diff options
Diffstat (limited to 'config/pfblockerng/pfblockerng.php')
-rw-r--r-- | config/pfblockerng/pfblockerng.php | 1578 |
1 files changed, 1578 insertions, 0 deletions
diff --git a/config/pfblockerng/pfblockerng.php b/config/pfblockerng/pfblockerng.php new file mode 100644 index 00000000..79f6c108 --- /dev/null +++ b/config/pfblockerng/pfblockerng.php @@ -0,0 +1,1578 @@ +<?php +/* + pfBlockerNG.php + + pfBlockerNG + Copyright (C) 2014 BBcan177@gmail.com + All rights reserved. + + Based upon pfBlocker by + Copyright (C) 2011-2012 Marcello Coutinho + All rights reserved. + + Hour Schedule Convertor code by + Snort Package + Copyright (c) 2014 Bill Meeks + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + +*/ + +require_once("util.inc"); +require_once("functions.inc"); +require_once("pkg-utils.inc"); +require_once("globals.inc"); +require_once("services.inc"); +require_once("/usr/local/pkg/pfblockerng/pfblockerng.inc"); + +pfb_global(); + +// IPv6 Range to CIDR function used courtesey from: +// https://github.com/stilez/pfsense-leases/blob/50cc0fa81dba5fe91bcddaea016c245d1b8479cc/etc/inc/util.inc +function ip_range_to_subnet_array_temp($ip1, $ip2) { + + if (is_ipaddrv4($ip1) && is_ipaddrv4($ip2)) { + $proto = 'ipv4'; // for clarity + $bits = 32; + $ip1bin = decbin(ip2long32($ip1)); + $ip2bin = decbin(ip2long32($ip2)); + } elseif (is_ipaddrv6($ip1) && is_ipaddrv6($ip2)) { + $proto = 'ipv6'; + $bits = 128; + $ip1bin = Net_IPv6::_ip2Bin($ip1); + $ip2bin = Net_IPv6::_ip2Bin($ip2); + } else + return array(); + + // it's *crucial* that binary strings are guaranteed the expected length; do this for certainty even though for IPv6 it's redundant + $ip1bin = str_pad($ip1bin, $bits, '0', STR_PAD_LEFT); + $ip2bin = str_pad($ip2bin, $bits, '0', STR_PAD_LEFT); + + if ($ip1bin === $ip2bin) + return array($ip1 . '/' . $bits); + + if (strcmp($ip1bin, $ip2bin) > 0) + list ($ip1bin, $ip2bin) = array($ip2bin, $ip1bin); // swap contents of ip1 <= ip2 + + $rangesubnets = array(); + $netsize = 0; + + do { + // at loop start, $ip1 is guaranteed strictly less than $ip2 (important for edge case trapping and preventing accidental binary wrapround) + // which means the assignments $ip1 += 1 and $ip2 -= 1 will always be "binary-wrapround-safe" + + // step #1 if start ip (as shifted) ends in any '1's, then it must have a single cidr to itself (any cidr would include the '0' below it) + + if (substr($ip1bin, -1, 1) == '1') { + // the start ip must be in a separate one-IP cidr range + $new_subnet_ip = substr($ip1bin, $netsize, $bits - $netsize) . str_repeat('0', $netsize); + $rangesubnets[$new_subnet_ip] = $bits - $netsize; + $n = strrpos($ip1bin, '0'); //can't be all 1's + $ip1bin = ($n == 0 ? '' : substr($ip1bin, 0, $n)) . '1' . str_repeat('0', $bits - $n - 1); // BINARY VERSION OF $ip1 += 1 + } + + // step #2, if end ip (as shifted) ends in any zeros then that must have a cidr to itself (as cidr cant span the 1->0 gap) + + if (substr($ip2bin, -1, 1) == '0') { + // the end ip must be in a separate one-IP cidr range + $new_subnet_ip = substr($ip2bin, $netsize, $bits - $netsize) . str_repeat('0', $netsize); + $rangesubnets[$new_subnet_ip] = $bits - $netsize; + $n = strrpos($ip2bin, '1'); //can't be all 0's + $ip2bin = ($n == 0 ? '' : substr($ip2bin, 0, $n)) . '0' . str_repeat('1', $bits - $n - 1); // BINARY VERSION OF $ip2 -= 1 + // already checked for the edge case where end = start+1 and start ends in 0x1, above, so it's safe + } + + // this is the only edge case arising from increment/decrement. + // it happens if the range at start of loop is exactly 2 adjacent ips, that spanned the 1->0 gap. (we will have enumerated both by now) + + if (strcmp($ip2bin, $ip1bin) < 0) + continue; + + // step #3 the start and end ip MUST now end in '0's and '1's respectively + // so we have a non-trivial range AND the last N bits are no longer important for CIDR purposes. + + $shift = $bits - max(strrpos($ip1bin, '0'), strrpos($ip2bin, '1')); // num of low bits which are '0' in ip1 and '1' in ip2 + $ip1bin = str_repeat('0', $shift) . substr($ip1bin, 0, $bits - $shift); + $ip2bin = str_repeat('0', $shift) . substr($ip2bin, 0, $bits - $shift); + $netsize += $shift; + if ($ip1bin === $ip2bin) { + // we're done. + $new_subnet_ip = substr($ip1bin, $netsize, $bits - $netsize) . str_repeat('0', $netsize); + $rangesubnets[$new_subnet_ip] = $bits - $netsize; + continue; + } + + // at this point there's still a remaining range, and either startip ends with '1', or endip ends with '0'. So repeat cycle. + } while (strcmp($ip1bin, $ip2bin) < 0); + + // subnets are ordered by bit size. Re sort by IP ("naturally") and convert back to IPv4/IPv6 + + ksort($rangesubnets, SORT_STRING); + $out = array(); + + foreach ($rangesubnets as $ip => $netmask) { + if ($proto == 'ipv4') { + $i = str_split($ip, 8); + $out[] = implode('.', array( bindec($i[0]),bindec($i[1]),bindec($i[2]),bindec($i[3]))) . '/' . $netmask; + } else + $out[] = Net_IPv6::compress(Net_IPv6::_bin2Ip($ip)) . '/' . $netmask; + } + + return $out; +} + +# Set php Memory Limit +$uname = posix_uname(); +if ($uname['machine'] == "amd64") + ini_set('memory_limit', '256M'); + +function pfb_update_check($header_url, $list_url, $url_format) { + global $pfb; + + if ($url_format == "rsync" || $url_format == "html") { + $log = "[ {$header_url} ]\n Skipping timestamp query\n"; + pfb_logger("{$log}","1"); + return TRUE; + } + + switch ($url_format) { + case "gz": + case "gz_2": + case "gz_lg": + case "et": + $type = '.gz'; + break; + case "zip": + case "xlsx": + $type = '.zip'; + break; + case "txt": + $type = '.orig'; + break; + case "html": + case "block": + $type = '.raw'; + break; + } + + $log = "[ {$header_url} ]\n"; + pfb_logger("{$log}","1"); + $host = @parse_url($list_url); + $local_file = "{$pfb['origdir']}/{$header_url}{$type}"; + if (file_exists($local_file)) { + // Determine if URL is Remote or Local + if ($host['host'] == "127.0.0.1" || $host['host'] == $pfb['iplocal'] || empty($host['host'])) { + $remote_tds = gmdate ("D, d M Y H:i:s T", filemtime($local_file)); + } else { + $remote_tds = @implode(preg_grep("/Last-Modified/", get_headers($list_url))); + $remote_tds = preg_replace("/^Last-Modified: /","", $remote_tds); + } + + $log = " Remote timestamp: {$remote_tds}\n"; + pfb_logger("{$log}","1"); + $local_tds = gmdate ("D, d M Y H:i:s T", filemtime($local_file)); + $log = " Local timestamp: {$local_tds}\n"; + pfb_logger("{$log}","1"); + if ("{$remote_tds}" != "{$local_tds}") { + return TRUE; + } else { + $log = " Remote file unchanged. Download Terminated\n"; + pfb_logger("{$log}","1"); + return FALSE; + } + } else { + return TRUE; + } +} + + +if ($argv[1] == 'update') { + sync_package_pfblockerng("cron"); +} + +if ($argv[1] == 'dc') { + # (Options - 'bu' Binary Update for Reputation/Alerts Page, 'all' for Country update and 