aboutsummaryrefslogtreecommitdiffstats
path: root/config/pfblockerng/pfblockerng.inc
diff options
context:
space:
mode:
Diffstat (limited to 'config/pfblockerng/pfblockerng.inc')
-rw-r--r--config/pfblockerng/pfblockerng.inc394
1 files changed, 241 insertions, 153 deletions
diff --git a/config/pfblockerng/pfblockerng.inc b/config/pfblockerng/pfblockerng.inc
index d612dbf1..1a1c87a2 100644
--- a/config/pfblockerng/pfblockerng.inc
+++ b/config/pfblockerng/pfblockerng.inc
@@ -3,7 +3,7 @@
pfBlockerNG.inc
pfBlockerNG
- Copyright (C) 2014 BBcan177@gmail.com
+ Copyright (C) 2015 BBcan177@gmail.com
All rights reserved.
part of the Postfix package for pfSense
@@ -48,9 +48,11 @@ require_once("services.inc");
# [ $pfb ] pfBlockerNG Global Array for Paths and Variables. This needs to be called to get the Updated Settings.
function pfb_global() {
-
global $g,$config,$pfb;
+ # Collect pfSense Version
+ $pfb['pfsenseversion'] = substr(trim(file_get_contents("/etc/version")),0,3);
+
# Folders
$pfb['dbdir'] = "{$g['vardb_path']}/pfblockerng";
$pfb['aliasdir'] = "{$g['vardb_path']}/aliastables";
@@ -76,9 +78,7 @@ function pfb_global() {
$pfb['log'] = "{$pfb['logdir']}/pfblockerng.log";
$pfb['supptxt'] = "{$pfb['dbdir']}/pfbsuppression.txt";
$pfb['script'] = 'sh /usr/local/pkg/pfblockerng/pfblockerng.sh';
-
- # Collect pfSense Version
- $pfb['pfsenseversion'] = substr(trim(file_get_contents("/etc/version")),0,3);
+ $pfb['aliasarchive'] = "/usr/pbi/pfblockerng-" . php_uname("m") . "/etc/aliastables.tar.bz2";
# General Variables
$pfb['config'] = $config['installedpackages']['pfblockerng']['config'][0];
@@ -226,8 +226,11 @@ function pfb_create_suppression_file() {
if ($pfb['found']) {
$pfb_suppress = str_replace(" ", "\n", $config['aliases']['alias'][$pfb_id]['address']);
- if (!empty($pfb_suppress))
+ if (!empty($pfb_suppress)) {
@file_put_contents("{$pfb['supptxt']}",$pfb_suppress, LOCK_EX);
+ } else {
+ unlink_if_exists("{$pfb['supptxt']}");
+ }
} else {
# Delete Suppression File if Alias is Empty.
unlink_if_exists("{$pfb['supptxt']}");
@@ -335,6 +338,58 @@ function ip_range_to_subnet_array_temp2($ip1, $ip2) {
}
+// Archive Aliastables for NanoBSD and RAMDisk Installations
+function pfb_aliastables($mode) {
+ global $g,$config,$pfb;
+ $earlyshellcmd = "/usr/local/pkg/pfblockerng/pfblockerng.sh aliastables";
+ $msg = "";
+
+ // Only Execute function if Platform is NanoBSD or Ramdisks are used.
+ if (($g['platform'] != "pfSense") || isset($config['system']['use_mfs_tmpvar'])) {
+ conf_mount_rw();
+ if ($mode == "update") {
+ // Archive Aliastable Folder
+ exec ("cd {$pfb['aliasdir']}; ls -A pfB_*.txt && /usr/bin/tar -jcvf {$pfb['aliasarchive']} pfB_*.txt >/dev/null 2>&1");
+ $msg = "\n\nArchiving Aliastable Folder\n";
+ }
+ elseif ($mode == "conf") {
+ // Check conf file for earlyshellcmd
+ if (is_array($config['system']['earlyshellcmd'])) {
+ $a_earlyshellcmd = &$config['system']['earlyshellcmd'];
+ if (!preg_grep("/pfblockerng.sh aliastables/", $a_earlyshellcmd)) {
+ $a_earlyshellcmd[] = "{$earlyshellcmd}";
+ $msg = "\n** Adding earlyshellcmd **\n";
+ }
+ }
+ else {
+ $config['system']['earlyshellcmd'] = "{$earlyshellcmd}";
+ $msg = "\n** Adding earlyshellcmd **\n";
+ }
+ }
+ conf_mount_ro();
+ }
+ else {
+ if (file_exists("{$pfb['aliasarchive']}")) {
+ // Remove Aliastables archive if found.
