br> + Sets the minimum and maximun number of processes to be kept ready to handle connections.<br> + On large sites you might want to try 8/64.]]></description> + </field> + <field> + <fielddescr>Max Age Children</fielddescr> + <fieldname>maxagechildren</fieldname> + <type>input</type> + <size>10</size> + <description><![CDATA[Default: <strong>500</strong><br> + Sets the maximum age of a child process before it croaks it.<br> + This is the number of connections they handle before exiting.<br> + On large sites you might want to try 10000.]]></description> + </field> + <field> + <fielddescr>Max Ips</fielddescr> + <fieldname>maxips</fieldname> + <type>input</type> + <size>10</size> + <description><![CDATA[Default: <strong>0</strong><br> + Sets the maximum number client IP addresses allowed to connect at once.<br> + Use this to set a hard limit on the number of users allowed to concurrently<br> + browse the web. Set to 0 for no limit, and to disable the IP cache process.]]></description> + </field> + </fields> + <custom_php_install_command> + dansguardian_php_install_command(); + </custom_php_install_command> + <custom_php_deinstall_command> + dansguardian_php_deinstall_command(); + </custom_php_deinstall_command> + <custom_php_validation_command> + dansguardian_validate_input($_POST, &$input_errors); + </custom_php_validation_command> + <custom_php_resync_config_command> + sync_package_dansguardian(); + </custom_php_resync_config_command> +</packagegui> diff --git a/config/dansguardian/dansguardian_config.xml b/config/dansguardian/dansguardian_config.xml new file mode 100644 index 00000000..41e3c335 --- /dev/null +++ b/config/dansguardian/dansguardian_config.xml @@ -0,0 +1,228 @@ +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<packagegui> + <copyright> + <![CDATA[ +/* $Id$ */ +/* ========================================================================== */ +/* + dansguardian_config.xml + part of the dansguardian for pfSense + Copyright (C) 2012 Marcello Coutinho + + All rights reserved. + */ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + </copyright> + <description>Describe your package here</description> + <requirements>Describe your package requirements here</requirements> + <faq>Currently there are no FAQ items provided.</faq> + <name>dansguardianconfig</name> + <version>1.0</version> + <title>Services: Dansguardian</title> + <include_file>/usr/local/pkg/dansguardian.inc</include_file> + <tabs> + <tab> + <text>Daemon</text> + <url>/pkg_edit.php?xml=dansguardian.xml&id=0</url> + </tab> + <tab> + <text>General</text> + <url>/pkg_edit.php?xml=dansguardian_config.xml&id=0</url> + <active/> + </tab> + <tab> + <text>Limits</text> + <url>/pkg_edit.php?xml=dansguardian_limits.xml&id=0</url> + </tab> + <tab> + <text>Filter Groups</text> + <url>/pkg.php?xml=dansguardian_lists.xml</url> + </tab> + <tab> + <text>Report and Log</text> + <url>/pkg_edit.php?xml=dansguardian_log.xml&id=0</url> + </tab> + <tab> + <text>XMLRPC Sync</text> + <url>/pkg_edit.php?xml=dansguardian_sync.xml&id=0</url> + </tab> + <tab> + <text>About</text> + <url>/pkg_edit.php?xml=dansguardian.php&id=0</url> + </tab> +</tabs> + <fields> + <field> + <name>Config Settings</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Url cache number</fielddescr> + <fieldname>urlcachenumber</fieldname> + <type>input</type> + <size>10</size> + <description><![CDATA[Positive (clean) result caching for URLs Caches good pages so they don't need to be scanned again.It also works with AV plugins.<br> + 0 = off (recommended for ISPs with users with disimilar browsing)<br> + <strong>1000 = recommended for most user</strong><br> + 5000 = suggested max upper limit<br> + If you're using an AV plugin then use at least 5000.]]></description> + </field> + <field> + <fielddescr>Url cache age</fielddescr> + <fieldname>urlcacheage</fieldname> + <type>input</type> + <size>10</size> + <description><![CDATA[Age before cache are stale and should be ignored in seconds<br> + <strong>900 = 15 mins(recommended)</strong><br> + 0 = never]]></description> + </field> + <field> + <fielddescr>Scan Options</fielddescr> + <fieldname>report_options</fieldname> + <description><![CDATA[Scan options. Default values are in ( )]]></description> + <type>select</type> + <options> + <option><name>Scan clean cache (on)</name><value>scancleancache</value></option> + <option><name>Hex decode content (off)</name><value>hexdecodecontent</value></option> + <option><name>Force quick search (off)</name><value>forcequicksearch</value></option> + <option><name>Reverse address lookups (off)</name><value>reverseaddresslookups</value></option> + <option><name>Reverse client ip lookups (off)</name><value>reverseclientiplookups</value></option> + <option><name>Log client hostnames (off)</name><value>logclienthostnames</value></option> + <option><name>Create list cache files (on)</name><value>createlistcachefiles</value></option> + <option><name>Prefer cached lists (off)</name><value>prefercachedlists</value></option> + <option><name>deletedownloadedtempfiles (on)</name><value>deletedownloadedtempfiles</value></option> + </options> + <multiple/> + <size>10</size> + </field> + <field> + <fielddescr>Weighted phrase mode</fielddescr> + <fieldname>weightedphrasemode</fieldname> + <description><![CDATA[IMPORTANT: Note that setting this to "0" turns off all features which extract phrases from page content, + including banned & exception phrases (not just weighted), search term filtering, and scanning for links to banned URLs.]]></description> + <type>select</type> + <options> + <option><name>Singular = each weighted phrase found only counts once on a page. (default)</name><value>2</value></option> + <option><name>Normal = normal weighted phrase operation.</name><value>1</value></option> + <option><name>Off = do not use the weighted phrase feature.</name><value>0</value></option> + </options> + </field> + <field> + <fielddescr>Phrase filter mode</fielddescr> + <fieldname>phrasefiltermode</fieldname> + <description><![CDATA[Smart, Raw and Meta/Title phrase content filtering options<br> + Smart is where the multiple spaces and HTML are removed before phrase filtering<br> + Raw is where the raw HTML including meta tags are phrase filtered<br> + Meta/Title is where only meta and title tags are phrase filtered (v. quick)<br> + CPU usage can be effectively halved by using setting 0 or 1 compared to 2]]></description> + <type>select</type> + <options> + <option><name>use both (default)</name><value>2</value></option> + <option><name>meta/title</name><value>3</value></option> + <option><name>smart only</name><value>1</value></option> + <option><name>raw only</name><value>0</value></option> + </options> + </field> + <field> + <fielddescr>Lower casing options</fielddescr> + <fieldname>preservecase</fieldname> + <description><![CDATA[When a document is scanned the uppercase letters are converted to lower case in order to compare them with the phrases.