'bu' options. + if ($pfb['cc'] == "") { + exec("/bin/sh /usr/local/pkg/pfblockerng/geoipupdate.sh all >> {$pfb['geolog']} 2>&1"); + } else { + exec("/bin/sh /usr/local/pkg/pfblockerng/geoipupdate.sh bu >> {$pfb['geolog']} 2>&1"); + } + pfblockerng_uc_countries(); + pfblockerng_get_countries(); +} + +if ($argv[1] == 'uc') { + pfblockerng_uc_countries(); +} + +if ($argv[1] == 'gc') { + pfblockerng_get_countries(); +} + +if ($argv[1] == 'cron') { + $hour = date('H'); + $dow = date('N'); + + # Start hour of the 'Once a day' Schedule + $pfb['dailystart'] = $config['installedpackages']['pfblockerng']['config'][0]['pfb_dailystart']; + # Start hour of the Scheduler + if ($config['installedpackages']['pfblockerng']['config'][0]['pfb_hour'] != "") { + $pfb['hour'] = $config['installedpackages']['pfblockerng']['config'][0]['pfb_hour']; + } else { + $pfb['hour'] = "1"; + } + $updates = 0; + + # 2 Hour Schedule Converter + $shour = intval(substr($pfb['hour'], 0, 2)); + $sch2 = strval($shour); + for ($i=0; $i<11; $i++) { + $shour += 2; + if ($shour > 24) + $shour -= 24; + $sch2 .= "," . strval($shour); + } + + # 3 Hour Schedule Converter + $shour = intval(substr($pfb['hour'], 0, 2)); + $sch3 = strval($shour); + for ($i=0; $i<7; $i++) { + $shour += 3; + if ($shour > 24) + $shour -= 24; + $sch3 .= "," . strval($shour); + } + + # 4 Hour Schedule Converter + $shour = intval(substr($pfb['hour'], 0, 2)); + $sch4 = strval($shour); + for ($i=0; $i<5; $i++) { + $shour += 4; + if ($shour > 24) + $shour -= 24; + $sch4 .= "," . strval($shour); + } + + # 6 Hour Schedule Converter + $shour = intval(substr($pfb['hour'], 0, 2)); + $sch6 = strval($shour); + for ($i=0; $i<3; $i++) { + $shour += 6; + if ($shour > 24) + $shour -= 24; + $sch6 .= "," . strval($shour); + } + + # 8 Hour Schedule Converter + $shour = intval(substr($pfb['hour'], 0, 2)); + $sch8 = strval($shour); + for ($i=0; $i<2; $i++) { + $shour += 8; + if ($shour > 24) + $shour -= 24; + $sch8 .= "," . strval($shour); + } + + # 12 Hour Schedule Converter + $shour = intval(substr($pfb['hour'], 0, 2)); + $sch12 = strval($shour) . ","; + $shour += 12; + if ($shour > 24) + $shour -= 24; + $sch12 .= strval($shour); + + $e_sch2 = explode(",", $sch2); + $e_sch3 = explode(",", $sch3); + $e_sch4 = explode(",", $sch4); + $e_sch6 = explode(",", $sch6); + $e_sch8 = explode(",", $sch8); + $e_sch12 = explode(",", $sch12); + + $log = " CRON PROCESS START [ NOW ]\n"; + pfb_logger("{$log}","1"); + + $list_type = array ("pfblockernglistsv4" => "_v4", "pfblockernglistsv6" => "_v6"); + foreach ($list_type as $ip_type => $vtype) { + if ($config['installedpackages'][$ip_type]['config'] != "") { + foreach ($config['installedpackages'][$ip_type]['config'] as $list) { + if (is_array($list['row']) && $list['action'] != "Disabled") { + foreach ($list['row'] as $row) { + if ($row['url'] != "" && $row['state'] != "Disabled") { + + if ($vtype == "_v4") { + $header_url = "{$row['header']}"; + } else { + $header_url = "{$row['header']}_v6"; + } + + # Determine Folder Location for Alias (return array $pfbarr) + pfb_determine_list_detail($list['action']); + $pfbfolder = $pfbarr['folder']; + + $list_cron = $list['cron']; + $list_url = $row['url']; + $header_dow = $list['dow']; + $url_format = $row['format']; + + // Bypass update if state is defined as "Hold" and list file exists + if (file_exists($pfbfolder . '/' . $header_url . '.txt') && $row['state'] == "Hold") { + continue; + } + + # Check if List file exists, if not found run Update + if (!file_exists($pfbfolder . '/' . $header_url . '.txt')) { + $log = " Updates Found\n"; + pfb_logger("{$log}","1"); + $updates++; + continue; + } + + switch ($list_cron) { + case "01hour": + if (pfb_update_check($header_url, $list_url, $url_format)) { + $log = " Updates Found\n"; + pfb_logger("{$log}","1"); + unlink_if_exists($pfbfolder . '/' . $header_url . '.txt'); + $updates++; + } + break; + case "02hours": + if (in_array($hour, $e_sch2)) { + if (pfb_update_check($header_url, $list_url, $url_format)) { + $log = " Updates Found\n"; + pfb_logger("{$log}","1"); + unlink_if_exists($pfbfolder . '/' . $header_url . '.txt'); + $updates++; + } + } + break; + case "03hours": + if (in_array($hour, $e_sch3)) { + if (pfb_update_check($header_url, $list_url, $url_format)) { + $log = " Updates Found\n"; + pfb_logger("{$log}","1"); + unlink_if_exists($pfbfolder . '/' . $header_url . '.txt'); + $updates++; + } + } + break; + case "04hours": + if (in_array($hour, $e_sch4)) { + if (pfb_update_check($header_url, $list_url, $url_format)) { + $log = " Updates Found\n"; + pfb_logger("{$log}","1"); + unlink_if_exists($pfbfolder . '/' . $header_url . '.txt'); + $updates++; + } + } + break; + case "06hours": + if (in_array($hour, $e_sch6)) { + if (pfb_update_check($header_url, $list_url, $url_format)) { + $log = " Updates Found\n"; + pfb_logger("{$log}","1"); + unlink_if_exists($pfbfolder . '/' . $header_url . '.txt'); + $updates++; + } + } + break; + case "08hours": + if (in_array($hour, $e_sch8)) { + if (pfb_update_check($header_url, $list_url, $url_format)) { + $log = " Updates Found\n"; + pfb_logger("{$log}","1"); + unlink_if_exists($pfbfolder . '/' . $header_url . '.txt'); + $updates++; + } + } + break; + case "12hours": + if (in_array($hour, $e_sch12)) { + if (pfb_update_check($header_url, $list_url, $url_format)) { + $log = " Updates Found\n"; + pfb_logger("{$log}","1"); + unlink_if_exists($pfbfolder . '/' . $header_url . '.txt'); + $updates++; + } + } + break; + case "EveryDay": + if ($hour == $pfb['dailystart']) { + if (pfb_update_check($header_url, $list_url, $url_format)) { + $log = " Updates Found\n"; + pfb_logger("{$log}","1"); + unlink_if_exists($pfbfolder . '/' . $header_url . '.txt'); + $updates++; + } + } + break; + case "Weekly": + if ($hour == $pfb['dailystart'] && $dow == $header_dow) { + if (pfb_update_check($header_url, $list_url, $url_format)) { + $log = " Updates Found\n"; + pfb_logger("{$log}","1"); + unlink_if_exists($pfbfolder . '/' . $header_url . '.txt'); + $updates++; + } + } + break; + default: { + } + break; + } + } + } + } + } + } + } + + if ($updates > 0) { + sync_package_pfblockerng("cron"); + } else { + $log = "\n No Updates required. \n\n"; + pfb_logger("{$log}","1"); + } + + $log = " CRON PROCESS ENDED [ NOW ]\n"; + pfb_logger("{$log}","1"); + + # Call Log Mgmt Function + // If Update GUI 'Manual view' is selected. Last output will be missed. So sleep for 5 secs. + sleep(5); + pfb_log_mgmt(); +} + + +function pfblockerng_uc_countries() { + + global $g,$pfb; + pfb_global(); + + $maxmind_cont = "{$pfb['dbdir']}/country_continent.csv"; + $maxmind_cc4 = "{$pfb['dbdir']}/GeoIPCountryWhois.csv"; + $maxmind_cc6 = "{$pfb['dbdir']}/GeoIPv6.csv"; + + # Create Folders if not Exist + $folder_array = array ("{$pfb['dbdir']}","{$pfb['logdir']}","{$pfb['ccdir']}"); + foreach ($folder_array as $folder) { + safe_mkdir ("{$folder}",0755); + } + + $now = date("m/d/y G:i:s", time()); + $log = "Country Code Update Start - [ NOW ]\n\n"; + print "Country Code Update Start - [ $now ]\n\n"; + pfb_logger("{$log}","3"); + + if (!file_exists($maxmind_cont) || !file_exists($maxmind_cc4) || !file_exists($maxmind_cc6)) { + $log = " [ MAXMIND UPDATE FAIL, CSV Missing, using Previous Country Code Database \n"; + print $log; + pfb_logger("{$log}","3"); + return; + } + + # Save Date/Time Stamp to MaxMind version file + $maxmind_ver = "MaxMind GeoLite Date/Time Stamps \n\n"; + $remote_tds = @implode(preg_grep("/Last-Modified/", get_headers("http://geolite.maxmind.com/download/geoip/database/GeoIPCountryCSV.zip"))); + $maxmind_ver .