+ conf_mount_rw();
+ @unlink_if_exists("{$pfb['aliasarchive']}");
+ conf_mount_ro();
+ }
+ // Remove earlyshellcmd if found.
+ if (is_array($config['system']['earlyshellcmd'])) {
+ $a_earlyshellcmd = &$config['system']['earlyshellcmd'];
+ if (preg_grep("/pfblockerng.sh aliastables/", $a_earlyshellcmd)) {
+ $a_earlyshellcmd = preg_grep("/pfblockerng.sh aliastables/", $a_earlyshellcmd, PREG_GREP_INVERT);
+ $msg = "\n** Removing earlyshellcmd **\n";
+ }
+ }
+ }
+
+ if ($msg != "")
+ pfb_logger("{$msg}","1");
+}
+
+
# Main pfBlockerNG Function
function sync_package_pfblockerng($cron = "") {
@@ -350,22 +405,24 @@ function sync_package_pfblockerng($cron = "") {
}
log_error("[pfBlockerNG] Starting sync process.");
+ // Force Update - Set 'Save' variable when 'No Updates' found.
+ if ($cron == "noupdates") {
+ $pfb['save'] = TRUE;
+ }
+
# Start of pfBlockerNG Logging to 'pfblockerng.log'
if ($pfb['enable'] == "on" && !$pfb['save']) {
$log = " UPDATE PROCESS START [ NOW ]\n";
+ pfb_logger("{$log}","1");
} else {
- $log = "\n**Saving Configuration [ NOW ] ...\n";
+ if ($cron != "noupdates") {
+ $log = "\n**Saving Configuration [ NOW ] ...\n";
+ pfb_logger("{$log}","1");
+ }
}
- pfb_logger("{$log}","1");
-
- # TBC if Required ! (Fetch Timeout in 2.2)
- #apply fetch timeout to pfsense-utils.inc
- $pfsense_utils = file_get_contents('/etc/inc/pfsense-utils.inc');
- $new_pfsense_utils = preg_replace("/\/usr\/bin\/fetch -q/","/usr/bin/fetch -T 5 -q",$pfsense_utils);
- if ($new_pfsense_utils != $pfsense_utils) {
- @file_put_contents('/etc/inc/pfsense-utils.inc',$new_pfsense_utils, LOCK_EX);
- }
+ // Call function for NanoBSD/Ramdisk processes.
+ pfb_aliastables("conf");
# Collect pfSense Max Table Size Entry
$pfb['table_limit'] = ($config['system']['maximumtableentries'] != "" ? $config['system']['maximumtableentries'] : "2000000");
@@ -453,9 +510,9 @@ function sync_package_pfblockerng($cron = "") {
}
- #############################################
- # Configure ARRAYS #
- #############################################
+ #################################
+ # Configure ARRAYS #
+ #################################
$continents = array ( "Africa" => "pfB_Africa",
"Antartica" => "pfB_Antartica",
@@ -514,9 +571,9 @@ function sync_package_pfblockerng($cron = "") {
);
- #############################################
- # Configure Rule Suffix #
- #############################################
+ #########################################
+ # Configure Rule Suffix #
+ #########################################
# Discover if any Rules are AutoRules (If no AutoRules found, $pfb['autorules'] is FALSE, Skip Rules Re-Order )
# To configure Auto Rule Suffix. pfBlockerNG must be disabled to change Suffix and to avoid Duplicate Rules
@@ -586,9 +643,9 @@ function sync_package_pfblockerng($cron = "") {
}
- #############################################
- # Configure INBOUND/OUTBOUND INTERFACES #
- #############################################
+ #########################################################
+ # Configure INBOUND/OUTBOUND INTERFACES #
+ #########################################################
# Collect pfSense Interface Order
$ifaces = get_configured_interface_list();
