aboutsummaryrefslogtreecommitdiffstats
path: root/config/pf-blocker
diff options
context:
space:
mode:
Diffstat (limited to 'config/pf-blocker')
-rw-r--r--config/pf-blocker/pfBlocker.widget.php40
-rwxr-xr-xconfig/pf-blocker/pfblocker.inc53
-rw-r--r--config/pf-blocker/pfblocker.php43
-rwxr-xr-xconfig/pf-blocker/pfblocker_lists.xml4
4 files changed, 109 insertions, 31 deletions
diff --git a/config/pf-blocker/pfBlocker.widget.php b/config/pf-blocker/pfBlocker.widget.php
index 53b39ad9..239bfb49 100644
--- a/config/pf-blocker/pfBlocker.widget.php
+++ b/config/pf-blocker/pfBlocker.widget.php
@@ -28,7 +28,7 @@
@require_once("guiconfig.inc");
@require_once("pfsense-utils.inc");
@require_once("functions.inc");
-
+?><div id='pfBlocker'><?php
echo "<table style=\"padding-top:0px; padding-bottom:0px; padding-left:0px; padding-right:0px\" width=\"100%\" border=\"0\" cellpadding=\"0\"
cellspacing=\"0\"";
echo" <tr>";
@@ -47,6 +47,16 @@ foreach ($config['aliases']['alias'] as $cbalias){
}
}
}
+
+#check rule count
+#(label, evaluations,packets total, bytes total, packets in, bytes in,packets out, bytes out)
+$packets=exec("/sbin/pfctl -s labels",$debug);
+foreach ($debug as $line){
+ #USER_RULE: pfBlocker Outbound rule 1656 0 0 0 0 0 0
+ if (preg_match("/USER_RULE: (\w+).*\s+\d+\s+(\d+)\s+\d+\s+\d+\s+\d+\s+\d+\s+\d+/",$line,$matches))
+ ${$matches[1]}+=$matches[2];
+}
+
$rules=$config['filter']['rule'];
#echo "<pre>";
foreach($rules as $rule){
@@ -61,14 +71,34 @@ print "<pre>";
#exit;
print "<td class=\"listlr\"><strong>Alias</strong></td>";
print "<td class=\"listlr\"><strong>CIDRs</strong></td>";
+ print "<td class=\"listlr\"><strong>Packets</strong></td>";
print "<td class=\"listlr\"><strong>Status</strong></td></tr>";
-
-
foreach ($pfb_table as $alias => $values){
print "<td class=\"listlr\">".$alias ."</td>";
print "<td class=\"listlr\">".$values["count"]."</td>";
+ print "<td class=\"listlr\">".${$alias}."</td>";
print "<td class=\"listlr\">".$values["img"]."</td></tr>";
}
echo" </tr>";
-echo"</table>";
-?> \ No newline at end of file
+echo"</table></div>";
+?>
+<script type="text/javascript">
+ function getstatus_pfblocker() {
+ scroll(0,0);
+ var url = "/widgets/widgets/pfBlocker.widget.php";
+ var pars = 'getupdatestatus=yes';
+ var myAjax = new Ajax.Request(
+ url,
+ {
+ method: 'get',
+ parameters: pars,
+ onComplete: activitycallback_pfblocker
+ });
+ //I know it's ugly but works.