= "MaxMind_v4 \t" . $remote_tds . "\n"; + $local_tds = @gmdate ("D, d M Y H:i:s T", filemtime($maxmind_cc4)); + $maxmind_ver .= "Local_v4 \tLast-Modified: " . $local_tds . "\n\n"; + $remote_tds = @implode(preg_grep("/Last-Modified/", get_headers("http://geolite.maxmind.com/download/geoip/database/GeoIPv6.csv.gz"))); + $maxmind_ver .= "MaxMind_v6 \t" . $remote_tds . "\n"; + $local_tds = @gmdate ("D, d M Y H:i:s T", filemtime($maxmind_cc6)); + $maxmind_ver .= "Local_v6 \tLast-Modified: " . $local_tds . "\n"; + $maxmind_ver .= "\nThese Timestamps should *match* \n"; + @file_put_contents("{$pfb['logdir']}/maxmind_ver", $maxmind_ver); + + + // Collect ISO Codes for Each Continent + $log = "Processing Continent Data \n"; + print $log; + pfb_logger("{$log}","3"); + + $cont_array = array ( array($AF),array($AS),array($EU),array($NA),array($OC),array($SA)); + if (($handle = fopen("{$maxmind_cont}",'r')) !== FALSE) { + while (($cc = fgetcsv($handle)) !== FALSE) { + + $cc_key = $cc[0]; + $cont_key = $cc[1]; + switch ($cont_key) { + case "AF": + $cont_array[0]['continent'] = "Africa"; + $cont_array[0]['iso'] .= "{$cc_key},"; + $cont_array[0]['file4'] = "{$pfb['ccdir']}/Africa_v4.txt"; + $cont_array[0]['file6'] = "{$pfb['ccdir']}/Africa_v6.txt"; + break; + case "AS": + $cont_array[1]['continent'] = "Asia"; + $cont_array[1]['iso'] .= "{$cc_key},"; + $cont_array[1]['file4'] = "{$pfb['ccdir']}/Asia_v4.txt"; + $cont_array[1]['file6'] = "{$pfb['ccdir']}/Asia_v6.txt"; + break; + case "EU": + $cont_array[2]['continent'] = "Europe"; + $cont_array[2]['iso'] .= "{$cc_key},"; + $cont_array[2]['file4'] = "{$pfb['ccdir']}/Europe_v4.txt"; + $cont_array[2]['file6'] = "{$pfb['ccdir']}/Europe_v6.txt"; + break; + case "NA": + $cont_array[3]['continent'] = "North America"; + $cont_array[3]['iso'] .= "{$cc_key},"; + $cont_array[3]['file4'] = "{$pfb['ccdir']}/North_America_v4.txt"; + $cont_array[3]['file6'] = "{$pfb['ccdir']}/North_America_v6.txt"; + break; + case "OC": + $cont_array[4]['continent'] = "Oceania"; + $cont_array[4]['iso'] .= "{$cc_key},"; + $cont_array[4]['file4'] = "{$pfb['ccdir']}/Oceania_v4.txt"; + $cont_array[4]['file6'] = "{$pfb['ccdir']}/Oceania_v6.txt"; + break; + case "SA": + $cont_array[5]['continent'] = "South America"; + $cont_array[5]['iso'] .= "{$cc_key},"; + $cont_array[5]['file4'] = "{$pfb['ccdir']}/South_America_v4.txt"; + $cont_array[5]['file6'] = "{$pfb['ccdir']}/South_America_v6.txt"; + break; + } + } + } + unset($cc); + fclose($handle); + + // Collect Country ISO Data IPv4 and Sort to Continent Array + $log = "Processing ISO IPv4 Continent/Country Data \n"; + print $log; + pfb_logger("{$log}","3"); + + if (($handle = fopen("{$maxmind_cc4}",'r')) !== FALSE) { + while (($cc = fgetcsv($handle)) !== FALSE) { + + $ip1_key = $cc[0]; + $ip2_key = $cc[1]; + $var1_key = $cc[2]; + $var2_key = $cc[3]; + $cc_key = $cc[4]; + $country_key = $cc[5]; + $a_cidr = implode(",", ip_range_to_subnet_array_temp($cc[0],$cc[1])); + + $counter = 0; + foreach ($cont_array as $iso) { + if (preg_match("/\b$cc_key\b/", $iso['iso'])) { + $cont_array[$counter][$cc_key]['ip4'] .= $a_cidr . ","; + $cont_array[$counter][$cc_key]['country'] = $country_key; + continue; + } + $counter++; + } + } + } + unset($cc); + fclose($handle); + + // Build Continent IPv4 CIDR Files + $counter = 0; + foreach ($cont_array as $iso) { + $header = ""; + $pfb_file = ""; + $iso_key = ""; + $header .= "# Generated from MaxMind Inc. on: " . date("m/d/y G:i:s", time()) . "\n"; + $header .= "# Continent IPv4: " . $cont_array[$counter]['continent'] . "\n"; + $pfb_file = $cont_array[$counter]['file4']; + $iso_key = array_keys($iso); + foreach ($iso_key as $key) { + if (preg_match("/[A-Z]{2}/", $key)) { + $header .= "# Country: " . $iso[$key]['country'] . "\n"; + $header .= "# ISO Code: " . $key . "\n"; + $header .= "# Total Networks: " . substr_count($iso[$key]['ip4'], ",") . "\n"; + $header .= str_replace(",", "\n", $iso[$key]['ip4']); + $iso[$key]['ip4'] = ""; + } + } + $counter++; + @file_put_contents($pfb_file, $header, LOCK_EX); + } + + + // Collect Country ISO Data IPv6 and Sort to Continent Array + $log = "Processing ISO IPv6 Continent/Country Data \n"; + print $log; + pfb_logger("{$log}","3"); + + if (($handle = fopen("{$maxmind_cc6}",'r')) !== FALSE) { + while (($cc = fgetcsv($handle)) !== FALSE) { + + $ip1_key = $cc[0]; + $ip2_key = $cc[1]; + $var1_key = $cc[2]; + $var2_key = $cc[3]; + $cc_key = $cc[4]; + $country_key = $cc[5]; + $a_cidr = implode(",", ip_range_to_subnet_array_temp($cc[0],$cc[1])); + + $counter = 0; + foreach ($cont_array as $iso) { + if (preg_match("/\b$cc_key\b/", $iso['iso'])) { + $cont_array[$counter][$cc_key]['ip6'] .= $a_cidr . ","; + continue; + } + $counter++; + } + } + } + unset($cc); + fclose($handle); + + // Build Continent IPv6 Files + $counter = 0; + foreach ($cont_array as $iso) { + $header = ""; + $pfb_file = ""; + $iso_key = ""; + + $header .= "# Generated from MaxMind Inc. on: " . date("m/d/y G:i:s", time()) . "\n"; + $header .= "# Continent IPv6: " . $cont_array[$counter]['continent'] . "\n"; + $pfb_file = $cont_array[$counter]['file6']; + $iso_key = array_keys($iso); + foreach ($iso_key as $key) { + if (preg_match("/[A-Z]{2}/", $key)) { + $header .= "# Country: " . $iso[$key]['country'] . "\n"; + $header .= "# ISO Code: " . $key . "\n"; + $header .= "# Total Networks: " . substr_count($iso[$key]['ip6'], ",") . "\n"; + $header .