diff options
Diffstat (limited to 'config/pfblockerng')
| -rw-r--r-- | config/pfblockerng/geoipupdate.sh | 2 | ||||
| -rw-r--r-- | config/pfblockerng/pfblockerng.inc | 116 | ||||
| -rw-r--r-- | config/pfblockerng/pfblockerng.js | 2 | ||||
| -rw-r--r-- | config/pfblockerng/pfblockerng.php | 22 | ||||
| -rw-r--r-- | config/pfblockerng/pfblockerng.sh | 74 | ||||
| -rw-r--r-- | config/pfblockerng/pfblockerng.widget.php | 2 | ||||
| -rw-r--r-- | config/pfblockerng/pfblockerng.xml | 5 | ||||
| -rw-r--r-- | config/pfblockerng/pfblockerng_alerts.php | 440 | ||||
| -rw-r--r-- | config/pfblockerng/pfblockerng_diag_dns.php | 189 | ||||
| -rw-r--r-- | config/pfblockerng/pfblockerng_log.php | 4 | ||||
| -rw-r--r-- | config/pfblockerng/pfblockerng_sync.xml | 2 | ||||
| -rw-r--r-- | config/pfblockerng/pfblockerng_top20.xml | 2 | ||||
| -rw-r--r-- | config/pfblockerng/pfblockerng_update.php | 2 | ||||
| -rw-r--r-- | config/pfblockerng/pfblockerng_v4lists.xml | 2 | ||||
| -rw-r--r-- | config/pfblockerng/pfblockerng_v6lists.xml | 2 |
15 files changed, 611 insertions, 255 deletions
diff --git a/config/pfblockerng/geoipupdate.sh b/config/pfblockerng/geoipupdate.sh index 302f81f5..dc6f2af6 100644 --- a/config/pfblockerng/geoipupdate.sh +++ b/config/pfblockerng/geoipupdate.sh @@ -1,7 +1,7 @@ #!/bin/sh # # pfBlockerNG MaxMind GeoLite GeoIP Updater Script - By BBcan177@gmail.com -# Copyright (C) 2014 BBcan177@gmail.com +# Copyright (C) 2015 BBcan177@gmail.com # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License Version 2 as diff --git a/config/pfblockerng/pfblockerng.inc b/config/pfblockerng/pfblockerng.inc index a1ee6abc..1a1c87a2 100644 --- a/config/pfblockerng/pfblockerng.inc +++ b/config/pfblockerng/pfblockerng.inc @@ -3,7 +3,7 @@ pfBlockerNG.inc pfBlockerNG - Copyright (C) 2014 BBcan177@gmail.com + Copyright (C) 2015 BBcan177@gmail.com All rights reserved. part of the Postfix package for pfSense @@ -78,6 +78,7 @@ function pfb_global() { $pfb['log'] = "{$pfb['logdir']}/pfblockerng.log"; $pfb['supptxt'] = "{$pfb['dbdir']}/pfbsuppression.txt"; $pfb['script'] = 'sh /usr/local/pkg/pfblockerng/pfblockerng.sh'; + $pfb['aliasarchive'] = "/usr/pbi/pfblockerng-" . php_uname("m") . "/etc/aliastables.tar.bz2"; # General Variables $pfb['config'] = $config['installedpackages']['pfblockerng']['config'][0]; @@ -225,8 +226,11 @@ function pfb_create_suppression_file() { if ($pfb['found']) { $pfb_suppress = str_replace(" ", "\n", $config['aliases']['alias'][$pfb_id]['address']); - if (!empty($pfb_suppress)) + if (!empty($pfb_suppress)) { @file_put_contents("{$pfb['supptxt']}",$pfb_suppress, LOCK_EX); + } else { + unlink_if_exists("{$pfb['supptxt']}"); + } } else { # Delete Suppression File if Alias is Empty. unlink_if_exists("{$pfb['supptxt']}"); @@ -334,6 +338,58 @@ function ip_range_to_subnet_array_temp2($ip1, $ip2) { } +// Archive Aliastables for NanoBSD and RAMDisk Installations +function pfb_aliastables($mode) { + global $g,$config,$pfb; + $earlyshellcmd = "/usr/local/pkg/pfblockerng/pfblockerng.sh aliastables"; + $msg = ""; + + // Only Execute function if Platform is NanoBSD or Ramdisks are used. + if (($g['platform'] != "pfSense") || isset($config['system']['use_mfs_tmpvar'])) { + conf_mount_rw(); + if ($mode == "update") { + // Archive Aliastable Folder + exec ("cd {$pfb['aliasdir']}; ls -A pfB_*.txt && /usr/bin/tar -jcvf {$pfb['aliasarchive']} pfB_*.txt >/dev/null 2>&1"); + $msg = "\n\nArchiving Aliastable Folder\n"; + } + elseif ($mode == "conf") { + // Check conf file for earlyshellcmd + if (is_array($config['system']['earlyshellcmd'])) { + $a_earlyshellcmd = &$config['system']['earlyshellcmd']; + if (!preg_grep("/pfblockerng.sh aliastables/", $a_earlyshellcmd)) { + $a_earlyshellcmd[] = "{$earlyshellcmd}"; + $msg = "\n** Adding earlyshellcmd **\n"; + } + } + else { + $config['system']['earlyshellcmd'] = "{$earlyshellcmd}"; + $msg = "\n** Adding earlyshellcmd **\n"; + } + } + conf_mount_ro(); + } + else { + if (file_exists("{$pfb['aliasarchive']}")) { + // Remove Aliastables archive if found. + conf_mount_rw(); + @unlink_if_exists("{$pfb['aliasarchive']}"); + conf_mount_ro(); + } + // Remove earlyshellcmd if found. + if (is_array($config['system']['earlyshellcmd'])) { + $a_earlyshellcmd = &$config['system']['earlyshellcmd']; + if (preg_grep("/pfblockerng.sh aliastables/", $a_earlyshellcmd)) { + $a_earlyshellcmd = preg_grep("/pfblockerng.sh aliastables/", $a_earlyshellcmd, PREG_GREP_INVERT); + $msg = "\n** Removing earlyshellcmd **\n"; + } + } + } + + if ($msg != "") + pfb_logger("{$msg}","1"); +} + + # Main pfBlockerNG Function function sync_package_pfblockerng($cron = "") { @@ -365,14 +421,8 @@ function sync_package_pfblockerng($cron = "") { } } - # TBC if Required ! (Fetch Timeout in 2.2) - - #apply fetch timeout to pfsense-utils.inc - $pfsense_utils = file_get_contents('/etc/inc/pfsense-utils.inc'); - $new_pfsense_utils = preg_replace("/\/usr\/bin\/fetch -q/","/usr/bin/fetch -T 5 -q",$pfsense_utils); - if ($new_pfsense_utils != $pfsense_utils) { - @file_put_contents('/etc/inc/pfsense-utils.inc',$new_pfsense_utils, LOCK_EX); - } + // Call function for NanoBSD/Ramdisk processes. + pfb_aliastables("conf"); # Collect pfSense Max Table Size Entry $pfb['table_limit'] = ($config['system']['maximumtableentries'] != "" ? $config['system']['maximumtableentries'] : "2000000"); @@ -1173,7 +1223,7 @@ function sync_package_pfblockerng($cron = "") { $pattern8 = '[A-Fa-f0-9]{1,4}:[A-Fa-f0-9]{1,4}:[A-Fa-f0-9]{1,4}::\/[0-9]{2}'; $pattern9 = '[A-Fa-f0-9]{1,4}:([A-Fa-f0-9]{1,4}::)\/[0-9]{2}'; $pattern10 = '[A-Fa-f0-9]{1,4}::\/[0-9]{2}'; - $pfb['ipv6'] = "/^($pattern1)$|^($pattern2)$|^($pattern3)$|^($pattern4)$|^($pattern5)$|^($pattern6)$|^($pattern7)$|^($pattern8)$|^($pattern9)$|^($pattern10)$/"; + $pfb['ipv6'] = "/($pattern1)|($pattern2)|($pattern3)|($pattern4)|($pattern5)|($pattern6)|($pattern7)|($pattern8)|($pattern9)|($pattern10)/"; $pfb['supp_update'] = FALSE; $list_type = array ("pfblockernglistsv4" => "_v4", "pfblockernglistsv6" => "_v6"); @@ -2191,6 +2241,7 @@ function sync_package_pfblockerng($cron = "") { unset ($other_rules,$fother_rules,$permit_rules,$fpermit_rules,$match_rules,$fmatch_rules); } + ################################# # Closing Processes # ################################# @@ -2223,6 +2274,9 @@ function sync_package_pfblockerng($cron = "") { #load filter file which will create the pfctl tables filter_configure(); + + // Call function for NanoBSD/Ramdisk processes. + pfb_aliastables("update"); } else { # Don't Execute on User 'Save' if (!$pfb['save']) { @@ -2253,8 +2307,11 @@ function sync_package_pfblockerng($cron = "") { $log = implode($result_pfctl); pfb_logger("{$log}","1"); } + + // Call function for NanoBSD/Ramdisk processes. + pfb_aliastables("update"); } else { - $log = "\n No Changes to Aliases, Skipping pfctl Update \n"; + $log = "\nNo Changes to Aliases, Skipping pfctl Update \n"; pfb_logger("{$log}","1"); } } @@ -2282,7 +2339,7 @@ function sync_package_pfblockerng($cron = "") { ######################################### - # Define/Apply CRON Jobs # + # Define/Apply CRON Jobs # ######################################### # Clear any existing pfBlockerNG Cron Jobs @@ -2291,13 +2348,13 @@ function sync_package_pfblockerng($cron = "") { # Replace Cron job with any User Changes to $pfb_min if ($pfb['enable'] == "on") { # Define pfBlockerNG CRON Job - $pfb_cmd = "/usr/local/bin/php /usr/local/www/pfblockerng/pfblockerng.php cron >> {$pfb['log']} 2>&1"; + $pfb_cmd = "/usr/local/bin/php /usr/local/www/pfblockerng/pfblockerng.php cron >> {$pfb['log']} 2>&1"; # $pfb['min'] ( User Defined Variable. Variable defined at start of Script ) - $pfb_hour = "*"; - $pfb_mday = "*"; - $pfb_month = "*"; - $pfb_wday = "*"; - $pfb_who = "root"; + $pfb_hour = "*"; + $pfb_mday = "*"; + $pfb_month = "*"; + $pfb_wday = "*"; + $pfb_who = "root"; install_cron_job($pfb_cmd, true, $pfb['min'], $pfb_hour, $pfb_mday, $pfb_month, $pfb_wday, $pfb_who); } @@ -2311,12 +2368,12 @@ function sync_package_pfblockerng($cron = "") { # MaxMind GeoIP Cron Hour is randomized between 0-23 Hour to minimize effect on MaxMind Website - $pfb_gmin = "0"; - $pfb_ghour = rand(0,23); - $pfb_gmday = "1,2,3,4,5,6,7"; - $pfb_gmonth = "*"; - $pfb_gwday = "2"; - $pfb_gwho = "root"; + $pfb_gmin = "0"; + $pfb_ghour = rand(0,23); + $pfb_gmday = "1,2,3,4,5,6,7"; + $pfb_gmonth = "*"; + $pfb_gwday = "2"; + $pfb_gwho = "root"; install_cron_job($pfb_gcmd, true, $pfb_gmin, $pfb_ghour, $pfb_gmday, $pfb_gmonth, $pfb_gwday, $pfb_gwho); } @@ -2413,6 +2470,15 @@ function pfblockerng_php_deinstall_command() { rmdir_recursive("{$pfb['dbdir']}"); rmdir_recursive("{$pfb['logdir']}"); + // Remove Aliastables archive and earlyshellcmd if found. + @unlink_if_exists("{$pfb['aliasarchive']}"); + if (is_array($config['system']['earlyshellcmd'])) { + $a_earlyshellcmd = &$config['system']['earlyshellcmd']; + if (preg_grep("/pfblockerng.sh aliastables/", $a_earlyshellcmd)) { + $a_earlyshellcmd = preg_grep("/pfblockerng.sh aliastables/", $a_earlyshellcmd, PREG_GREP_INVERT); + } + } + # Remove Settings from Config if (is_array($config['installedpackages']['pfblockerng'])) unset($config['installedpackages']['pfblockerng']); diff --git a/config/pfblockerng/pfblockerng.js b/config/pfblockerng/pfblockerng.js index cef0ce3b..e1c1ca20 100644 --- a/config/pfblockerng/pfblockerng.js +++ b/config/pfblockerng/pfblockerng.js @@ -1,6 +1,6 @@ /* pfBlockerNG update engine */ -// Part of pfBlockerNG by BBCan177@gmail.com (c) 2014 +// Part of pfBlockerNG by BBCan177@gmail.com (c) 2015 // // Javascript and Integration modifications by J. Nieuwenhuizen diff --git a/config/pfblockerng/pfblockerng.php b/config/pfblockerng/pfblockerng.php index 0ca3aa7d..8c0c478d 100644 --- a/config/pfblockerng/pfblockerng.php +++ b/config/pfblockerng/pfblockerng.php @@ -3,7 +3,7 @@ pfBlockerNG.php pfBlockerNG - Copyright (C) 2014 BBcan177@gmail.com + Copyright (C) 2015 BBcan177@gmail.com All rights reserved. Based upon pfBlocker by @@ -12,7 +12,7 @@ Hour Schedule Convertor code by Snort Package - Copyright (c) 2014 Bill Meeks + Copyright (c) 2015 Bill Meeks Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: @@ -251,7 +251,7 @@ if ($argv[1] == 'gc') { } if ($argv[1] == 'cron') { - $hour = date('H'); + $hour = date('G'); $dow = date('N'); $pfb['update_cron'] = FALSE; @@ -270,7 +270,7 @@ if ($argv[1] == 'cron') { $sch2 = strval($shour); for ($i=0; $i<11; $i++) { $shour += 2; - if ($shour > 24) + if ($shour >= 24) $shour -= 24; $sch2 .= "," . strval($shour); } @@ -280,7 +280,7 @@ if ($argv[1] == 'cron') { $sch3 = strval($shour); for ($i=0; $i<7; $i++) { $shour += 3; - if ($shour > 24) + if ($shour >= 24) $shour -= 24; $sch3 .= "," . strval($shour); } @@ -290,7 +290,7 @@ if ($argv[1] == 'cron') { $sch4 = strval($shour); for ($i=0; $i<5; $i++) { $shour += 4; - if ($shour > 24) + if ($shour >= 24) $shour -= 24; $sch4 .= "," . strval($shour); } @@ -300,7 +300,7 @@ if ($argv[1] == 'cron') { $sch6 = strval($shour); for ($i=0; $i<3; $i++) { $shour += 6; - if ($shour > 24) + if ($shour >= 24) $shour -= 24; $sch6 .= "," . strval($shour); } @@ -310,7 +310,7 @@ if ($argv[1] == 'cron') { $sch8 = strval($shour); for ($i=0; $i<2; $i++) { $shour += 8; - if ($shour > 24) + if ($shour >= 24) $shour -= 24; $sch8 .= "," . strval($shour); } @@ -319,7 +319,7 @@ if ($argv[1] == 'cron') { $shour = intval(substr($pfb['hour'], 0, 2)); $sch12 = strval($shour) . ","; $shour += 12; - if ($shour > 24) + if ($shour >= 24) $shour -= 24; $sch12 .= strval($shour); @@ -696,7 +696,7 @@ $xml = <<<EOF pfblockerng_{$cont_name}.xml pfBlockerNG - Copyright (C) 2014 BBcan177@gmail.com + Copyright (C) 2015 BBcan177@gmail.com All rights reserved. Based upon pfblocker for pfSense @@ -1001,7 +1001,7 @@ $xmlrep = <<<EOF pfBlockerNG_Reputation.xml pfBlockerNG - Copyright (C) 2014 BBcan177@gmail.com + Copyright (C) 2015 BBcan177@gmail.com All rights reserved. Based upon pfblocker for pfSense diff --git a/config/pfblockerng/pfblockerng.sh b/config/pfblockerng/pfblockerng.sh index cc11be6b..e010a6e5 100644 --- a/config/pfblockerng/pfblockerng.sh +++ b/config/pfblockerng/pfblockerng.sh @@ -1,6 +1,6 @@ #!/bin/sh # pfBlockerNG IP Reputation Script - By BBcan177@gmail.com - 04-12-14 -# Copyright (C) 2014 BBcan177@gmail.com +# Copyright (C) 2015 BBcan177@gmail.com # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License Version 2 as @@ -35,6 +35,7 @@ etblock=$(echo $8 | sed 's/,/, /g') etmatch=$(echo $9 | sed 's/,/, /g') # File Locations +aliasarchive="/usr/pbi/pfblockerng-$mtype/etc/aliastables.tar.bz2" pathgeoipdat=/usr/pbi/pfblockerng-$mtype/share/GeoIP/GeoIP.dat pfbsuppression=/var/db/pfblockerng/pfbsuppression.txt masterfile=/var/db/pfblockerng/masterfile @@ -46,6 +47,7 @@ errorlog=/var/log/pfblockerng/error.log etdir=/var/db/pfblockerng/ET tmpxlsx=/tmp/xlsx/ +pfbdbdir=/var/db/pfblockerng/ pfbdeny=/var/db/pfblockerng/deny/ pfborig=/var/db/pfblockerng/original/ pfbmatch=/var/db/pfblockerng/match/ @@ -65,6 +67,17 @@ syncfile=/tmp/pfbsyncfile matchfile=/tmp/pfbmatchfile tempmatchfile=/tmp/pfbtempmatchfile +PLATFORM=`cat /etc/platform` +USE_MFS_TMPVAR=`/usr/bin/grep -c use_mfs_tmpvar /cf/conf/config.xml` +DISK_NAME=`/bin/df /var/db/rrd | /usr/bin/tail -1 | /usr/bin/awk '{print $1;}'` +DISK_TYPE=`/usr/bin/basename ${DISK_NAME} | /usr/bin/cut -c1-2` + +if [ "${PLATFORM}" != "pfSense" ] || [ ${USE_MFS_TMPVAR} -gt 0 ] || [ "${DISK_TYPE}" = "md" ]; then + /usr/local/bin/php /etc/rc.conf_mount_rw >/dev/null 2>&1 + if [ ! -d $pfbdbdir ]; then mkdir $pfbdbdir; fi + if [ ! -d $pfsense_alias_dir ]; then mkdir $pfsense_alias_dir; fi +fi + if [ ! -f $masterfile ]; then touch $masterfile; fi if [ ! -f $mastercat ]; then touch $mastercat; fi if [ ! -f $tempfile ]; then touch $tempfile; fi @@ -79,6 +92,16 @@ if [ ! -d $pfbmatch ]; then mkdir $pfbmatch; fi if [ ! -d $etdir ]; then mkdir $etdir; fi if [ ! -d $tmpxlsx ]; then mkdir $tmpxlsx; fi + +# Exit Function to set mount RO if required before Exiting +exitnow() { + if [ "${PLATFORM}" != "pfSense" ] || [ ${USE_MFS_TMPVAR} -gt 0 ] || [ "${DISK_TYPE}" = "md" ]; then + /usr/local/bin/php /etc/rc.conf_mount_ro >/dev/null 2>&1 + fi + exit +} + + ########## # Process to condense an IP range if a "Max" amount of IP addresses are found in a /24 range per Alias Group. process24() { @@ -86,7 +109,7 @@ process24() { if [ ! -x $pathgeoip ]; then echo "Process24 - Application [ GeoIP ] Not found. Can't proceed." echo "Process24 - Application [ GeoIP ] Not found. Can't proceed. [ $now ]" >> $errorlog - exit + exitnow fi # Download MaxMind GeoIP.dat Binary on first Install. @@ -98,7 +121,7 @@ fi if [ ! -f $pathgeoipdat ]; then echo "Process24 - Database GeoIP [ GeoIP.Dat ] not found. Can't proceed." echo "Process24 - Database GeoIP [ GeoIP.Dat ] not found. Can't proceed. [ $now ]" >> $errorlog - exit + exitnow fi count=$(grep -c ^ $pfbdeny$alias".txt") @@ -192,6 +215,7 @@ echo "-------------------------------------------------------" cocount=$(grep -cv "^1\.1\.1\.1" $pfbdeny$alias".txt") echo "Post /24 Count [ $cocount ]"; echo fi +exitnow } @@ -247,6 +271,7 @@ printf "%-10s %-10s %-10s %-30s\n" "Original" "Masterfile" "Outfile" "Sanity Che echo "----------------------------------------------------------" printf "%-10s %-10s %-10s %-30s\n" "$countg" "$countm" "$counto" " [ $sanity ]" echo "----------------------------------------------------------" +exitnow } @@ -257,7 +282,7 @@ suppress() { if [ ! -x $pathgrepcidr ]; then echo "Application [ Grepcidr ] Not found. Can't proceed. [ $now ]" echo "Application [ Grepcidr ] Not found. Can't proceed. [ $now ]" >> errorlog - exit + exitnow fi if [ -e "$pfbsuppression" ] && [ -s "$pfbsuppression" ]; then @@ -270,7 +295,7 @@ if [ -e "$pfbsuppression" ] && [ -s "$pfbsuppression" ]; then echo; echo "===[ Suppression Stats ]========================================"; echo printf "%-20s %-10s %-10s %-10s %-10s\n" "List" "Pre" "RFC1918" "Suppress" "Masterfile" echo "----------------------------------------------------------------" - exit + exitnow fi for i in $cc; do @@ -342,7 +367,7 @@ else echo "===[ Suppression Stats ]========================================"; echo printf "%-20s %-10s %-10s %-10s %-10s\n" "List" "Pre" "RFC1918" "Suppress" "Masterfile" echo "----------------------------------------------------------------" - exit + exitnow fi for i in $cc; do alias=$(echo "${i%|*}") @@ -372,6 +397,7 @@ else fi done fi +exitnow } @@ -382,7 +408,7 @@ duplicate() { if [ ! -x $pathgrepcidr ]; then echo "Application [ Grepcidr ] Not found. Can't proceed. [ $now ]" echo "Application [ Grepcidr ] Not found. Can't proceed. [ $now ]" >> errorlog - exit + exitnow fi dupcheck=yes @@ -415,6 +441,7 @@ printf "%-10s %-10s %-10s %-30s\n" "Original" "Masterfile" "Outfile" " [ Post Du echo "----------------------------------------------------------" printf "%-10s %-10s %-10s %-30s\n" "$countg" "$countm" "$counto" " [ $sanity ]" echo "----------------------------------------------------------" +exitnow } @@ -425,7 +452,7 @@ deduplication() { if [ ! -x $pathgeoip ]; then echo "d-duplication - Application [ GeoIP ] Not found. Can't proceed." echo "d-duplication - Application [ GeoIP ] Not found. Can't proceed. [ $now ]" >> $errorlog - exit + exitnow fi # Download MaxMind GeoIP.dat on first Install. @@ -438,7 +465,7 @@ fi if [ ! -f $pathgeoipdat ]; then echo "d-duplication - Database GeoIP [ GeoIP.Dat ] not found. Can't proceed." echo "d-duplication - Database GeoIP [ GeoIP.Dat ] not found. Can't proceed. [ $now ]" >> $errorlog - exit + exitnow fi > $tempfile; > $tempfile2; > $dupfile; > $addfile; > $dedupfile; > $matchfile; > $tempmatchfile; count=0; dcount=0; mcount=0; mmcount=0 @@ -541,6 +568,7 @@ echo " [ Post d-Deduplication count ] [ $count ]"; echo # Write "1.1.1.1" to empty Final Blocklist Files emptyfiles=$(find $pfbdeny -size 0) for i in $emptyfiles; do echo "1.1.1.1" > $i; done +exitnow } @@ -551,7 +579,7 @@ pdeduplication(){ if [ ! -x $pathgeoip ]; then echo "p-duplication - Application [ GeoIP ] Not found. Can't proceed." echo "p-duplication - Application [ GeoIP ] Not found. Can't proceed. [ $now ]" >> $errorlog - exit + exitnow fi # Download MaxMind GeoIP.dat on first Install. @@ -563,7 +591,7 @@ fi if [ ! -f $pathgeoipdat ]; then echo "p-duplication - Database GeoIP [ GeoIP.Dat ] not found. Can't proceed." echo "p-duplication - Database GeoIP [ GeoIP.Dat ] not found. Can't proceed. [ $now ]" >> $errorlog - exit + exitnow fi > $tempfile; > $tempfile2; > $dupfile; > $addfile; > $dedupfile; count=0; dcount=0 @@ -616,6 +644,7 @@ echo; echo " [ Post p-Deduplication count ] [ $count ]" # Write "1.1.1.1" to empty Final Blocklist Files emptyfiles=$(find $pfbdeny -size 0) for i in $emptyfiles; do echo "1.1.1.1" > $i; done +exitnow } @@ -626,7 +655,7 @@ processet() { if [ ! -x $pathgunzip ]; then echo "Application [ Gunzip ] Not found, Can't proceed." echo "Application [ Gunzip ] Not found, Can't proceed. [ $now ]" >> $errorlog - exit + exitnow fi if [ -s $pfborig$alias".gz" ]; then @@ -714,6 +743,7 @@ if [ -s $pfborig$alias".gz" ]; then else echo; echo "No ET .GZ File Found!" fi +exitnow } # Process to extract IP addresses from XLSX Files @@ -722,7 +752,7 @@ processxlsx() { if [ ! -x $pathtar ]; then echo "Application [ TAR ] Not found, Can't proceed." echo "Application [ TAR ] Not found, Can't proceed. [ $now ]" >> $errorlog - exit + exitnow fi if [ -s $pfborig$alias".zip" ]; then @@ -738,6 +768,7 @@ else echo "XLSX Download File Missing" echo " [ $alias ] XLSX Download File Missing [ $now ]" >> $errorlog fi +exitnow } closingprocess() { @@ -856,6 +887,7 @@ echo; echo "pfSense Table Stats"; echo "-------------------" $pathpfctl -s memory | grep "table-entries" pfctlcount=$($pathpfctl -vvsTables | awk '/Addresses/ {s+=$2}; END {print s}') echo "Table Usage Count " $pfctlcount +exitnow } remove() { @@ -883,6 +915,15 @@ emptychk=$(find $masterfile -size 0) if [ ! "$emptychk" == "" ]; then rm -r $masterfile; rm -r $mastercat fi +exitnow +} + +# Process to restore aliasables from archive on reboot ( NanoBSD and Ramdisk Installations only ) +aliastables() { + if [ "${PLATFORM}" != "pfSense" ] || [ ${USE_MFS_TMPVAR} -gt 0 ] || [ "${DISK_TYPE}" = "md" ]; then + [ -f $aliasarchive ] && cd $pfsense_alias_dir && /usr/bin/tar -jxvf $aliasarchive + fi + exitnow } @@ -920,8 +961,11 @@ case $1 in remove) remove ;; + aliastables) + aliastables + ;; *) - exit + exitnow ;; esac -exit
\ No newline at end of file +exitnow
\ No newline at end of file diff --git a/config/pfblockerng/pfblockerng.widget.php b/config/pfblockerng/pfblockerng.widget.php index 647017ff..229e084b 100644 --- a/config/pfblockerng/pfblockerng.widget.php +++ b/config/pfblockerng/pfblockerng.widget.php @@ -3,7 +3,7 @@ pfBlockerNG.widget.php pfBlockerNG - Copyright (C) 2014 BBcan177@gmail.com + Copyright (C) 2015 BBcan177@gmail.com All rights reserved. Based Upon pfblocker : diff --git a/config/pfblockerng/pfblockerng.xml b/config/pfblockerng/pfblockerng.xml index 54c6c061..6f7e34ec 100644 --- a/config/pfblockerng/pfblockerng.xml +++ b/config/pfblockerng/pfblockerng.xml @@ -10,7 +10,7 @@ pfBlockerNG.xml pfBlockerNG - Copyright (C) 2014 BBcan177@gmail.com + Copyright (C) 2015 BBcan177@gmail.com All rights reserved. Based upon pfblocker for pfSense @@ -234,6 +234,7 @@ <fieldname>pfb_keep</fieldname> <type>checkbox</type> <description>Keep Settings and Lists intact when pfBlockerNG is Disabled or After pfBlockerNG Re-Install/De-Install</description> + <default_value>on</default_value> </field> <field> <fielddescr>CRON MIN Start Time</fielddescr> @@ -455,7 +456,7 @@ <fieldname>credits</fieldname> <type>info</type> <description><![CDATA[<strong> - pfBlockerNG</strong> Created in 2014 by <a target=_new href='https://forum.pfsense.org/index.php?action=profile;u=238481'>BBcan177.</a> + pfBlockerNG</strong> Created in 2015 by <a target=_new href='https://forum.pfsense.org/index.php?action=profile;u=238481'>BBcan177.</a> <br /><br />Based upon pfBlocker by Marcello Coutinho and Tom Schaefer.<br /> Country Database GeoLite distributed under the Creative Commons Attribution-ShareAlike 3.0 Unported License by: MaxMind Inc. @ <a target=_new href='http://www.maxmind.com'>MaxMind.com</a>. diff --git a/config/pfblockerng/pfblockerng_alerts.php b/config/pfblockerng/pfblockerng_alerts.php index f03f7040..c67420b9 100644 --- a/config/pfblockerng/pfblockerng_alerts.php +++ b/config/pfblockerng/pfblockerng_alerts.php @@ -3,14 +3,14 @@ pfBlockerNG_Alerts.php pfBlockerNG - Copyright (C) 2014 BBcan177@gmail.com + Copyright (C) 2015 BBcan177@gmail.com All rights reserved. Portions of this code are based on original work done for pfSense from the following contributors: Parts based on works from Snort_alerts.php - Copyright (C) 2014 Bill Meeks + Copyright (C) 2015 Bill Meeks All rights reserved. Javascript Hostname Lookup modifications by J. Nieuwenhuizen @@ -41,8 +41,12 @@ // Auto-Resolve Hostnames if (isset($_REQUEST['getpfhostname'])) { - $getpfhostname = htmlspecialchars($_REQUEST['getpfhostname']); - $hostname = htmlspecialchars(gethostbyaddr($getpfhostname), ENT_QUOTES); + $getpfhostname = trim(htmlspecialchars($_REQUEST['getpfhostname'])); + if (strlen($getpfhostname) >= 8) { + $hostname = htmlspecialchars(gethostbyaddr($getpfhostname), ENT_QUOTES); + } else { + $hostname = $getpfhostname; + } if ($hostname == $getpfhostname) { $hostname = 'unknown'; } @@ -52,9 +56,8 @@ if (isset($_REQUEST['getpfhostname'])) { require_once("util.inc"); require_once("guiconfig.inc"); -require_once("filter_log.inc"); require_once("/usr/local/pkg/pfblockerng/pfblockerng.inc"); - +global $rule_list; pfb_global(); // Application Paths @@ -66,6 +69,9 @@ $filter_logfile = "{$g['varlog_path']}/filter.log"; $pathgeoipdat = "/usr/pbi/pfblockerng-" . php_uname("m") . "/share/GeoIP/GeoIP.dat"; $pathgeoipdat6 = "/usr/pbi/pfblockerng-" . php_uname("m") . "/share/GeoIP/GeoIPv6.dat"; +// Define Alerts Log filter Rollup window variable. (Alert Filtering Code adapted from B.Meeks - Snort Package) +$pfb['filterlogentries'] = FALSE; + // Emerging Threats IQRisk Header Name Reference $pfb['et_header'] = TRUE; $et_header = $config['installedpackages']['pfblockerngreputation']['config'][0]['et_header']; @@ -88,11 +94,11 @@ $rule_list = array(); $results = array(); $data = exec ("/sbin/pfctl -vv -sr | grep 'pfB_'", $results); -if (empty($config['installedpackages']['pfblockerngglobal']['pfbdenycnt'])) +if (!isset($config['installedpackages']['pfblockerngglobal']['pfbdenycnt'])) $config['installedpackages']['pfblockerngglobal']['pfbdenycnt'] = '25'; -if (empty($config['installedpackages']['pfblockerngglobal']['pfbpermitcnt'])) +if (!isset($config['installedpackages']['pfblockerngglobal']['pfbpermitcnt'])) $config['installedpackages']['pfblockerngglobal']['pfbpermitcnt'] = '5'; -if (empty($config['installedpackages']['pfblockerngglobal']['pfbmatchcnt'])) +if (!isset($config['installedpackages']['pfblockerngglobal']['pfbmatchcnt'])) $config['installedpackages']['pfblockerngglobal']['pfbmatchcnt'] = '5'; if (empty($config['installedpackages']['pfblockerngglobal']['alertrefresh'])) $config['installedpackages']['pfblockerngglobal']['alertrefresh'] = 'off'; @@ -124,6 +130,53 @@ if (is_array($config['installedpackages']['pfblockerngglobal'])) { $pfbmatchcnt = $config['installedpackages']['pfblockerngglobal']['pfbmatchcnt']; } + +function pfb_match_filter_field($flent, $fields) { + foreach ($fields as $key => $field) { + if ($field == null) + continue; + if ((strpos($field, '!') === 0)) { + $field = substr($field, 1); + $field_regex = str_replace('/', '\/', str_replace('\/', '/', $field)); + if (@preg_match("/{$field_regex}/i", $flent[$key])) + return false; + } + else { + $field_regex = str_replace('/', '\/', str_replace('\/', '/', $field)); + if (!