diff options
Diffstat (limited to 'config/pfblockerng')
-rw-r--r-- | config/pfblockerng/pfblockerng.inc | 48 | ||||
-rw-r--r-- | config/pfblockerng/pfblockerng.php | 46 | ||||
-rw-r--r-- | config/pfblockerng/pfblockerng.sh | 5 | ||||
-rw-r--r-- | config/pfblockerng/pfblockerng.widget.php | 48 |
4 files changed, 76 insertions, 71 deletions
diff --git a/config/pfblockerng/pfblockerng.inc b/config/pfblockerng/pfblockerng.inc index 85d15d14..9f344353 100644 --- a/config/pfblockerng/pfblockerng.inc +++ b/config/pfblockerng/pfblockerng.inc @@ -131,7 +131,7 @@ function pfb_log_mgmt() { function pfb_logger($log, $type) { global $g,$pfb,$pfbarr; - $now = date("m/d/y G.i:s", time()); + $now = date("m/d/y G:i:s", time()); # Only log timestamp if new if (preg_match("/NOW/", $log)) { @@ -336,7 +336,7 @@ function sync_package_pfblockerng($cron = "") { $pfb['etblock'] = ($pfb['config_rep']['etblock'] != "" ? $pfb['config_rep']['etblock'] : "x"); # Emerging Threats IQRisk Match Categories $pfb['etmatch'] = ($pfb['config_rep']['etmatch'] != "" ? $pfb['config_rep']['etmatch'] : "x"); - # Perform a Manual Update on ET Categories + # Perform a Force Update on ET Categories $pfb['etupdate']= $pfb['config_rep']['et_update']; # Variables @@ -384,7 +384,7 @@ function sync_package_pfblockerng($cron = "") { $deny_outbound = array(); # An Array of all Aliases (Active and non-Active) $aliases_list = array(); - # This is an Array of Aliases that Have Updated Lists via CRON/Manual Update when 'Reputation' disabled. + # This is an Array of Aliases that Have Updated Lists via CRON/Force Update when 'Reputation' disabled. $pfb_alias_lists = array(); # This is an Array of All Active Aliases used when 'Reputation' enabled $pfb_alias_lists_all = array(); @@ -424,8 +424,6 @@ function sync_package_pfblockerng($cron = "") { # Discover if any Rules are AutoRules (If no AutoRules found, $pfb['autorules'] is FALSE, Skip Rules Re-Order ) # To configure Auto Rule Suffix. pfBlockerNG must be disabled to change Suffix and to avoid Duplicate Rules - # Also if $pfb['autorules'] is false, Skip Firewall Re-order Process. - $pfb['autorules'] = FALSE; $pfb['found'] = FALSE; foreach ($continents as $continent => $pfb_alias) { @@ -634,7 +632,7 @@ function sync_package_pfblockerng($cron = "") { } } - # Find all Enabled IPv4 'Custom List' Header Names and Check if 'Emerging Threats Update' and 'Custom List Update' Needs Manual Updating + # Find all Enabled IPv4 'Custom List' Header Names and Check if 'Emerging Threats Update' and 'Custom List Update' Needs Force Updating $list_type = array ("pfblockernglistsv4" => "_v4", "pfblockernglistsv6" => "_v6"); foreach ($list_type as $ip_type => $vtype) { if ($config['installedpackages'][$ip_type]['config'] != "" && $pfb['enable'] == "on") { @@ -676,7 +674,7 @@ function sync_package_pfblockerng($cron = "") { $pfb['existing']['deny'][] = "{$pfb_alias},"; // Add Trailing ',' $pfbfolder = "{$pfb['denydir']}"; } - # Determine if 'Custom List' Needs Manual Updating before next CRON Event. + # Determine if 'Custom List' Needs Force Updating before next CRON Event. if ($list['custom_update'] == "enabled") { unlink_if_exists("{$pfbfolder}/{$pfb_alias}.txt"); # Uncheck 'Enabled' in List 'Custom_update' Setting @@ -829,7 +827,7 @@ function sync_package_pfblockerng($cron = "") { // Collect Selected ISO Country Files foreach (explode(",", $continent_config[$c_type]) as $iso) { - if ($iso <> "" && file_exists($pfb['ccdir'] .'