= str_replace(",", "\n", $iso[$key]['ip6']); + $iso[$key]['ip6'] = ""; + } + } + $counter++; + @file_put_contents($pfb_file, $header, LOCK_EX); + } + unset($cont_array); +} + + +function pfblockerng_get_countries() { + + global $g,$pfb; + pfb_global(); + + # These arrays are used to collect the <option> tags for the XML Continent Files + $roptions4 = array(); + $coptions4 = array(); + $roptions6 = array(); + $coptions6 = array(); + + $files4 = array ( "Africa" => "{$pfb['ccdir']}/Africa_v4.txt", + "Asia" => "{$pfb['ccdir']}/Asia_v4.txt", + "Europe" => "{$pfb['ccdir']}/Europe_v4.txt", + "North America" => "{$pfb['ccdir']}/North_America_v4.txt", + "Oceania" => "{$pfb['ccdir']}/Oceania_v4.txt", + "South America" => "{$pfb['ccdir']}/South_America_v4.txt" + ); + + # IPv4 Collect Data to generate new continent XML Files. + $log = "Building pfBlockerNG XML Files \n"; + print $log; + pfb_logger("{$log}","3"); + + foreach ($files4 as $cont => $file) { + $log = "IPv4 " . $cont . "\n"; + print $log; + pfb_logger("{$log}","3"); + $ips = file_get_contents($file); + $convert = explode("\n", $ips); + $cont_name = preg_replace("/ /","",$cont); + $cont_name_lower = strtolower($cont_name); + $active = array( "$cont" => '<active/>'); + $total4 = 0; + $pfb['complete'] = FALSE; + + foreach ($convert as $line) { + if (preg_match("/#/",$line)) { + if ($pfb['complete']) { + $coptions4[] = $Country . '-' . $ISOCode . ' ('. $total4 .') ' . ' </name><value>' . $ISOCode . '</value></option>'; + $roptions4[] = $Country . '-' . $ISOCode . ' ('. $total4 .') ' . ' </name><value>' . $ISOCode . '</value></option>'; + + // Save ISO IPv4 Data + @file_put_contents($pfb['ccdir'] . '/' . $ISOCode . '_v4.txt',$pfb_v4,LOCK_EX); + + // Clear Variables and Restart Continent Collection process + $total4 = 0; + $pfb_v4 = ""; + $pfb['complete'] = FALSE; + } + if (preg_match("/Country:\s(.*)/",$line, $matches)) { $Country = $matches[1];} + if (preg_match("/ISO Code:\s(.*)/",$line, $matches)) { $ISOCode = $matches[1];} + } elseif (!preg_match("/#/",$line)) { + $total4++; + if (!empty($line)) + $pfb_v4 .= $line . "\n"; + $pfb['complete'] = TRUE; + } + } + unset ($ips, $convert); + + // Sort IPv4 Countries Alphabetically and Build XML <option> Data for Continents Tab + sort($coptions4, SORT_STRING); + $ftotal4 = count($coptions4); + $count = 1; + $options4 = ""; + + foreach ($coptions4 as $option4) { + if ($count == 1) { $options4 .= "\t" . '<option><name>' . $option4 . "\n"; $count++; continue;} + if ($ftotal4 == $count) { + $options4 .= "\t\t\t\t" . '<option><name>' . $option4; + } else { + $options4 .= "\t\t\t\t" . '<option><name>' . $option4 . "\n"; + } + $count++; + } + unset ($coptions4); + + // IPv6 Collect Data to generate new continent XML Files. + $file6 = preg_replace("/v4/", "v6", $file); + $ips = file_get_contents($file6); + $convert = explode("\n", $ips); + $log = "IPv6 " . $cont . "\n"; + pfb_logger("{$log}","3"); + $total6 = 0; + $pfb['complete'] = FALSE; + + foreach ($convert as $line) { + if (preg_match("/#/",$line)) { + if ($pfb['complete']) { + $coptions6[] = $Country . '-' . $ISOCode . ' ('. $total6 .') ' . ' </name><value>' . $ISOCode . '</value></option>'; + $roptions6[] = $Country . '-' . $ISOCode . ' ('. $total6 .') ' . ' </name><value>' . $ISOCode . '</value></option>'; + + // Save ISO IPv6 Data + @file_put_contents($pfb['ccdir'] . '/' . $ISOCode . '_v6.txt',$pfb_v6,LOCK_EX); + + // Clear Variables and Restart Continent Collection process + $total6 = 0; + $pfb_v6 = ""; + $pfb['complete'] = FALSE; + } + if (preg_match("/Country:\s(.*)/",$line, $matches)) { $Country = $matches[1];} + if (preg_match("/ISO Code:\s(.*)/",$line, $matches)) { $ISOCode = $matches[1];} + } elseif (!preg_match("/#/",$line)) { + $total6++; + if (!empty($line)) + $pfb_v6 .= $line . "\n"; + $pfb['complete'] = TRUE; + } + } + + // Sort IPv6 Countries Alphabetically for Continents Tab + sort($coptions6, SORT_STRING); + $ftotal6 = count($coptions6); + $count = 1; + $options6 = ""; + + foreach ($coptions6 as $option6) { + if ($count == 1) { $options6 .= "\t" . '<option><name>' . $option6 . "\n"; $count++; continue;} + if ($ftotal6 == $count) { + $options6 .= "\t\t\t\t" . '<option><name>' . $option6; + } else { + $options6 .= "\t\t\t\t" . '<option><name>' . $option6 . "\n"; + } + $count++; + } + unset ($coptions6); + + +$xml = <<<EOF +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<packagegui> + <copyright> + <![CDATA[ +/* \$Id\$ */ +/* ========================================================================== */ +/* + pfblockerng_{$cont_name}.xml + + pfBlockerNG + Copyright (C) 2014 BBcan177@gmail.com + All rights reserved. + + Based upon pfblocker for pfSense + Copyright (C) 2011 Marcello Coutinho + All rights reserved. +*/ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + + THIS SOFTWARE IS PROVIDED ``AS IS`` AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* ========================================================================== */ +]]> + </copyright> + <description>Describe your package here</description> + <requirements>Describe your package requirements here</requirements> + <faq>Currently there are no FAQ items provided.</faq> + <name>pfblockerng{$cont_name_lower}</name> + <version>1.0</version> + <title>pfBlockerNG: {$cont}</title> + <include_file>/usr/local/pkg/pfblockerng/pfblockerng.inc</include_file> + <menu> + <name>pfBlockerNG: {$cont_name}</name> + <tooltiptext>Configure pfBlockerNG</tooltiptext> + <section>Firewall</section> + <url>pkg_edit.php?xml=pfblockerng_{$cont_name_lower}.xml&id=0</url> + </menu> + <tabs> + <tab> + <text>General</text> + <url>/pkg_edit.php?xml=pfblockerng.xml&id=0</url> + </tab> + <tab> + <text>Update</text> + <url>/pfblockerng/pfblockerng_update.php</url> + </tab> + <tab> + <text>Alerts</text> + <url>/pfblockerng/pfblockerng_alerts.php</url> + </tab> + <tab> + <text>Reputation</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_reputation.xml&id=0</url> + </tab> + <tab> + <text>IPv4</text> + <url>/pkg.php?xml=/pfblockerng/pfblockerng_v4lists.xml</url> + </tab> + <tab> + <text>IPv6</text> + <url>/pkg.php?xml=/pfblockerng/pfblockerng_v6lists.xml</url> + </tab> + <tab> + <text>Top 20</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_top20.xml&id=0</url> + {$active['top']} + </tab> + <tab> + <text>Africa</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_Africa.xml&id=0</url> + {$active['Africa']} + </tab> + <tab> + <text>Asia</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_Asia.xml&id=0</url> + {$active['Asia']} + </tab> + <tab> + <text>Europe</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_Europe.xml&id=0</url> + {$active['Europe']} + </tab> + <tab> + <text>N.A.</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_NorthAmerica.xml&id=0</url> + {$active['North America']} + </tab> + <tab> + <text>Oceania</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_Oceania.xml&id=0</url> + {$active['Oceania']} + </tab> + <tab> + <text>S.A.</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_SouthAmerica.xml&id=0</url> + {$active['South America']} + </tab> + <tab> + <text>Logs</text> + <url>/pfblockerng/pfblockerng_log.php</url> + </tab> + <tab> + <text>Sync</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_sync.xml&id=0</url> + </tab> + </tabs> + <fields> + <field> + <name><![CDATA[Continent {$cont} (Geolite Data by MaxMind Inc. - ISO 3166)]]></name> + <type>listtopic</type> + </field> + <field> + <fielddescr>LINKS</fielddescr> + <fieldname>none</fieldname> + <description><![CDATA[<a href="/firewall_aliases.php">Firewall Alias</a> <a href="/firewall_rules.php">Firewall Rules</a> <a href="diag_logs_filter.php">Firewall Logs</a>]]> + </description> + <type>info</type> + </field> + <field> + <fielddescr><![CDATA[<br /><strong>IPv4</strong><br />Countries]]></fielddescr> + <fieldname>countries4</fieldname> + <description> + <![CDATA[Select IPv4 Countries you want to take an action on.