@@ -652,9 +709,9 @@ function sync_package_pfblockerng($cron = "") {
}
- #############################################
- # Clear Removed Lists from Masterfiles #
- #############################################
+ #################################################
+ # Clear Removed Lists from Masterfiles #
+ #################################################
# Process to keep Masterfiles in Sync with Valid Lists from config.conf file.
$pfb['sync_master'] = TRUE;
@@ -878,9 +935,9 @@ function sync_package_pfblockerng($cron = "") {
}
}
- ##############################################
- # Clear Match/Pass/ET/Original Files/Folders #
- ##############################################
+ #########################################################
+ # Clear Match/Pass/ET/Original Files/Folders #
+ #########################################################
# When pfBlockerNG is Disabled and 'Keep Blocklists' is Disabled.
if ($pfb['enable'] == "" && $pfb['keep'] == "" && !$pfb['install']) {
@@ -899,17 +956,17 @@ function sync_package_pfblockerng($cron = "") {
}
- #############################################
- # Create Suppression Txt File #
- #############################################
+ #########################################
+ # Create Suppression Txt File #
+ #########################################
if ($pfb['enable'] == "on" && $pfb['supp'] == "on")
pfb_create_suppression_file();
- #############################################
- # Assign Countries #
- #############################################
+ #################################
+ # Assign Countries #
+ #################################
foreach ($continents as $continent => $pfb_alias) {
if (is_array($config['installedpackages']['pfblockerng' . strtolower(preg_replace('/ /','',$continent))]['config'])) {
@@ -1135,9 +1192,9 @@ function sync_package_pfblockerng($cron = "") {
# UNSET variables
unset ($continent, $continent_existing, $continent_new);
- #############################################
- # Download and Collect IPv4/IPv6 lists #
- #############################################
+ #################################################
+ # Download and Collect IPv4/IPv6 lists #
+ #################################################
# IPv4 REGEX Definitions
$pfb['range'] = '/((?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))-((?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))/';
@@ -1148,21 +1205,25 @@ function sync_package_pfblockerng($cron = "") {
# IPv4 preg_replace Regex Filter array
$pfb_ipreg = array();
- $pfb_ipreg[0] = '/\b0+(?=\d)/'; # Remove any Leading Zeros in each Octet
- $pfb_ipreg[1] = '/\s/'; # Remove any Whitespaces
- $pfb_ipreg[2] = '/127\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/'; # Remove any Loopback Addresses 127/8
- $pfb_ipreg[3] = '/0\.0\.0\.0/'; # Remove 0.0.0.0
+ $pfb_ipreg[0] = '/\b0+(?=\d)/'; # Remove any Leading Zeros in each Octet
+ $pfb_ipreg[1] = '/\s/'; # Remove any Whitespaces
+ $pfb_ipreg[2] = '/127\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/'; # Remove any Loopback Addresses 127/8
+ $pfb_ipreg[3] = '/0\.0\.0\.0\/32/'; # Remove 0.0.0.0/32
+ $pfb_ipreg[4] = '/0\.0\.0\.0/'; # Remove 0.0.0.0
# IPv6 REGEX Definitions -- ** Still Needs some Adjustment on Regex Definition for IPv6 **
# https://mebsd.com/coding-snipits/php-regex-ipv6-with-preg_match.html
$pattern1 = '([A-Fa-f0-9]{1,4}:){7}[A-Fa-f0-9]{1,4}';
