diff options
Diffstat (limited to 'config/countryblock')
-rw-r--r-- | config/countryblock/countryblock.inc | 4 | ||||
-rwxr-xr-x | config/countryblock/countryblock.tmp | 169 | ||||
-rw-r--r-- | config/countryblock/countryblock.xml | 10 | ||||
-rwxr-xr-x | config/countryblock/countryblock_if.tmp | 10 | ||||
-rwxr-xr-x | config/countryblock/execute.sh | 30 | ||||
-rw-r--r-- | config/countryblock/help.tmp | 145 | ||||
-rw-r--r-- | config/countryblock/settings.tmp | 219 |
7 files changed, 482 insertions, 105 deletions
diff --git a/config/countryblock/countryblock.inc b/config/countryblock/countryblock.inc index 46429563..72d864fb 100644 --- a/config/countryblock/countryblock.inc +++ b/config/countryblock/countryblock.inc @@ -65,6 +65,10 @@ function php_install_command_cb() unlink_if_exists("/tmp/index.tmp"); exec("cp /tmp/firewall_shaper.tmp /usr/local/www/packages/countryblock/firewall_shaper.php"); unlink_if_exists("/tmp/firewall_shaper.tmp"); + exec("cp /tmp/help.tmp /usr/local/www/packages/countryblock/help.php"); + unlink_if_exists("/tmp/help.tmp"); + exec("cp /tmp/settings.tmp /usr/local/www/packages/countryblock/settings.php"); + unlink_if_exists("/tmp/settings.tmp"); //Get scripts exec("cp /tmp/countryblock.sh /usr/local/etc/rc.d/countryblock.sh"); unlink_if_exists("/tmp/countryblock.sh"); diff --git a/config/countryblock/countryblock.tmp b/config/countryblock/countryblock.tmp index 785329a2..2d05d061 100755 --- a/config/countryblock/countryblock.tmp +++ b/config/countryblock/countryblock.tmp @@ -1,5 +1,5 @@ <?php - +$pgtitle = "Firewall: Countryblock"; // TomSchaefer.org countryblock package 2010 // // Notes: Find: ^(.*)$ @@ -8,7 +8,7 @@ // // // - require_once('config.inc'); + //require_once('config.inc'); require("guiconfig.inc"); include("head.inc"); @@ -74,28 +74,57 @@ if (count($_POST)>0) { $savemsg_cb = "Country Block settings have been saved/updated. "; conf_mount_ro(); } -?><head> -<?php include("fbegin.inc"); ?> -<style type="text/css"> -<!-- -.white { - text-align: center; -} ---> -</style> - +?> -<p class="pgtitle">Firewall: Country Block</p> +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> +<?php include("fbegin.inc"); ?> +<p class="pgtitle"><?=$pgtitle?></p> +<?php if ($input_errors) print_input_errors($input_errors); ?> +<?php if ($savemsg) print_info_box($savemsg); ?> <form method=POST action=""> - <?php +ob_start(); +$resultstop = exec("pfctl -s rules | grep -c countryblock"); +ob_end_clean(); if ($config['installedpackages']['countryblock_settings']['config'][0]['enable'] == 1) { echo "<input name='enable' type='checkbox' value='1' checked>\n"; } +elseif ($resultstop > '0') { +echo "<input name='enable' type='checkbox' value='1' checked>\n"; +} else { echo "<input name='enable' type='checkbox' value='1'>\n"; } -?> +?><strong>Enable Country Block</strong><br><br> +<?php if ($savemsg_cb) print_info_box($savemsg_cb); + //if ($output) print_info_box($output,$output2); + echo($output); + echo($output2); + ?> +<table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr><td class="tabnavtbl"> +<?php + $tab_array = array(); + $tab_array[0] = array("Countries", true, "countryblock.php"); + $tab_array[1] = array("Settings", false, "settings.php"); + $tab_array[2] = array("Whitelist", false, "whitelist.php"); + $tab_array[3] = array("Interfaces", false, "countryblock_if.php"); + $tab_array[4] = array("Help", false, "help.php"); + display_top_tabs($tab_array); +?> + </td></tr> + <tr> + <td> + <div id="mainarea"> + <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td class="listhdrr">Main</td> + + </tr> + + <tr> + <td class="listlr" valign="middle"> + <?php conf_mount_rw(); @@ -109,26 +138,6 @@ mwexec("touch countries.txt"); { $aCountry = $_POST['formCountry']; - if(isset($_POST['formOutbound'])) - { - $output2 = " and Outbound access is BLOCKED.