diff options
Diffstat (limited to 'config/pfblockerng')
| -rw-r--r-- | config/pfblockerng/countrycodes.tar.bz2 | bin | 841191 -> 571736 bytes | |||
| -rw-r--r-- | config/pfblockerng/geoipupdate.sh | 30 | ||||
| -rw-r--r-- | config/pfblockerng/pfblockerng.inc | 394 | ||||
| -rw-r--r-- | config/pfblockerng/pfblockerng.js | 2 | ||||
| -rw-r--r-- | config/pfblockerng/pfblockerng.php | 62 | ||||
| -rw-r--r-- | config/pfblockerng/pfblockerng.sh | 74 | ||||
| -rw-r--r-- | config/pfblockerng/pfblockerng.widget.php | 2 | ||||
| -rw-r--r-- | config/pfblockerng/pfblockerng.xml | 19 | ||||
| -rw-r--r-- | config/pfblockerng/pfblockerng_alerts.php | 472 | ||||
| -rw-r--r-- | config/pfblockerng/pfblockerng_diag_dns.php | 189 | ||||
| -rw-r--r-- | config/pfblockerng/pfblockerng_log.php | 4 | ||||
| -rw-r--r-- | config/pfblockerng/pfblockerng_sync.xml | 2 | ||||
| -rw-r--r-- | config/pfblockerng/pfblockerng_top20.xml | 2 | ||||
| -rw-r--r-- | config/pfblockerng/pfblockerng_update.php | 2 | ||||
| -rw-r--r-- | config/pfblockerng/pfblockerng_v4lists.xml | 2 | ||||
| -rw-r--r-- | config/pfblockerng/pfblockerng_v6lists.xml | 2 |
16 files changed, 827 insertions, 431 deletions
diff --git a/config/pfblockerng/countrycodes.tar.bz2 b/config/pfblockerng/countrycodes.tar.bz2 Binary files differindex afebf58a..12cc1b5b 100644 --- a/config/pfblockerng/countrycodes.tar.bz2 +++ b/config/pfblockerng/countrycodes.tar.bz2 diff --git a/config/pfblockerng/geoipupdate.sh b/config/pfblockerng/geoipupdate.sh index 4b8fbb63..dc6f2af6 100644 --- a/config/pfblockerng/geoipupdate.sh +++ b/config/pfblockerng/geoipupdate.sh @@ -1,7 +1,7 @@ #!/bin/sh # # pfBlockerNG MaxMind GeoLite GeoIP Updater Script - By BBcan177@gmail.com -# Copyright (C) 2014 BBcan177@gmail.com +# Copyright (C) 2015 BBcan177@gmail.com # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License Version 2 as @@ -23,19 +23,23 @@ # may be met by including the following in all advertising and documentation # mentioning features of or use of this database. -# Folder Locations +mtype=$(/usr/bin/uname -m); + +# Application Locations pathfetch=/usr/bin/fetch pathtar=/usr/bin/tar pathgunzip=/usr/bin/gunzip -# File Locations +# Folder Locations pathdb=/var/db/pfblockerng +pathpbi=/usr/pbi/pfblockerng-$mtype/share/GeoIP pathlog=/var/log/pfblockerng + +# File Locations errorlog=$pathlog/geoip.log -pathgeoipdatgz=$pathdb/GeoIP.dat.gz -pathgeoipdatgzv6=$pathdb/GeoIPv6.dat.gz -pathgeoipdat=$pathdb/GeoIP.dat -pathgeoipdatv6=$pathdb/GeoIPv6.dat +geoipdat=/GeoIP.dat +geoipdatv6=/GeoIPv6.dat + pathgeoipcc=$pathdb/country_continent.csv pathgeoipcsv4=$pathdb/GeoIPCountryCSV.zip pathgeoipcsvfinal4=$pathdb/GeoIPCountryWhois.csv @@ -56,12 +60,12 @@ binaryupdate() { echo " ** Downloading MaxMind GeoLite IPv4 Binary Database (For Reputation/Alerts Processes) **"; echo URL="http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz" -$pathfetch -v -o $pathgeoipdatgz -T 20 $URL +$pathfetch -v -o $pathpbi$geoipdat.gz -T 20 $URL if [ "$?" -eq "0" ]; then - $pathgunzip -f $pathgeoipdatgz + $pathgunzip -f $pathpbi$geoipdat.gz echo; echo " ( MaxMind IPv4 GeoIP.dat has been updated )"; echo echo "Current Date/Timestamp:" - /bin/ls -alh $pathgeoipdat + /bin/ls -alh $pathpbi$geoipdat echo else echo; echo " => MaxMind IPv4 GeoIP.dat Update [ FAILED ]"; echo @@ -72,12 +76,12 @@ fi echo; echo " ** Downloading MaxMind GeoLite IPv6 Binary Database (For Reputation/Alerts Processes) **"; echo