- $pattern2 = '([A-Fa-f0-9]{1,4}::([A-Fa-f0-9]{1,4}:){0,5}[A-Fa-f0-9]{1,4}';
+ $pattern2 = '[A-Fa-f0-9]{1,4}::([A-Fa-f0-9]{1,4}:){0,5}[A-Fa-f0-9]{1,4}';
$pattern3 = '([A-Fa-f0-9]{1,4}:){2}:([A-Fa-f0-9]{1,4}:){0,4}[A-Fa-f0-9]{1,4}';
$pattern4 = '([A-Fa-f0-9]{1,4}:){3}:([A-Fa-f0-9]{1,4}:){0,3}[A-Fa-f0-9]{1,4}';
$pattern5 = '([A-Fa-f0-9]{1,4}:){4}:([A-Fa-f0-9]{1,4}:){0,2}[A-Fa-f0-9]{1,4}';
$pattern6 = '([A-Fa-f0-9]{1,4}:){5}:([A-Fa-f0-9]{1,4}:){0,1}[A-Fa-f0-9]{1,4}';
$pattern7 = '([A-Fa-f0-9]{1,4}:){6}:[A-Fa-f0-9]{1,4}';
- $pfb['ipv6'] = "/^($pattern1)$|^($pattern2)$|^($pattern3)$|^($pattern4)$|^($pattern5)$|^($pattern6)$|^($pattern7)$/";
+ $pattern8 = '[A-Fa-f0-9]{1,4}:[A-Fa-f0-9]{1,4}:[A-Fa-f0-9]{1,4}::\/[0-9]{2}';
+ $pattern9 = '[A-Fa-f0-9]{1,4}:([A-Fa-f0-9]{1,4}::)\/[0-9]{2}';
+ $pattern10 = '[A-Fa-f0-9]{1,4}::\/[0-9]{2}';
+ $pfb['ipv6'] = "/($pattern1)|($pattern2)|($pattern3)|($pattern4)|($pattern5)|($pattern6)|($pattern7)|($pattern8)|($pattern9)|($pattern10)/";
$pfb['supp_update'] = FALSE;
$list_type = array ("pfblockernglistsv4" => "_v4", "pfblockernglistsv6" => "_v6");
@@ -1222,7 +1283,7 @@ function sync_package_pfblockerng($cron = "") {
$host = @parse_url($row['url']);
$list_url = "{$row['url']}";
if ($row['format'] != "rsync" || $row['format'] != "html") {
- if ($host['host'] == "127.0.0.1" || $host['host'] == $pfb['iplocal'] || empty($host['host'])) {
+ if ($host['host'] == "127.0.0.1" || $host['host'] == $pfb['iplocal'] || empty($host['host'])) {
$remote_tds = "local";
} else {
$remote_tds = @implode(preg_grep("/Last-Modified/", get_headers($list_url)));
@@ -1374,12 +1435,14 @@ function sync_package_pfblockerng($cron = "") {
if (!empty($url_list)) {
if ($row['format'] == "gz" && $vtype == "_v4") {
foreach ($url_list as $line) {
- # Network range 192.168.0.0-192.168.0.254
- if (preg_match($pfb['range'],$line,$matches)) {
- $a_cidr = ip_range_to_subnet_array_temp2($matches[1],$matches[2]);
- if (!empty($a_cidr)) {
- foreach ($a_cidr as $cidr) {
- $new_file .= preg_replace($pfb_ipreg,'',$cidr) . "\n";
+ if (!preg_match("/^#/", $line)) {
+ # Network range 192.168.0.0-192.168.0.254
+ if (preg_match($pfb['range'],$line,$matches)) {
+ $a_cidr = ip_range_to_subnet_array_temp2($matches[1],$matches[2]);
+ if (!empty($a_cidr)) {
+ foreach ($a_cidr as $cidr) {
+ $new_file .= preg_replace($pfb_ipreg,'',$cidr) . "\n";
+ }
}
}
}
@@ -1388,44 +1451,52 @@ function sync_package_pfblockerng($cron = "") {
elseif ($row['format'] == "block" && $vtype == "_v4") {
foreach ($url_list as $line) {
- # Block Type '218.77.79.0 218.77.79.255 24'
- if (preg_match($pfb['block'],$line,$matches)) {
- $new_file .= preg_replace($pfb_ipreg, '',$matches[0]) . "/24\n";
+ if (!preg_match("/^#/", $line)) {
+ # Block Type '218.77.79.0 218.77.79.255 24'
+ if (preg_match($pfb['block'],$line,$matches)) {
+ $new_file .= preg_replace($pfb_ipreg, '',$matches[0]) . "/24\n";
+ }
}
}
}
elseif ($row['format'] == "html" && $vtype == "_v4") {
foreach ($url_list as $line) {
- # CIDR format 192.168.0.0/16
- if (preg_match($pfb['cidr'],$line,$matches)) {
- $new_file .= preg_replace($pfb_ipreg, '',$matches[0]) . "\n";
- }
- # Single ip addresses
- elseif (preg_match($pfb['s_html'],$line,$matches)) {
- $new_file .= preg_replace($pfb_ipreg, '',$matches[0]) . "\n";
+ if (!preg_match("/^#/", $line)) {