@preg_match("/{$field_regex}/i", $flent[$key])) + return false; + } + } + return true; +} + + +if ($_POST['filterlogentries_submit']) { + // Set flag for filtering alert entries + $pfb['filterlogentries'] = TRUE; + + // Note the order of these fields must match the order decoded from the alerts log + $filterfieldsarray = array(); + $filterfieldsarray[0] = $_POST['filterlogentries_rule'] ? $_POST['filterlogentries_rule'] : null; + $filterfieldsarray[2] = $_POST['filterlogentries_int'] ? $_POST['filterlogentries_int'] : null; + $filterfieldsarray[6] = strtolower($_POST['filterlogentries_proto']) ? $_POST['filterlogentries_proto'] : null; + + // Remove any zero-length spaces added to the IP address that could creep in from a copy-paste operation + $filterfieldsarray[7] = $_POST['filterlogentries_srcip'] ? str_replace("\xE2\x80\x8B", "", $_POST['filterlogentries_srcip']) : null; + $filterfieldsarray[8] = $_POST['filterlogentries_dstip'] ? str_replace("\xE2\x80\x8B", "", $_POST['filterlogentries_dstip']) : null; + + $filterfieldsarray[9] = $_POST['filterlogentries_srcport'] ? $_POST['filterlogentries_srcport'] : null; + $filterfieldsarray[10] = $_POST['filterlogentries_dstport'] ? $_POST['filterlogentries_dstport'] : null; + $filterfieldsarray[99] = $_POST['filterlogentries_date'] ? $_POST['filterlogentries_date'] : null; +} + + +if ($_POST['filterlogentries_clear']) { + $pfb['filterlogentries'] = TRUE; + $filterfieldsarray = array(); +} + + // Collect pfBlockerNG Firewall Rules if (!empty($results)) { foreach ($results as $result) { @@ -293,6 +346,112 @@ function check_lan_dest($lan_ip,$lan_mask,$dest_ip,$dest_mask="32") { } +// Parse Filter log for pfBlockerNG Alerts +function conv_log_filter_lite($logfile, $nentries, $tail, $pfbdenycnt, $pfbpermitcnt, $pfbmatchcnt) { + global $pfb, $rule_list, $filterfieldsarray; + $fields_array = array(); + $logarr = ""; + $denycnt = 0; + $permitcnt = 0; + $matchcnt = 0; + + if (file_exists($logfile)) { + exec("/usr/local/sbin/clog " . escapeshellarg($logfile) . " | grep -v \"CLOG\" | grep -v \"\033\" | /usr/bin/grep 'filterlog:' | /usr/bin/tail -r -n {$tail}", $logarr); + } + else return; + + if (!empty($logarr) && !empty($rule_list['id'])) { + foreach ($logarr as $logent) { + $pfbalert = array(); + $log_split = ""; + + if (!preg_match("/(.*)\s(.*)\sfilterlog:\s(.*)$/", $logent, $log_split)) + continue; + + list($all, $pfbalert[99], $host, $rule) = $log_split; + $rule_data = explode(",", $rule); + $pfbalert[0] = $rule_data[0]; // Rulenum + + // Skip Alert if Rule is not a pfBNG Alert + if (!in_array($pfbalert[0], $rule_list['id'])) + continue; + + $pfbalert[1] = $rule_data[4]; // Realint + $pfbalert[3] = $rule_data[6]; // Act + $pfbalert[4] = $rule_data[8]; // Version + + if ($pfbalert[4] == "4") { + $pfbalert[5] = $rule_data[15]; // Protocol ID + $pfbalert[6] = $rule_data[16]; // Protocol + $pfbalert[7] = $rule_data[18]; // SRC IP + $pfbalert[8] = $rule_data[19]; // DST IP + $pfbalert[9] = $rule_data[20]; // SRC Port + $pfbalert[10] = $rule_data[21]; // DST Port + $pfbalert[11] = $rule_data[23]; // TCP Flags + } else { + $pfbalert[5] = $rule_data[13]; // Protocol ID + $pfbalert[6] = $rule_data[12]; // Protocol + $pfbalert[7] = $rule_data[15]; // SRC IP + $pfbalert[8] = $rule_data[16]; // DST IP + $pfbalert[9] = $rule_data[17]; // SRC Port + $pfbalert[10] = $rule_data[18]; // DST Port + $pfbalert[11] = $rule_data[20]; // TCP Flags + } + + if ($pfbalert[5] == "6" || $pfbalert[5] == "17") { + // skip + } else { + $pfbalert[9] = ""; + $pfbalert[10] = ""; + $pfbalert[11] = ""; + } + + // Skip Repeated Alerts + if (($pfbalert[3] . $pfbalert[8] . $pfbalert[10]) == $previous_dstip || ($pfbalert[3] . $pfbalert[7] . $pfbalert[9]) == $previous_srcip) + continue; + + $pfbalert[2] = convert_real_interface_to_friendly_descr($rule_data[4]); // Friendly Interface Name + $pfbalert[6] = str_replace("TCP", "TCP-", strtoupper($pfbalert[6]), $pfbalert[6]) . $pfbalert[11]; // Protocol Flags + + // If Alerts Filtering is selected, process Filters as required. + if ($pfb['filterlogentries'] && !pfb_match_filter_field($pfbalert, $filterfieldsarray)) { + continue; + } + + if ($pfbalert[3] == "block") { + if ($denycnt < $pfbdenycnt) { + $fields_array['Deny'][] = $pfbalert; + $denycnt++; + } + } + elseif ($pfbalert[3] == "pass") { + if ($permitcnt < $pfbpermitcnt) { + $fields_array['Permit'][] = $pfbalert; + $permitcnt++; + } + } + elseif ($pfbalert[3] == "unkn(%u)" || $pfbalert[3] == "unkn(11)") { + if ($matchcnt < $pfbmatchcnt) { + $fields_array['Match'][] = $pfbalert; + $matchcnt++; + } + } + + // Exit function if Sufficinet Matches found. + if ($denycnt >= $pfbdenycnt && $permitcnt >= $pfbpermitcnt && $matchcnt >= $pfbmatchcnt) { + unset ($pfbalert, $logarr); + return $fields_array; + } + + // Collect Details for Repeated Alert Comparison + $previous_srcip = $pfbalert[3] . $pfbalert[7] . $pfbalert[9]; + $previous_dstip = $pfbalert[3] . $pfbalert[8] . $pfbalert[10]; + } + unset ($pfbalert, $logarr); + return $fields_array; + } +} + $pgtitle = gettext("pfBlockerNG: Alerts"); include_once("head.inc"); ?> @@ -341,7 +500,7 @@ if ($savemsg) { </tr> <tr> <td><div id="mainarea"> - <table id="maintable" class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="6"> + <table id="maintable" class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="4"> <tr> <td colspan="3" class="vncell" align="left"><?php echo gettext("LINKS :"); ?> <a href='/firewall_aliases.php' target="_blank"><?php echo gettext("Firewall Alias"); ?></a> @@ -369,6 +528,70 @@ if ($savemsg) { <?php printf(gettext("Currently Suppressing %s$pfbsupp_cnt%s Hosts."), '<strong>', '</strong>');?> </td> </tr> + <tr> + <td colspan="3" class="listtopic"><?php echo gettext("Alert Log View Filter"); ?></td> + </tr> + <tr id="filter_enable_row" style="display:<?php if (!$pfb['filterlogentries']) {echo "table-row;";} else {echo "none;";} ?>"> + <td width="10%" class="vncell"><?php echo gettext('Filter Options'); ?></td> + <td width="90%" class="vtable"> + <input name="show_filter" id="show_filter" type="button" class="formbtns" value="<?=gettext("Show Filter");?>" onclick="enable_showFilter();" /> + <?=gettext("Click to display advanced filtering options dialog");?> + </td> + </tr> + <tr id="filter_options_row" style="display:<?php if (!$pfb['filterlogentries']) {echo "none;";} else {echo "table-row;";} ?>"> + <td colspan="2"> + <table width="100%" border="0" cellspacing="0" cellpadding="1" summary="action"> + <tr> + <td valign="top"> + <div align="center"><?=gettext("Date");?></div> + <div align="center"><input id="filterlogentries_date" name="filterlogentries_date" class="formfld search" type="text" size="15" value="<?= $filterfieldsarray[99] ?>" /></div> + </td> + <td valign="top"> + <div align="center"><?=gettext("Interface");?></div> + <div align="center"><input id="filterlogentries_int" name="filterlogentries_int" class="formfld search" type="text" size="15" value="<?= $filterfieldsarray[2] ?>" /></div> + </td> + <td valign="top"> + <div align="center"><?=gettext("Rule Number Only");?></div> + <div align="center"><input id="filterlogentries_rule" name="filterlogentries_rule" class="formfld search" type="text" size="15" value="<?= $filterfieldsarray[0] ?>" /></div> + </td> + <td valign="top"> + <div align="center"><?=gettext("Protocol");?></div> + <div align="center"><input id="filterlogentries_proto" name="filterlogentries_proto" class="formfld search" type="text" size="15" value="<?= $filterfieldsarray[6] ?>" /></div> + </td> + </tr> + <tr> + <td valign="top"> + <div align="center"><?=gettext("Source IP Address");?></div> + <div align="center"><input id="filterlogentries_srcip" name="filterlogentries_srcip" class="formfld search" type="text" size="28" value="<?= $filterfieldsarray[7] ?>" /></div> + </td> + <td valign="top"> + <div align="center"><?=gettext("Source Port");?></div> + <div align="center"><input id="filterlogentries_srcport" name="filterlogentries_srcport" class="formfld search" type="text" size="5" value="<?= $filterfieldsarray[9] ?>" /></div> + </td> + <td valign="top"> + <div align="center"><?=gettext("Destination IP Address");?></div> + <div align="center"><input id="filterlogentries_dstip" name="filterlogentries_dstip" class="formfld search" type="text" size="28" value="<?= $filterfieldsarray[8] ?>" /></div> + </td> + <td valign="top"> + <div align="center"><?=gettext("Destination Port");?></div> + <div align="center"><input id="filterlogentries_dstport" name="filterlogentries_dstport" class="formfld search" type="text" size="5" value="<?= $filterfieldsarray[10] ?>" /></div> + </td> + </tr> + <td colspan="5" style="vertical-align:bottom"> + <br /><?printf(gettext('Regex Style Matching Only! %1$s Regular Expression Help link%2$s.'), '<a target="_blank" href="http://www.php.net/manual/en/book.pcre.php">', '</a>');?> <?=gettext("Precede with exclamation (!) as first character to exclude match.) ");?> + <br /><?printf(gettext("Example: ( ^80$ - Match Port 80, ^80$|^8080$ - Match both port 80 & 8080 ) "));?><br /> + </tr> + <tr> + <td colspan="1" style="vertical-align:bottom"> + <div align="left"><input id="filterlogentries_submit" name="filterlogentries_submit" type="submit" class="formbtns" value="<?=gettext("Apply Filter");?>" title="<?=gettext("Apply filter"); ?>" /> + <input id="filterlogentries_clear" name="filterlogentries_clear" type="submit" class="formbtns" value="<?