URL="http://geolite.maxmind.com/download/geoip/database/GeoIPv6.dat.gz" -$pathfetch -v -o $pathgeoipdatgzv6 -T 20 $URL +$pathfetch -v -o $pathpbi$geoipdatv6.gz -T 20 $URL if [ "$?" -eq "0" ]; then - $pathgunzip -f $pathgeoipdatgzv6 + $pathgunzip -f $pathpbi$geoipdatv6.gz echo; echo " ( MaxMind IPv6 GeoIPv6.dat has been updated )"; echo echo "Current Date/Timestamp:" - /bin/ls -alh $pathgeoipdatv6 + /bin/ls -alh $pathpbi$geoipdatv6 echo else echo; echo " => MaxMind IPv6 GeoIPv6.dat Update [ FAILED ]"; echo diff --git a/config/pfblockerng/pfblockerng.inc b/config/pfblockerng/pfblockerng.inc index d612dbf1..1a1c87a2 100644 --- a/config/pfblockerng/pfblockerng.inc +++ b/config/pfblockerng/pfblockerng.inc @@ -3,7 +3,7 @@ pfBlockerNG.inc pfBlockerNG - Copyright (C) 2014 BBcan177@gmail.com + Copyright (C) 2015 BBcan177@gmail.com All rights reserved. part of the Postfix package for pfSense @@ -48,9 +48,11 @@ require_once("services.inc"); # [ $pfb ] pfBlockerNG Global Array for Paths and Variables. This needs to be called to get the Updated Settings. function pfb_global() { - global $g,$config,$pfb; + # Collect pfSense Version + $pfb['pfsenseversion'] = substr(trim(file_get_contents("/etc/version")),0,3); + # Folders $pfb['dbdir'] = "{$g['vardb_path']}/pfblockerng"; $pfb['aliasdir'] = "{$g['vardb_path']}/aliastables"; @@ -76,9 +78,7 @@ function pfb_global() { $pfb['log'] = "{$pfb['logdir']}/pfblockerng.log"; $pfb['supptxt'] = "{$pfb['dbdir']}/pfbsuppression.txt"; $pfb['script'] = 'sh /usr/local/pkg/pfblockerng/pfblockerng.sh'; - - # Collect pfSense Version - $pfb['pfsenseversion'] = substr(trim(file_get_contents("/etc/version")),0,3); + $pfb['aliasarchive'] = "/usr/pbi/pfblockerng-" . php_uname("m") . "/etc/aliastables.tar.bz2"; # General Variables $pfb['config'] = $config['installedpackages']['pfblockerng']['config'][0]; @@ -226,8 +226,11 @@ function pfb_create_suppression_file() { if ($pfb['found']) { $pfb_suppress = str_replace(" ", "\n", $config['aliases']['alias'][$pfb_id]['address']); - if (!empty($pfb_suppress)) + if (!empty($pfb_suppress)) { @file_put_contents("{$pfb['supptxt']}",$pfb_suppress, LOCK_EX); + } else { + unlink_if_exists("{$pfb['supptxt']}"); + } } else { # Delete Suppression File if Alias is Empty. unlink_if_exists("{$pfb['supptxt']}"); @@ -335,6 +338,58 @@ function ip_range_to_subnet_array_temp2($ip1, $ip2) { } +// Archive Aliastables for NanoBSD and RAMDisk Installations +function pfb_aliastables($mode) { + global $g,$config,$pfb; + $earlyshellcmd = "/usr/local/pkg/pfblockerng/pfblockerng.sh aliastables"; + $msg = ""; + + // Only Execute function if Platform is NanoBSD or Ramdisks are used. + if (($g['platform'] != "pfSense") || isset($config['system']['use_mfs_tmpvar'])) { + conf_mount_rw(); + if ($mode == "update") { + // Archive Aliastable Folder + exec ("cd {$pfb['aliasdir']}; ls -A pfB_*.txt && /usr/bin/tar -jcvf {$pfb['aliasarchive']} pfB_*.txt >/dev/null 2>&1"); + $msg = "\n\nArchiving Aliastable Folder\n"; + } + elseif ($mode == "conf") { + // Check conf file for earlyshellcmd + if (is_array($config['system']['earlyshellcmd'])) { + $a_earlyshellcmd = &$config['system']['earlyshellcmd']; + if (!preg_grep("/pfblockerng.sh aliastables/", $a_earlyshellcmd)) { + $a_earlyshellcmd[] = "{$earlyshellcmd}"; + $msg = "\n** Adding earlyshellcmd **\n"; + } + } + else { + $config['system']['earlyshellcmd'] = "{$earlyshellcmd}"; + $msg = "\n** Adding earlyshellcmd **\n"; + } + } + conf_mount_ro(); + } + else { + if (file_exists("{$pfb['aliasarchive']}")) { + // Remove