<br> + However this can break Big5 and other 16-bit texts. If needed preserve the case.]]></description> + <type>select</type> + <options> + <option><name>Force lower case (default)</name><value>0</value></option> + <option><name>Do not change case</name><value>1</value></option> + <option><name>Scan first in lower case, then in original case</name><value>2</value></option> + </options> + </field> + <field> + <name>Content Scanner</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Content Scanners</fielddescr> + <fieldname>content_scanners</fieldname> + <description><![CDATA[Content Scanners options. Default values are in ( )]]></description> + <type>select</type> + <options> + <option><name>clamdscan (on)</name><value>icapscan</value></option> + <option><name>icapscan (on)</name><value>icapscan</value></option> + </options> + <multiple/> + <size>3</size> + </field> + <field> + <fielddescr>Content scanner timeout</fielddescr> + <fieldname>contentscannertimeout</fieldname> + <type>input</type> + <size>10</size> + <description><![CDATA[<strong>Default is 60</strong><br> + Some of the content scanners support using a timeout value to stop processing (eg AV scanning) the file if it takes too long.<br> + If supported this will be used.<br> + The default of 60 seconds is probably reasonable.]]></description> + </field> + <field> + <fielddescr>Content scan exceptions</fielddescr> + <fieldname>contentscanexceptions</fieldname> + <type>checkbox</type> + <description><![CDATA[If 'on' exception sites, urls, users etc will be scanned.<br> + This is probably not desirable behavour as exceptions are supposed to be trusted and will increase load.<br> + Correct use of grey lists are a better idea.]]></description> + </field> + <field> + <name>Misc settings</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Misc Options</fielddescr> + <fieldname>misc_options</fieldname> + <description><![CDATA[Misc options. Default values are in ( )]]></description> + <type>select</type> + <options> + <option><name>recheckreplacedurls (off)</name><value>recheckreplacedurls</value></option> + <option><name>forwardedfor (off)</name><value>forwardedfor</value></option> + <option><name>usexforwardedfor (off)</name><value>usexforwardedfor</value></option> + </options> + <multiple/> + <size>4</size> + </field> + </fields> + <custom_php_install_command> + dansguardian_php_install_command(); + </custom_php_install_command> + <custom_php_deinstall_command> + dansguardian_php_deinstall_command(); + </custom_php_deinstall_command> + <custom_php_validation_command> + dansguardian_validate_input($_POST, &$input_errors); + </custom_php_validation_command> + <custom_php_resync_config_command> + sync_package_dansguardian(); + </custom_php_resync_config_command> +</packagegui> diff --git a/config/dansguardian/dansguardian_filters.xml b/config/dansguardian/dansguardian_filters.xml new file mode 100755 index 00000000..42f1c0ae --- /dev/null +++ b/config/dansguardian/dansguardian_filters.xml @@ -0,0 +1,241 @@ +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<packagegui> + <copyright> + <![CDATA[ +/* ========================================================================== */ +/* + pfblocker_lists.xml + part of pfSense (http://www.pfSense.com) + Copyright (C) 2010 Scott Ullrich <sullrich@gmail.com> + Copyright (C) 2011 Marcello Coutinho + + All rights reserved. +*/ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + </copyright> + <description>Describe your package here</description> + <requirements>Describe your package requirements here</requirements> + <faq>Currently there are no FAQ items provided.</faq> + <name>pfblockerlists</name> + <version>1.0</version> + <title>Firewall: pfBlocker</title> + <include_file>/usr/local/pkg/pfblocker.inc</include_file> + <menu> + <name>pfBlocker </name> + <tooltiptext></tooltiptext> + <section>Firewall</section> + <configfile>pfblocker_lists.xml</configfile> + </menu> +<tabs> + <tab> + <text>General</text> + <url>/pkg_edit.php?xml=pfblocker.xml&id=0</url> + </tab> + <tab> + <text>Lists</text> + <url>/pkg.php?xml=pfblocker_lists.xml</url> + <active/> + </tab> + + <tab> + <text>Top Spammers</text> + <url>/pkg_edit.php?xml=pfblocker_topspammers.xml&id=0</url> + </tab> + + <tab> + <text>Africa</text> + <url>/pkg_edit.php?xml=pfblocker_Africa.xml&id=0</url> + + </tab> + <tab> + <text>Asia</text> + <url>/pkg_edit.php?xml=pfblocker_Asia.xml&id=0</url> + + </tab> + <tab> + <text>Europe</text> + <url>/pkg_edit.php?xml=pfblocker_Europe.xml&id=0</url> + </tab> + <tab> + <text>North America</text> + <url>/pkg_edit.php?xml=pfblocker_NorthAmerica.xml&id=0</url> + </tab> + <tab> + <text>Oceania</text> + <url>/pkg_edit.php?xml=pfblocker_Oceania.xml&id=0</url> + </tab> + <tab> + <text>South America</text> + <url>/pkg_edit.php?xml=pfblocker_SouthAmerica.xml&id=0</url> + </tab> + <tab> + <text>XMLRPC Sync</text> + <url>/pkg_edit.php?xml=pfblocker_sync.xml&id=0</url> + </tab> +</tabs> + <adddeleteeditpagefields> + <columnitem> + <fielddescr>Alias</fielddescr> + <fieldname>aliasname</fieldname> + </columnitem> + <columnitem> + <fielddescr>Description</fielddescr> + <fieldname>description</fieldname> + </columnitem> + + <columnitem> + <fielddescr>Action</fielddescr> + <fieldname>action</fieldname> + </columnitem> + <columnitem> + <fielddescr>Update Frequency</fielddescr> + <fieldname>cron</fieldname> + </columnitem> + </adddeleteeditpagefields> + <fields> + <field> + <name>Network ranges / CIDR lists</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Alias Name</fielddescr> + <fieldname>aliasname</fieldname> + <description><![CDATA[Enter lists Alias Names.<br> + Example: Badguys<br> + Do not include pfBlocker name, it's done by package.<br> + <strong>International, special or space caracters will be ignored in pfsense alias name.</strong><br>]]></description> + <type>input</type> + <size>20</size> + </field> + <field> + <fielddescr>List Description</fielddescr> + <fieldname>description</fieldname> + <type>input</type> + <size>90</size> + </field> + <field> + <fielddescr><![CDATA[Lists]]></fielddescr> + <fieldname>none</fieldname> + <description><![CDATA['Format' - Choose the file format that url will retrieve or local file format.<br> + 'Url or local file' - Add direct link to list (Example: <a target=_new href='http://list.iblocklist.com/?list=bt_ads&fileformat=p2p&archiveformat=gz'>Ads</a>, + <a target=_new href='http://list.iblocklist.com/?list=bt_spyware&fileformat=p2p&archiveformat=gz'>Spyware</a>, + <a target=_new href='http://list.iblocklist.com/?list=bt_proxy&fileformat=p2p&archiveformat=gz'>Proxies</a> )<br> + <br><strong>Note: </strong><br> + Compressed lists must be in gz format.