diff options
Diffstat (limited to 'config/pfblockerng')
-rw-r--r-- | config/pfblockerng/pfblockerng.inc | 37 | ||||
-rw-r--r-- | config/pfblockerng/pfblockerng.php | 9 | ||||
-rw-r--r-- | config/pfblockerng/pfblockerng_sync.xml | 2 | ||||
-rw-r--r-- | config/pfblockerng/pfblockerng_v4lists.xml | 42 | ||||
-rw-r--r-- | config/pfblockerng/pfblockerng_v6lists.xml | 47 |
5 files changed, 83 insertions, 54 deletions
diff --git a/config/pfblockerng/pfblockerng.inc b/config/pfblockerng/pfblockerng.inc index 2f0c90de..9f35397a 100644 --- a/config/pfblockerng/pfblockerng.inc +++ b/config/pfblockerng/pfblockerng.inc @@ -429,7 +429,7 @@ function sync_package_pfblockerng($cron = "") { foreach ($continents as $continent => $pfb_alias) { if (is_array($config['installedpackages']['pfblockerng' . strtolower(preg_replace('/ /','',$continent))]['config'])) { $continent_config = $config['installedpackages']['pfblockerng' . strtolower(preg_replace('/ /','',$continent))]['config'][0]; - if ($continent_config['action'] != "Disabled" && $continent_config['action'] != "" && in_array($continent_config['action'],array('Deny_Both','Deny_Inbound','Deny_Outbound','Match_Both','Match_Inbound','Match_Outbound','Permit_Both','Permit_Inbound','Permit_Outbound'))) { + if ($continent_config['action'] != "Disabled" && in_array($continent_config['action'],array('Deny_Both','Deny_Inbound','Deny_Outbound','Match_Both','Match_Inbound','Match_Outbound','Permit_Both','Permit_Inbound','Permit_Outbound'))) { $pfb['autorules'] = TRUE; $pfb['found'] = TRUE; break; @@ -441,7 +441,7 @@ function sync_package_pfblockerng($cron = "") { foreach ($list_type as $ip_type) { if ($config['installedpackages'][$ip_type]['config'] != "" && !$pfb['found']) { foreach($config['installedpackages'][$ip_type]['config'] as $list) { - if ($list['action'] != "Disabled" && $list['action'] != "" && in_array($list['action'],array('Deny_Both','Deny_Inbound','Deny_Outbound','Match_Both','Match_Inbound','Match_Outbound','Permit_Both','Permit_Inbound','Permit_Outbound'))) { + if ($list['action'] != "Disabled" && in_array($list['action'],array('Deny_Both','Deny_Inbound','Deny_Outbound','Match_Both','Match_Inbound','Match_Outbound','Permit_Both','Permit_Inbound','Permit_Outbound'))) { $pfb['autorules'] = TRUE; break; } @@ -517,6 +517,10 @@ function sync_package_pfblockerng($cron = "") { $base_rule = $base_rule_reg; $pfb['inbound_interfaces'] = explode(",",$pfb['config']['inbound_interface']); } + } else { + # Define Empty Variable/Array + $pfb['inbound_interfaces_float'] = ""; + $pfb['inbound_interfaces'] = array(); } if (!empty($pfb['config']['outbound_interface'])) { @@ -545,6 +549,10 @@ function sync_package_pfblockerng($cron = "") { if (!in_array("openvpn",$sort_interfaces)) array_push($pfb['outbound_interfaces'], "openvpn"); } + } else { + # Define Empty Variable/Array + $pfb['outbound_interfaces_float'] = ""; + $pfb['outbound_interfaces'] = array(); } @@ -581,7 +589,7 @@ function sync_package_pfblockerng($cron = "") { foreach ($continents as $continent => $pfb_alias) { if (is_array($config['installedpackages']['pfblockerng' . strtolower(preg_replace('/ /','',$continent))]['config']) && $pfb['enable'] == "on") { $continent_config = $config['installedpackages']['pfblockerng' . strtolower(preg_replace('/ /','',$continent))]['config'][0]; - if ($continent_config['action'] != "Disabled" && $continent_config['action'] != "") { + if ($continent_config['action'] != "Disabled") { $cont_type = array ("countries4" => "_v4", "countries6" => "_v6"); foreach ($cont_type as $c_type => $vtype) { if ($continent_config[$c_type] != "") { @@ -606,7 +614,7 @@ function sync_package_pfblockerng($cron = "") { foreach ($list_type as $ip_type => $vtype) { if ($config['installedpackages'][$ip_type]['config'] != "" && $pfb['enable'] == "on") { foreach ($config['installedpackages'][$ip_type]['config'] as $list) { - if (is_array($list['row']) && $list['action'] != "Disabled" && $list['action'] != "") { + if (is_array($list['row']) && $list['action'] != "Disabled") { foreach ($list['row'] as $row) { if ($vtype == "_v4") { $pfb_alias = "{$row['header']}"; @@ -614,7 +622,7 @@ function sync_package_pfblockerng($cron = "") { $pfb_alias = "{$row['header']}_v6"; } # Collect Enabled Lists - if ($row['url'] != "" && $row['format'] != "skip") { + if ($row['url'] != "" && $row['state'] != "Disabled") { # Set Parameters for 'Match', 'Permit', 'Native' and 'Deny' if (in_array($list['action'],array('Match_Both','Match_Inbound','Match_Outbound','Alias_Match'))) { $pfb['existing']['match'][] = "{$pfb_alias}"; @@ -638,10 +646,10 @@ function sync_package_pfblockerng($cron = "") { if ($config['installedpackages'][$ip_type]['config'] != "" && $pfb['enable'] == "on") { $count = -1; foreach ($config['installedpackages'][$ip_type]['config'] as $list) { - if (is_array($list['row']) && $list['action'] != "Disabled" && $list['action'] != "") { + if (is_array($list['row']) && $list['action'] != "Disabled") { $count++; # Check if 'Emerging Threats Update' Needs Updating before next CRON Event. - if (is_array($list['row']) && $pfb['etupdate'] == "enabled" && $vtype == "_v4") { + if (is_array($list['row']) && $row['state'] != "Disabled" && $pfb['etupdate'] == "enabled" && $vtype == "_v4") { foreach ($list['row'] as $row) { $aliasname = $row['header']; if ($row['format'] == "et") { @@ -810,7 +818,7 @@ function sync_package_pfblockerng($cron = "") { foreach ($continents as $continent => $pfb_alias) { if (is_array($config['installedpackages']['pfblockerng' . strtolower(preg_replace('/ /','',$continent))]['config'])) { $continent_config = $config['installedpackages']['pfblockerng' . strtolower(preg_replace('/ /','',$continent))]['config'][0]; - if ($continent_config['action'] != "Disabled" && $continent_config['action'] != "" && $pfb['enable'] == "on") { + if ($continent_config['action'] != "Disabled" && $pfb['enable'] == "on") { # Determine Folder Location for Alias (return array $pfbarr) pfb_determine_list_detail($continent_config['action']); @@ -1065,11 +1073,11 @@ function sync_package_pfblockerng($cron = "") { foreach ($list_type as $ip_type => $vtype) { if ($config['installedpackages'][$ip_type]['config'] != "") { foreach ($config['installedpackages'][$ip_type]['config'] as $list) { - if ($list['action'] != "Disabled" && $list['action'] != "" && $pfb['enable'] == "on" && !$pfb['save'] && is_array($list['row'])) { + if ($list['action'] != "Disabled" && $pfb['enable'] == "on" && !$pfb['save'] && is_array($list['row'])) { # Capture Alias Name $alias = "pfB_" . preg_replace("/\W/","",$list['aliasname']); foreach ($list['row'] as $row) { - if ($row['url'] != "" && $row['format'] != "skip") { + if ($row['url'] != "" && $row['state'] != "Disabled") { # Determine Folder Location for Alias (return array $pfbarr) pfb_determine_list_detail($list['action']); @@ -1100,8 +1108,9 @@ function sync_package_pfblockerng($cron = "") { } if (file_exists($pfbfolder . '/' . $header_url . '.txt') && $pfb['reuse'] == "") { - if ($row['format'] == "hold") { + if ($row['state'] == "Hold") { $log = "\n[ {$header_url} ] {$log_tab} Static Hold [ NOW ]\n"; + $row['format'] = "Hold"; } else { $log = "\n[ {$header_url} ] {$log_tab} exists, Reloading File [ NOW ]\n"; } @@ -1576,13 +1585,13 @@ function sync_package_pfblockerng($cron = "") { $final_alias = array_unique($pfb_alias_lists); } - if ($list['action'] != "Disabled" && $list['action'] != "") { + if ($list['action'] != "Disabled") { #remove empty lists files if any if (is_array($list['row'])) { $update = 0; ${$alias} = ""; foreach ($list['row'] as $row) { - if ($row['url'] != "" && $row['format'] != "skip") { + if ($row['url'] != "" && $row['state'] != "Disabled") { if ($vtype == "_v4") { $header_url = "{$row['header']}"; } else { @@ -1829,7 +1838,7 @@ function sync_package_pfblockerng($cron = "") { # Collect Existing pfSense Rules 'Pass', 'Match' and 'Other' pfSense rules into new Arrays. if (!empty($rules)) { foreach ($rules as $rule) { - if (!preg_match("/pfB_.