+ # CIDR format 192.168.0.0/16
+ if (preg_match($pfb['cidr'],$line,$matches)) {
+ $new_file .= preg_replace($pfb_ipreg, '',$matches[0]) . "\n";
+ }
+ # Single ip addresses
+ elseif (preg_match($pfb['s_html'],$line,$matches)) {
+ $new_file .= preg_replace($pfb_ipreg, '',$matches[0]) . "\n";
+ }
}
}
}
elseif ($vtype == "_v6") {
foreach ($url_list as $line) {
- # IPv6 Regex Match
- if (preg_match($pfb['ipv6'],$line,$matches)) {
- $new_file .= preg_replace($pfb_ipreg, '',$matches[0]) . "\n";
+ if (!preg_match("/^#/", $line)) {
+ # IPv6 Regex Match
+ if (preg_match($pfb['ipv6'],$line,$matches)) {
+ $new_file .= preg_replace($pfb_ipreg, '',$matches[0]) . "\n";
+ }
}
}
}
else {
foreach ($url_list as $line) {
- # CIDR format 192.168.0.0/16
- if (preg_match($pfb['cidr'],$line,$matches)) {
- $new_file .= preg_replace($pfb_ipreg, '',$matches[0]) . "\n";
- }
- # Single ip addresses
- elseif (preg_match($pfb['single'],$line,$matches)) {
- $new_file .= preg_replace($pfb_ipreg, '',$matches[0]) . "\n";
+ if (!preg_match("/^#/", $line)) {
+ # CIDR format 192.168.0.0/16
+ if (preg_match($pfb['cidr'],$line,$matches)) {
+ $new_file .= preg_replace($pfb_ipreg, '',$matches[0]) . "\n";
+ }
+ # Single ip addresses
+ elseif (preg_match($pfb['single'],$line,$matches)) {
+ $new_file .= preg_replace($pfb_ipreg, '',$matches[0]) . "\n";
+ }
}
}
}
@@ -1502,7 +1573,7 @@ function sync_package_pfblockerng($cron = "") {
$ip2 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", "\"^$1\.$2\.$3\.\"", $ip);
# Only Perform these Checks if they are not "localfiles"
- if ($host['host'] == "127.0.0.1" || $host['host'] == $pfb['iplocal'] || empty($host['host'])) {
+ if ($host['host'] == "127.0.0.1" || $host['host'] == $pfb['iplocal'] || empty($host['host'])) {
$log = " [ {$alias} {$header_url} ] Local File Failure \n";
pfb_logger("{$log}","2");
} else {
@@ -1638,9 +1709,9 @@ function sync_package_pfblockerng($cron = "") {
}
- #############################################
- # REPUTATION PROCESSES #
- #############################################
+ #################################
+ # REPUTATION PROCESSES #
+ #################################
# IP Reputation processes (pdup and ddup)
if ($pfb['pdup'] == "on" && $pfb['dupcheck'] && !$pfb['save'] && $pfb['enable'] == "on") {
@@ -1652,9 +1723,9 @@ function sync_package_pfblockerng($cron = "") {
exec ("{$pfb['script']} dedup x {$pfb['dmax']} {$pfb['dedup']} {$pfb['ccexclude']} {$pfb['ccwhite']} {$pfb['ccblack']} >> {$pfb['log']} 2>&1");
}
- #############################################
- # CONFIGURE ALIASES #
- #############################################
+ #################################
+ # CONFIGURE ALIASES #
+ #################################
$list_type = array ("pfblockernglistsv4" => "_v4", "pfblockernglistsv6" => "_v6");
foreach ($list_type as $ip_type => $vtype) {
@@ -1863,9 +1934,9 @@ function sync_package_pfblockerng($cron = "") {
${$alias} = "";
- #############################################
- # UPDATE PfSENSE ALIAS TABLES #
- #############################################
+ #########################################
+ # UPDATE pfSense ALIAS TABLES #
+ #########################################
#update pfsense alias table
if (is_array($config['aliases']['alias'])) {
@@ -1902,9 +1973,9 @@ function sync_package_pfblockerng($cron = "") {
unset($new_aliases, $cbalias);