Aliastables archive if found. + conf_mount_rw(); + @unlink_if_exists("{$pfb['aliasarchive']}"); + conf_mount_ro(); + } + // Remove earlyshellcmd if found. + if (is_array($config['system']['earlyshellcmd'])) { + $a_earlyshellcmd = &$config['system']['earlyshellcmd']; + if (preg_grep("/pfblockerng.sh aliastables/", $a_earlyshellcmd)) { + $a_earlyshellcmd = preg_grep("/pfblockerng.sh aliastables/", $a_earlyshellcmd, PREG_GREP_INVERT); + $msg = "\n** Removing earlyshellcmd **\n"; + } + } + } + + if ($msg != "") + pfb_logger("{$msg}","1"); +} + + # Main pfBlockerNG Function function sync_package_pfblockerng($cron = "") { @@ -350,22 +405,24 @@ function sync_package_pfblockerng($cron = "") { } log_error("[pfBlockerNG] Starting sync process."); + // Force Update - Set 'Save' variable when 'No Updates' found. + if ($cron == "noupdates") { + $pfb['save'] = TRUE; + } + # Start of pfBlockerNG Logging to 'pfblockerng.log' if ($pfb['enable'] == "on" && !$pfb['save']) { $log = " UPDATE PROCESS START [ NOW ]\n"; + pfb_logger("{$log}","1"); } else { - $log = "\n**Saving Configuration [ NOW ] ...\n"; + if ($cron != "noupdates") { + $log = "\n**Saving Configuration [ NOW ] ...\n"; + pfb_logger("{$log}","1"); + } } - pfb_logger("{$log}","1"); - - # TBC if Required ! (Fetch Timeout in 2.2) - #apply fetch timeout to pfsense-utils.inc - $pfsense_utils = file_get_contents('/etc/inc/pfsense-utils.inc'); - $new_pfsense_utils = preg_replace("/\/usr\/bin\/fetch -q/","/usr/bin/fetch -T 5 -q",$pfsense_utils); - if ($new_pfsense_utils != $pfsense_utils) { - @file_put_contents('/etc/inc/pfsense-utils.inc',$new_pfsense_utils, LOCK_EX); - } + // Call function for NanoBSD/Ramdisk processes. + pfb_aliastables("conf"); # Collect pfSense Max Table Size Entry $pfb['table_limit'] = ($config['system']['maximumtableentries'] != "" ? $config['system']['maximumtableentries'] : "2000000"); @@ -453,9 +510,9 @@ function sync_package_pfblockerng($cron = "") { } - ############################################# - # Configure ARRAYS # - ############################################# + ################################# + # Configure ARRAYS # + ################################# $continents = array ( "Africa" => "pfB_Africa", "Antartica" => "pfB_Antartica", @@ -514,9 +571,9 @@ function sync_package_pfblockerng($cron = "") { ); - ############################################# - # Configure Rule Suffix # - ############################################# + ######################################### + # Configure Rule Suffix # + ######################################### # Discover if any Rules are AutoRules (If no AutoRules found, $pfb['autorules'] is FALSE, Skip Rules Re-Order ) # To configure Auto Rule Suffix. pfBlockerNG must be disabled to change Suffix and to avoid Duplicate Rules @@ -586,9 +643,9 @@ function sync_package_pfblockerng($cron = "") { } - ############################################# - # Configure INBOUND/OUTBOUND INTERFACES # - ############################################# + ######################################################### + # Configure INBOUND/OUTBOUND INTERFACES # + ######################################################### # Collect pfSense Interface Order $ifaces = get_configured_interface_list(); @@ -652,9 +709,9 @@ function sync_package_pfblockerng($cron = "") { } - ############################################# - # Clear Removed Lists from Masterfiles # - ############################################# + ################################################# + # Clear