</b>"; - exec("touch OUTBOUND"); - } - else - { - $output2 = " and Outbound access is ALLOWED.</b>"; - exec("rm OUTBOUND"); - } - - if(isset($_POST['formlogging'])) - { - exec("touch logging"); - } - else - { - exec("rm logging"); - } - if(empty($aCountry)) { @@ -244,6 +253,7 @@ font-size: 90%; .arrowlistmenu ul li a:visited{ color: #A70303; + } .arrowlistmenu ul li a:hover{ /*hover state CSS*/ @@ -258,15 +268,11 @@ background-color: #F3F3F3; </head> -<strong>Enable Country Block</strong><br><br> + <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> <td > - <?php if ($savemsg_cb) print_info_box($savemsg_cb); - //if ($output) print_info_box($output,$output2); - echo($output); - echo($output2); - ?> + </form> @@ -283,7 +289,7 @@ background-color: #F3F3F3; ?> </p> - <p>Check the country that you would like to block completely. Currently + <h3><p>Check the country that you would like to block completely. Currently <?php $countfile = "countries.txt"; if (file_exists($countfile)) { @@ -295,30 +301,8 @@ background-color: #F3F3F3; ?> - of 246 selected. <a href="whitelist.php" target="_parent"><img src="../../themes/nervecenter/images/icons/icon_plus.gif" ALT="Manual" ALIGN=RIGHT></a></p> - <p><a href="countryblock_if.php" target="_parent"><img src="../../themes/nervecenter/images/icons/icon_cablenic.gif" ALT="Manual" ALIGN=RIGHT></a></p> - <p> - Block outbound? -<?php - - if (file_exists("OUTBOUND")) { - echo "<input name='formOutbound' type='checkbox' value='Yes' checked/>"; - } else { - echo "<input name='formOutbound' type='checkbox' value='Yes'/>"; - } -?> - - <input type="checkbox" name="checkall" onclick="checkUncheckAll(this);"/>select/unselect - </p> - Enable Logging? -<?php - - if (file_exists("logging")) { - echo "<input name='formlogging' type='checkbox' value='Yes' checked/>"; - } else { - echo "<input name='formlogging' type='checkbox' value='Yes'/>"; - } -?> + of 246 selected. </h3> + <br/> @@ -2362,6 +2346,7 @@ ob_end_clean(); ob_start(); $results = exec("cat countries.txt | grep TM"); ob_end_clean(); + if ($results == 'TM') echo "<li><input name='formCountry[]' type='checkbox' value='TM' checked/>Turkmenistan</li>"; else @@ -2585,21 +2570,35 @@ ob_end_clean(); </table> - - <p><u>Usage</u> - <br/> - Check the country that you would like to block completely. Choose if you want to block outbound access and if you want to log attempts. Click "Commit Countries" to store your settings. <br/> - When your settings are stored select "Enable Country Block" and press save to enable to package.<br /> - To run countryblock as a cron job use /usr/local/etc/rc.d/countryblock.sh <br /> - To whitelist a CIDR range press <a href="whitelist.php" target="_parent"><img src="../../themes/nervecenter/images/icons/icon_plus.gif" ALT="Manual"></a> and to specify interfaces press <a href="countryblock_if.php" target="_parent"><img src="../../themes/nervecenter/images/icons/icon_cablenic.gif" ALT="Manual"></a>. By default all interfaces are selected. <br /> - <span style="color:red">Warning!</span> - Apply after every firewall change or state reset. Use at your own risk. + <br/><br/> <input type="submit" name="formSubmit" value="Commit Countries" /> </p> </form> <br/> - <?php + + + +</div> +<?php + //This input guarantees that a POST is sent + echo "<input type='hidden' name='zzz' value='required'>"; +?> + +</td> +</tr> +</table> + </td> + + + </tr> + + +</table> +</div> +<br> +<?php echo "Current Status = "; ob_start(); $results = exec("pfctl -s rules | grep -c countryblock"); @@ -2624,21 +2623,15 @@ ob_end_clean(); echo $results; echo " Networks"; ?> - - -</div> -<?php - //This input guarantees that a POST is sent - echo "<input type='hidden' name='zzz' value='required'>"; -?> - +<br><br> +<input type="submit" value="Save/Update"><br><br> +<p> +</p> </td> -</tr> -</table><br /> -<input type="submit" value="Save/Update"> + </tr> +</table> </form> - <?php include("fend.inc"); ?