- #############################################
- # Assign rules #
- #############################################
+ #########################
+ # Assign Rules #
+ #########################
# Only Execute if AutoRules are defined or if an Alias has been removed.
if ($pfb['autorules'] || $pfb['enable'] == "" || $pfb['remove']) {
@@ -2170,50 +2241,10 @@ function sync_package_pfblockerng($cron = "") {
unset ($other_rules,$fother_rules,$permit_rules,$fpermit_rules,$match_rules,$fmatch_rules);
}
- #############################################
- # Define/Apply CRON Jobs #
- #############################################
- # Clear any existing pfBlockerNG Cron Jobs
- install_cron_job("pfblockerng.php cron", false);
-
- # Replace Cron job with any User Changes to $pfb_min
- if ($pfb['enable'] == "on") {
- # Define pfBlockerNG CRON Job
- $pfb_cmd = "/usr/local/bin/php /usr/local/www/pfblockerng/pfblockerng.php cron >> {$pfb['log']} 2>&1";
- # $pfb['min'] ( User Defined Variable. Variable defined at start of Script )
- $pfb_hour = "*";
- $pfb_mday = "*";
- $pfb_month = "*";
- $pfb_wday = "*";
- $pfb_who = "root";
-
- install_cron_job($pfb_cmd, true, $pfb['min'], $pfb_hour, $pfb_mday, $pfb_month, $pfb_wday, $pfb_who);
- }
-
- # Clear any existing pfBlockerNG MaxMind CRON Job
- install_cron_job("pfblockerng.php dc", false);
-
- if ($pfb['enable'] == "on") {
- # Define pfBlockerNG MaxMind CRON Job
- $pfb_gcmd = "/usr/local/bin/php /usr/local/www/pfblockerng/pfblockerng.php dc >> {$pfb['geolog']} 2>&1";
-
- # MaxMind GeoIP Cron Hour is randomized between 0-23 Hour to minimize effect on MaxMind Website
-
- $pfb_gmin = "0";
- $pfb_ghour = rand(0,23);
- $pfb_gmday = "1,2,3,4,5,6,7";
- $pfb_gmonth = "*";
- $pfb_gwday = "2";
- $pfb_gwho = "root";
-
- install_cron_job($pfb_gcmd, true, $pfb_gmin, $pfb_ghour, $pfb_gmday, $pfb_gmonth, $pfb_gwday, $pfb_gwho);
- }
-
-
- #############################################
- # Closing Processes #
- #############################################
+ #################################
+ # Closing Processes #
+ #################################
#uncheck Reusing Existing Downloads Check box
if (!$pfb['save'] && $pfb['enable'] == "on")
@@ -2226,11 +2257,13 @@ function sync_package_pfblockerng($cron = "") {
if ($pfb['autorules'] && $rules != $new_rules || $pfb['enable'] == "" || $pfb['remove']) {
require_once("filter.inc");
- $log = "\n===[ Aliastables / Rules ]================================\n\n";
- pfb_logger("{$log}","1");
+ if (!$pfb['save']) {
+ $log = "\n===[ Aliastables / Rules ]================================\n\n";
+ pfb_logger("{$log}","1");
- $log = "Firewall Rule Changes Found, Applying Filter Reload \n";
- pfb_logger("{$log}","1");
+ $log = "Firewall Rule Changes Found, Applying Filter Reload \n";
+ pfb_logger("{$log}","1");
+ }
# Remove all pfBlockerNG Alias tables
if (!empty($aliases_list)) {
@@ -2241,6 +2274,9 @@ function sync_package_pfblockerng($cron = "") {
#load filter file which will create the pfctl tables
filter_configure();
+
+ // Call function for NanoBSD/Ramdisk processes.
+ pfb_aliastables("update");
} else {
# Don't Execute on User 'Save'
if (!$pfb['save']) {
@@ -2271,8 +2307,11 @@ function sync_package_pfblockerng($cron = "") {
$log = implode($result_pfctl);
pfb_logger("{$log}","1");
}
+
+ // Call function for NanoBSD/Ramdisk processes.