Removed Lists from Masterfiles # + ################################################# # Process to keep Masterfiles in Sync with Valid Lists from config.conf file. $pfb['sync_master'] = TRUE; @@ -878,9 +935,9 @@ function sync_package_pfblockerng($cron = "") { } } - ############################################## - # Clear Match/Pass/ET/Original Files/Folders # - ############################################## + ######################################################### + # Clear Match/Pass/ET/Original Files/Folders # + ######################################################### # When pfBlockerNG is Disabled and 'Keep Blocklists' is Disabled. if ($pfb['enable'] == "" && $pfb['keep'] == "" && !$pfb['install']) { @@ -899,17 +956,17 @@ function sync_package_pfblockerng($cron = "") { } - ############################################# - # Create Suppression Txt File # - ############################################# + ######################################### + # Create Suppression Txt File # + ######################################### if ($pfb['enable'] == "on" && $pfb['supp'] == "on") pfb_create_suppression_file(); - ############################################# - # Assign Countries # - ############################################# + ################################# + # Assign Countries # + ################################# foreach ($continents as $continent => $pfb_alias) { if (is_array($config['installedpackages']['pfblockerng' . strtolower(preg_replace('/ /','',$continent))]['config'])) { @@ -1135,9 +1192,9 @@ function sync_package_pfblockerng($cron = "") { # UNSET variables unset ($continent, $continent_existing, $continent_new); - ############################################# - # Download and Collect IPv4/IPv6 lists # - ############################################# + ################################################# + # Download and Collect IPv4/IPv6 lists # + ################################################# # IPv4 REGEX Definitions $pfb['range'] = '/((?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))-((?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))/'; @@ -1148,21 +1205,25 @@ function sync_package_pfblockerng($cron = "") { # IPv4 preg_replace Regex Filter array $pfb_ipreg = array(); - $pfb_ipreg[0] = '/\b0+(?=\d)/'; # Remove any Leading Zeros in each Octet - $pfb_ipreg[1] = '/\s/'; # Remove any Whitespaces - $pfb_ipreg[2] = '/127\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/'; # Remove any Loopback Addresses 127/8 - $pfb_ipreg[3] = '/0\.0\.0\.0/'; # Remove 0.0.0.0 + $pfb_ipreg[0] = '/\b0+(?=\d)/'; # Remove any Leading Zeros in each Octet + $pfb_ipreg[1] = '/\s/'; # Remove any Whitespaces + $pfb_ipreg[2] = '/127\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/'; # Remove any Loopback Addresses 127/8 + $pfb_ipreg[3] = '/0\.0\.0\.0\/32/'; # Remove 0.0.0.0/32 + $pfb_ipreg[4] = '/0\.0\.0\.0/'; # Remove 0.0.0.0 # IPv6 REGEX Definitions -- ** Still Needs some Adjustment on Regex Definition for IPv6 ** # https://mebsd.com/coding-snipits/php-regex-ipv6-with-preg_match.html $pattern1 = '([A-Fa-f0-9]{1,4}:){7}[A-Fa-f0-9]{1,4}'; - $pattern2 = '([A-Fa-f0-9]{1,4}::([A-Fa-f0-9]{1,4}:){0,5}[A-Fa-f0-9]{1,4}'; + $pattern2 = '[A-Fa-f0-9]{1,4}::([A-Fa-f0-9]{1,4}:){0,5}[A-Fa-f0-9]{1,4}'; $pattern3 = '([A-Fa-f0-9]{1,4}:){2}:([A-Fa-f0-9]{1,4}:){0,4}[A-Fa-f0-9]{1,4}'; $pattern4 = '([A-Fa-f0-9]{1,4}:){3}:([A-Fa-f0-9]{1,4}:){0,3}[A-Fa-f0-9]{1,4}'; $pattern5 = '([A-Fa-f0-9]{1,4}:){4}:([A-Fa-f0-9]{1,4}:){0,2}[A-Fa-f0-9]{1,4}'; $pattern6 = '([A-Fa-f0-9]{1,4}:){5}:([A-Fa-f0-9]{1,4}:){0,1}[A-Fa-f0-9]{1,4}'; $pattern7 = '([A-Fa-f0-9]{1,4}:){6}:[A-Fa-f0-9]{1,4}'; - $pfb['ipv6'] = "/^($pattern1)$|^($pattern2)$|^($pattern3)$|^($pattern4)$|^($pattern5)$|^($pattern6)$|^($pattern7)$/"; + $pattern8 = '[A-Fa-f0-9]{1,4}:[A-Fa-f0-9]{1,4}:[A-Fa-f0-9]{1,4}::\/[0-9]{2}'; + $pattern9 = '[A-Fa-f0-9]{1,4}:([A-Fa-f0-9]{1,4}::)\/[0-9]{2}'; + $pattern10 = '[A-Fa-f0-9]{1,4}::\/[0-9]{2}'; + $pfb['ipv6'] = "/($pattern1)|($pattern2)|($pattern3)|($pattern4)|($pattern5)|($pattern6)|($pattern7)|($pattern8)|($pattern9)|($pattern10)/"; $pfb['supp_update'] = FALSE; $list_type = array ("pfblockernglistsv4" => "_v4", "pfblockernglistsv6" => "_v6"); @@ -1222,7 +1283,7 @@ function sync_package_pfblockerng($cron = "") { $host = @parse_url($row['url']); $list_url = "{$row['url']}"; if ($row['format'] != "rsync" || $row['format'] != "html") { - if ($host['host'] == "127.0.0.1" || $host['host'] == $pfb['iplocal'] || empty($host['host'])) { + if ($host['host'] == "127.0.0.1" || $host['host'] == $pfb['iplocal'] || empty($host['host'])) { $remote_tds = "local"; } else { $remote_tds = @implode(preg_grep("/Last-Modified/", get_headers($list_url))); @@ -1374,12 +1435,14 @@ function sync_package_pfblockerng($cron = "") { if (!empty($url_list)) { if ($row['format'] == "gz" && $vtype == "_v4") { foreach ($url_list as $line) { - # Network range 192.168.0.0-192.168.0.254 - if (preg_match($pfb['range'],$line,$matches)) { - $a_cidr = ip_range_to_subnet_array_temp2($matches[1],$matches[2]); - if (!empty($a_cidr)) { - foreach ($a_cidr as $cidr) { - $new_file .= preg_replace($pfb_ipreg,'',$cidr) . "\n"; + if (!preg_match("/^#/", $line)) { + # Network range 192.168.0.0-192.168.0.254 + if (preg_match($pfb['range'],$line,$matches)) { + $a_cidr = ip_range_to_subnet_array_temp2($matches[1],$matches[2]); + if (!empty($a_cidr)) { + foreach ($a_cidr as $cidr) { + $new_file .= preg_replace($pfb_ipreg,'',$cidr) . "\n"; + } } } } @@ -1388,44 +1451,52 @@ function sync_package_pfblockerng($cron = "") { elseif ($row['format'] == "block" && $vtype == "_v4") { foreach ($url_list as $line) { - # Block Type '218.77.79.0 218.77.79.255 24' - if (preg_match($pfb['block'],$line,$matches)) { - $new_file .= preg_replace($pfb_ipreg, '',$matches[0]) . "/24\n"; + if (!preg_match("/^#/", $line)) { + # Block Type '218.77.79.0 218.77.79.255 24' + if (preg_match($pfb['block'],$line,$matches)) { + $new_file .= preg_replace($pfb_ipreg, '',$matches[0]) . "/24\n"; + } } } } elseif ($row['format'] == "html" && $vtype == "_v4") { foreach ($url_list as $line) { - # CIDR format 192.168.0.0/16 - if (preg_match($pfb['cidr'],$line,$matches)) { - $new_file .= preg_replace($pfb_ipreg, '',$matches[0]) . "\n"; - } - # Single ip addresses - elseif (preg_match($pfb['s_html'],$line,$matches)) { - $new_file .= preg_replace($pfb_ipreg, '',$matches[0]) . "\n"; + if (!preg_match("/^#/", $line)) { + # CIDR format 192.168.0.0/16 + if (preg_match($pfb['cidr'],$line,$matches)) { + $new_file .= preg_replace($pfb_ipreg, '',$matches[0]) . "\n"; + } + # Single ip addresses + elseif (preg_match($pfb['s_html'],$line,$matches)) { + $new_file .= preg_replace($pfb_ipreg, '',$matches[0]) . "\n"; + } } } } elseif ($vtype == "_v6") { foreach ($url_list as $line) { - # IPv6 Regex Match - if (preg_match($pfb['ipv6'],$line,$matches)) { - $new_file .