> - </body> </html> + diff --git a/config/countryblock/countryblock.xml b/config/countryblock/countryblock.xml index e86e665c..7b4cc8a6 100644 --- a/config/countryblock/countryblock.xml +++ b/config/countryblock/countryblock.xml @@ -139,6 +139,16 @@ <chmod>0755</chmod> <item>http://www.pfsense.org/packages/config/countryblock/firewall_shaper.tmp</item> </additional_files_needed> + <additional_files_needed> + <prefix>/tmp/</prefix> + <chmod>0755</chmod> + <item>http://www.pfsense.org/packages/config/countryblock/help.tmp</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/tmp/</prefix> + <chmod>0755</chmod> + <item>http://www.pfsense.org/packages/config/countryblock/settings.tmp</item> + </additional_files_needed> <fields> <field> <fielddescr>Variable One</fielddescr> diff --git a/config/countryblock/countryblock_if.tmp b/config/countryblock/countryblock_if.tmp index 11a81414..d5e73800 100755 --- a/config/countryblock/countryblock_if.tmp +++ b/config/countryblock/countryblock_if.tmp @@ -29,7 +29,7 @@ POSSIBILITY OF SUCH DAMAGE. */ -$pgtitle = "Country Block - Interfaces"; +$pgtitle = "Firewall: Countryblock - Interfaces"; require("guiconfig.inc"); /* @@ -100,7 +100,7 @@ if ($_POST) { -$pgtitle = "CountryBlock Interfaces"; + include("head.inc"); @@ -117,7 +117,11 @@ include("head.inc"); <tr><td class="tabnavtbl"> <?php $tab_array = array(); - $tab_array[0] = array("Interface assignments", true, ""); + $tab_array[0] = array("Countries", false, "countryblock.php"); + $tab_array[1] = array("Settings", false, "settings.php"); + $tab_array[2] = array("Whitelist", false, "whitelist.php"); + $tab_array[3] = array("Interfaces", true, "countryblock_if.php"); + $tab_array[4] = array("Help", false, "help.php"); display_top_tabs($tab_array); ?> </td></tr> diff --git a/config/countryblock/execute.sh b/config/countryblock/execute.sh index b70894e6..c51cf99e 100755 --- a/config/countryblock/execute.sh +++ b/config/countryblock/execute.sh @@ -10,9 +10,10 @@ export t=`grep -n 'User Aliases' /tmp/rules.debug |grep -o '[0-9]\{1,2\}'` i=$(($i+'1')) t=$(($t+'1')) -#echo $i -#echo $t - +#i = line where <snort2c> is +#t is where 'User Aliases' is +echo $i +echo $t rm /tmp/rules.debug.tmp @@ -42,21 +43,22 @@ while read line do a=$(($a+1)); echo $a; if [ "$a" = "$i" ]; then - for i in $(cat interfaces.txt); do echo "" >> /tmp/rules.debug.tmp echo "#countryblock" >> /tmp/rules.debug.tmp echo "table <countryblock> persist file '/usr/local/www/packages/countryblock/lists/countries.txt'" >> /tmp/rules.debug.tmp echo "table <countryblockW> persist file '/usr/local/www/packages/countryblock/countries-white.txt'" >> /tmp/rules.debug.tmp - echo "pass quick from <countryblockW> to $i label 'countryblock'" >> /tmp/rules.debug.tmp - echo "pass quick from $i to <countryblockW> label 'countryblock'" >> /tmp/rules.debug.tmp - if [ -f logging ]; then - echo "block log quick from <countryblock> to $i label 'countryblock'" >> /tmp/rules.debug.tmp - else - echo "block quick from <countryblock> to $i label 'countryblock'" >> /tmp/rules.debug.tmp - fi - if [ -f OUTBOUND ]; then - echo "block quick from $i to <countryblock> label 'countryblock'" >> /tmp/rules.debug.tmp - fi + + for i in $(cat /usr/local/www/packages/countryblock/interfaces.txt); do + echo "pass quick from <countryblockW> to $i label 'countryblock'" >> /tmp/rules.debug.tmp + echo "pass quick from $i to <countryblockW> label 'countryblock'" >> /tmp/rules.debug.tmp + if [ -f logging ]; then + echo "block log quick from <countryblock> to $i label 'countryblock'" >> /tmp/rules.debug.tmp + else + echo "block quick from <countryblock> to $i label 'countryblock'" >> /tmp/rules.debug.tmp + fi + if [ -f OUTBOUND ]; then + echo "block quick from $i to <countryblock> label 'countryblock'" >> /tmp/rules.debug.tmp + fi done fi echo $line >> /tmp/rules.debug.tmp diff --git a/config/countryblock/help.tmp b/config/countryblock/help.tmp new file mode 100644 index 00000000..abfd9596 --- /dev/null +++ b/config/countryblock/help.tmp @@ -0,0 +1,145 @@ +<?php +$pgtitle = "Firewall: Countryblock - Help"; + + require("guiconfig.inc"); + include("head.inc"); + + //set the config as a global variable + global $config; + + $global_usage = '/usr/local/www/packages/countryblock/global_usage'; + //$fh = fopen($global_usage, 'r'); + + //phpinfo(); + + + + + + +?