=gettext("Clear");?>" title="<?=gettext("Remove filter");?>" /> + <input id="filterlogentries_hide" name="filterlogentries_hide" type="button" class="formbtns" value="<?=gettext("Hide");?>" onclick="enable_hideFilter();" title="<?=gettext("Hide filter options");?>" /></div> + </td> + </tr> + </table> + </td> + </tr> + <!--Create Three Output Windows 'Deny', 'Permit' and 'Match'--> <?php foreach (array ("Deny" => $pfb['denydir'] . " " . $pfb['nativedir'], "Permit" => $pfb['permitdir'], "Match" => $pfb['matchdir']) as $type => $pfbfolder ): switch($type) { @@ -394,16 +617,9 @@ if ($savemsg) { <table id="maintable" class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="6"> <tr> <!--Print Table Info--> - <td colspan="2" class="listtopic"><?php printf(gettext(" {$type} - Last %s Alert Entries."), "{$pfbentries}"); ?> - <?php if ($pfb['pfsenseversion'] >= '2.2'): ?> - <?php if (!is_array($config['syslog']) || !array_key_exists("reverse", $config['syslog'])): ?> - <?php echo gettext("Firewall Logs must be in Reverse Order."); ?> - <?php endif; ?> - <?php else: ?> - <?php echo gettext("Firewall Rule changes can unsync these Alerts."); ?> - <?php if (!is_array($config['syslog']) || !array_key_exists("reverse", $config['syslog'])): ?> - <?php echo gettext("Firewall Logs must be in Reverse Order."); ?> - <?php endif; ?> + <td colspan="2" class="listtopic"><?php printf(gettext(" {$type} - Last %s Alert Entries."),"{$pfbentries}"); ?> + <?php if ($type == "Deny"): ?> + <?php echo gettext("Firewall Rule changes can unsync these Alerts."); ?> <?php endif; ?> </td> </tr> @@ -411,12 +627,12 @@ if ($savemsg) { <td width="100%" colspan="2"> <table id="pfbAlertsTable" style="table-layout: fixed;" width="100%" class="sortable" border="0" cellpadding="0" cellspacing="0"> <colgroup> - <col width="8%" align="center" axis="date"> + <col width="7%" align="center" axis="date"> <col width="6%" align="center" axis="string"> - <col width="16%" align="center" axis="string"> + <col width="15%" align="center" axis="string"> <col width="6%" align="center" axis="string"> - <col width="20%" align="center" axis="string"> - <col width="20%" align="center" axis="string"> + <col width="21%" align="center" axis="string"> + <col width="21%" align="center" axis="string"> <col width="3%" align="center" axis="string"> <col width="13%" align="center" axis="string"> </colgroup> @@ -450,9 +666,9 @@ if ($pfb['runonce']) { } else { $pfblines = (exec("/usr/local/sbin/clog {$filter_logfile} | /usr/bin/grep -c ^") /2 ); } - $fields_array = conv_log_filter($filter_logfile, $pfblines, $pfblines); - $continents = array('pfB_Africa','pfB_Antartica','pfB_Asia','pfB_Europe','pfB_NAmerica','pfB_Oceania','pfB_SAmerica','pfB_Top'); + $fields_array = conv_log_filter_lite($filter_logfile, $pfblines, $pfblines, $pfbdenycnt, $pfbpermitcnt, $pfbmatchcnt); + $continents = array('pfB_Africa','pfB_Antartica','pfB_Asia','pfB_Europe','pfB_NAmerica','pfB_Oceania','pfB_SAmerica','pfB_Top'); $supp_ip_txt .= "Clicking this Suppression Icon, will immediately remove the Block.\n\nSuppressing a /32 CIDR is better than Suppressing the full /24"; $supp_ip_txt .= " CIDR.\nThe Host will be added to the pfBlockerNG Suppress Alias Table.\n\nOnly 32 or 24 CIDR IPs can be Suppressed with the '+' Icon."; @@ -473,7 +689,10 @@ if ($pfb['runonce']) { // Collect Virtual IP Aliases for Inbound/Outbound List Matching if (is_array($config['virtualip']['vip'])) { foreach ($config['virtualip']['vip'] as $list) { - $pfb_local[] = $list['subnet']; + if ($list['type'] == "single" && $list['subnet_bits'] == "32") + $pfb_local[] = $list['subnet']; + elseif ($list['type'] == "single" || $list['type'] == "network") + $pfb_local = array_merge (subnet_expand ("{$list['subnet']}/{$list['subnet_bits']}"), $pfb_local); } } // Collect NAT IP Addresses for Inbound/Outbound List Matching @@ -514,30 +733,31 @@ if ($pfb['runonce']) { $counter = 0; // Process Fields_array and generate Output -if (!empty($fields_array)) { - foreach ($fields_array as $fields) { +if (!empty($fields_array[$type]) && !empty($rule_list)) { + $key = 0; + foreach ($fields_array[$type] as $fields) { $rulenum = ""; $alert_ip = ""; $supp_ip = ""; $pfb_query = ""; - $rulenum = $fields['rulenum']; - if ($fields['act'] == $rtype && !empty($rule_list) && in_array($rulenum, $rule_list['id']) && $counter < $pfbentries) { - - // Skip Repeated Events - if (($fields['dstip'] . $fields['dstport']) == $previous_dstip || ($fields['srcip'] . $fields['srcport']) == $previous_srcip) { - continue; - } - - $proto = str_replace("TCP", "TCP-", $fields['proto']) . $fields['tcpflags']; + /* Fields_array Reference [0] = Rulenum [6] = Protocol + [1] = Real Interface [7] = SRC IP + [2] = Friendly Interface Name [8] = DST IP + [3] = Action [9] = SRC Port + [4] = Version [10] = DST Port + [5] = Protocol ID [11] = Flags + [99] = Timestamp */ + $rulenum = $fields[0]; + if ($counter < $pfbentries) { // Cleanup Port Output - if ($fields['proto'] == "ICMP") { - $srcport = $fields['srcport']; - $dstport = $fields['dstport']; + if ($fields[6] == "ICMP" || $fields[6] == "ICMPV6") { + $srcport = ""; + $dstport = ""; } else { - $srcport = " :" . $fields['srcport']; - $dstport = " :" . $fields['dstport']; + $srcport = ":" . $fields[9]; + $dstport = ":" . $fields[10]; } // Don't add Suppress Icon to Country Block Lines @@ -546,16 +766,10 @@ if (!empty($fields_array)) { } // Add DNS Resolve and Suppression Icons to External IPs only. GeoIP Code to External IPs only. - if (in_array($fields['dstip'], $pfb_local) || check_lan_dest($lan_ip,$lan_mask,$fields['dstip'],"32")) { + if (in_array($fields[8], $pfb_local) || check_lan_dest($lan_ip,$lan_mask,$fields[8],"32")) { // Destination is Gateway/NAT/VIP $rule = $rule_list[$rulenum]['name'] . "<br />(" . $rulenum .")"; - $host = $fields['srcip']; - - if (is_ipaddrv4($host)) { - $country = substr(exec("$pathgeoip -f $pathgeoipdat $host"),23,2); - } else { - $country = substr(exec("$pathgeoip6 -f $pathgeoipdat6 $host"),26,2); - } + $host = $fields[7]; $alert_ip .= "<a href='/pfblockerng/pfblockerng_diag_dns.php?host={$host}' title=\" " . gettext("Resolve host via Rev. DNS lookup"); $alert_ip .= "\"> <img src=\"/themes/{$g['theme']}/images/icons/icon_log.gif\" width=\"11\" height=\"11\" border=\"0\" "; @@ -563,30 +777,22 @@ if (!empty($fields_array)) { if ($pfb_query != "Country" && $rtype == "block" && $pfb['supp'] == "on") { $supp_ip .= "<input type='image' name='addsuppress[]' onclick=\"hostruleid('{$host}','{$rule_list[$rulenum]['name']}');\" "; - $supp_ip .= "src=\"../themes/{$g['theme']}/images/icons/icon_plus.gif\" title=\""; + $supp_ip .= "src=\"../themes/{$g['theme']}/images/icons/icon_pass_add.gif\" title=\""; $supp_ip .= gettext($supp_ip_txt) . "\" border=\"0\" width='11' height='11'/>"; } if ($pfb_query != "Country" && $rtype == "block" && $hostlookup == "on") { - $hostname = getpfbhostname('src', $fields['srcip'], $counter); + $hostname = getpfbhostname('src', $fields[7], $counter); } else { $hostname = ""; } - $src_icons = $alert_ip . " " . $supp_ip . " "; - $dst_icons = ""; - $scc = $country; - $dcc = ""; + $src_icons = $alert_ip . " " . $supp_ip . " "; + $dst_icons = ""; } else { // Outbound $rule = $rule_list[$rulenum]['name'] . "<br />(" . $rulenum .")"; - $host = $fields['dstip']; - - if (is_ipaddrv4($host)) { - $country = substr(exec("$pathgeoip -f $pathgeoipdat $host"),23,2); - } else { - $country = substr(exec("$pathgeoip6 -f $pathgeoipdat6 $host"),26,2); - } + $host = $fields[8]; $alert_ip .= "<a href='/pfblockerng/pfblockerng_diag_dns.php?host={$host}' title=\"" . gettext("Resolve host via Rev. DNS lookup"); $alert_ip .= "\"> <img src=\"/themes/{$g['theme']}/images/icons/icon_log.gif\" width=\"11\" height=\"11\" border=\"0\" "; @@ -594,20 +800,25 @@ if (!empty($fields_array)) { if ($pfb_query != "Country" && $rtype == "block" && $pfb['supp'] == "on") { $supp_ip .= "<input type='image' name='addsuppress[]' onclick=\"hostruleid('{$host}','{$rule_list[$rulenum]['name']}');\" "; - $supp_ip .= "src=\"../themes/{$g['theme']}/images/icons/icon_plus.gif\" title=\""; + $supp_ip .= "src=\"../themes/{$g['theme']}/images/icons/icon_pass_add.gif\" title=\""; $supp_ip .= gettext($supp_ip_txt) . "\" border=\"0\" width='11' height='11'/>"; } if ($pfb_query != "Country" && $rtype == "block" && $hostlookup == "on") { - $hostname = getpfbhostname('dst', $fields['dstip'], $counter); + $hostname = getpfbhostname('dst', $fields[8], $counter); } else { $hostname = ""; } - $src_icons = ""; - $dst_icons = $alert_ip . " " . $supp_ip . " "; - $scc = ""; - $dcc = $country; + $src_icons = ""; + $dst_icons = $alert_ip . " " . $supp_ip . " "; + } + + // Determine Country Code of Host + if (is_ipaddrv4($host)) { + $country = substr(exec("$pathgeoip -f $pathgeoipdat $host"),23,2); + } else { + $country = substr(exec("$pathgeoip6 -f $pathgeoipdat6 $host"),26,2); } # IP Query Grep Exclusion @@ -615,21 +826,19 @@ if (!empty($fields_array)) { $pfb_ex2 = "grep -v 'pfB\_\|/32\|/24\|\_v6\.txt' | grep -m1 '/'"; // Find List which contains Blocked IP Host - if ($pfb_query == "Country") { - # Skip - } else { + if (is_ipaddrv4($host) && $pfb_query != "Country") { // Search for exact IP Match $host1 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '\'$1\.