= preg_replace($pfb_ipreg, '',$matches[0]) . "\n"; + if (!preg_match("/^#/", $line)) { + # IPv6 Regex Match + if (preg_match($pfb['ipv6'],$line,$matches)) { + $new_file .= preg_replace($pfb_ipreg, '',$matches[0]) . "\n"; + } } } } else { foreach ($url_list as $line) { - # CIDR format 192.168.0.0/16 - if (preg_match($pfb['cidr'],$line,$matches)) { - $new_file .= preg_replace($pfb_ipreg, '',$matches[0]) . "\n"; - } - # Single ip addresses - elseif (preg_match($pfb['single'],$line,$matches)) { - $new_file .= preg_replace($pfb_ipreg, '',$matches[0]) . "\n"; + if (!preg_match("/^#/", $line)) { + # CIDR format 192.168.0.0/16 + if (preg_match($pfb['cidr'],$line,$matches)) { + $new_file .= preg_replace($pfb_ipreg, '',$matches[0]) . "\n"; + } + # Single ip addresses + elseif (preg_match($pfb['single'],$line,$matches)) { + $new_file .= preg_replace($pfb_ipreg, '',$matches[0]) . "\n"; + } } } } @@ -1502,7 +1573,7 @@ function sync_package_pfblockerng($cron = "") { $ip2 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", "\"^$1\.$2\.$3\.\"", $ip); # Only Perform these Checks if they are not "localfiles" - if ($host['host'] == "127.0.0.1" || $host['host'] == $pfb['iplocal'] || empty($host['host'])) { + if ($host['host'] == "127.0.0.1" || $host['host'] == $pfb['iplocal'] || empty($host['host'])) { $log = " [ {$alias} {$header_url} ] Local File Failure \n"; pfb_logger("{$log}","2"); } else { @@ -1638,9 +1709,9 @@ function sync_package_pfblockerng($cron = "") { } - ############################################# - # REPUTATION PROCESSES # - ############################################# + ################################# + # REPUTATION PROCESSES # + ################################# # IP Reputation processes (pdup and ddup) if ($pfb['pdup'] == "on" && $pfb['dupcheck'] && !$pfb['save'] && $pfb['enable'] == "on") { @@ -1652,9 +1723,9 @@ function sync_package_pfblockerng($cron = "") { exec ("{$pfb['script']} dedup x {$pfb['dmax']} {$pfb['dedup']} {$pfb['ccexclude']} {$pfb['ccwhite']} {$pfb['ccblack']} >> {$pfb['log']} 2>&1"); } - ############################################# - # CONFIGURE ALIASES # - ############################################# + ################################# + # CONFIGURE ALIASES # + ################################# $list_type = array ("pfblockernglistsv4" => "_v4", "pfblockernglistsv6" => "_v6"); foreach ($list_type as $ip_type => $vtype) { @@ -1863,9 +1934,9 @@ function sync_package_pfblockerng($cron = "") { ${$alias} = ""; - ############################################# - # UPDATE PfSENSE ALIAS TABLES # - ############################################# + ######################################### + # UPDATE pfSense ALIAS TABLES # + ######################################### #update pfsense alias table if (is_array($config['aliases']['alias'])) { @@ -1902,9 +1973,9 @@ function sync_package_pfblockerng($cron = "") { unset($new_aliases, $cbalias); - ############################################# - # Assign rules # - ############################################# + ######################### + # Assign Rules # + ######################### # Only Execute if AutoRules are defined or if an Alias has been removed. if ($pfb['autorules'] || $pfb['enable'] == "" || $pfb['remove']) { @@ -2170,50 +2241,10 @@ function sync_package_pfblockerng($cron = "") { unset ($other_rules,$fother_rules,$permit_rules,$fpermit_rules,$match_rules,$fmatch_rules); } - ############################################# - # Define/Apply CRON Jobs # - ############################################# - # Clear any existing pfBlockerNG Cron