<br> + Downloaded or local file must have only one network per line and could follows PeerBlock syntax or this below:<br> + Network ranges: <strong>172.16.1.0-172.16.1.255</strong><br> + IP Address: <strong>172.16.1.10</strong><br> + CIDR: <strong>172.16.1.0/24</strong> + ]]></description> + <type>rowhelper</type> + <rowhelper> + <rowhelperfield> + <fielddescr>Format</fielddescr> + <fieldname>format</fieldname> + <type>select</type> + <options> + <option><name>gz</name><value>gz</value></option> + <option><name>txt</name><value>txt</value></option> + </options> + </rowhelperfield> + <rowhelperfield> + <fielddescr>Url or localfile</fielddescr> + <fieldname>url</fieldname> + <type>input</type> + <size>75</size> + </rowhelperfield> + </rowhelper> + </field> + <field> + <fielddescr>List Action</fielddescr> + <description><![CDATA[Default:<strong>Deny Inbound</strong><br> + Select action for network on lists you have selected.<br><br> + <strong>Note: </strong><br>'Deny Both' - Will deny access on Both directions.<br> + 'Deny Inbound' - Will deny access from selected lists to your network.<br> + 'Deny Outbound' - Will deny access from your users to ip lists you selected to block.<br> + 'Permit Inbound' - Will allow access from selected lists to your network.<br> + 'Permit Outbound' - Will allow access from your users to ip lists you selected to block.<br> + 'Disabled' - Will just keep selection and do nothing to selected Lists.<br> + 'Alias Only' - Will create an alias with selected Lists to help custom rule assignments.<br><br> + <strong>While creating rules with this list, keep aliasname in the beggining of rule description and do not end description with 'rule'.<br></strong> + custom rules with 'Aliasname something rule' description will be removed by package.]]></description> + <fieldname>action</fieldname> + <type>select</type> + <options> + <option><name>Deny Inbound</name><value>Deny_Inbound</value></option> + <option><name>Deny Outbound</name><value>Deny_Outbound</value></option> + <option><name>Deny Both</name><value>Deny_Both</value></option> + <option><name>Permit Inbound</name><value>Permit_Inbound</value></option> + <option><name>Permit Outbound</name><value>Permit_Outbound</value></option> + <option><name>Alias only</name><value>Alias_only</value></option> + <option><name>Disabled</name><value>Disabled</value></option> + </options> + </field> + <field> + <fielddescr>Update frequency</fielddescr> + <fieldname>cron</fieldname> + <description><![CDATA[Default:<strong>Never</strong><br> + Select how often pfsense will download List files]]></description> + <type>select</type> + <options> + <option><name>Never</name><value>Never</value></option> + <option><name>Every Hour</name><value>01hour</value></option> + <option><name>Every 4 Hours</name><value>04hours</value></option> + <option><name>Every 12 Hours</name><value>12hours</value></option> + <option><name>Once a day</name><value>EveryDay</value></option> + </options> + </field> + <field> + <name>Custom list</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>CIDR</fielddescr> + <fieldname>custom</fieldname> + <description><![CDATA[Enter networks you want to include in this alias. One network per line in CIDR format.<br> + Example: 192.168.1.0/24]]></description> + <type>textarea</type> + <cols>50</cols> + <rows>10</rows> + <encoding>base64</encoding> + </field> + </fields> + <custom_php_install_command> + pfblocker_php_install_command(); + </custom_php_install_command> + <custom_php_deinstall_command> + pfblocker_php_deinstall_command(); + </custom_php_deinstall_command> + <custom_php_validation_command> + pfblocker_validate_input($_POST, &$input_errors); + </custom_php_validation_command> + <custom_php_resync_config_command> + sync_package_pfblocker(); + </custom_php_resync_config_command> +</packagegui>
\ No newline at end of file diff --git a/config/dansguardian/dansguardian_limits.xml b/config/dansguardian/dansguardian_limits.xml new file mode 100644 index 00000000..ecc3c020 --- /dev/null +++ b/config/dansguardian/dansguardian_limits.xml @@ -0,0 +1,161 @@ +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<packagegui> + <copyright> + <![CDATA[ +/* $Id$ */ +/* ========================================================================== */ +/* + dansguardian_config.xml + part of the dansguardian for pfSense + Copyright (C) 2012 Marcello Coutinho + + All rights reserved. + */ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + </copyright> + <description>Describe your package here</description> + <requirements>Describe your package requirements here</requirements> + <faq>Currently there are no FAQ items provided.</faq> + <name>dansguardianlimits</name> + <version>1.0</version> + <title>Services: Dansguardian</title> + <include_file>/usr/local/pkg/dansguardian.inc</include_file> + <tabs> + <tab> + <text>Daemon</text> + <url>/pkg_edit.php?xml=dansguardian.xml&id=0</url> + </tab> + <tab> + <text>General</text> + <url>/pkg_edit.php?xml=dansguardian_config.xml&id=0</url> + </tab> + <tab> + <text>Limits</text> + <url>/pkg_edit.php?xml=dansguardian_limits.xml&id=0</url> + <active/> + </tab> + <tab> + <text>Filter Groups</text> + <url>/pkg.php?xml=dansguardian_lists.xml</url> + </tab> + <tab> + <text>Report and Log</text> + <url>/pkg_edit.php?xml=dansguardian_log.xml&id=0</url> + </tab> + <tab> + <text>XMLRPC Sync</text> + <url>/pkg_edit.php?xml=dansguardian_sync.xml&id=0</url> + </tab> + <tab> + <text>About</text> + <url>/pkg_edit.php?xml=dansguardian.php&id=0</url> + </tab> +</tabs> + <fields> + <field> + <name>Limits</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Max upload size</fielddescr> + <fieldname>maxuploadsize</fieldname> + <type>input</type> + <size>10</size> + <description><![CDATA[POST protection (web upload and forms) does not block forms without any file upload, i.e. this is just for blocking or limiting uploads measured in kibibytes after MIME encoding and header bumph<br> + use 0 for a complete block<br> + use higher (e.g. 512 = 512Kbytes) for limiting<br> + use -1 for no blocking(default)]]></description> + </field> + <field> + <fielddescr>Max content filter size</fielddescr> + <fieldname>maxcontentfiltersize</fieldname> + <type>input</type> + <size>10</size> + <description><![CDATA[<strong>Default is 256</strong><br>Sometimes web servers label binary files as text which can be very large which causes a huge drain on memory and cpu resources.<br> + To counter this, you can limit the size of the document to be filtered and get it to just pass it straight through.<br> + This setting also applies to content regular expression modification.