$2\.$3\.$4\'', $host); - $pfb_query = exec("grep -rHm1 {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/:.*//' -e 's/\..*/ /' | {$pfb_ex1}"); + $pfb_query = exec("/usr/bin/grep -rHm1 {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/:.*//' -e 's/\..*/ /' | {$pfb_ex1}"); // Search for IP in /24 CIDR if (empty($pfb_query)) { $host1 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '\'$1\.$2\.$3\.0/24\'', $host); - $pfb_query = exec("grep -rHm1 {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex1}"); + $pfb_query = exec("/usr/bin/grep -rHm1 {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex1}"); } // Search for First Two IP Octets in CIDR Matches Only. Skip any pfB (Country Lists) or /32,/24 Addresses. if (empty($pfb_query)) { $host1 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '\'^$1\.$2\.\'', $host); - $pfb_query = exec("grep -rH {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex2}"); + $pfb_query = exec("/usr/bin/grep -rH {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex2}"); } // Search for First Two IP Octets in CIDR Matches Only (Subtract 1 from second Octet on each loop). // Skip (Country Lists) or /32,/24 Addresses. @@ -638,7 +847,7 @@ if (!empty($fields_array)) { $host2 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '$2', $host); for ($cnt = 1; $cnt <= 5; $cnt++) { $host3 = $host2 - $cnt . '\''; - $pfb_query = exec("grep -rH {$host1}{$host3} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex2}"); + $pfb_query = exec("/usr/bin/grep -rH {$host1}{$host3} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex2}"); // Break out of loop if found. if (!empty($pfb_query)) $cnt = 6; @@ -647,26 +856,30 @@ if (!empty($fields_array)) { // Search for First Three Octets if (empty($pfb_query)) { $host1 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '\'^$1\.$2\.$3\.\'', $host); - $pfb_query = exec("grep -rH {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex2}"); + $pfb_query = exec("/usr/bin/grep -rH {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex2}"); } // Search for First Two Octets if (empty($pfb_query)) { $host1 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '\'^$1\.$2\.\'', $host); - $pfb_query = exec("grep -rH {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex2}"); + $pfb_query = exec("/usr/bin/grep -rH {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex2}"); } // Report Specific ET IQRisk Details if ($pfb['et_header'] && preg_match("/{$et_header}/", $pfb_query)) { $host1 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '\'$1\.$2\.$3\.$4\'', $host); - $pfb_query = exec("grep -Hm1 {$host1} {$pfb['etdir']}/* | sed -e 's/^.*[a-zA-Z]\///' -e 's/:.*//' -e 's/\..*/ /' -e 's/ET_/ET IPrep /' "); + $pfb_query = exec("/usr/bin/grep -Hm1 {$host1} {$pfb['etdir']}/* | sed -e 's/^.*[a-zA-Z]\///' -e 's/:.*//' -e 's/\..*/ /' -e 's/ET_/ET IPrep /' "); if (empty($pfb_query)) { $host1 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '\'$1.$2.$3.0/24\'', $host); - $pfb_query = exec("grep -rHm1 {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex1}"); + $pfb_query = exec("/usr/bin/grep -rHm1 {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex1}"); } } - // Default to "No Match" if not found. - if (empty($pfb_query)) - $pfb_query = "No Match"; } + elseif (is_ipaddrv6($host) && $pfb_query != "Country") { + $pfb_query = exec("/usr/bin/grep -Hm1 {$host} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | grep -v 'pfB\_'"); + } + + // Default to "No Match" if not found. + if (empty($pfb_query)) + $pfb_query = "No Match"; # Split List Column into Two lines. unset ($pfb_match); @@ -681,9 +894,19 @@ if (!empty($fields_array)) { } } - $pfb_matchtitle = "Country Block Rules cannot be suppressed.\n\nTo allow a particular Country IP, either remove the particular Country or add the Host\nto a Permit Alias in the Firewall Tab.\n\nIf the IP is not listed beside the List, this means that the Block is a /32 entry.\nOnly /32 or /24 CIDR Hosts can be suppressed.\n\nIf (Duplication) Checking is not enabled. You may see /24 and /32 CIDR Blocks for a given blocked Host"; + // Add []'s to IPv6 Addresses and add a zero-width space as soft-break opportunity after each colon if we have an IPv6 address (from Snort) + if ($fields[4] == "6") { + $fields[97] = "[" . str_replace(":", ":​", $fields[7]) . "]"; + $fields[98] = "[" . str_replace(":", ":​", $fields[8]) . "]"; + } + else { + $fields[97] = $fields[7]; + $fields[98] = $fields[8]; + } // Truncate Long List Names + $pfb_matchtitle = "Country Block Rules cannot be suppressed.\n\nTo allow a particular Country IP, either remove the particular Country or add the Host\nto a Permit Alias in the Firewall Tab.\n\nIf the IP is not listed beside the List, this means that the Block is a /32 entry.\nOnly /32 or /24 CIDR Hosts can be suppressed.\n\nIf (Duplication) Checking is not enabled. You may see /24 and /32 CIDR Blocks for a given blocked Host"; + if (strlen($pfb_match[1]) >= 17) { $pfb_matchtitle = $pfb_match[1]; $pfb_match[1] = substr($pfb_match[1], 0, 16) . '...'; @@ -691,31 +914,28 @@ if (!empty($fields_array)) { // Print Alternating Line Shading if ($pfb['pfsenseversion'] > '2.0') { - $alertRowEvenClass = "listMReven"; - $alertRowOddClass = "listMRodd"; + $alertRowEvenClass = "listMReven"; + $alertRowOddClass = "listMRodd"; } else { - $alertRowEvenClass = "listr"; - $alertRowOddClass = "listr"; + $alertRowEvenClass = "listr"; + $alertRowOddClass = "listr"; } - // Collect Details for Repeated Alert Comparison - $previous_srcip = $fields['srcip'] . $fields['srcport']; - $previous_dstip = $fields['dstip'] . $fields['dstport']; - $countrycode = trim($scc . $dcc); - $alertRowClass = $counter % 2 ? $alertRowEvenClass : $alertRowOddClass; echo "<tr class='{$alertRowClass}'> - <td class='listMRr' align='center'>{$fields['time']}</td> - <td class='listMRr' align='center'>{$fields['interface']}</td> + <td class='listMRr' align='center'>{$fields[99]}</td> + <td class='listMRr' align='center'>{$fields[2]}</td> <td class='listMRr' align='center' title='The pfBlockerNG Rule that Blocked this Host.'>{$rule}</td> - <td class='listMRr' align='center'>{$proto}</td> - <td nowrap='nowrap' class='listMRr' align='center' style='sorttable_customkey:{$fields['srcip']};' sorttable_customkey='{$fields['srcip']}'>{$src_icons}{$fields['srcip']}{$srcport}<br /><small>{$hostname['src']}</small></td> - <td nowrap='nowrap' class='listMRr' align='center' style='sorttable_customkey:{$fields['dstip']};' sorttable_customkey='{$fields['dstip']}'>{$dst_icons}{$fields['dstip']}{$dstport}<br /><small>{$hostname['dst']}</small></td> - <td class='listMRr' align='center'>{$countrycode}</td> + <td class='listMRr' align='center'>{$fields[6]}</td> + <td class='listMRr' align='center' style='sorttable_customkey:{$fields[7]};' sorttable_customkey='{$fields[7]}'>{$src_icons}{$fields[97]}{$srcport}<br /><small>{$hostname['src']}</small></td> + <td class='listMRr' align='center' style='sorttable_customkey:{$fields[8]};' sorttable_customkey='{$fields[8]}'>{$dst_icons}{$fields[98]}{$dstport}<br /><small>{$hostname['dst']}</small></td> + <td class='listMRr' align='center'>{$country}</td> <td class='listbg' align='center' title='{$pfb_matchtitle}' style=\"font-size: 10px word-wrap:break-word;\">{$pfb_match[1]}<br />{$pfb_match[2]}</td></tr>"; $counter++; if ($counter > 0 && $rtype == "block") { $mycounter = $counter; + } else { + $mycounter = 0; } } } @@ -725,6 +945,7 @@ if (!empty($fields_array)) { </table> </table> <?php endforeach; ?> <!--End - Create Three Output Windows 'Deny', 'Permit' and 'Match'--> +<?php unset ($fields_array); ?> </td></tr> </table> @@ -762,9 +983,22 @@ function findhostnames(counter) { ) } -var lines = <?php echo $mycounter; ?>; -for (alertcount = 0; alertcount < lines; alertcount++) { - setTimeout(findhostnames(alertcount), 30); +var alertlines = <?php echo $mycounter; ?>; +var autoresolve = "<?php echo $config['installedpackages']['pfblockerngglobal']['hostlookup']; ?