Jobs - install_cron_job("pfblockerng.php cron", false); - - # Replace Cron job with any User Changes to $pfb_min - if ($pfb['enable'] == "on") { - # Define pfBlockerNG CRON Job - $pfb_cmd = "/usr/local/bin/php /usr/local/www/pfblockerng/pfblockerng.php cron >> {$pfb['log']} 2>&1"; - # $pfb['min'] ( User Defined Variable. Variable defined at start of Script ) - $pfb_hour = "*"; - $pfb_mday = "*"; - $pfb_month = "*"; - $pfb_wday = "*"; - $pfb_who = "root"; - - install_cron_job($pfb_cmd, true, $pfb['min'], $pfb_hour, $pfb_mday, $pfb_month, $pfb_wday, $pfb_who); - } - - # Clear any existing pfBlockerNG MaxMind CRON Job - install_cron_job("pfblockerng.php dc", false); - - if ($pfb['enable'] == "on") { - # Define pfBlockerNG MaxMind CRON Job - $pfb_gcmd = "/usr/local/bin/php /usr/local/www/pfblockerng/pfblockerng.php dc >> {$pfb['geolog']} 2>&1"; - - # MaxMind GeoIP Cron Hour is randomized between 0-23 Hour to minimize effect on MaxMind Website - - $pfb_gmin = "0"; - $pfb_ghour = rand(0,23); - $pfb_gmday = "1,2,3,4,5,6,7"; - $pfb_gmonth = "*"; - $pfb_gwday = "2"; - $pfb_gwho = "root"; - - install_cron_job($pfb_gcmd, true, $pfb_gmin, $pfb_ghour, $pfb_gmday, $pfb_gmonth, $pfb_gwday, $pfb_gwho); - } - - - ############################################# - # Closing Processes # - ############################################# + ################################# + # Closing Processes # + ################################# #uncheck Reusing Existing Downloads Check box if (!$pfb['save'] && $pfb['enable'] == "on") @@ -2226,11 +2257,13 @@ function sync_package_pfblockerng($cron = "") { if ($pfb['autorules'] && $rules != $new_rules || $pfb['enable'] == "" || $pfb['remove']) { require_once("filter.inc"); - $log = "\n===[ Aliastables / Rules ]================================\n\n"; - pfb_logger("{$log}","1"); + if (!$pfb['save']) { + $log = "\n===[ Aliastables / Rules ]================================\n\n"; + pfb_logger("{$log}","1"); - $log = "Firewall Rule Changes Found, Applying Filter Reload \n"; - pfb_logger("{$log}","1"); + $log = "Firewall Rule Changes Found, Applying Filter Reload \n"; + pfb_logger("{$log}","1"); + } # Remove all pfBlockerNG Alias tables if (!empty($aliases_list)) { @@ -2241,6 +2274,9 @@ function sync_package_pfblockerng($cron = "") { #load filter file which will create the pfctl tables filter_configure(); + + // Call function for NanoBSD/Ramdisk processes. + pfb_aliastables("update"); } else { # Don't Execute on User 'Save' if (!$pfb['save']) { @@ -2271,8 +2307,11 @@ function sync_package_pfblockerng($cron = "") { $log = implode($result_pfctl); pfb_logger("{$log}","1"); } + + // Call function for NanoBSD/Ramdisk processes. + pfb_aliastables("update"); } else { - $log = "\n No Changes to Aliases, Skipping pfctl Update \n"; + $log = "\nNo Changes to Aliases, Skipping pfctl Update \n"; pfb_logger("{$log}","1"); } } @@ -2283,9 +2322,9 @@ function sync_package_pfblockerng($cron = "") { #sync config pfblockerng_sync_on_changes(); - ############################################# - # FINAL REPORTING # - ############################################# + ################################# + # FINAL REPORTING # + ################################# # Only run with CRON or Force Invoked Process if ((!