+ pfb_aliastables("update");
} else {
- $log = "\n No Changes to Aliases, Skipping pfctl Update \n";
+ $log = "\nNo Changes to Aliases, Skipping pfctl Update \n";
pfb_logger("{$log}","1");
}
}
@@ -2283,9 +2322,9 @@ function sync_package_pfblockerng($cron = "") {
#sync config
pfblockerng_sync_on_changes();
- #############################################
- # FINAL REPORTING #
- #############################################
+ #################################
+ # FINAL REPORTING #
+ #################################
# Only run with CRON or Force Invoked Process
if ((!$pfb['save'] && $pfb['dupcheck'] && $pfb['enable'] == "on") || $pfb['summary']) {
@@ -2297,6 +2336,47 @@ function sync_package_pfblockerng($cron = "") {
$log = "\n\n UPDATE PROCESS ENDED [ NOW ]\n";
pfb_logger("{$log}","1");
}
+
+
+ #########################################
+ # Define/Apply CRON Jobs #
+ #########################################
+
+ # Clear any existing pfBlockerNG Cron Jobs
+ install_cron_job("pfblockerng.php cron", false);
+
+ # Replace Cron job with any User Changes to $pfb_min
+ if ($pfb['enable'] == "on") {
+ # Define pfBlockerNG CRON Job
+ $pfb_cmd = "/usr/local/bin/php /usr/local/www/pfblockerng/pfblockerng.php cron >> {$pfb['log']} 2>&1";
+ # $pfb['min'] ( User Defined Variable. Variable defined at start of Script )
+ $pfb_hour = "*";
+ $pfb_mday = "*";
+ $pfb_month = "*";
+ $pfb_wday = "*";
+ $pfb_who = "root";
+
+ install_cron_job($pfb_cmd, true, $pfb['min'], $pfb_hour, $pfb_mday, $pfb_month, $pfb_wday, $pfb_who);
+ }
+
+ # Clear any existing pfBlockerNG MaxMind CRON Job
+ install_cron_job("pfblockerng.php dc", false);
+
+ if ($pfb['enable'] == "on") {
+ # Define pfBlockerNG MaxMind CRON Job
+ $pfb_gcmd = "/usr/local/bin/php /usr/local/www/pfblockerng/pfblockerng.php dc >> {$pfb['geolog']} 2>&1";
+
+ # MaxMind GeoIP Cron Hour is randomized between 0-23 Hour to minimize effect on MaxMind Website
+
+ $pfb_gmin = "0";
+ $pfb_ghour = rand(0,23);
+ $pfb_gmday = "1,2,3,4,5,6,7";
+ $pfb_gmonth = "*";
+ $pfb_gwday = "2";
+ $pfb_gwho = "root";
+
+ install_cron_job($pfb_gcmd, true, $pfb_gmin, $pfb_ghour, $pfb_gmday, $pfb_gmonth, $pfb_gwday, $pfb_gwho);
+ }
}
@@ -2335,15 +2415,13 @@ function pfblockerng_php_install_command() {
@rmdir_recursive("{$pfb['dbdir']}/cc");
# Uncompress Country Code File and delete Archive after extraction.
- exec("cd /{$pfb['ccdir']}; /usr/bin/tar -jxvf {$pfb['ccdir']}/countrycodes.tar.bz2");
+ @rename("{$pfb['dbdir']}/countrycodes.tar.bz2", "{$pfb['ccdir']}/countrycodes.tar.bz2");
+ exec("cd {$pfb['ccdir']}; /usr/bin/tar -jxvf {$pfb['ccdir']}/countrycodes.tar.bz2");
unlink_if_exists("{$pfb['ccdir']}/countrycodes.tar.bz2");
# Download MaxMind Files and Create Country Code files and Build Continent XML Files
update_output_window(gettext("Downloading MaxMind Country Databases. This may take a minute..."));
exec("/bin/sh /usr/local/pkg/pfblockerng/geoipupdate.sh all >> {$pfb['geolog']} 2>&1");
- @rename("{$pfb['dbdir']}/GeoIP.dat", "{$pfb['ccdir']}/GeoIP.dat");
- @rename("{$pfb['dbdir']}/GeoIPv6.dat", "{$pfb['ccdir']}/GeoIPv6.dat");
-
update_output_window(gettext("MaxMind Country Database downloads completed..."));
update_output_window(gettext("Converting MaxMind Country Databases for pfBlockerNG. This may take a few minutes..."));
pfblockerng_uc_countries();
@@ -2392,6 +2470,15 @@ function pfblockerng_php_deinstall_command() {
rmdir_recursive("{$pfb['dbdir']}");
rmdir_recursive("{$pfb['logdir']}");
+ // Remove Aliastables archive and earlyshellcmd if found.