/' . $iso . $vtype . '.txt')) { + if ($iso != "" && file_exists($pfb['ccdir'] .'/' . $iso . $vtype . '.txt')) { $continent .= file_get_contents ($pfb['ccdir'] . '/' . $iso . $vtype . '.txt'); } } @@ -1133,7 +1131,7 @@ function sync_package_pfblockerng($cron = "") { if ($remote_tds == "local") $remote_tds = gmdate ("D, d M Y H:i:s T", filemtime($file_dwn)); $remote_stamp = strtotime($remote_tds); - if (!isset($remote_stamp) && file_exists($file_dwn)) + if (!empty($remote_stamp) && file_exists($file_dwn)) touch ($file_dwn, $remote_stamp); } $url_list = @gzfile($file_dwn); @@ -1152,7 +1150,7 @@ function sync_package_pfblockerng($cron = "") { if ($remote_tds == "local") $remote_tds = gmdate ("D, d M Y H:i:s T", filemtime($file_dwn)); $remote_stamp = strtotime($remote_tds); - if (!isset($remote_stamp) && file_exists($file_dwn)) + if (!empty($remote_stamp) && file_exists($file_dwn)) touch ($file_dwn, $remote_stamp); } $url_list = @file($pfb['origdir'] . '/' . $header_url . '.orig'); @@ -1173,7 +1171,7 @@ function sync_package_pfblockerng($cron = "") { if ($remote_tds == "local") $remote_tds = gmdate ("D, d M Y H:i:s T", filemtime($file_dwn)); $remote_stamp = strtotime($remote_tds); - if (!isset($remote_stamp) && file_exists($file_dwn)) + if (!empty($remote_stamp) && file_exists($file_dwn)) touch ($file_dwn, $remote_stamp); } } @@ -1194,7 +1192,7 @@ function sync_package_pfblockerng($cron = "") { if ($remote_tds == "local") $remote_tds = gmdate ("D, d M Y H:i:s T", filemtime($file_dwn)); $remote_stamp = strtotime($remote_tds); - if (!isset($remote_stamp) && file_exists($file_dwn)) + if (!empty($remote_stamp) && file_exists($file_dwn)) touch ($file_dwn, $remote_stamp); } exec ("{$pfb['script']} et {$header_url} x x x x x {$pfb['etblock']} {$pfb['etmatch']} >> {$pfb['log']} 2>&1"); @@ -1213,7 +1211,7 @@ function sync_package_pfblockerng($cron = "") { if ($remote_tds == "local") $remote_tds = gmdate ("D, d M Y H:i:s T", filemtime($file_dwn)); $remote_stamp = strtotime($remote_tds); - if (!isset($remote_stamp) && file_exists($file_dwn)) + if (!empty($remote_stamp) && file_exists($file_dwn)) touch ($file_dwn, $remote_stamp); } exec ("{$pfb['script']} xlsx {$header_url} >> {$pfb['log']} 2>&1"); @@ -1231,7 +1229,7 @@ function sync_package_pfblockerng($cron = "") { if ($remote_tds == "local") $remote_tds = gmdate ("D, d M Y H:i:s T", filemtime($file_dwn)); $remote_stamp = strtotime($remote_tds); - if (!isset($remote_stamp) && file_exists($file_dwn)) + if (!empty($remote_stamp) && file_exists($file_dwn)) touch ($file_dwn, $remote_stamp); } } @@ -1240,15 +1238,13 @@ function sync_package_pfblockerng($cron = "") { $file_dwn = "{$pfb['origdir']}/{$header_url}.raw"; if ($pfb['reuse'] == "on" && file_exists($file_dwn)) { # File Exists/Reuse + $return = 0; } else { $url_html = "{$row['url']}"; - if ($pfb['pfsenseversion'] >= 2.2) { - exec ("/usr/bin/fetch -v --no-verify-peer -o {$file_dwn} -T 20 {$url_html}"); - } else { - exec ("/usr/bin/fetch -v -o {$file_dwn} -T 20 {$url_html}"); - } + exec ("/usr/bin/fetch -v -o {$file_dwn} -T 20 {$url_html}",$output,$return); } - $url_list = @file($file_dwn); + if ($return == 0) + $url_list = @file($file_dwn); } elseif ($row['format'] == "rsync") { @@ -1577,6 +1573,7 @@ function sync_package_pfblockerng($cron = "") { #remove empty lists