<br> + The value must not be higher than maxcontentramcachescansize<br> + The size is in Kibibytes - eg 2048 = 2Mb<br> + use 0 to set it to maxcontentramcachescansize]]></description> + </field> + <field> + <fielddescr>Max content ram cache scan size</fielddescr> + <fieldname>maxcontentramcachescansize</fieldname> + <type>input</type> + <size>10</size> + <description><![CDATA[<strong>Default is 2000</strong><br> + This is only used if you use a content scanner plugin such as AV. This is the max size of file that DG will download and cache in RAM.<br> + After this limit is reached it will cache to disk. This value must be less than or equal to maxcontentfilecachescansize.<br> + The size is in Kibibytes - eg 10240 = 10Mb<br> + use 0 to set it to maxcontentfilecachescansize<br> + This option may be ignored by the configured download manager.]]></description> + </field> + <field> + <fielddescr>Max content file cache scan size</fielddescr> + <fieldname>maxcontentfilecachescansize</fieldname> + <type>input</type> + <size>10</size> + <description><![CDATA[<strong>Default is 2000</strong><br> + This is only used if you use a content scanner plugin such as AV. This is the max size file that DG will download so that it can be scanned or virus checked.<br> + This value must be greater or equal to maxcontentramcachescansize.<br> + The size is in Kibibytes - eg 10240 = 10Mb]]></description> + </field> + <field> + <fielddescr>Initial Trickle delay</fielddescr> + <fieldname>initialtrickledelay</fieldname> + <type>input</type> + <size>10</size> + <description><![CDATA[<strong>Default is 20</strong><br> + This is the number of seconds a browser connection is left waiting before first being sent *something* to keep it alive.<br> + Do not choose a value too low or normal web pages will be affected. A value between 20 and 110 would be sensible<br> + This may be ignored by the configured download manager.]]></description> + </field> + <field> + <fielddescr>Trickle delay</fielddescr> + <fieldname>trickledelay</fieldname> + <type>input</type> + <size>10</size> + <description><![CDATA[<strong>Default is 20</strong><br> + This is the number of seconds a browser connection is left waiting before being sent more *something* to keep it alive.<br> + This may be ignored by the configured download manager.]]></description> + </field> + </fields> + <custom_php_install_command> + dansguardian_php_install_command(); + </custom_php_install_command> + <custom_php_deinstall_command> + dansguardian_php_deinstall_command(); + </custom_php_deinstall_command> + <custom_php_validation_command> + dansguardian_validate_input($_POST, &$input_errors); + </custom_php_validation_command> + <custom_php_resync_config_command> + sync_package_dansguardian(); + </custom_php_resync_config_command> +</packagegui> diff --git a/config/dansguardian/dansguardian_lists.xml b/config/dansguardian/dansguardian_lists.xml new file mode 100755 index 00000000..e78658cd --- /dev/null +++ b/config/dansguardian/dansguardian_lists.xml @@ -0,0 +1,329 @@ +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<packagegui> + <copyright> + <![CDATA[ +/* ========================================================================== */ +/* + dansguardian_lists.xml + part of pfSense (http://www.pfSense.com) + Copyright (C) 2012 Marcello Coutinho + + All rights reserved. +*/ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + </copyright> + <description>Describe your package here</description> + <requirements>Describe your package requirements here</requirements> + <faq>Currently there are no FAQ items provided.</faq> + <name>dansguardianlists</name> + <version>1.0</version> + <title>Services: Dansguardian</title> + <include_file>/usr/local/pkg/dansguardian.inc</include_file> + <tabs> + <tab> + <text>Daemon</text> + <url>/pkg_edit.php?xml=dansguardian.xml&id=0</url> + </tab> + <tab> + <text>General</text> + <url>/pkg_edit.php?xml=dansguardian_config.xml&id=0</url> + </tab> + <tab> + <text>Limits</text> + <url>/pkg_edit.php?xml=dansguardian_limits.xml&id=0</url> + </tab> + <tab> + <text>Filter Groups</text> + <url>/pkg.php?xml=dansguardian_lists.xml</url> + <active/> + </tab> + <tab> + <text>Report and Log</text> + <url>/pkg_edit.php?xml=dansguardian_log.xml&id=0</url> + </tab> + <tab> + <text>XMLRPC Sync</text> + <url>/pkg_edit.php?xml=dansguardian_sync.xml&id=0</url> + </tab> + <tab> + <text>About</text> + <url>/pkg_edit.php?xml=dansguardian.php&id=0</url> + </tab> +</tabs> +<adddeleteeditpagefields> + <columnitem> + <fielddescr>Group name</fielddescr> + <fieldname>name</fieldname> + </columnitem> + <columnitem> + <fielddescr>Group mode</fielddescr> + <fieldname>mode</fieldname> + </columnitem> + + <columnitem> + <fielddescr>Description</fielddescr> + <fieldname>description</fieldname> + </columnitem> + + <columnitem> + <fielddescr>Action</fielddescr> + <fieldname>action</fieldname> + </columnitem> + <columnitem> + <fielddescr>Update Frequency</fielddescr> + <fieldname>cron</fieldname> + </columnitem> + </adddeleteeditpagefields> + <fields> + <field> + <name>Description</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Filter Group Name</fielddescr> + <fieldname>groupname</fieldname> + <description><![CDATA[Enter lists Alias Names.<br> + Example: Badguys<br> + Do not include pfBlocker name, it's done by package.<br> + <strong>International, special or space caracters will be ignored in pfsense alias name.</strong><br>]]></description> + <type>input</type> + <size>20</size> + </field> + <field> + <fielddescr>Filter Group Mode</fielddescr> + <fieldname>groupmode</fieldname> + <description><![CDATA[ This option determines whether members of this group have their web access unfiltered, filtered, or banned.<br> + This mechanism replaces the "banneduserlist"]]></description> + <type>select</type> + <options> + <option><name>Filtered (default)</name><value>1</value></option> + <option><name>unfiltered (exception)</name><value>2</value></option> + <option><name>banned</name><value>0</value></option> + </options> + </field> + <field> + <fielddescr>List Description</fielddescr> + <fieldname>description</fieldname> + <type>input</type> + <size>90</size> + </field> + <field> + <name>Values</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Reporting Level</fielddescr> + <fieldname>report_level</fieldname> + <description><![CDATA[Web Access Denied Reporting (does not affect logging)<br> + If defined, this overrides the global setting in dansguardian.conf for members of this filter group.]]