> + +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> +<?php include("fbegin.inc"); ?> +<p class="pgtitle"><?=$pgtitle?></p> + + + +<table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr><td class="tabnavtbl"> +<?php + $tab_array = array(); + $tab_array[0] = array("Countries", false, "countryblock.php"); + $tab_array[1] = array("Settings", false, "settings.php"); + $tab_array[2] = array("Whitelist", false, "whitelist.php"); + $tab_array[3] = array("Interfaces", false, "countryblock_if.php"); + $tab_array[4] = array("Help", true, "help.php"); + display_top_tabs($tab_array); +?> + </td></tr> + <tr> + <td> + <div id="mainarea"> + <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td class="listhdrr">Help</td> + + </tr> + + <tr> + <td class="listlr" valign="middle"> + +<table width="100%" border="0" cellpadding="0" cellspacing="0"> +<tr> +Usage:<br><br> +Countries - Check the country that you would like to block completely.<br> + +Choose if you want to block outbound access and if you want to log attempts. <br> + +Click "Commit Countries" to store your settings. +<br><br> +Settings - +Click the setting you want and save<br> + +Block outbound blocks all outbound traffic. You will not be able to browse a website hosted in one of these countries. <br> + +Enable Logging will log all attempted traffic in/out to any of your selected countries. Logs show in the Firewall secion +<br><br> +Whitelist - +Add networks you don't want blocked and save<br> + +Add a CIDR Range and press + +<br><br> +Interfaces - +Select which interfaces to block on<br> + +All selected countries will be blocked from the interfaces you slected.<br> + +By Default all interfaces are selected.<br> + +It's highly recommended that you keep all interfaces selected +<br><br> +Cron Jobs - +Setup a cron job for countryblock<br> + +To run countryblock as a cron job use /usr/local/etc/rc.d/countryblock.sh <br> + +*Before the cron job will work, countryblock must be run via the webGUI atleast once +<br><br> + +<span style="color:red">Warning!</span> - Apply after every firewall change or state reset. Use at your own risk. + + +</div> + + +</td> +</tr> +</table> + </td> + + + </tr> + + +</table> +</div> +<br> +<?php + echo "Current Status = "; + ob_start(); + $results = exec("pfctl -s rules | grep -c countryblock"); + ob_end_clean(); + if ($results > '0') echo "Running"; + else + echo "<span style='color:red'>NOT running</span>"; + + //Get Errors if exists + ob_start(); + $results = exec("tail -r errorOUT.txt"); + ob_end_clean(); + echo "<br/><span style='color:red'>"; + echo $results; + echo "</span>"; + + //Get IP Count + echo "<br>You are blocking "; + ob_start(); + $results = exec("pfctl -T show -t countryblock |grep -v -c Z"); + ob_end_clean(); + echo $results; + echo " Networks"; + ?> + +<br><br> + +<p> +</p> +</td> + </tr> +</table> +</form> +<?php include("fend.inc"); ?> +</body> +</html> + diff --git a/config/countryblock/settings.tmp b/config/countryblock/settings.tmp new file mode 100644 index 00000000..117ff608 --- /dev/null +++ b/config/countryblock/settings.tmp @@ -0,0 +1,219 @@ +<?php +$pgtitle = "Firewall: Countryblock - Settings"; + // TomSchaefer.org countryblock package 2010 + // + // Notes: Find: ^(.