<br /> + <strong>Use CTRL + CLICK to unselect countries</strong>]]> + </description> + <type>select</type> + <options> + {$options4} + </options> + <size>{$ftotal4}</size> + <multiple/> + </field> + <field> + <fielddescr><![CDATA[<br /><strong>IPv6</strong><br />Countries]]></fielddescr> + <fieldname>countries6</fieldname> + <description> + <![CDATA[Select IPv6 Countries you want to take an action on.<br /> + <strong>Use CTRL + CLICK to unselect countries</strong>]]> + </description> + <type>select</type> + <options> + {$options6} + </options> + <size>{$ftotal6}</size> + <multiple/> + </field> + <field> + <fielddescr>List Action</fielddescr> + <description><![CDATA[<br />Default : <strong>Disabled</strong><br /><br /> + Select the <strong>Action</strong> for Firewall Rules on lists you have selected.<br /><br /> + <strong><u>'Disabled' Rules:</u></strong> Disables selection and does nothing to selected Alias.<br /><br /> + + <strong><u>'Deny' Rules:</u></strong><br /> + 'Deny' rules create high priority 'block' or 'reject' rules on the stated interfaces. They don't change the 'pass' rules on other + interfaces. Typical uses of 'Deny' rules are:<br /> + <ul><li><strong>Deny Both</strong> - blocks all traffic in both directions, if the source or destination IP is in the block list</li> + <li><strong>Deny Inbound/Deny Outbound</strong> - blocks all traffic in one direction <u>unless</u> it is part of a session started by + traffic sent in the other direction. Does not affect traffic in the other direction. </li> + <li>One way 'Deny' rules can be used to selectively block <u>unsolicited</u> incoming (new session) packets in one direction, while + still allowing <u>deliberate</u> outgoing sessions to be created in the other direction.</li></ul> + <strong><u>'Permit' Rules:</u></strong><br /> + 'Permit' rules create high priority 'pass' rules on the stated interfaces. They are the opposite of Deny rules, and don't create + any 'blocking' effect anywhere. They have priority over all Deny rules. Typical uses of 'Permit' rules are:<br /> + <ul><li><strong>To ensure</strong> that traffic to/from the listed IPs will <u>always</u> be allowed in the stated directions. They + override <u>almost all other</u> Firewall rules on the stated interfaces.</li> + <li><strong>To act as a whitelist</strong> for Deny rule exceptions, for example if a large IP range or pre-created blocklist blocks a + few IPs that should be accessible.</li></ul> + <strong><u>'Match' Rules:</u></strong><br /> + 'Match' or 'Log' only the traffic on the stated interfaces. This does not Block or Reject. It just Logs the traffic. + <ul><li><strong>Match Both</strong> - Matches all traffic in both directions, if the source or destination IP is in the list.</li> + <li><strong>Match Inbound/Match Outbound</strong> - Matches all traffic in one direction only.</li></ul> + <strong><u>'Alias' Rules:</u></strong><br /> + <strong>'Alias'</strong> rules create an <a href="/firewall_aliases.php">alias</a> for the list (and do nothing else). + This enables a pfBlockerNG list to be used by name, in any firewall rule or pfSense function, as desired. + <ul><li><strong>Options - Alias Deny, Alias Permit, Alias Match, Alias Native</strong></li><br /> + <li>'Alias Deny' can use De-Duplication and Reputation Processes if configured.</li><br /> + <li>'Alias Permit' and 'Alias Match' will be saved in the Same folder as the other Permit/Match Auto-Rules</li><br /> + <li>'Alias Native' lists are kept in their Native format without any modifications.</li></ul> + <strong>When using 'Alias' rules, change (pfB_) to ( pfb_ ) in the beginning of rule description and use the 'Exact' spelling of + the Alias (no trailing Whitespace) </strong> Custom 'Alias' rules with 'pfB_ xxx' description will be removed by package if + using Auto Rule Creation.<br /><br /><strong>Tip</strong>: You can create the Auto Rules and remove "<u>auto rule</u>" from the Rule + Descriptions, then disable Auto Rules. This method will 'KEEP' these rules from being 'Deleted' which will allow editing for a Custom + Alias Configuration<br />]]> + </description> + <fieldname>action</fieldname> + <type>select</type> + <options> + <option><name>Disabled</name><value>Disabled</value></option> + <option><name>Deny Inbound</name><value>Deny_Inbound</value></option> + <option><name>Deny Outbound</name><value>Deny_Outbound</value></option> + <option><name>Deny Both</name><value>Deny_Both</value></option> + <option><name>Permit Inbound</name><value>Permit_Inbound</value></option> + <option><name>Permit Outbound</name><value>Permit_Outbound</value></option> + <option><name>Permit Both</name><value>Permit_Both</value></option> + <option><name>Match Inbound</name><value>Match_Inbound</value></option> + <option><name>Match Outbound</name><value>Match_Outbound</value></option> + <option><name>Match Both</name><value>Match_Both</value></option> + <option><name>Alias Deny</name><value>Alias_Deny</value></option> + <option><name>Alias Permit</name><value>Alias_Permit</value></option> + <option><name>Alias Match</name><value>Alias_Match</value></option> + <option><name>Alias Native</name><value>Alias_Native</value></option> + </options> + </field> + <field> + <fielddescr>Enable Logging</fielddescr> + <fieldname>aliaslog</fieldname> + <description><![CDATA[Default:<strong>Enable</strong><br /> + Select - Logging to Status: System Logs: FIREWALL ( Log )<br /> + This can be overriden by the 'Global Logging' Option in the General Tab.]]></description> + <type>select</type> + <options> + <option><name>Enable</name><value>enabled</value></option> + <option><name>Disable</name><value>disabled</value></option> + </options> + </field> + <field> + <name><![CDATA[<ul>Click to SAVE Settings and/or Rule Edits. Changes are Applied via CRON or + 'Force Update'</ul>]]> + </name> + <type>listtopic</type> + </field> + </fields> + <custom_php_install_command> + pfblockerng_php_install_command(); + </custom_php_install_command> + <custom_php_deinstall_command> + pfblockerng_php_deinstall_command(); + </custom_php_deinstall_command> + <custom_php_validation_command> + pfblockerng_validate_input(\$_POST, \$input_errors); + </custom_php_validation_command> + <custom_php_resync_config_command> + global \$pfb; + \$pfb['save'] = TRUE; + sync_package_pfblockerng(); + </custom_php_resync_config_command> +</packagegui> +EOF; + + // Update Each Continent XML file. + @file_put_contents('/usr/local/pkg/pfblockerng/pfblockerng_'.$cont_name.'