></description> + <type>select</type> + <options> + <option><name>Use HTML template file (accessdeniedaddress ignored) - recommended</name><value>3</value></option> + <option><name>Report fully</name><value>2</value></option> + <option><name>Report why but not what denied phrase</name><value>1</value></option> + <option><name>Just say 'Access Denied'</name><value>0</value></option> + <option><name>Log but do not block - Stealth mode</name><value>-1</value></option> + </options> + </field> + <field> + <fielddescr>Weighted phrase mode</fielddescr> + <fieldname>weightedphrasemode</fieldname> + <description><![CDATA[Optional; overrides the weightedphrasemode option in dansguardian.conf for this particular group.<br> + See documentation for supported values in that file.]]></description> + <type>input</type> + <size>10</size> + </field> + <field> + <fielddescr>Naughtiness limite</fielddescr> + <fieldname>naughtynesslimit</fieldname> + <description><![CDATA[This the limit over which the page will be blocked. Each weighted phrase is given a value either positive or negative and the values added up.<br> + Phrases to do with good subjects will have negative values, and bad subjects will have positive values.<br> + See the weightedphraselist file for examples.<br> + As a guide:<br> + <strong>50 is for young children, 100 for old children, 160 for young adults.</strong>]]></description> + <type>input</type> + <size>10</size> + </field> + <field> + <fielddescr>Search term limit</fielddescr> + <fieldname>searchtermlimit</fieldname> + <description><![CDATA[<strong>Default 30</strong><br>The limit over which requests will be blocked for containing search terms which match the weightedphraselist.<br> + This should usually be lower than the 'naughtynesslimit' value above, because the amount of text being filtered is only a few words, rather than a whole page.<br> + A value of 0 here indicates that search terms should be extracted, for logging/reporting purposes, but no filtering should be performed on the resulting text.]]></description> + <type>input</type> + <size>10</size> + </field> + <field> + <fielddescr>Category display threshold</fielddescr> + <fieldname>categorydisplaythreshold</fieldname> + <description><![CDATA[This option only applies to pages blocked by weighted phrase filtering.<br> + Defines the minimum score that must be accumulated within a particular category in order for it to show up on the block pages' category list.<br> + All categories under which the page scores positively will be logged; those that were not displayed to the user appear in brackets.<br> + -1 = display only the highest scoring category<br> + <strong>0 = display all categories (default)</strong><br> + > 0 = minimum score for a category to be displayed]]></description> + <type>input</type> + <size>10</size> + </field> + <field> + <fielddescr>Embedded URL weighting</fielddescr> + <fieldname>embeddedurlweight</fieldname> + <description><![CDATA[ When set to something greater than zero, this option causes URLs embedded within a page's HTML (from links, image tags, etc.) to be extracted and checked against the bannedsitelist and bannedurllist.<br> + Each link to a banned page causes the amount set here to be added to the page's weighting.<br> + The behaviour of this option with regards to multiple occurrences of a site/URL is affected by the weightedphrasemode setting.<br><br> + <strong>Set to 0 to disable(default)</strong>. + WARNING: This option is highly CPU intensive!]]></description> + <type>input</type> + <size>10</size> + </field> + <field> + <fielddescr>Temporary Denied Page Bypass</fielddescr> + <fieldname>bypass</fieldname> + <description><![CDATA[This provides a link on the denied page to bypass the ban for a few minutes. To be secure it uses a random hashed secret generated at daemon startup.<br> + You define the number of seconds the bypass will function for before the deny will appear again.<br> + To allow the link on the denied page to appear you will need to edit the template.html or dansguardian.pl file for your language.<br> + 300 = enable for 5 minutes<br> + <strong>0 = disable ( defaults to 0 )</strong>]]></description> + <type>input</type> + <size>10</size> + </field> + <field> + <fielddescr>Infection/Scan Error Bypass</fielddescr> + <fieldname>infectionbypass</fieldname> + <description><![CDATA[Similar to the 'bypass' setting, but specifically for bypassing files scanned and found to be infected, or files that trigger scanner errors - for example, archive types with recognised but unsupported compression schemes, or corrupt archives.<br> + The option specifies the number of seconds for which the bypass link will be valid.<br> + 300 = enable for 5 minutes<br> + <strong>0 = disable ( defaults to 0 )</strong>]]></description> + <type>input</type> + <size>10</size> + </field> + <field> + <name>Lists</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Group Options</fielddescr> + <fieldname>group_options</fieldname> + <description><![CDATA[Select options to apply on this group. Default values are in ( )]]></description> + <type>select</type> + <options> + <option><name>Scan clean cache (on)</name><value>scancleancache</value></option> + <option><name>Hex decode content (off)</name><value>hexdecodecontent</value></option> + <option><name>Block Download not in Exception Lists (off)</name><value>blockdownloads</value></option> + <option><name>Enable PICS rating support (off)</name><value>enablepics</value></option> + <option><name>Enable Deep URL Analysis (off)</name><value>deepurlanalysis</value></option> + <option><name>Infection/Scan Error Bypass on Scan Errors Only (on)</name><value>infectionbypasserrorsonly</value></option> + <option><name>Disable content scanning (off)</name><value>disablecontentscan</value></option> + <option><name>Check servers ssl certificates (off)</name><value>sslcertcheck</value></option> + <option><name>Filter ssl sites forging SSL Certificates (off)</name><value>sslmitm</value></option> + </options> + <multiple/> + <size>10</size> + </field> + <field> + <fielddescr>Content filtering</fielddescr> + <fieldname>group_options</fieldname> + <description><![CDATA[Select List you want to apply on this group.]]></description> + <type>select</type> + <options> + <option><name>Banned Phrase List</name><value>bannedphraselist</value></option> + <option><name>Weighted Phrase List</name><value>weightedphraselist</value></option> + <option><name>Exception Phrase List</name><value>exceptionphraselist</value></option> + <option><name>Banned Site List</name><value>bannedsitelist</value></option> + <option><name>Grey Site List</name><value>greysitelist</value></option> + <option><name>Exception Site List</name><value>exceptionsitelist</value></option> + <option><name>Grey Url List</name><value>greyurllist</value></option> + <option><name>Exception Url List</name><value>exceptionurllist</value></option> + <option><name>Exception Regexp Url List</name><value>exceptionregexpurllist</value></option> + <option><name>Banned Regexp Url List</name><value>bannedregexpurllist</value></option> + <option><name>Content Regexp List</name><value>contentregexplist</value></option> + <option><name>Pics File</name><value>picsfile</value></option> + <option><name>Url Regexp List</name><value>urlregexplist</value></option> + </options> + <multiple/> + <size>14</size> + </field> + <field> + <fielddescr>File type filtering</fielddescr> + <fieldname>file_options</fieldname> + <description><![CDATA[Select List you want to apply on this group.]]