files if any if (is_array($list['row'])) { $update = 0; + ${$alias} = ""; foreach ($list['row'] as $row) { if ($row['url'] != "" && $row['format'] != "skip") { if ($vtype == "_v4") { @@ -2068,8 +2065,6 @@ function sync_package_pfblockerng($cron = "") { # Clear any existing pfBlockerNG Cron Jobs install_cron_job("pfblockerng.php cron", false); - # Clear any existing pfBlockerNG Manual Cron Jobs - install_cron_job("pfblockerng.php update", false); # Replace Cron job with any User Changes to $pfb_min if ($pfb['enable'] == "on") { @@ -2187,7 +2182,7 @@ function sync_package_pfblockerng($cron = "") { # FINAL REPORTING # ############################################# - # Only run with CRON or Manual Invoked Process + # Only run with CRON or Force Invoked Process if ((!$pfb['save'] && $pfb['dupcheck'] && $pfb['enable'] == "on") || $pfb['summary']) { # Script to run Final Script Processes. exec ("{$pfb['script']} closing {$pfb['dup']} >> {$pfb['log']} 2>&1"); @@ -2226,14 +2221,16 @@ function pfblockerng_validate_input($post, &$input_errors) { } -Function pfblockerng_php_install_command() { +function pfblockerng_php_install_command() { require_once("/usr/local/www/pfblockerng/pfblockerng.php"); global $config,$pfb; pfb_global(); + # Uncompress Country Code File and delete Archive after extraction. + exec("cd /{$pfb['ccdir']}; /usr/bin/tar -jxvf {$pfb['ccdir']}/countrycodes.tar.bz2"); + unlink_if_exists("{$pfb['ccdir']}/countrycodes.tar.bz2"); # Download MaxMind Files and Create Country Code files and Build Continent XML Files update_output_window(gettext("Downloading MaxMind Country Databases. This may take a minute...")); - exec("/bin/sh /usr/local/pkg/pfblockerng/geoipupdate.sh all"); update_output_window(gettext("MaxMind Country Database downloads completed...")); update_output_window(gettext("Converting MaxMind Country Databases for pfBlockerNG. This may take a few minutes...")); @@ -2256,7 +2253,6 @@ Function pfblockerng_php_install_command() { function pfblockerng_php_deinstall_command() { - require_once("/usr/local/www/pfblockerng/pfblockerng.php"); require_once("config.inc"); global $config,$pfb; diff --git a/config/pfblockerng/pfblockerng.php b/config/pfblockerng/pfblockerng.php index 2c4af706..19b56f08 100644 --- a/config/pfblockerng/pfblockerng.php +++ b/config/pfblockerng/pfblockerng.php @@ -149,8 +149,8 @@ function pfb_update_check($header_url, $list_url, $url_format) { global $pfb; if ($url_format == "rsync" || $url_format == "html") { - print "[ {$header_url} ]\n"; - print " Skipping timestamp query\n"; + $log = "[ {$header_url} ]\n Skipping timestamp query\n"; + pfb_logger("{$log}","1"); return TRUE; } @@ -174,7 +174,8 @@ function pfb_update_check($header_url, $list_url, $url_format) { break; } - print "[ {$header_url} ]\n"; + $log = "[ {$header_url} ]\n"; + pfb_logger("{$log}","1"); $host = @parse_url($list_url); $local_file = "{$pfb['origdir']}/{$header_url}{$type}"; if (file_exists($local_file)) { @@ -194,7 +195,8 @@ function pfb_update_check($header_url, $list_url, $url_format) { if ("{$remote_tds}" != "{$local_tds}") { return TRUE; } else { - print " Remote file unchanged. Download Terminated\n"; + $log = " Remote file unchanged. Download Terminated\n"; + pfb_logger("{$log}","1"); return FALSE; } } else { @@ -323,7 +325,8 @@ if ($argv[1] == 'cron') { # Check if List file exists, if not found run Update if (!file_exists($pfbfolder . '/' . $header_url . '.txt')) { - print " Updates Found\n"; + $log = " Updates Found\n"; + pfb_logger("{$log}","1"); $updates++; continue; } @@ -331,7 +334,8 @@ if ($argv[1] == 'cron') { switch ($list_cron) { case "01hour": if (pfb_update_check($header_url, $list_url, $url_format)) { - print " Updates Found\n"; + $log = " Updates Found\n"; + pfb_logger("{$log}","1"); unlink_if_exists($pfbfolder . '/' . $header_url . '.txt'); $updates++; } @@ -339,7 +343,8 @@ if ($argv[1] == 'cron') { case "02hours": if (in_array($hour, $e_sch2)) { if (pfb_update_check($header_url, $list_url, $url_format)) { - print " Updates Found\n"; + $log = " Updates Found\n"; + pfb_logger("{$log}","1"); unlink_if_exists($pfbfolder . '/' . $header_url . '.txt'); $updates++; } @@ -348,7 +353,8 @@ if ($argv[1] == 'cron') { case "03hours": if (in_array($hour, $e_sch3)) { if (pfb_update_check($header_url, $list_url, $url_format)) { - print " Updates Found\n"; + $log = " Updates Found\n"; + pfb_logger("{$log}","1"); unlink_if_exists($pfbfolder . '/' . $header_url . '.txt'); $updates++; } @@ -357,7 +363,8 @@ if ($argv[1] == 'cron') { case "04hours": if (in_array($hour, $e_sch4)) { if (pfb_update_check($header_url, $list_url, $url_format)) { - print " Updates Found\n"; + $log = " Updates Found\n"; + pfb_logger("{$log}","1"); unlink_if_exists($pfbfolder . '/' . $header_url . '.txt'); $updates++; } @@ -366,7 +373,8 @@ if ($argv[1] == 'cron') { case "06hours": if (in_array($hour, $e_sch6)) { if (pfb_update_check($header_url, $list_url, $url_format)) { - print " Updates Found\n"; + $log = " Updates Found\n"; + pfb_logger("{$log}","1"); unlink_if_exists($pfbfolder . '/' . $header_url . '.txt'); $updates++; } @@ -375,7 +383,8 @@ if ($argv[1] == 'cron') { case "08hours": if (in_array($hour, $e_sch8)) { if (pfb_update_check($header_url, $list_url, $url_format)) { - print " Updates Found\n"; + $log = " Updates Found\n"; + pfb_logger("{$log}","1"); unlink_if_exists($pfbfolder . '/' . $header_url . '.txt'); $updates++; } @@ -384,7 +393,8 @@ if ($argv[1] == 'cron') { case "12hours": if (in_array($hour, $e_sch12)) { if (pfb_update_check($header_url, $list_url, $url_format)) { - print " Updates Found\n"; + $log = " Updates Found\n"; + pfb_logger("{$log}","1"); unlink_if_exists($pfbfolder . '/' . $header_url . '.txt'); $updates++; } @@ -393,7 +403,8 @@ if ($argv[1] == 'cron') { case "EveryDay": if ($hour == $pfb['dailystart']) { if (pfb_update_check($header_url, $list_url, $url_format)) { - print " Updates Found\n"; + $log = " Updates Found\n"; + pfb_logger("{$log}","1"); unlink_if_exists($pfbfolder . '/' . $header_url . '.txt'); $updates++; } @@ -402,7 +413,8 @@ if ($argv[1] == 'cron') { case "Weekly": if ($hour == $pfb['dailystart'] && $dow == $header_dow) { if (pfb_update_check($header_url, $list_url, $url_format)) { - print " Updates Found\n"; + $log = " Updates Found\n"; + pfb_logger("{$log}","1"); unlink_if_exists($pfbfolder . '/' . $header_url . '.txt'); $updates++; } @@ -451,7 +463,7 @@ function pfblockerng_uc_countries() { safe_mkdir ("{$folder}",0755); } - $now = date("m/d/y G.i:s", time()); + $now = date("m/d/y G:i:s", time()); $log = "Country Code Update Start - [ NOW ]\n\n"; print "Country Code Update Start - [ $now ]\n\n"; pfb_logger("{$log}","3"); @@ -565,7 +577,7 @@ function pfblockerng_uc_countries() { $header = ""; $pfb_file = ""; $iso_key = ""; - $header .