+ setTimeout('getstatus_pfblocker()', 10000);
+ }
+ function activitycallback_pfblocker(transport) {
+ $('pfBlocker').innerHTML = transport.responseText;
+ }
+ getstatus_pfblocker();
+</script> \ No newline at end of file
diff --git a/config/pf-blocker/pfblocker.inc b/config/pf-blocker/pfblocker.inc
index 53bf9366..c0ea4982 100755
--- a/config/pf-blocker/pfblocker.inc
+++ b/config/pf-blocker/pfblocker.inc
@@ -34,6 +34,7 @@ require_once("functions.inc");
require_once("pkg-utils.inc");
require_once("globals.inc");
require_once("filter.inc");
+require_once("services.inc");
function pfb_text_area_decode($text){
return preg_replace('/\r\n/', "\n",base64_decode($text));
@@ -169,7 +170,7 @@ function sync_package_pfblocker() {
case "Deny_Outbound":
$rule = $base_rule;
$rule["type"] = $deny_action_outbound;
- $rule["descr"]= "pfBlocker Outbound rule";
+ $rule["descr"]= "$pfb_alias auto rule";
$rule["source"]=array("any"=>"");
$rule["destination"]= array("address"=> $pfb_alias);
if ($pfblocker_config['enable_log'])
@@ -179,7 +180,7 @@ function sync_package_pfblocker() {
case "Deny_Inbound":
$rule = $base_rule;
$rule["type"] = $deny_action_inbound;
- $rule["descr"]= "pfBlocker Inbound rule";
+ $rule["descr"]= "$pfb_alias auto rule";
$rule["source"]= array("address"=> $pfb_alias);
$rule["destination"]=array("any"=>"");
if ($pfblocker_config['enable_log'])
@@ -189,7 +190,7 @@ function sync_package_pfblocker() {
case "Permit_Outbound":
$rule = $base_rule;
$rule["type"] = "pass";
- $rule["descr"]= "pfBlocker Outbound rule";
+ $rule["descr"]= "$pfb_alias auto rule";
$rule["source"]=array("any"=>"");
$rule["destination"]= array("address"=> $pfb_alias);
if ($pfblocker_config['enable_log'])
@@ -199,7 +200,7 @@ function sync_package_pfblocker() {
case "Permit_Inbound":
$rule = $base_rule;
$rule["type"] = "pass";
- $rule["descr"]= "pfBlocker Inbound rule";
+ $rule["descr"]= "$pfb_alias auto rule";
$rule["source"]= array("address"=> $pfb_alias);
$rule["destination"]=array("any"=>"");
if ($pfblocker_config['enable_log'])
@@ -291,7 +292,7 @@ function sync_package_pfblocker() {
case "Deny_Outbound":
$rule = $base_rule;
$rule["type"] = $deny_action_outbound;
- $rule["descr"]= "pfBlocker Outbound rule";
+ $rule["descr"]= "$alias auto rule";
$rule["source"]=array("any"=>"");
$rule["destination"]= array("address"=> $alias);
if ($pfblocker_config['enable_log'])
@@ -301,7 +302,7 @@ function sync_package_pfblocker() {
case "Deny_Inbound":
$rule = $base_rule;
$rule["type"] = $deny_action_inbound;
- $rule["descr"]= "pfBlocker Inbound rule";
+ $rule["descr"]= "$alias auto rule";
$rule["source"]= array("address"=> $alias);
$rule["destination"]=array("any"=>"");
if ($pfblocker_config['enable_log'])
@@ -311,7 +312,7 @@ function sync_package_pfblocker() {
case "Permit_Outbound":
$rule = $base_rule;
$rule["type"] = "pass";
- $rule["descr"]= "pfBlocker Outbound rule";
+ $rule["descr"]= "$alias auto rule";
$rule["source"]=array("any"=>"");
$rule["destination"]= array("address"=> $alias);
if ($pfblocker_config['enable_log'])
@@ -321,7 +322,7 @@ function sync_package_pfblocker() {
case "Permit_Inbound":
$rule = $base_rule;
$rule["type"] = "pass";
- $rule["descr"]= "pfBlocker Inbound rule";
+ $rule["descr"]= "$alias auto rule";
$rule["source"]= array("address"=> $alias);
$rule["destination"]=array("any"=>"");
if ($pfblocker_config['enable_log'])
@@ -440,10 +441,29 @@ function sync_package_pfblocker() {
}
$config['filter']['rule']=$new_rules;
}
-
+
if ($message == ""){
- #save and apply all changes
-
+ #check cron
+ $cron_found=0;
+ if (is_array($config['cron']['item'])){
+ $new_cron=array();
+ foreach($config['cron']['item'] as $cron){
+ if ($cron["command"] == "/usr/local/www/pfblocker.php cron")
+ $cron_found=1;
+ $new_cron['item'][]=$cron;
+ }