></description> + <type>select</type> + <options> + <option><name>Exception Extension List</name><value>exceptionextensionlist</value></option> + <option><name>Exception Mime Type List</name><value>exceptionmimetypelist</value></option> + <option><name>Exception Phrase List</name><value>exceptionphraselist</value></option> + <option><name>Banned Extension List</name><value>bannedextensionlist</value></option> + <option><name>Banned Mime Type List</name><value>bannedmimetypelist</value></option> + <option><name>Exception File Site ist</name><value>exceptionfileurllist</value></option> + </options> + <multiple/> + <size>7</size> + </field> + <field> + <fielddescr>search engine filtering</fielddescr> + <fieldname>file_options</fieldname> + <description><![CDATA[Select search engine filtering you want to apply on this group.]]></description> + <type>select</type> + <options> + <option><name>Search Engine Regexp List</name><value>searchengineregexplist</value></option> + <option><name>Banned Search Termlist</name><value>exceptionmimetypelist</value></option> + <option><name>Weightd Search Term List</name><value>weightedsearchtermlist</value></option> + <option><name>Exception Search Term List</name><value>exceptionsearchtermlist</value></option> + </options> + <multiple/> + <size>5</size> + </field> + <field> + <name>Custom list</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>CIDR</fielddescr> + <fieldname>custom</fieldname> + <description><![CDATA[Enter networks you want to include in this alias. One network per line in CIDR format.<br> + Example: 192.168.1.0/24]]></description> + <type>textarea</type> + <cols>50</cols> + <rows>10</rows> + <encoding>base64</encoding> + </field> + </fields> + <custom_php_install_command> + pfblocker_php_install_command(); + </custom_php_install_command> + <custom_php_deinstall_command> + pfblocker_php_deinstall_command(); + </custom_php_deinstall_command> + <custom_php_validation_command> + pfblocker_validate_input($_POST, &$input_errors); + </custom_php_validation_command> + <custom_php_resync_config_command> + sync_package_pfblocker(); + </custom_php_resync_config_command> +</packagegui>
\ No newline at end of file diff --git a/config/dansguardian/dansguardian_log.xml b/config/dansguardian/dansguardian_log.xml new file mode 100644 index 00000000..885aebf8 --- /dev/null +++ b/config/dansguardian/dansguardian_log.xml @@ -0,0 +1,215 @@ +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<packagegui> + <copyright> + <![CDATA[ +/* $Id$ */ +/* ========================================================================== */ +/* + dansguardian_log.xml + part of the Dansguardian package for pfSense + Copyright (C) 2012 Marcello Coutinho + + All rights reserved. + */ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + </copyright> + <description>Describe your package here</description> + <requirements>Describe your package requirements here</requirements> + <faq>Currently there are no FAQ items provided.</faq> + <name>dansguardianlimits</name> + <version>1.0</version> + <title>Services: Dansguardian</title> + <include_file>/usr/local/pkg/dansguardian.inc</include_file> + <tabs> + <tab> + <text>Daemon</text> + <url>/pkg_edit.php?xml=dansguardian.xml&id=0</url> + </tab> + <tab> + <text>General</text> + <url>/pkg_edit.php?xml=dansguardian_config.xml&id=0</url> + </tab> + <tab> + <text>Limits</text> + <url>/pkg_edit.php?xml=dansguardian_limits.xml&id=0</url> + </tab> + <tab> + <text>Filter Groups</text> + <url>/pkg.php?xml=dansguardian_lists.xml</url> + </tab> + <tab> + <text>Report and Log</text> + <url>/pkg_edit.php?xml=dansguardian_log.xml&id=0</url> + <active/> + </tab> + <tab> + <text>XMLRPC Sync</text> + <url>/pkg_edit.php?xml=dansguardian_sync.xml&id=0</url> + </tab> + <tab> + <text>About</text> + <url>/pkg_edit.php?xml=dansguardian.php&id=0</url> + </tab> +</tabs> + <fields> + <field> + <name>Reporting</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Reporting Level</fielddescr> + <fieldname>report_level</fieldname> + <description><![CDATA[Web Access Denied Reporting (does not affect logging)]]></description> + <type>select</type> + <options> + <option><name>Use HTML template file (accessdeniedaddress ignored) - recommended</name><value>3</value></option> + <option><name>Report fully</name><value>2</value></option> + <option><name>Report why but not what denied phrase</name><value>1</value></option> + <option><name>Just say 'Access Denied'</name><value>0</value></option> + <option><name>Log but do not block - Stealth mode</name><value>-1</value></option> + </options> + </field> + <field> + <fielddescr>Report Language</fielddescr> + <fieldname>report_language</fieldname> + <description><![CDATA[Language to use in HTML reports]]></description> + <type>select</type> + <options> + <option><name>ukenglish</name><value>ukenglish</value></option> + <option><name>arspanish</name><value>arspanish</value></option> + <option><name>bulgarian</name><value>bulgarian</value></option> + <option><name>chinesebig5</name><value>chinesebig5</value></option> + <option><name>chinesegb2312</name><value>chinesegb2312</value></option> + <option><name>czech</name><value>czech</value></option> + <option><name>danish</name><value>danish</value></option> + <option><name>dutch</name><value>dutch</value></option> + <option><name>french</name><value>french</value></option> + <option><name>german</name><value>german</value></option> + <option><name>hebrew</name><value>hebrew</value></option> + <option><name>hungarian</name><value>hungarian</value></option> + <option><name>indonesian</name><value>indonesian</value></option> + <option><name>italian</name><value>italian</value></option> + <option><name>japanese</name><value>japanese</value></option> + <option><name>lithuanian</name><value>lithuanian</value></option> + <option><name>malay</name><value>malay</value></option> + <option><name>mxspanish</name><value>mxspanish</value></option> + <option><name>polish</name><value>polish</value></option> + <option><name>portuguese</name><value>portuguese</value></option> + <option><name>ptbrazilian</name><value>ptbrazilian</value></option> + <option><name>russian-1251</name><value>russian-1251</value></option> + <option><name>russian-koi8-r</name><value>russian-koi8-r</value></option> + <option><name>slovak</name><value>slovak</value></option> + <option><name>spanish</name><value>spanish</value></option> + <option><name>swedish</name><value>swedish</value></option> + <option><name>turkish</name><value>turkish</value></option> + </options> + </field> + <field> + <fielddescr>Reporting