>"; +if ( autoresolve == "on" ) { + for (alertcount = 0; alertcount < alertlines; alertcount++) { + setTimeout(findhostnames(alertcount), 30); + } +} + +function enable_showFilter() { + document.getElementById("filter_enable_row").style.display="none"; + document.getElementById("filter_options_row").style.display="table-row"; +} + +function enable_hideFilter() { + document.getElementById("filter_enable_row").style.display="table-row"; + document.getElementById("filter_options_row").style.display="none"; } //]]> diff --git a/config/pfblockerng/pfblockerng_diag_dns.php b/config/pfblockerng/pfblockerng_diag_dns.php index b2f07464..b44bc71c 100644 --- a/config/pfblockerng/pfblockerng_diag_dns.php +++ b/config/pfblockerng/pfblockerng_diag_dns.php @@ -3,7 +3,7 @@ pfBlockerNG_diag_dns.php pfBlockerNG - Copyright (C) 2014 BBcan177@gmail.com + Copyright (C) 2015 BBcan177@gmail.com All rights reserved. Original Code by: @@ -47,11 +47,11 @@ if (is_array($config['aliases']['alias'])) { } $aliasname = str_replace(array(".","-"), "_", $host); $alias_exists = false; -$counter=0; -foreach($a_aliases as $a) { - if($a['name'] == $aliasname) { +$counter = 0; +foreach ($a_aliases as $a) { + if ($a['name'] == $aliasname) { $alias_exists = true; - $id=$counter; + $id = $counter; } $counter++; } @@ -65,36 +65,39 @@ if ($pfs_version > '2.2') { $cmd = '/usr/bin/dig'; } - -if(isset($_POST['create_alias']) && (is_hostname($host) || is_ipaddr($host))) { - if($_POST['override']) +if (isset($_POST['create_alias']) && (is_hostname($host) || is_ipaddr($host))) { + if ($_POST['override']) { $override = true; + } $resolved = gethostbyname($host); $type = "hostname"; - if($resolved) { + if ($resolved) { $resolved = array(); exec("{$cmd} {$host_esc} A | /usr/bin/grep {$host_esc} | /usr/bin/grep -v ';' | /usr/bin/awk '{ print $5 }'", $resolved); $isfirst = true; - foreach($resolved as $re) { - if($re <> "") { - if(!$isfirst) + foreach ($resolved as $re) { + if ($re <> "") { + if (!$isfirst) { $addresses .= " "; + } $addresses .= rtrim($re) . "/32"; $isfirst = false; } } $newalias = array(); - if($override) + if ($override) { $alias_exists = false; - if($alias_exists == false) { + } + if ($alias_exists == false) { $newalias['name'] = $aliasname; $newalias['type'] = "network"; $newalias['address'] = $addresses; $newalias['descr'] = "Created from Diagnostics-> DNS Lookup"; - if($override) + if ($override) { $a_aliases[$id] = $newalias; - else + } else { $a_aliases[] = $newalias; + } write_config(); $createdalias = true; } @@ -118,8 +121,9 @@ if ($_POST) { exec("/usr/bin/grep nameserver /etc/resolv.conf | /usr/bin/cut -f2 -d' '", $dns_servers); foreach ($dns_servers as $dns_server) { $query_time = exec("{$cmd} {$host_esc} " . escapeshellarg("@" . trim($dns_server)) . " | /usr/bin/grep Query | /usr/bin/cut -d':' -f2"); - if($query_time == "") + if ($query_time == "") { $query_time = gettext("No response"); + } $new_qt = array(); $new_qt['dns_server'] = $dns_server; $new_qt['query_time'] = $query_time; @@ -137,18 +141,20 @@ if ($_POST) { $type = "ip"; $resolved = gethostbyaddr($host); $ipaddr = $host; - if ($host != $resolved) + if ($host != $resolved) { $hostname = $resolved; + } } elseif (is_hostname($host)) { $type = "hostname"; $resolved = gethostbyname($host); - if($resolved) { + if ($resolved) { $resolved = array(); exec("{$cmd} {$host_esc} A | /usr/bin/grep {$host_esc} | /usr/bin/grep -v ';' | /usr/bin/awk '{ print $5 }'", $resolved); } $hostname = $host; - if ($host != $resolved) + if ($host != $resolved) { $ipaddr = $resolved[0]; + } } if ($host == $resolved) { @@ -157,6 +163,11 @@ if ($_POST) { } } +if ( ($_POST['host']) && ($_POST['dialog_output']) ) { + display_host_results ($host,$resolved,$dns_speeds); + exit; +} + function display_host_results ($address,$hostname,$dns_speeds) { $map_lengths = function($element) { return strlen($element[0]); }; @@ -179,12 +190,12 @@ function display_host_results ($address,$hostname,$dns_speeds) { include("head.inc"); ?> <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> <?php include("fbegin.inc"); ?> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> +<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="pfblockerng diag dns"> <tr> <td> <?php if ($input_errors) print_input_errors($input_errors); ?> <form action="/pfblockerng/pfblockerng_diag_dns.php" method="post" name="iform" id="iform"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> + <table width="100%" border="0" cellpadding="6" cellspacing="0" summary="tabcont"> <tr> <td colspan="2" valign="top" class="listtopic"> <?=gettext("Resolve DNS hostname or IP");?></td> </tr> @@ -192,68 +203,67 @@ include("head.inc"); ?> <td width="22%" valign="top" class="vncellreq"><?=gettext("Hostname or IP");?></td> <td width="78%" class="vtable"> <?=$mandfldhtml;?> - <table> + <table summary="results"> <tr><td valign="top"> - <input name="host" type="text" class="formfld" id="host" size="20" value="<?=htmlspecialchars($host);?>"> + <input name="host" type="text" class="formfld unknown" id="host" size="20" value="<?=htmlspecialchars($host);?>"> </td> - <td> <?php if ($resolved && $type) { ?> - = <font size="+1"> + <td valign="middle"> = </td><td> + <font size="+1"> <?php $found = 0; - if(is_array($resolved)) { - foreach($resolved as $hostitem) { - if($hostitem <> "") { - echo $hostitem . "<br/>"; + if (is_array($resolved)) { + foreach ($resolved as $hostitem) { + if ($hostitem <> "") { + echo $hostitem . "<br />"; $found++; } } } else { - echo $resolved; - } - if($found > 0) { ?> - <br/><font size='-2'> - <?PHP if($alias_exists) { ?> + echo $resolved; + } + if ($found > 0) { ?> + <br /></font><font size='-2'> + <?php if ($alias_exists) { ?> An alias already exists for the hostname <?= htmlspecialchars($host) ?>. <br /> <input type="hidden" name="override" value="true"/> <input type="submit" name="create_alias" value="Overwrite Alias"/> - <?PHP } else { - if(!$createdalias) { ?> + <?php } else { + if (!$createdalias) { ?> <input type="submit" name="create_alias" value="Create Alias from These Entries"/> - <?PHP } else { ?> + <?php } else { ?> Alias created with name <?= htmlspecialchars($newalias['name']) ?> - <?PHP } + <?php } } } ?> - <font size="-1"> - <? } ?> - </td></tr></table> - </td> + <?php } ?> + </font></td></tr></table> + </td> </tr> -<?php if($_POST): ?> +<?php if ($_POST): ?> <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Resolution time per server");?></td> - <td width="78%" class="vtable"> - <table width="170" border="1" cellpadding="2" style="border-width: 1px 1px 1px 1px; border-collapse: collapse;"> + <td width="22%" valign="top" class="vncell"><?=gettext("Resolution time per server");?></td> + <td width="78%" class="vtable"> + <table width="170" border="0" cellpadding="6" cellspacing="0" summary="resolution time"> <tr> - <td> - <b><?=gettext("Server");?></b> + <td class="listhdrr"> + <?=gettext("Server");?> </td> - <td> - <b><?=gettext("Query time");?></b> + <td class="listhdrr"> + <?=gettext("Query time");?> </td> </tr> <?php - if(is_array($dns_speeds)) - foreach($dns_speeds as $qt): + if (is_array($dns_speeds)) + foreach ($dns_speeds as $qt): ?> <tr> - <td> + <td class="listlr"> <?=$qt['dns_server']?> </td> - <td> + <td class="listr"> <?=$qt['query_time']?> </td> </tr> @@ -261,58 +271,59 @@ include("head.inc"); ?> endforeach; ?> </table> - </td> + </td> </tr> <?php endif; ?> <?php if (!$input_errors && $ipaddr) { ?> <tr> - - <td width="22%" valign="top" class="vncell"><?=gettext("More Information:");?></td> + <td width="22%" valign="top" class="vncell"><?=gettext("More Information:");?></td> <td width="78%" class="vtable"> - <a target="_new" href ="/diag_ping.php?host=<?=htmlspecialchars($host)?>&interface=wan&count=3"><?=gettext("Ping");?></a> <br/> + <a target="_new" href ="/diag_ping.php?host=<?=htmlspecialchars($host)?>&interface=wan&count=3"><?=gettext("Ping");?></a> <br /> <a target="_new" href ="/diag_traceroute.php?host=<?=htmlspecialchars($host)?>&ttl=18"><?=gettext("Traceroute");?></a> <p/> - <?=gettext("NOTE: The following links are to external services, so their reliability cannot be guaranteed.");?><br/><br/> + <?=gettext("NOTE: The following links are to external services, so their reliability cannot be guaranteed.");?><br/><br /> <a target="_new" href="http://private.dnsstuff.com/tools/whois.ch?ip=<?php echo $ipaddr; ?>"><?=gettext("IP WHOIS @ DNS Stuff");?></a><br /> <a target="_new" href="http://private.dnsstuff.com/tools/ipall.ch?ip=<?php echo $ipaddr; ?>"><?=gettext("IP Info @ DNS Stuff");?></a> - <?=gettext("NOTE: The following links are to external services, so their reliability cannot be guaranteed.");?><br/><br/> - <a target="_new" href="http://kb.bothunter.net/ipInfo/nowait.php?IP=<?php echo $ipaddr; ?>"><?=gettext("BOTHunter");?></a><br/> - <a target="_new" href="http://www.ipvoid.com/scan/<?php echo $ipaddr; ?>/"><?=gettext("IPVOID");?></a><br/> - <a target="_new" href="http://www.tcpiputils.com/browse/ip-address/<?php echo $ipaddr; ?>/"><?=gettext("TCPUtils");?