.xml',$xml,LOCK_EX); + + } // End foreach 'Six Continents' Update XML Process + + + // Sort Countries IPv4 Alphabetically and Build XML <option> Data for Reputation Tab (IPv6 not used by ET IQRisk) + sort($roptions4, SORT_STRING); + $eoa = count($roptions4); + $count = 1; + $options4 = ""; + + foreach ($roptions4 as $option4) { + if ($count == 1) { $et_options .= "\t" . '<option><name>' . $option4 . "\n"; $count++; continue; } + if ($eoa == $count) { + $et_options .= "\t\t\t\t" . '<option><name>' . $option4; + } else { + $et_options .= "\t\t\t\t" . '<option><name>' . $option4 . "\n"; + } + $count++; + } + + +// Update pfBlockerNG_Reputation.xml file with Country Code Changes + + +$xmlrep = <<<EOF +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<packagegui> + <copyright> + <![CDATA[ +/* \$Id\$ */ +/* ========================================================================== */ +/* + pfBlockerNG_Reputation.xml + + pfBlockerNG + Copyright (C) 2014 BBcan177@gmail.com + All rights reserved. + + Based upon pfblocker for pfSense + Copyright (C) 2011 Marcello Coutinho + All rights reserved. + +*/ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + ]]> + </copyright> + <description>Describe your package here</description> + <requirements>Describe your package requirements here</requirements> + <faq>Currently there are no FAQ items provided.</faq> + <name>pfblockerngreputation</name> + <version>1.0</version> + <title>pfBlockerNG: IPv4 Reputation</title> + <include_file>/usr/local/pkg/pfblockerng/pfblockerng.inc</include_file> + <menu> + <name>pfBlockerNG</name> + <tooltiptext>Configure pfblockerNG</tooltiptext> + <section>Firewall</section> + <url>pkg_edit.php?xml=pfblockerng.xml&id=0</url> + </menu> + <tabs> + <tab> + <text>General</text> + <url>/pkg_edit.php?xml=pfblockerng.xml&id=0</url> + </tab> + <tab> + <text>Update</text> + <url>/pfblockerng/pfblockerng_update.php</url> + </tab> + <tab> + <text>Alerts</text> + <url>/pfblockerng/pfblockerng_alerts.php</url> + </tab> + <tab> + <text>Reputation</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_reputation.xml&id=0</url> + <active/> + </tab> + <tab> + <text>IPv4</text> + <url>/pkg.php?xml=/pfblockerng/pfblockerng_v4lists.xml</url> + </tab> + <tab> + <text>IPv6</text> + <url>/pkg.php?xml=/pfblockerng/pfblockerng_v6lists.xml</url> + </tab> + <tab> + <text>Top 20</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_top20.xml&id=0</url> + </tab> + <tab> + <text>Africa</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_Africa.xml&id=0</url> + </tab> + <tab> + <text>Asia</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_Asia.xml&id=0</url> + </tab> + <tab> + <text>Europe</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_Europe.xml&id=0</url> + </tab> + <tab> + <text>N.A.</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_NorthAmerica.xml&id=0</url> + </tab> + <tab> + <text>Oceania</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_Oceania.xml&id=0</url> + </tab> + <tab> + <text>S.A.</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_SouthAmerica.xml&id=0</url> + </tab> + <tab> + <text>Logs</text> + <url>/pfblockerng/pfblockerng_log.php</url> + </tab> + <tab> + <text>Sync</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_sync.xml&id=0</url> + </tab> + </tabs> + <fields> + <field> + <name>IPv4 Reputation Preface</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>LINKS</fielddescr> + <fieldname>none</fieldname> + <description><![CDATA[<a href="/firewall_aliases.php">Firewall Alias</a> <a href="/firewall_rules.php">Firewall Rules</a> <a href="diag_logs_filter.php">Firewall Logs</a>]]> + </description> + <type>info</type> + </field> + <field> + <fielddescr><![CDATA[<strong>Why Reputation Matters:</strong>]]></fielddescr> + <fieldname>why</fieldname> + <type>info</type> + <description><![CDATA[By Enabling '<strong>Reputation</strong>', each Blocklist will be analyzed for Repeat Offenders in each IP Range. + <ul>Example: x.x.x.1, x.x.x.2, x.x.x.3, x.x.x.4, x.x.x.5<br /> + No. of <strong> Repeat Offending IPs </strong> [ <strong>5</strong> ], in a Blocklist within the same IP Range.</ul> + With '<strong>Reputation</strong> enabled, these 5 IPs will be removed and a single + <strong>x.x.x.0/24</strong> Block is used.<br /> + This will completely Block/Reject this particular range from your Firewall.<br /><br /> + Selecting Blocklists from various Threat Sources will help to highlight Repeat Offending IP Ranges,<br /> + Its Important to select a Broad Range of Blocklists that cover different types of Malicious Activity.<br /><br /> + You *may* experience some False Positives. Add any False Positive IPs manually to the<br /> + <strong>pfBlockerNGSuppress Alias</strong> or use the "+" suppression Icon in the Alerts TAB<br /><br /> + To help mitigate False Positives 'Countries' can be '<strong>Excluded</strong>' from this Process. (Refer to Country Code Settings)]]> + </description> + </field> + <field> + <name>Reputation Settings:</name> + <type>listtopic</type> + </field> + <field> + <fieldname></fieldname> + <fielddescr><![CDATA[<br /><strong>Individual List Reputation</strong><br /><br />]]></fielddescr> + <type>info</type> + <description></description> + </field> + <field> + <fielddescr><![CDATA[Enable Max]]></fielddescr> + <fieldname>enable_rep</fieldname> + <type>checkbox</type> + <description><![CDATA[Enables Search for Repeat Offenders in a /24 Range on <strong>Each Individual Blocklist</strong>]]></description> + </field> + <field> + <fielddescr><![CDATA[ [ <strong>Max</strong> ] Setting]]></fielddescr> + <fieldname>p24_max_var</fieldname> + <description><![CDATA[Default: <strong>5</strong><br /> + Maximum number of Repeat Offenders allowed in a Single IP Range]]></description> + <type>select</type> + <options> + <option><name>5</name><value>5</value></option> + <option><name>10</name><value>10</value></option> + <option><name>15</name><value>15</value></option> + <option><name>20</name><value>20</value></option> + <option><name>25</name><value>25</value></option> + <option><name>50</name><value>50</value></option> + </options> + </field> + <field> + <fieldname></fieldname> + <fielddescr><![CDATA[<br /><strong>Collective List Reputation</strong><br /><br />]]></fielddescr> + <type>info</type> + <description></description> + </field> + <field> + <fieldname></fieldname> + <type>info</type> + <description><![CDATA[Once all Blocklists are Downloaded, these two 'additional' processes <strong>[ pMax ] and [ dMax ]</strong><br /> + Can be used to Further analyze for Repeat Offenders.<br /> + <ul>Analyzing All Blocklists as a Whole:</ul> + <ul><strong>[ pMax ]</strong> will analyze for Repeat Offenders in each IP Range but will not use the Country Exclusion.<br /> + Default is 50 IPs in any Range. Having 50 Repeat Offenders IPs in any Range will Block the entire Range.