Options</fielddescr> + <fieldname>report_options</fieldname> + <description><![CDATA[Reporting options. Default values are in ( )]]></description> + <type>select</type> + <options> + <option><name>Show weighted found (on)</name><value>showweightedfound</value></option> + <option><name>Use custom banned flash (on)</name><value>usecustombannedflash</value></option> + <option><name>Use custom banned image (on)</name><value>usecustombannedimage</value></option> + <option><name>Non standard delimiter (on)</name><value>nonstandarddelimiter</value></option> + </options> + <multiple/> + <size>5</size> + </field> + <field> + <name>Logging</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Logging Options</fielddescr> + <fieldname>report_options</fieldname> + <description><![CDATA[Logging options. Default values are in ( )]]></description> + <type>select</type> + <options> + <option><name>logchildprocesshandling (off)</name><value>logchildprocesshandling</value></option> + <option><name>logconnectionhandlingerrors (on)</name><value>logconnectionhandlingerrors</value></option> + <option><name>nologger (off)</name><value>nologger</value></option> + <option><name>logadblocks (off)</name><value>logadblocks</value></option> + <option><name>Anonymize logs (off)</name><value>anonymizelogs</value></option> + </options> + <multiple/> + <size>6</size> + </field> + <field> + <fielddescr>Log Level</fielddescr> + <fieldname>loglevel</fieldname> + <description><![CDATA[Web Access Denied Reporting (does not affect logging)]]></description> + <type>select</type> + <options> + <option><name>All text based (default)</name><value>2</value></option> + <option><name>All requests</name><value>3</value></option> + <option><name>Just denied</name><value>1</value></option> + <option><name>None</name><value>0</value></option> + </options> + </field> + <field> + <fielddescr>Log Exception Hints</fielddescr> + <fieldname>logexceptionhits</fieldname> + <description><![CDATA[ Log if an exception (user, ip, URL, phrase) is matched and so the page gets let through.<br> + Can be useful for diagnosing why a site gets through the filter.]]></description> + <type>select</type> + <options> + <option><name>always log and mark exceptions (default)</name><value>2</value></option> + <option><name>log exceptions, but do not explicitly mark them as such</name><value>1</value></option> + <option><name>never log exceptions</name><value>0</value></option> + </options> + </field> + <field> + <fielddescr>Log File Format</fielddescr> + <fieldname>logfileformat</fieldname> + <description><![CDATA[ Log File Format.]]></description> + <type>select</type> + <options> + <option><name>DansGuardian format -space delimited (default)</name><value>1</value></option> + <option><name>CSV-style format</name><value>2</value></option> + <option><name>Squid Log File Format</name><value>3</value></option> + <option><name>Tab delimited</name><value>4</value></option> + </options> + </field> + </fields> + <custom_php_install_command> + dansguardian_php_install_command(); + </custom_php_install_command> + <custom_php_deinstall_command> + dansguardian_php_deinstall_command(); + </custom_php_deinstall_command> + <custom_php_validation_command> + dansguardian_validate_input($_POST, &$input_errors); + </custom_php_validation_command> + <custom_php_resync_config_command> + sync_package_dansguardian(); + </custom_php_resync_config_command> +</packagegui> diff --git a/config/dansguardian/dansguardian_sync.xml b/config/dansguardian/dansguardian_sync.xml new file mode 100755 index 00000000..9fb69102 --- /dev/null +++ b/config/dansguardian/dansguardian_sync.xml @@ -0,0 +1,124 @@ +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<packagegui> + <copyright> + <![CDATA[ +/* $Id$ */ +/* ========================================================================== */ +/* + dansguardian_sync.xml + part of the Dansguardian package for pfSense + Copyright (C) 2012 Marcello Coutinho + All rights reserved. + */ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + </copyright> + <description>Describe your package here</description> + <requirements>Describe your package requirements here</requirements> + <faq>Currently there are no FAQ items provided.</faq> + <name>dansguardiansync</name> + <version>1.0</version> + <title>Services: Dansguardian</title> + <include_file>/usr/local/pkg/dansguardian.inc</include_file> +<tabs> + <tab> + <text>Daemon</text> + <url>/pkg_edit.php?xml=dansguardian.xml&id=0</url> + </tab> + <tab> + <text>General</text> + <url>/pkg_edit.php?xml=dansguardian_config.xml&id=0</url> + </tab> + <tab> + <text>Limits</text> + <url>/pkg_edit.php?xml=dansguardian_limits.xml&id=0</url> + </tab> + <tab> + <text>Filter Groups</text> + <url>/pkg.php?xml=dansguardian_lists.xml</url> + </tab> + <tab> + <text>Report and Log</text> + <url>/pkg_edit.php?xml=dansguardian_log.xml&id=0</url> + </tab> + <tab> + <text>XMLRPC Sync</text> + <url>/pkg_edit.php?xml=dansguardian_sync.xml&id=0</url> + <active/> + </tab> + <tab> + <text>About</text> + <url>/pkg_edit.php?xml=dansguardian.php&id=0</url> + </tab> +</tabs> + <fields> + <field> + <name>Dansguardian XMLRPC Sync</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Automatically sync mailscanner configuration changes</fielddescr> + <fieldname>synconchanges</fieldname> + <description>pfSense will automatically sync changes to the hosts defined below.</description> + <type>checkbox</type> + </field> + <field> + <fielddescr>Remote Server</fielddescr> + <fieldname>none</fieldname> + <type>rowhelper</type> + <rowhelper> + <rowhelperfield> + <fielddescr>IP Address</fielddescr> + <fieldname>ipaddress</fieldname> + <description>IP Address of remote server</description> + <type>input</type> + <size>20</size> + </rowhelperfield> + <rowhelperfield> + <fielddescr>Password</fielddescr> + <fieldname>password</fieldname> + <description>Password for remote server.