*" . $pfb['suffix'] . "/",$rule['descr']) && ($rule['interface'] != "")) { + if (!preg_match("/pfB_.*" . $pfb['suffix'] . "/",$rule['descr'])) { // Floating rules collection 'Floating Pass/Match'. Balance to 'other' if ($pfb['float'] == "on") { if ($rule['type'] == "pass" && $rule['floating'] == "yes") { diff --git a/config/pfblockerng/pfblockerng.php b/config/pfblockerng/pfblockerng.php index 7539e9fd..4e643cd6 100644 --- a/config/pfblockerng/pfblockerng.php +++ b/config/pfblockerng/pfblockerng.php @@ -304,9 +304,9 @@ if ($argv[1] == 'cron') { foreach ($list_type as $ip_type => $vtype) { if ($config['installedpackages'][$ip_type]['config'] != "") { foreach ($config['installedpackages'][$ip_type]['config'] as $list) { - if (is_array($list['row']) && $list['action'] != "Disabled" && $list['action'] != "") { + if (is_array($list['row']) && $list['action'] != "Disabled") { foreach ($list['row'] as $row) { - if ($row['url'] != "" && $row['format'] != "hold" && $row['format'] != "skip") { + if ($row['url'] != "" && $row['state'] != "Disabled") { if ($vtype == "_v4") { $header_url = "{$row['header']}"; @@ -323,6 +323,11 @@ if ($argv[1] == 'cron') { $header_dow = $list['dow']; $url_format = $row['format']; + // Bypass update if state is defined as "Hold" and list file exists + if (file_exists($pfbfolder . '/' . $header_url . '.txt') && $row['state'] == "Hold") { + continue; + } + # Check if List file exists, if not found run Update if (!file_exists($pfbfolder . '/' . $header_url . '.txt')) { $log = " Updates Found\n"; diff --git a/config/pfblockerng/pfblockerng_sync.xml b/config/pfblockerng/pfblockerng_sync.xml index 3401ff31..c5777dcf 100644 --- a/config/pfblockerng/pfblockerng_sync.xml +++ b/config/pfblockerng/pfblockerng_sync.xml @@ -77,7 +77,7 @@ </tab> <tab> <text>IPv4</text> - <url>/pkg.php?xml=/pfblockerng/pfblockerng_v4.xml</url> + <url>/pkg.php?xml=/pfblockerng/pfblockerng_v4lists.xml</url> </tab> <tab> <text>IPv6</text> diff --git a/config/pfblockerng/pfblockerng_v4lists.xml b/config/pfblockerng/pfblockerng_v4lists.xml index 469607e6..17f1a14d 100644 --- a/config/pfblockerng/pfblockerng_v4lists.xml +++ b/config/pfblockerng/pfblockerng_v4lists.xml @@ -26,11 +26,11 @@ 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. + this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, @@ -197,7 +197,7 @@ <field> <fielddescr><![CDATA[<strong>IPv4</strong> Lists]]></fielddescr> <fieldname>none</fieldname> - <description><![CDATA[<br /><strong>'Format'</strong> - Choose the file format that URL will retrieve.<br /> + <description><![CDATA[<br /><strong>'Format'</strong> - Select the file format that URL will retrieve.<br /> <ul><li><strong>'txt'</strong> Plain txt Lists</li><br /> <li><strong>'gz'</strong> - IBlock GZ Lists in Range Format only.</li><br /> @@ -208,15 +208,14 @@ <li><strong>'html'</strong> - Web Links</li><br /> <li><strong>'xlsx'</strong> - Excel Lists</li><br /> <li><strong>'rsync'</strong> - RSync Lists</li><br /> - <li><strong>'ET IQRisk'</strong> - Only</li><br /> - <li><strong>'SKIP'</strong> - This format can be used to 'Disable' an Individual List.</li><br /> - <li><strong>'HOLD'</strong> - Once a List has been Downloaded, you can change to 'HOLD' to keep this list Static.