<br /><br /></ul> + <ul><strong>[ dMax ]</strong> will analyze for Repeat Offenders in each IP Range. Country Exclusions will be applied.<br /> + Default is 5 IPs in any Range.</ul> + Note: <strong>MAX</strong> performs on individual Blocklists, while <strong>pMAX / dMAX</strong> + perform on all Lists together.<br />]]> + </description> + </field> + <field> + <fielddescr>Enable pMAX</fielddescr> + <fieldname>enable_pdup</fieldname> + <type>checkbox</type> + <description><![CDATA[Enables Search for Repeat Offenders in All BlockLists, <strong>Without</strong> Country Code Exclusion]]> + </description> + </field> + <field> + <fielddescr><![CDATA[ [ <strong>pMax</strong> ] Setting]]></fielddescr> + <fieldname>p24_pmax_var</fieldname> + <description><![CDATA[Default: <strong>50</strong><br />Maximum number of Repeat Offenders]]></description> + <type>select</type> + <options> + <option><name>50</name><value>50</value></option> + <option><name>25</name><value>25</value></option> + <option><name>20</name><value>20</value></option> + <option><name>15</name><value>15</value></option> + <option><name>10</name><value>10</value></option> + <option><name>5</name><value>5</value></option> + </options> + </field> + <field> + <fielddescr>Enable dMAX</fielddescr> + <fieldname>enable_dedup</fieldname> + <type>checkbox</type> + <description><![CDATA[Enables Search for Repeat Offenders in All BlockLists <strong>Using</strong> Country Code Exclusion]]> + </description> + </field> + <field> + <fielddescr><![CDATA[ [ <strong>dMax</strong> ] Setting]]></fielddescr> + <fieldname>p24_dmax_var</fieldname> + <description><![CDATA[Default: <strong>5</strong><br /> + Maximum number of Repeat Offenders]]></description> + <type>select</type> + <options> + <option><name>5</name><value>5</value></option> + <option><name>10</name><value>10</value></option> + <option><name>15</name><value>15</value></option> + <option><name>20</name><value>20</value></option> + <option><name>25</name><value>25</value></option> + <option><name>50</name><value>50</value></option> + </options> + </field> + <field> + <name>Country Code Settings</name> + <type>listtopic</type> + </field> + <field> + <fieldname>INFO</fieldname> + <type>info</type> + <description><![CDATA[When performing Queries for Repeat Offenders, you can choose to <strong>ignore</strong> Repeat Offenders in select + Countries. The Original Blocklisted IPs remain intact. All other Repeat Offending Country Ranges will be processed.<br /><br /> + Define Repeat Offending Ranges [ <strong>Action</strong> ] Available settings are:<br /> + <ul><strong>Ignore</strong>: Repeat Offenders that are in the 'ccwhite' category will be 'Ignored' (Default)</ul> + <ul><strong>Block:</strong> Repeat Offenders are set to Block the entire Repeat Offending Range(s)</ul> + <ul><strong>Match:</strong> Repeat Offenders are added to a 'Match' List which can be used in a Floating Match Rule<br /> + Selecting 'Match' will consume more processing time, so only select this option if you enable Rules for it.</ul> + '<strong>ccwhite</strong>' are Countries that are Selected to be excluded from the Repeat Offenders Search.<br /> + '<strong>ccblack</strong>' are all other Countries that are not selected.<br /><br /> + To use '<strong>Match</strong>' Lists, Create a new 'Alias' + and select one of the <strong>Action 'Match'</strong> Formats and<br /> enter the 'Localfile' as: + <ul>/var/db/pfblockerng/match/matchdedup.txt</ul>]]> + </description> + </field> + <field> + <fielddescr>ccwhite Action:</fielddescr> + <fieldname>ccwhite</fieldname> + <description><![CDATA[Default: <strong>Ignore</strong><br /> + Select the 'Action' format for ccwhite]]> + </description> + <type>select</type> + <options> + <option><name>Ignore</name><value>ignore</value></option> + <option><name>Match</name><value>match</value></option> + </options> + </field> + <field> + <fielddescr>ccblack Action:</fielddescr> + <fieldname>ccblack</fieldname> + <description><![CDATA[Default: <strong>Block</strong><br /> + Select the 'Action' format for ccblack]]> + </description> + <type>select</type> + <options> + <option><name>Block</name><value>block</value></option> + <option><name>Match</name><value>match</value></option> + </options> + </field> + <field> + <fielddescr><![CDATA[<br /><strong>IPv4</strong><br />Country Exclusion<br /> + <br />Geolite Data by:<br />MaxMind Inc. (ISO 3166)]]></fielddescr> + <fieldname>ccexclude</fieldname> + <description> + <![CDATA[Select Countries you want to <strong>Exclude</strong> from the Reputation Process.<br /> + <strong>Use CTRL + CLICK to unselect countries</strong>]]> + </description> + <type>select</type> + <options> + {$et_options} + </options> + <size>20</size> + <multiple/> + </field> + <field> + <name>Emerging Threats IQRISK IPv4 Reputation</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Subscription Pro. Blocklist</fielddescr> + <fieldname>ETINFO</fieldname> + <type>info</type> + <description><![CDATA[<strong>Emerging Threats IQRisk</strong> is a Subscription Professional Reputation List.<br /><br /> + ET IQRisk Blocklist must be entered in the Lists Tab using the following example: + <ul>https://rules.emergingthreatspro.com/XXXXXXXXXXXXXXXX/reputation/iprepdata.txt.gz</ul> + Select the <strong>ET IQRisk'</strong> format. The URL should use the .gz File Type.<br /> + Enter your "ETPRO" code in URL. Further information can be found @ + <a target=_new href='http://emergingthreats.net/solutions/iqrisk-suite/'>ET IQRisk IP Reputation</a><br /><br /> + To use <strong>'Match'</strong> Lists, Create a new 'Alias' and select one of the <strong> + Action 'Match'</strong> Formats and <br /> + enter the 'Localfile' as: <ul>/var/db/pfblockerng/match/ETMatch.txt</ul> + ET IQRisk Individual Match Lists can be found in the following folder:<br /> + <ul>/var/db/pfblockerng/ET</ul> ]]> + </description> + </field> + <field> + <fielddescr>ET IQRisk Header Name</fielddescr> + <fieldname>et_header</fieldname> + <type>input</type> + <description><![CDATA[Enter the 'Header Name' referenced in the IPv4 List TAB for ET IQRisk IPRep.<br /> + This will be used to improve the Alerts TAB reporting for ET IPRep.]]> + </description> + </field> + <field> + <fielddescr>ET IQRISK BLOCK LISTS</fielddescr> + <fieldname>etblock</fieldname> + <description> + <![CDATA[Select Lists you want to BLOCK.