*)$ + // Replace: ob_start();\n$results = exec("cat countries.txt | grep XX");\nob_end_clean();\n\tif ($results == 'XX')\n\t\techo "\1";\n\telse\n\t\techo "\1";\n + // + // + // + // + //require_once('config.inc'); + require("guiconfig.inc"); + include("head.inc"); + + //set the config as a global variable + global $config; + + $global_usage = '/usr/local/www/packages/countryblock/global_usage'; + //$fh = fopen($global_usage, 'r'); + + //phpinfo(); + + +?> + +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> +<?php include("fbegin.inc"); ?> +<p class="pgtitle"><?=$pgtitle?></p> +<?php if ($input_errors) print_input_errors($input_errors); ?> +<?php if ($savemsg) print_info_box($savemsg); ?> +<form method=POST action=""> + +<?php if ($savemsg_cb) print_info_box($savemsg_cb); + //if ($output) print_info_box($output,$output2); + echo($output); + echo($output2); + ?> +<table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr><td class="tabnavtbl"> +<?php + $tab_array = array(); + $tab_array[0] = array("Countries", false, "countryblock.php"); + $tab_array[1] = array("Settings", true, "settings.php"); + $tab_array[2] = array("Whitelist", false, "whitelist.php"); + $tab_array[3] = array("Interfaces", false, "countryblock_if.php"); + $tab_array[4] = array("Help", false, "help.php"); + display_top_tabs($tab_array); +?> + </td></tr> + <tr> + <td> + <div id="mainarea"> + <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td class="listhdrr">Settings</td> + + </tr> + + <tr> + <td class="listlr" valign="middle"> + +<?php + +conf_mount_rw(); + + + + if(isset($_POST['formSubmit'])) + { + $aCountry = $_POST['formCountry']; + + if(isset($_POST['formOutbound'])) + { + $output2 = " and Outbound access is BLOCKED.</b>"; + exec("touch OUTBOUND"); + } + else + { + $output2 = " and Outbound access is ALLOWED.</b>"; + exec("rm OUTBOUND"); + } + + if(isset($_POST['formlogging'])) + { + exec("touch logging"); + } + else + { + exec("rm logging"); + } + + + + + } +conf_mount_ro(); +?> + + + + +</head> + + + +<table width="100%" border="0" cellpadding="0" cellspacing="0"> +<tr> + <td > + + + </form> + + <form action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>" method="post"> + <p> + <?php + $countif = "interfaces.txt"; + if (file_exists($countif)) { + $countif = count(file($countif)); + echo "$countlines"; + } else { + echo "<span style='color:red'>Warning! No Interfaces Selected Click <a href='countryblock_if.php' target='_parent'><img src='../../themes/nervecenter/images/icons/icon_cablenic.gif' ALT='if'></a></span>"; + } + + ?> + </p> + + + <p> + Block outbound? +<?php + + if (file_exists("OUTBOUND")) { + echo "<input name='formOutbound' type='checkbox' value='Yes' checked/>"; + } else { + echo "<input name='formOutbound' type='checkbox' value='Yes'/>"; + } +?> + + <br> + Enable Logging? +<?php + + if (file_exists("logging")) { + echo "<input name='formlogging' type='checkbox' value='Yes' checked/>"; + } else { + echo "<input name='formlogging' type='checkbox' value='Yes'/>"; + } +?> +<br/> + + + + + + + + + </p> + +<br/> + + + +</div> +<?php + //This input guarantees that a POST is sent + echo "<input type='hidden' name='zzz' value='required'>"; +?> + +</td> +</tr> +</table> + </td> + + + </tr> + + +</table> +</div> +<br> +<?php + echo "Current Status = "; + ob_start(); + $results = exec("pfctl -s rules | grep -c countryblock"); + ob_end_clean(); + if ($results > '0') echo "Running"; + else + echo "<span style='color:red'>NOT running</span>"; + + //Get Errors if exists + ob_start(); + $results = exec("tail -r errorOUT.txt"); + ob_end_clean(); + echo "<br/><span style='color:red'>"; + echo $results; + echo "</span>"; + + //Get IP Count + echo "<br>You are blocking "; + ob_start(); + $results = exec("pfctl -T show -t countryblock |grep -v -c Z"); + ob_end_clean(); + echo $results; + echo " Networks"; + ?> + +<br><br> +<input type="submit" name="formSubmit" value="Save" /><br><br> +<p> +</p> +</td> + </tr> +</table> +</form> +<?php include("fend.inc"); ?> +</body> +</html> + |