</li><br /> - - <strong>Note: </strong><br /> - Downloaded or pfsense local file must have only one network per line and follows the syntax below:<br /> - Network ranges: <strong>172.16.1.0-172.16.1.255</strong><br /> + <li><strong>'ET' IQRisk</strong> - Only</li></ul> + <strong>'State'</strong> - Select the Run State for each list.<br /> + <ul><li><strong>'ON/OFF'</strong> - Enabled / Disabled</li><br /> + <li><strong>'HOLD'</strong> - Once a List has been Downloaded, list will remain Static.</li></ul> + <strong>'Note' -</strong> Downloaded or pfsense local file must have only one network per line and follows the syntax below: + <ul>Network ranges: <strong>172.16.1.0-172.16.1.255</strong><br /> IP Address: <strong>172.16.1.10</strong><br /> - CIDR: <strong>172.16.1.0/24</strong></ul><br /><br />]]> + CIDR: <strong>172.16.1.0/24</strong></ul>]]> </description> <type>rowhelper</type> <rowhelper> @@ -234,16 +233,24 @@ <option><name>html</name><value>html</value></option> <option><name>xlsx</name><value>xlsx</value></option> <option><name>RSync</name><value>rsync</value></option> - <option><name>ET IQRisk</name><value>et</value></option> - <option><name>SKIP</name><value>skip</value></option> - <option><name>HOLD</name><value>hold</value></option> + <option><name>ET</name><value>et</value></option> </options> </rowhelperfield> <rowhelperfield> + <fielddescr>State</fielddescr> + <fieldname>state</fieldname> + <type>select</type> + <options> + <option><name>ON</name><value>Enabled</value></option> + <option><name>OFF</name><value>Disabled</value></option> + <option><name>HOLD</name><value>Hold</value></option> + </options> + </rowhelperfield> + <rowhelperfield> <fielddescr>URL or pfSense local file</fielddescr> <fieldname>url</fieldname> <type>input</type> - <size>75</size> + <size>50</size> </rowhelperfield> <rowhelperfield> <fielddescr>Header</fielddescr> @@ -314,7 +321,8 @@ <fielddescr>Update Frequency</fielddescr> <fieldname>cron</fieldname> <description><![CDATA[Default:<strong>Never</strong><br /> - Select how often List files will be downloaded]]></description> + Select how often List files will be downloaded]]> + </description> <type>select</type> <options> <option><name>Never</name><value>Never</value></option> diff --git a/config/pfblockerng/pfblockerng_v6lists.xml b/config/pfblockerng/pfblockerng_v6lists.xml index c324b310..2a381451 100644 --- a/config/pfblockerng/pfblockerng_v6lists.xml +++ b/config/pfblockerng/pfblockerng_v6lists.xml @@ -28,7 +28,6 @@ 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. @@ -61,7 +60,7 @@ <section>Firewall</section> <configfile>pfblockerng_v6lists.xml</configfile> </menu> - <tabs> + <tabs> <tab> <text>General</text> <url>/pkg_edit.php?xml=pfblockerng.xml&id=0</url> @@ -124,7 +123,7 @@ <text>Sync</text> <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_sync.xml&id=0</url> </tab> - </tabs> + </tabs> <adddeleteeditpagefields> <columnitem> <fielddescr>Alias Name</fielddescr> @@ -182,12 +181,12 @@ <type>info</type> <description><![CDATA[<strong><u>'Format'</u></strong> : Select the Format Type<br /><br /> <strong><u>'URL'</u></strong> : Add direct link to list: - (Example: <a target=_new href='http://list.iblocklist.com/?list=bt_ads&fileformat=p2p&archiveformat=gz'>Ads</a>, + Example: <a target=_new href='http://list.iblocklist.com/?list=bt_ads&fileformat=p2p&archiveformat=gz'>Ads</a>, <a target=_new href='http://list.iblocklist.com/?list=bt_spyware&fileformat=p2p&archiveformat=gz'>Spyware</a>, - <a target=_new href='http://list.iblocklist.com/?list=bt_proxy&fileformat=p2p&archiveformat=gz'>Proxies</a> )<br /><br /> + <a target=_new href='http://list.iblocklist.com/?list=bt_proxy&fileformat=p2p&archiveformat=gz'>Proxies</a><br /><br /> <strong><u>'pfSense Local File'</u></strong> Format :<br /><br /> http(s)://127.0.0.1/NAME_OF_FILE <strong>or</strong> - /usr/local/www/NAME_OF_FILE ((Files can also be placed in the /var/db/pfblockerng folders)<br /><br /> + /usr/local/www/NAME_OF_FILE (Files can also be placed in the /var/db/pfblockerng folders)<br /><br /> <strong><u>'Header'</u></strong> : The <u>'Header' Field</u> must be <u>Unique</u>, it will name the List File and it will be referenced in the pfBlockerNG Widget. @@ -200,21 +199,20 @@ <description><![CDATA[<br /><strong>'Format'</strong> - Choose the file format that URL will retrieve.