<br /> + <strong>Use CTRL + CLICK to unselect Categories</strong> + <br /><br />Any Changes will take effect at the Next Scheduled CRON Task]]> + </description> + <type>select</type> + <options> + <option><name>ET CNC</name><value>ET_Cnc</value></option> + <option><name>ET BOT</name><value>ET_Bot</value></option> + <option><name>ET SPAM</name><value>ET_Spam</value></option> + <option><name>ET DROP</name><value>ET_Drop</value></option> + <option><name>ET Spyware CNC</name><value>ET_Spywarecnc</value></option> + <option><name>ET Online Gaming</name><value>ET_Onlinegaming</value></option> + <option><name>ET DrivebySRC</name><value>ET_Drivebysrc</value></option> + <option><name>ET Chat Server</name><value>ET_Chatserver</value></option> + <option><name>ET TOR Node</name><value>ET_Tornode</value></option> + <option><name>ET Compromised</name><value>ET_Compromised</value></option> + <option><name>ET P2P</name><value>ET_P2P</value></option> + <option><name>ET Proxy</name><value>ET_Proxy</value></option> + <option><name>ET IP Check</name><value>ET_Ipcheck</value></option> + <option><name>ET Utility</name><value>ET_Utility</value></option> + <option><name>ET DOS</name><value>ET_DDos</value></option> + <option><name>ET Scanner</name><value>ET_Scanner</value></option> + <option><name>ET Brute</name><value>ET_Brute</value></option> + <option><name>ET Fake AV</name><value>ET_Fakeav</value></option> + <option><name>ET DYN DNS</name><value>ET_Dyndns</value></option> + <option><name>ET Undersireable</name><value>ET_Undesireable</value></option> + <option><name>ET Abuse TLD</name><value>ET_Abusedtld</value></option> + <option><name>ET SelfSigned SSL</name><value>ET_Selfsignedssl</value></option> + <option><name>ET Blackhole</name><value>ET_Blackhole</value></option> + <option><name>ET RAS</name><value>ET_RAS</value></option> + <option><name>ET P2P CNC</name><value>ET_P2Pcnc</value></option> + <option><name>ET Shared Hosting</name><value>ET_Sharedhosting</value></option> + <option><name>ET Parking</name><value>ET_Parking</value></option> + <option><name>ET VPN</name><value>ET_VPN</value></option> + <option><name>ET EXE Source</name><value>ET_Exesource</value></option> + <option><name>ET Mobile CNC</name><value>ET_Mobilecnc</value></option> + <option><name>ET Mobile Spyware</name><value>ET_Mobilespyware</value></option> + <option><name>ET Skype Node</name><value>ET_Skypenode</value></option> + <option><name>ET Bitcoin</name><value>ET_Bitcoin</value></option> + <option><name>ET DOS Attack</name><value>ET_DDosattack</value></option> + <option><name>Unknown</name><value>ET_Unknown</value></option> + </options> + <size>35</size> + <multiple/> + </field> + <field> + <fielddescr>ET IQRISK Match LISTS</fielddescr> + <fieldname>etmatch</fieldname> + <description> + <![CDATA[Select Lists you want to MATCH.<br /> + <strong>Use CTRL + CLICK to unselect Categories</strong> + <br /><br />Any Changes will take effect at the Next Scheduled CRON Task]]> + </description> + <type>select</type> + <options> + <option><name>ET CNC</name><value>ET_Cnc</value></option> + <option><name>ET BOT</name><value>ET_Bot</value></option> + <option><name>ET SPAM</name><value>ET_Spam</value></option> + <option><name>ET DROP</name><value>ET_Drop</value></option> + <option><name>ET Spyware CNC</name><value>ET_Spywarecnc</value></option> + <option><name>ET Online Gaming</name><value>ET_Onlinegaming</value></option> + <option><name>ET DrivebySRC</name><value>ET_Drivebysrc</value></option> + <option><name>ET Chat Server</name><value>ET_Chatserver</value></option> + <option><name>ET TOR Node</name><value>ET_Tornode</value></option> + <option><name>ET Compromised</name><value>ET_Compromised</value></option> + <option><name>ET P2P</name><value>ET_P2P</value></option> + <option><name>ET Proxy</name><value>ET_Proxy</value></option> + <option><name>ET IP Check</name><value>ET_Ipcheck</value></option> + <option><name>ET Utility</name><value>ET_Utility</value></option> + <option><name>ET DOS</name><value>ET_DDos</value></option> + <option><name>ET Scanner</name><value>ET_Scanner</value></option> + <option><name>ET Brute</name><value>ET_Brute</value></option> + <option><name>ET Fake AV</name><value>ET_Fakeav</value></option> + <option><name>ET DYN DNS</name><value>ET_Dyndns</value></option> + <option><name>ET Undersireable</name><value>ET_Undesireable</value></option> + <option><name>ET Abuse TLD</name><value>ET_Abusedtld</value></option> + <option><name>ET SelfSigned SSL</name><value>ET_Selfsignedssl</value></option> + <option><name>ET Blackhole</name><value>ET_Blackhole</value></option> + <option><name>ET RAS</name><value>ET_RAS</value></option> + <option><name>ET P2P CNC</name><value>ET_P2Pcnc</value></option> + <option><name>ET Shared Hosting</name><value>ET_Sharedhosting</value></option> + <option><name>ET Parking</name><value>ET_Parking</value></option> + <option><name>ET VPN</name><value>ET_VPN</value></option> + <option><name>ET EXE Source</name><value>ET_Exesource</value></option> + <option><name>ET Mobile CNC</name><value>ET_Mobilecnc</value></option> + <option><name>ET Mobile Spyware</name><value>ET_Mobilespyware</value></option> + <option><name>ET Skype Node</name><value>ET_Skypenode</value></option> + <option><name>ET Bitcoin</name><value>ET_Bitcoin</value></option> + <option><name>ET DOS Attack</name><value>ET_DDosattack</value></option> + <option><name>Unknown</name><value>ET_Unknown</value></option> + </options> + <size>35</size> + <multiple/> + </field> + <field> + <fielddescr>Update ET Categories</fielddescr> + <fieldname>et_update</fieldname> + <description><![CDATA[Default:<strong>Disable</strong><br /> + Select - Enable ET Update if Category Changes are Made.<br /> + You can perform a 'Force Update' to enable these changes.<br /> + Cron will also resync this list at the next Scheduled Update.]]> + </description> + <type>select</type> + <options> + <option><name>Disable</name><value>disabled</value></option> + <option><name>Enable</name><value>enabled</value></option> + </options> + </field> + <field> + <name><![CDATA[<ul>Click to SAVE Settings and/or Rule Edits. Changes are Applied via CRON or + 'Force Update'</ul>]]></name> + <type>listtopic</type> + </field> + </fields> + <custom_php_install_command> + pfblockerng_php_install_command(); + </custom_php_install_command> + <custom_php_deinstall_command> + pfblockerng_php_deinstall_command(); + </custom_php_deinstall_command> + <custom_php_validation_command> + pfblockerng_validate_input(\$_POST, \$input_errors); + </custom_php_validation_command> + <custom_php_resync_config_command> + global \$pfb; + \$pfb['save'] = TRUE; + sync_package_pfblockerng(); + </custom_php_resync_config_command> +</packagegui> +EOF; + # Unset Arrays + unset ($options4, $options6, $et_options); + + $log = "Saving pfBlockerNG Reputation TAB \n"; + print $log; + pfb_logger("{$log}","3"); + + // Save pfBlockerng_reputation.xml file + @file_put_contents('/usr/local/pkg/pfblockerng/pfblockerng_reputation.xml',$xmlrep,LOCK_EX); + $log = "\n Country Code - XML File Update completed.\n"; + print $log; + pfb_logger("{$log}","3"); + + $now = date("m/d/y G.i:s", time()); + $log = "Country Code Update Ended - [ NOW ]\n"; + print "Country Code Update Ended - [ $now ]\n"; + pfb_logger("{$log}","3"); +} +?>
\ No newline at end of file |