></a><br/> - <a target="_new" href="https://www.herdprotect.com/ip-address-<?php echo $ipaddr; ?>.aspx"><?=gettext("Herd Protect");?></a><br/> - <a target="_new" href="https://www.senderbase.org/lookup/ip/?search_string=<?php echo $ipaddr; ?>"><?=gettext("SenderBase");?></a><br/> - <a target="_new" href="http://www.ip-tracker.org/locator/ip-lookup.php?ip=<?php echo $ipaddr; ?>"><?=gettext("IP Tracker");?></a><br/> + <?=gettext("NOTE: The following links are to external services, so their reliability cannot be guaranteed.");?><br /><br /> + <a target="_new" href="http://kb.bothunter.net/ipInfo/nowait.php?IP=<?php echo $ipaddr; ?>"><?=gettext("BOTHunter");?></a><br /> + <a target="_new" href="http://www.ipvoid.com/scan/<?php echo $ipaddr; ?>/"><?=gettext("IPVOID");?></a><br /> + <a target="_new" href="http://www.tcpiputils.com/browse/ip-address/<?php echo $ipaddr; ?>/"><?=gettext("TCPUtils");?></a><br /> + <a target="_new" href="https://www.herdprotect.com/ip-address-<?php echo $ipaddr; ?>.aspx"><?=gettext("Herd Protect");?></a><br /> + <a target="_new" href="https://www.senderbase.org/lookup/ip/?search_string=<?php echo $ipaddr; ?>"><?=gettext("SenderBase");?></a><br /> + <a target="_new" href="http://www.ip-tracker.org/locator/ip-lookup.php?ip=<?php echo $ipaddr; ?>"><?=gettext("IP Tracker");?></a><br /> - <a target="_new" href="https://www.fortiguard.com/ip_rep/index.php?data=/<?php echo $ipaddr; ?>?"><?=gettext("FortiGuard");?></a><br/> - <a target="_new" href="https://www.projecthoneypot.org/ip_<?php echo $ipaddr; ?>"><?=gettext("Project HoneyPot");?></a><br/> - <a target="_new" href="https://www.virustotal.com/en/ip-address/<?php echo $ipaddr; ?>/information"><?=gettext("VirusTotal Info");?></a><br/> - <a target="_new" href="https://www.mcafee.com/threat-intelligence/ip/default.aspx?ip=<?php echo $ipaddr; ?>"><?=gettext("McAfee Threat Center");?></a><br/> - <a target="_new" href="http://sitecheck2.sucuri.net/results/<?php echo $ipaddr; ?>"><?=gettext("Securi SiteCheck");?></a><br/> - <a target="_new" href="https://www.dshield.org/ipinfo.html?IP=<?php echo $ipaddr; ?>"><?=gettext("DShield Threat Lookup");?></a><br/> - <a target="_new" href="https://isc.sans.edu/ipinfo.html?ip=<?php echo $ipaddr; ?>"><?=gettext("Internet Storm Center");?></a><br/> - <a target="_new" href="https://www.mywot.com/en/scorecard/<?php echo $ipaddr; ?>"><?=gettext("Web of Trust (WOT) Scorecard");?></a><br/> - <a target="_new" href="https://quttera.com/sitescan/<?php echo $ipaddr; ?>"><?=gettext("Quattera");?></a><br/> - <a target="_new" href="https://www.iblocklist.com/search.php?string=<?php echo $ipaddr; ?>"><?=gettext("I-Block List");?></a><br/> + <a target="_new" href="https://www.fortiguard.com/ip_rep/index.php?data=/<?php echo $ipaddr; ?>?"><?=gettext("FortiGuard");?></a><br /> + <a target="_new" href="https://www.projecthoneypot.org/ip_<?php echo $ipaddr; ?>"><?=gettext("Project HoneyPot");?></a><br /> + <a target="_new" href="https://www.virustotal.com/en/ip-address/<?php echo $ipaddr; ?>/information"><?=gettext("VirusTotal Info");?></a><br /> + <a target="_new" href="https://www.mcafee.com/threat-intelligence/ip/default.aspx?ip=<?php echo $ipaddr; ?>"><?=gettext("McAfee Threat Center");?></a><br /> + <a target="_new" href="http://sitecheck2.sucuri.net/results/<?php echo $ipaddr; ?>"><?=gettext("Securi SiteCheck");?></a><br /> + <a target="_new" href="https://www.dshield.org/ipinfo.html?IP=<?php echo $ipaddr; ?>"><?=gettext("DShield Threat Lookup");?></a><br /> + <a target="_new" href="https://isc.sans.edu/ipinfo.html?ip=<?php echo $ipaddr; ?>"><?=gettext("Internet Storm Center");?></a><br /> + <a target="_new" href="https://www.mywot.com/en/scorecard/<?php echo $ipaddr; ?>"><?=gettext("Web of Trust (WOT) Scorecard");?></a><br /> + <a target="_new" href="https://quttera.com/sitescan/<?php echo $ipaddr; ?>"><?=gettext("Quattera");?></a><br /> + <a target="_new" href="https://www.iblocklist.com/search.php?string=<?php echo $ipaddr; ?>"><?=gettext("I-Block List");?></a><br /> <p/> - <?=gettext("NOTE: Mail Server DNSRBL Lookups");?><br/><br/> - <a target="_new" href="https://senderscore.org/lookup.php?lookup=<?php echo $ipaddr; ?>&ipLookup=Go"><?=gettext("SenderScore");?></a><br/> - <a target="_new" href="http://www.spamhaus.org/query/bl?ip=<?php echo $ipaddr; ?>"><?=gettext("Spamhaus Blocklist");?></a><br/> - <a target="_new" href="http://www.spamcop.net/w3m?action=checkblock&ip=<?php echo $ipaddr; ?>"><?=gettext("SPAMcop Blocklist");?></a><br/> - <a target="_new" href="http://multirbl.valli.org/lookup/<?php echo $ipaddr; ?>.html"><?=gettext("multirbl RBL Lookup");?></a><br/> - <a target="_new" href="http://mxtoolbox.com/SuperTool.aspx?action=blacklist%3a<?php echo $ipaddr; ?>&run=toolpage"><?=gettext("MXToolbox");?></a><br/> + <?=gettext("NOTE: Mail Server DNSRBL Lookups");?><br /><br /> + <a target="_new" href="https://senderscore.org/lookup.php?lookup=<?php echo $ipaddr; ?>&ipLookup=Go"><?=gettext("SenderScore");?></a><br /> + <a target="_new" href="http://www.spamhaus.org/query/bl?ip=<?php echo $ipaddr; ?>"><?=gettext("Spamhaus Blocklist");?></a><br /> + <a target="_new" href="http://www.spamcop.net/w3m?action=checkblock&ip=<?php echo $ipaddr; ?>"><?=gettext("SPAMcop Blocklist");?></a><br /> + <a target="_new" href="http://multirbl.valli.org/lookup/<?php echo $ipaddr; ?>.html"><?=gettext("multirbl RBL Lookup");?></a><br /> + <a target="_new" href="http://mxtoolbox.com/SuperTool.aspx?action=blacklist%3a<?php echo $ipaddr; ?>&run=toolpage"><?=gettext("MXToolbox");?></a><br /> </td> </tr> <?php } ?> <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> - <br/> - <input name="Submit" type="submit" class="formbtn" value="<?=gettext("DNS Lookup");?>"> + <td width="22%" valign="top"> </td> + <td width="78%"> + <br /> + <input name="Submit" type="submit" class="formbtn" value="<?=gettext("DNS Lookup");?>"> </td> </tr> </table> -</td></tr></table> </form> -<?php include("fend.inc"); ?>
\ No newline at end of file +</td></tr></table> +<?php include("fend.inc"); ?> +</body> +</html>
\ No newline at end of file diff --git a/config/pfblockerng/pfblockerng_log.php b/config/pfblockerng/pfblockerng_log.php index 74f513a2..4c25ce29 100644 --- a/config/pfblockerng/pfblockerng_log.php +++ b/config/pfblockerng/pfblockerng_log.php @@ -3,7 +3,7 @@ pfBlockerNG_Log.php pfBlockerNG - Copyright (c) 2014 BBcan177@gmail.com + Copyright (c) 2015 BBcan177@gmail.com All rights reserved. Portions of this code are based on original work done for the @@ -17,7 +17,7 @@ All rights reserved. Adapted for Suricata by: - Copyright (C) 2014 Bill Meeks + Copyright (C) 2015 Bill Meeks All rights reserved. Javascript and Integration modifications by J. Nieuwenhuizen diff --git a/config/pfblockerng/pfblockerng_sync.xml b/config/pfblockerng/pfblockerng_sync.xml index 00186af8..f6cee305 100644 --- a/config/pfblockerng/pfblockerng_sync.xml +++ b/config/pfblockerng/pfblockerng_sync.xml @@ -10,7 +10,7 @@ pfBlockerNG_sync.xml pfBlockerNG - Copyright (C) 2014 BBcan177@gmail.com + Copyright (C) 2015 BBcan177@gmail.com All rights reserved. Based upon pfblocker for pfSense diff --git a/config/pfblockerng/pfblockerng_top20.xml b/config/pfblockerng/pfblockerng_top20.xml index ccaf68a0..db898112 100644 --- a/config/pfblockerng/pfblockerng_top20.xml +++ b/config/pfblockerng/pfblockerng_top20.xml @@ -10,7 +10,7 @@ pfBlockerNG_Top20.xml pfBlockerNG - Copyright (C) 2014 BBcan177@gmail.com + Copyright (C) 2015 BBcan177@gmail.com All rights reserved. Based upon pfblocker for pfSense diff --git a/config/pfblockerng/pfblockerng_update.php b/config/pfblockerng/pfblockerng_update.php index 99480900..f3a18231 100644 --- a/config/pfblockerng/pfblockerng_update.php +++ b/config/pfblockerng/pfblockerng_update.php @@ -3,7 +3,7 @@ /* pfBlockerNG_Update.php pfBlockerNG - Copyright (C) 2014 BBcan177@gmail.com + Copyright (C) 2015 BBcan177@gmail.com All rights reserved. Portions of this code are based on original work done for diff --git a/config/pfblockerng/pfblockerng_v4lists.xml b/config/pfblockerng/pfblockerng_v4lists.xml index 6df839ed..febfd597 100644 --- a/config/pfblockerng/pfblockerng_v4lists.xml +++ b/config/pfblockerng/pfblockerng_v4lists.xml @@ -9,7 +9,7 @@ pfBlockerNG_v4lists.xml pfBlockerNG - Copyright (C) 2014 BBcan177@gmail.com + Copyright (C) 2015 BBcan177@gmail.com All rights reserved. Based upon pfblocker for pfSense diff --git a/config/pfblockerng/pfblockerng_v6lists.xml b/config/pfblockerng/pfblockerng_v6lists.xml index 15d788cf..10a866c0 100644 --- a/config/pfblockerng/pfblockerng_v6lists.xml +++ b/config/pfblockerng/pfblockerng_v6lists.xml @@ -9,7 +9,7 @@ pfBlockerNG_v6lists.xml pfBlockerNG - Copyright (C) 2014 BBcan177@gmail.com + Copyright (C) 2015 BBcan177@gmail.com All rights reserved. Based upon pfblocker for pfSense |