= "# Generated from MaxMind Inc. on: " . date("m/d/y G.i:s", time()) . "\n"; + $header .= "# Generated from MaxMind Inc. on: " . date("m/d/y G:i:s", time()) . "\n"; $header .= "# Continent IPv4: " . $cont_array[$counter]['continent'] . "\n"; $pfb_file = $cont_array[$counter]['file4']; $iso_key = array_keys($iso); @@ -618,7 +630,7 @@ function pfblockerng_uc_countries() { $pfb_file = ""; $iso_key = ""; - $header .= "# Generated from MaxMind Inc. on: " . date("m/d/y G.i:s", time()) . "\n"; + $header .= "# Generated from MaxMind Inc. on: " . date("m/d/y G:i:s", time()) . "\n"; $header .= "# Continent IPv6: " . $cont_array[$counter]['continent'] . "\n"; $pfb_file = $cont_array[$counter]['file6']; $iso_key = array_keys($iso); diff --git a/config/pfblockerng/pfblockerng.sh b/config/pfblockerng/pfblockerng.sh index 335df167..2f622153 100644 --- a/config/pfblockerng/pfblockerng.sh +++ b/config/pfblockerng/pfblockerng.sh @@ -15,7 +15,6 @@ now=$(/bin/date +%m/%d/%y' '%T) mtype=$(/usr/bin/uname -m); -pfs_version="$(cut -c 1-3 /etc/version)" # Application Paths pathgrepcidr="/usr/pbi/pfblockerng-$mtype/bin/grepcidr" @@ -268,7 +267,7 @@ if [ -e "$pfbsuppression" ] && [ -s "$pfbsuppression" ]; then if [ ! -z "$data" -a ! -z "$cc" ]; then # Loop thru each Updated List to remove Suppression and RFC1918 Addresses if [ "$cc" == "suppressheader" ]; then - echo "===[ Suppression Stats ]========================================"; echo + echo; echo "===[ Suppression Stats ]========================================"; echo printf "%-20s %-10s %-10s %-10s %-10s\n" "List" "Pre" "RFC1918" "Suppress" "Masterfile" echo "----------------------------------------------------------------" exit @@ -873,7 +872,7 @@ for i in $cc; do awk 'FNR==NR{a[$0];next}!($0 in a)' $tempfile $masterfile > $tempfile2; mv -f $tempfile2 $masterfile cut -d' ' -f2 $masterfile > $mastercat fi - rm -rf $pfborig$header*; rm -rf $pfbdeny$header*; rm -rf $pfbmatch$header*; rm -rf $pfbpermit$header* + rm -rf $pfborig$header*; rm -rf $pfbdeny$header*; rm -rf $pfbmatch$header*; rm -rf $pfbpermit$header*; rm -rf $pfbnative$header* echo "The Following list has been REMOVED [ $header ]" fi echo diff --git a/config/pfblockerng/pfblockerng.widget.php b/config/pfblockerng/pfblockerng.widget.php index 1486f658..b3ab5703 100644 --- a/config/pfblockerng/pfblockerng.widget.php +++ b/config/pfblockerng/pfblockerng.widget.php @@ -58,7 +58,6 @@ if (isset($_POST['pfblockerngack'])) { header("Location: ../../index.php"); } - // This function will create the counts function pfBlockerNG_get_counts() { global $config, $g, $pfb; @@ -107,6 +106,7 @@ if ("{$pfb['enable']}" == "on") { $dcount = exec("cat {$pfb['denydir']}/*.txt | grep -cv '^#\|^$\|^1\.1\.1\.1'"); $pcount = exec("cat {$pfb['permitdir']}/*.txt | grep -cv '^#\|^$\|^1\.1\.1\.1'"); $mcount = exec("cat {$pfb['matchdir']}/*.txt | grep -cv '^#\|^$\|^1\.1\.1\.1'"); +$ncount = exec("cat {$pfb['nativedir']}/*.txt | grep -cv '^#\|^$\|^1\.1\.1\.1'"); // Collect Number of Suppressed Hosts if (file_exists("{$pfb['supptxt']}")) { @@ -118,7 +118,7 @@ if (file_exists("{$pfb['supptxt']}")) { #check rule count #(label, evaluations,packets total, bytes total, packets in, bytes in,packets out, bytes out) $packets = exec("/sbin/pfctl -s labels", $debug); -if (!empty($packets)) { +if (!empty($debug)) { foreach ($debug as $line) { // Auto-Rules start with 