+ if ($cron_found == 0){
+ $new_cron['item'][]=array( "minute" => "0",
+ "hour" => "*",
+ "mday" => "*",
+ "month" => "*",
+ "wday" => "*",
+ "who" => "root",
+ "command"=> "/usr/local/www/pfblocker.php cron");
+ $config['cron']=$new_cron;
+ }
+ }
+
# to be removed in final version
$aliases_list[]="pfBlockerInbound"; #remove previous version lists
$aliases_list[]="pfBlockerOutbound";#remove previous version lists
@@ -452,11 +472,15 @@ function sync_package_pfblocker() {
#update pfctrl tables
foreach ($aliases_list as $table)
exec("/sbin/pfctl -t " . escapeshellarg($table) . " -T kill 2>&1", $result_pfb);
-
+
#write config
write_config();
- #load filter file after editing
+ #update cron
+ if ($cron_found == 0)
+ configure_cron();
+
+ #load filter file after editing
filter_configure();
#sync config
@@ -471,11 +495,10 @@ function sync_package_pfblocker() {
}
function pfblocker_validate_input($post, &$input_errors) {
+ global $config;
foreach ($post as $key => $value) {
if (empty($value))
continue;
- if($key == "greet_time" && !preg_match("/(\d+),(\d+)(s|m|h|w)/",$value))
- $input_errors[] = "Wrong greet time sintax.";
if($key == "message_size_limit" && !is_numeric($value))
$input_errors[] = "Message size limit must be numeric.";
if($key == "process_limit" && !is_numeric($value))
diff --git a/config/pf-blocker/pfblocker.php b/config/pf-blocker/pfblocker.php
index d6803b49..e6fcd75e 100644
--- a/config/pf-blocker/pfblocker.php
+++ b/config/pf-blocker/pfblocker.php
@@ -12,16 +12,41 @@ if (preg_match("/(\w+)/",$_REQUEST['pfb'],$matches))
get_networks($matches[1]);
#}
-if ($argv[1]=='cron' && preg_match("/\d+/",$argv[2],$matches)){
- #require_once("/etc/inc/util.inc");
- #require_once("/etc/inc/functions.inc");
- #require_once("/etc/inc/etpkg-utils.inc");
- #require_once("/etc/inc/globals.inc");
- #require_once("/etc/inc/filter.inc");
+if ($argv[1]=='cron'){
+ require_once("/etc/inc/util.inc");
+ require_once("/etc/inc/functions.inc");
+ require_once("/etc/inc/pkg-utils.inc");
+ require_once("/etc/inc/globals.inc");
+ require_once("/etc/inc/filter.inc");
+ $hour=date('H');
+ $pfbdir='/usr/local/pkg/pfblocker';
+ $updates=0;
+ $cron=array('01hour' => 1,
+ '04hours' => 4,
+ '12hours' => 12,
+ 'EveryDay' => 23);
+
+ if($config['installedpackages']['pfblockerlists']['config'] != "")
+ foreach($config['installedpackages']['pfblockerlists']['config'] as $list){
+ if (is_array($list['row']))
+ foreach ($list['row'] as $row){
+ if ($row['url'] != "" && $hour > 0 ){
+ $md5_url = md5($row['url']);
+ $update_hour=(array_key_exists($list['cron'], $cron)?$cron[$list['cron']]:25);
+ if($row['url'] && ($hour%$update_hour == 0)){
+ print $update_hour." ".$pfbdir.'/'.$md5_url.'.txt'."\n";
+ unlink_if_exists($pfbdir.'/'.$md5_url.'.txt');
+ $updates++;
+ }
+ }
+ }
+ }
+
+ if ($updates > 0){
include "/usr/local/pkg/pfblocker.inc";
- print "id".$argv[2];
- sync_package_pfblocker($argv[2]);
- }
+ sync_package_pfblocker();
+ }
+ }
function pfblocker_get_countries(){
$files= array ( "Africa" => "/usr/local/pkg/Africa_cidr.txt",
diff --git a/config/pf-blocker/pfblocker_lists.xml b/config/pf-blocker/pfblocker_lists.xml
index 08574783..0d327165 100755
--- a/config/pf-blocker/pfblocker_lists.xml
+++ b/config/pf-blocker/pfblocker_lists.xml
@@ -201,10 +201,10 @@
<type>select</type>
<options>
<option><name>Never</name><value>Never</value></option>
+ <option><name>Every Hours</name><value>01hour</value></option>
<option><name>Every 4 Hours</name><value>04hours</value></option>
<option><name>Every 12 Hours</name><value>12hours</value></option>
- <option><name>Once a day</name><value>Day</value></option>
- <option><name>Once a week</name><value>Week</value></option>
+ <option><name>Once a day</name><value>EveryDay</value></option>
</options>
</field>
<field>