+ @unlink_if_exists("{$pfb['aliasarchive']}");
+ if (is_array($config['system']['earlyshellcmd'])) {
+ $a_earlyshellcmd = &$config['system']['earlyshellcmd'];
+ if (preg_grep("/pfblockerng.sh aliastables/", $a_earlyshellcmd)) {
+ $a_earlyshellcmd = preg_grep("/pfblockerng.sh aliastables/", $a_earlyshellcmd, PREG_GREP_INVERT);
+ }
+ }
+
# Remove Settings from Config
if (is_array($config['installedpackages']['pfblockerng']))
unset($config['installedpackages']['pfblockerng']);
@@ -2564,18 +2651,19 @@ function pfblockerng_do_xmlrpc_sync($sync_to_ip, $port, $protocol, $username, $p
$xml = array();
// If User Disabled, remove 'General Tab Customizations' from Sync
if ($config['installedpackages']['pfblockerngsync']['config'][0]['syncinterfaces'] == "")
- $xml['pfblockerng'] = $config['installedpackages']['pfblockerng'];
- $xml['pfblockerngreputation'] = $config['installedpackages']['pfblockerngreputation'];
- $xml['pfblockernglistsv4'] = $config['installedpackages']['pfblockernglistsv4'];
- $xml['pfblockernglistsv6'] = $config['installedpackages']['pfblockernglistsv6'];
- $xml['pfblockerngtopspammers'] = $config['installedpackages']['pfblockerngtopspammers'];
- $xml['pfblockerngafrica'] = $config['installedpackages']['pfblockerngafrica'];
- $xml['pfblockerngantartica'] = $config['installedpackages']['pfblockerngantartica'];
- $xml['pfblockerngasia'] = $config['installedpackages']['pfblockerngasia'];
- $xml['pfblockerngeurope'] = $config['installedpackages']['pfblockerngeurope'];
- $xml['pfblockerngnorthamerica'] = $config['installedpackages']['pfblockerngnorthamerica'];
- $xml['pfblockerngoceania'] = $config['installedpackages']['pfblockerngoceania'];
- $xml['pfblockerngsouthamerica'] = $config['installedpackages']['pfblockerngsouthamerica'];
+ $xml['pfblockerng'] = $config['installedpackages']['pfblockerng'];
+ $xml['pfblockerngreputation'] = $config['installedpackages']['pfblockerngreputation'];
+ $xml['pfblockernglistsv4'] = $config['installedpackages']['pfblockernglistsv4'];
+ $xml['pfblockernglistsv6'] = $config['installedpackages']['pfblockernglistsv6'];
+ $xml['pfblockerngtopspammers'] = $config['installedpackages']['pfblockerngtopspammers'];
+ $xml['pfblockerngafrica'] = $config['installedpackages']['pfblockerngafrica'];
+ $xml['pfblockerngantartica'] = $config['installedpackages']['pfblockerngantartica'];
+ $xml['pfblockerngasia'] = $config['installedpackages']['pfblockerngasia'];
+ $xml['pfblockerngeurope'] = $config['installedpackages']['pfblockerngeurope'];
+ $xml['pfblockerngnorthamerica'] = $config['installedpackages']['pfblockerngnorthamerica'];
+ $xml['pfblockerngoceania'] = $config['installedpackages']['pfblockerngoceania'];
+ $xml['pfblockerngsouthamerica'] = $config['installedpackages']['pfblockerngsouthamerica'];
+ $xml['pfblockerngproxyandsatellite'] = $config['installedpackages']['pfblockerngproxyandsatellite'];
/* assemble xmlrpc payload */
$params = array(
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-12 10:58:14 +0000