'pfB_', Alias Rules should start with 'pfb_' and exact spelling of Alias Name. $line = str_replace("pfb_","pfB_",$line); @@ -158,9 +158,6 @@ if (isset($_GET['getNewCounts'])) { } } -$out = "<img src ='/themes/{$g['theme']}/images/icons/icon_interface_down.gif' width='10' height='10' border='0' title=\"No Rules are Defined using this Alias\">"; -$in = "<img src ='/themes/{$g['theme']}/images/icons/icon_interface_up.gif' width='10' height='10' border='0' title=\"Rules are Defined using this Alias\">"; - // Report any Failed Downloads $results = array(); $fails = exec("grep $(date +%m/%d/%y) {$pfb['errlog']} | grep 'FAIL'", $results); @@ -171,32 +168,33 @@ $fails = exec("grep $(date +%m/%d/%y) {$pfb['errlog']} | grep 'FAIL'", $results) <table border="0" cellspacing="0" cellpadding="0"> <thead> <tr> - <td valign="middle"><?=gettext("Status") ?> <img src="<?= $pfb_status ?>" width="14" height="14" border="0" title="<?=gettext($pfb_msg) ?>"></td> - <td valign="middle"> </td> + <td valign="middle"> <img src="<?= $pfb_status ?>" width="13" height="13" border="0" title="<?=gettext($pfb_msg) ?>"></td> + <td valign="middle"> </td> <td valign="middle" p style="font-size:10px"> - <?php if ($dcount != 0) { ?> + <?php if ($dcount != 0): ?> <?=gettext("Deny:"); echo(" <strong>" . $dcount . "</strong>") ?> - <?php }?> - <?php if ($pcount != 0) { ?> + <?php endif; ?> + <?php if ($pcount != 0): ?> <?=gettext(" Permit:"); echo(" <strong>" . $pcount . "</strong>") ?> - <?php }?> - <?php if ($mcount != 0) { ?> + <?php endif; ?> + <?php if ($mcount != 0): ?> <?=gettext(" Match:"); echo(" <strong>" . $mcount . "</strong>"); ?> - <?php }?> - <?php if ($pfbsupp_cnt != 0) { ?> - <?=gettext(" Suppress:"); echo(" <strong>" . $pfbsupp_cnt . "</strong>"); ?> - <?php }?></td> - <td valign="middle"> </td> + <?php endif; ?> + <?php if ($ncount != 0): ?> + <?=gettext(" Native:"); echo(" <strong>" . $ncount . "</strong>"); ?> + <?php endif; ?> + <?php if ($pfbsupp_cnt != 0): ?> + <?=gettext(" Supp:"); echo(" <strong>" . $pfbsupp_cnt . "</strong>"); ?> + <?php endif; ?></td> + <td valign="middle"> </td> <td valign="top"><a href="pfblockerng/pfblockerng_log.php"><img src="/themes/<?=$g['theme']; ?>/images/icons/icon_logs.gif" width="13" height="13" border="0" title="<?=gettext("View pfBlockerNG Logs TAB") ?>"></a> <td valign="top"> - - <?php if (!empty($results)) { // Hide "Ack" Button when Failed Downloads are Empty. ?> - <form action="/widgets/widgets/pfblockerng.widget.php" method="post" name="widget_pfblockerng_ack"> - <input type="hidden" value="clearack" name="pfblockerngack"> - <input class="vexpl" type="image" name="pfblockerng_ackbutton" src="/themes/<?=$g['theme']; ?>/images/icons/icon_x.gif" width="14" height="14" border="0" title="<?=gettext("Clear Failed Downloads") ?>"/> - </form> - <?php } // Hide "Ack" Button when Failed Downloads are Empty. ?> - + <?php if (!empty($results)): ?> <!--Hide "Ack" Button when Failed Downloads are Empty--> + <form action="/widgets/widgets/pfblockerng.widget.php" method="post" name="widget_pfblockerng_ack"> + <input type="hidden" value="clearack" name="pfblockerngack"> + <input class="vexpl" type="image" name="pfblockerng_ackbutton" src="/themes/<?=$g['theme']; ?>/images/icons/icon_x.gif" width="14" height="14" border="0" title="<?=gettext("Clear Failed Downloads") ?>"/> + </form> + <?php endif; ?> </td> </tr> </thead> |