<br /> <ul><li><strong>'txt'</strong> Plain txt Lists</li><br /> - <li><strong>'gz'</strong> - IBlock GZ Lists in Range Format</li><br /> - <li><strong>'gz_2'</strong> - Other GZ Lists in IP or CIDR only</li><br /> + <li><strong>'gz'</strong> - IBlock GZ Lists in Range Format only.</li><br /> + <li><strong>'gz_2'</strong> - Other GZ Lists in IP or CIDR only.</li><br /> <li><strong>'zip'</strong> - ZIP'd Lists</li><br /> <li><strong>'block'</strong>- IP x.x.x.0 Block type</li><br /> <li><strong>'html'</strong> - Web Links</li><br /> <li><strong>'xlsx'</strong> - Excel Lists</li><br /> <li><strong>'rsync'</strong> - RSync Lists</li><br /> - <li><strong>'SKIP'</strong> - This format can be used to 'Disable' an Individual List.</li><br /> - <li><strong>'HOLD'</strong> - Once a List has been Downloaded, you can change to 'HOLD' to keep this list Static.</li><br /> - - <strong>Note: </strong><br /> - Downloaded or pfSense local file must have only one network per line and follows the syntax below:<br /> - Network ranges: <strong> TBC </strong><br /> + <strong>'State'</strong> - Select the Run State for each list.<br /> + <ul><li><strong>'ON/OFF'</strong> - Enabled / Disabled</li><br /> + <li><strong>'HOLD'</strong> - Once a List has been Downloaded, list will remain Static.</li></ul> + <strong>'Note' -</strong> Downloaded or pfsense local file must have only one network per line and follows the syntax below: + <ul>Network ranges: <strong> TBC </strong><br /> IP Address: <strong> TBC </strong><br /> - CIDR: <strong> TBC </strong></ul><br /><br />]]> + CIDR: <strong> TBC </strong></ul>]]> </description> <type>rowhelper</type> <rowhelper> @@ -231,15 +229,23 @@ <option><name>html</name><value>html</value></option> <option><name>xlsx</name><value>xlsx</value></option> <option><name>RSync</name><value>rsync</value></option> - <option><name>SKIP</name><value>skip</value></option> - <option><name>HOLD</name><value>hold</value></option> </options> </rowhelperfield> <rowhelperfield> + <fielddescr>State</fielddescr> + <fieldname>state</fieldname> + <type>select</type> + <options> + <option><name>ON</name><value>Enabled</value></option> + <option><name>OFF</name><value>Disabled</value></option> + <option><name>HOLD</name><value>Hold</value></option> + </options> + </rowhelperfield> + <rowhelperfield> <fielddescr>URL or pfSense local file</fielddescr> <fieldname>url</fieldname> <type>input</type> - <size>75</size> + <size>50</size> </rowhelperfield> <rowhelperfield> <fielddescr>Header</fielddescr> @@ -349,7 +355,8 @@ <fieldname>aliaslog</fieldname> <description><![CDATA[Default:<strong>Enable</strong><br /> Select - Logging to Status: System Logs: FIREWALL ( Log )<br /> - This can be overriden by the 'Global Logging' Option in the General Tab.]]></description> + This can be overriden by the 'Global Logging' Option in the General Tab.]]> + </description> <type>select</type> <options> <option><name>Enable</name><value>enabled</value></option> @@ -389,7 +396,7 @@ </field> <field> <name><![CDATA[<ul>Click to SAVE Settings and/or Rule Edits. Changes are Applied via CRON or - 'Force Update'</ul>]]></name> + 'Force Update'</ul>]]></name> <type>listtopic</type> </field> </fields> |