</description> + <type>password</type> + <size>20</size> + </rowhelperfield> + </rowhelper> + </field> + </fields> + <custom_php_install_command> + mailscanner_php_install_command(); + </custom_php_install_command> + <custom_php_deinstall_command> + mailscanner_php_deinstall_command(); + </custom_php_deinstall_command> + <custom_php_validation_command> + mailscanner_validate_input($_POST, &$input_errors); + </custom_php_validation_command> + <custom_php_resync_config_command> + sync_package_mailscanner(); + </custom_php_resync_config_command> +</packagegui> diff --git a/config/squid-reverse/squid.inc b/config/squid-reverse/squid.inc index 9a951f56..151f710c 100644 --- a/config/squid-reverse/squid.inc +++ b/config/squid-reverse/squid.inc @@ -210,6 +210,8 @@ function squid_install_command() { exec("/bin/rm /usr/local/etc/rc.d/squid"); squid_write_rcfile(); exec("chmod a+rx /usr/local/libexec/squid/dnsserver"); + if(file_exists("/usr/local/pkg/swapstate_check.php")) + exec("/bin/chmod a+x /usr/local/pkg/swapstate_check.php"); foreach (array( SQUID_CONFBASE, SQUID_ACLDIR, @@ -581,20 +583,29 @@ function squid_install_cron($should_install) { global $config, $g; if($g['booting']==true) return; - $is_installed = false; + $rotate_is_installed = false; + $swapstate_is_installed = false; + if(!$config['cron']['item']) return; + $settings = $config['installedpackages']['squidcache']['config'][0]; $x=0; + $rotate_job_id=-1; + $swapstate_job_id=-1; foreach($config['cron']['item'] as $item) { if(strstr($item['task_name'], "squid_rotate_logs")) { - $is_installed = true; - break; + + $rotate_job_id = $x; + } elseif(strstr($item['task_name'], "squid_check_swapstate")) { + $swapstate_job_id = $x; } $x++; } + $need_write = false; switch($should_install) { case true: - if(!$is_installed) { + $cachedir =($settings['harddisk_cache_location'] ? $settings['harddisk_cache_location'] : '/var/squid/cache'); + if($rotate_job_id < 0) { $cron_item = array(); $cron_item['task_name'] = "squid_rotate_logs"; $cron_item['minute'] = "0"; @@ -603,25 +614,46 @@ function squid_install_cron($should_install) { $cron_item['month'] = "*"; $cron_item['wday'] = "*"; $cron_item['who'] = "root"; - $cron_item['command'] = "/usr/local/sbin/squid -k rotate"; + $cron_item['command'] = "/bin/rm {$cachedir}/swap.state; /usr/local/sbin/squid -k rotate"; + $config['cron']['item'][] = $cron_item; + $need_write = true; + } + if($swapstate_job_id < 0) { + $cron_item = array(); + $cron_item['task_name'] = "squid_check_swapstate"; + $cron_item['minute'] = "*/15"; + $cron_item['hour'] = "*"; + $cron_item['mday'] = "*"; + $cron_item['month'] = "*"; + $cron_item['wday'] = "*"; + $cron_item['who'] = "root"; + $cron_item['command'] = "/usr/local/pkg/swapstate_check.php"; + $config['cron']['item'][] = $cron_item; + $need_write = true; + } + if ($need_write) { $config['cron']['item'][] = $cron_item; parse_config(true); - write_config("Squid Log Rotation"); - configure_cron(); + write_config("Adding Squid Cron Jobs"); } break; case false: - if($is_installed == true) { - if($x > 0) { - unset($config['cron']['item'][$x]); - parse_config(true); - write_config(); - } - configure_cron(); - } + if($rotate_job_id >= 0) { + unset($config['cron']['item'][$rotate_job_id]); + $need_write = true; + } + if($swapstate_job_id >= 0) { + unset($config['cron']['item'][$swapstate_job_id]); + $need_write = true; + } + if ($need_write) { + parse_config(true); + write_config("Removing Squid Cron Jobs"); + } break; } -} + configure_cron(); + } function squid_resync_general() { global $g, $config, $valid_acls; @@ -672,13 +704,12 @@ cache_store_log none EOD; - if (!empty($settings['log_rotate'])) { - $conf .= "logfile_rotate {$settings['log_rotate']}\n"; - squid_install_cron(true); - } - else { - squid_install_cron(false); - } +// Per squid docs, setting logfile_rotate to 0 is safe and causes a simple close/reopen. +// Rotating also ensures that swap.state is rewritten, so is useful even if the logs +// are not being rotated. +$rotate = empty($settings['log_rotate']) ? 0 : $settings['log_rotate']; +$conf .= "logfile_rotate {$rotate}\n"; +squid_install_cron(true); $conf .= <<<EOD shutdown_lifetime 3 seconds diff --git a/config/squid-reverse/squid.xml b/config/squid-reverse/squid.xml index f33327e4..5cb5ea4a 100644 --- a/config/squid-reverse/squid.xml +++ b/config/squid-reverse/squid.xml @@ -152,6 +152,11 @@ <chmod>0755</chmod> <item>http://www.pfsense.org/packages/config/squid-reverse/squid_cache.xml</item> </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + <item>http://www.pfsense.org/packages/config/squid-reverse/swapstate_check.php</item> + </additional_files_needed> <fields> <field> <fielddescr>Proxy interface</fielddescr> diff --git a/config/squid-reverse/swapstate_check.php b/config/squid-reverse/swapstate_check.php new file mode 100644 index 00000000..ab5b11d8 --- /dev/null +++ b/config/squid-reverse/swapstate_check.php @@ -0,0 +1,48 @@ +#!/usr/local/bin/php -q +<?php +/* + swapstate_check.php + Copyright (C) 2011 Jim Pingle + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +require_once('config.inc'); +require_once('util.inc'); + +$settings = $config['installedpackages']['squidcache']['config'][0]; +$cachedir =($settings['harddisk_cache_location'] ? $settings['harddisk_cache_location'] : '/var/squid/cache'); +$swapstate = $cachedir . '/swap.state'; +$disktotal = disk_total_space(dirname($cachedir)); +$diskfree = disk_free_space(dirname($cachedir)); +$diskusedpct = round((($disktotal - $diskfree) / $disktotal) * 100); +$swapstate_size = filesize($swapstate); +$swapstate_pct = round(($swapstate_size / $disktotal) * 100); + +// If the swap.state file is taking up more than 75% disk space, +// or the drive is 90% full and swap.state is larger than 1GB, +// kill it and initiate a rotate to write a fresh copy. +if (($swapstate_pct > 75) || (($diskusedpct > 90) && ($swapstate_size > 1024*1024*1024))) { + mwexec_bg("/bin/rm $swapstate; /usr/local/sbin/squid -k rotate"); + log_error(gettext(sprintf("Squid swap.state file exceeded size limits. Removing and rotating. File was %d bytes, %d%% of total disk space.", $swapstate_size, $swapstate_pct))); +} +?>
\ No newline at end of file diff --git a/pkg_config.8.xml b/pkg_config.8.xml index 0be2493b..6239beea 100644 --- a/pkg_config.8.xml +++ b/pkg_config.8.xml @@ -925,7 +925,7 @@ <descr>High performance web proxy cache with HTTP / HTTPS reverse proxy and Exchange-Web-Access Assistant.</descr> <website>http://www.squid-cache.org/</website> <category>Network</category> - <version>2.7.9_1</version> + <version>2.7.9_2</version> <status>Stable</status> <required_version>2.0</required_version> <maintainer>fernando@netfilter.com.br seth.mos@xs4all.nl mfuchs77@googlemail.com jimp@pfsense.org</maintainer> diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64 index 82ba62ab..76dcddf8 100644 --- a/pkg_config.8.xml.amd64 +++ b/pkg_config.8.xml.amd64 @@ -98,7 +98,7 @@ <descr>High performance web proxy cache with HTTP / HTTPS reverse proxy and Exchange-Web-Access Assistant.</descr> <website>http://www.squid-cache.org/</website> <category>Network</category> - <version>2.7.9_1</version> + <version>2.7.9_2</version> <status>Stable</status> <required_version>2.0</required_version> <maintainer>fernando@netfilter.com.br seth.mos@xs4all.nl mfuchs77@googlemail.com jimp@pfsense.org</maintainer> |