$pfb['save'] && $pfb['dupcheck'] && $pfb['enable'] == "on") || $pfb['summary']) { @@ -2297,6 +2336,47 @@ function sync_package_pfblockerng($cron = "") { $log = "\n\n UPDATE PROCESS ENDED [ NOW ]\n"; pfb_logger("{$log}","1"); } + + + ######################################### + # Define/Apply CRON Jobs # + ######################################### + + # Clear any existing pfBlockerNG Cron Jobs + install_cron_job("pfblockerng.php cron", false); + + # Replace Cron job with any User Changes to $pfb_min + if ($pfb['enable'] == "on") { + # Define pfBlockerNG CRON Job + $pfb_cmd = "/usr/local/bin/php /usr/local/www/pfblockerng/pfblockerng.php cron >> {$pfb['log']} 2>&1"; + # $pfb['min'] ( User Defined Variable. Variable defined at start of Script ) + $pfb_hour = "*"; + $pfb_mday = "*"; + $pfb_month = "*"; + $pfb_wday = "*"; + $pfb_who = "root"; + + install_cron_job($pfb_cmd, true, $pfb['min'], $pfb_hour, $pfb_mday, $pfb_month, $pfb_wday, $pfb_who); + } + + # Clear any existing pfBlockerNG MaxMind CRON Job + install_cron_job("pfblockerng.php dc", false); + + if ($pfb['enable'] == "on") { + # Define pfBlockerNG MaxMind CRON Job + $pfb_gcmd = "/usr/local/bin/php /usr/local/www/pfblockerng/pfblockerng.php dc >> {$pfb['geolog']} 2>&1"; + + # MaxMind GeoIP Cron Hour is randomized between 0-23 Hour to minimize effect on MaxMind Website + + $pfb_gmin = "0"; + $pfb_ghour = rand(0,23); + $pfb_gmday = "1,2,3,4,5,6,7"; + $pfb_gmonth = "*"; + $pfb_gwday = "2"; + $pfb_gwho = "root"; + + install_cron_job($pfb_gcmd, true, $pfb_gmin, $pfb_ghour, $pfb_gmday, $pfb_gmonth, $pfb_gwday, $pfb_gwho); + } } @@ -2335,15 +2415,13 @@ function pfblockerng_php_install_command() { @rmdir_recursive("{$pfb['dbdir']}/cc"); # Uncompress Country Code File and delete Archive after extraction. - exec("cd /{$pfb['ccdir']}; /usr/bin/tar -jxvf {$pfb['ccdir']}/countrycodes.tar.bz2"); + @rename("{$pfb['dbdir']}/countrycodes.tar.bz2", "{$pfb['ccdir']}/countrycodes.tar.bz2"); + exec("cd {$pfb['ccdir']}; /usr/bin/tar -jxvf {$pfb['ccdir']}/countrycodes.tar.bz2"); unlink_if_exists("{$pfb['ccdir']}/countrycodes.tar.bz2"); # Download MaxMind Files and Create Country Code files and Build Continent XML Files update_output_window(gettext("Downloading MaxMind Country Databases. This may take a minute...")); exec("/bin/sh /usr/local/pkg/pfblockerng/geoipupdate.sh all >> {$pfb['geolog']} 2>&1"); - @rename("{$pfb['dbdir']}/GeoIP.dat", "{$pfb['ccdir']}/GeoIP.dat"); - @rename("{$pfb['dbdir']}/GeoIPv6.dat", "{$pfb['ccdir']}/GeoIPv6.dat"); - update_output_window(gettext("MaxMind Country Database downloads completed...")); update_output_window(gettext("Converting MaxMind Country Databases for pfBlockerNG. This may take a few minutes...")); pfblockerng_uc_countries(); @@ -2392,6 +2470,15 @@ function pfblockerng_php_deinstall_command() { rmdir_recursive("{$pfb['dbdir']}"); rmdir_recursive("{$pfb['logdir']}"); + // Remove Aliastables archive and earlyshellcmd if found. + @unlink_if_exists("{$pfb['aliasarchive']}"); + if (is_array($config['system']['earlyshellcmd'])) { + $a_earlyshellcmd = &$config['system']['earlyshellcmd']; + if (preg_grep("/pfblockerng.sh aliastables/", $a_earlyshellcmd)) { + $a_earlyshellcmd = preg_grep("/pfblockerng.sh aliastables/", $a_earlyshellcmd, PREG_GREP_INVERT); + } + } + # Remove Settings from Config if (is_array($config['installedpackages']['pfblockerng'])) unset($config['installedpackages']['pfblockerng']); @@ -2564,18 +2651,19 @@ function pfblockerng_do_xmlrpc_sync($sync_to_ip, $port, $protocol, $username, $p $xml = array(); // If User Disabled, remove 'General Tab Customizations' from Sync if ($config['installedpackages']['pfblockerngsync']['config'][0]['syncinterfaces'] == "") - $xml['pfblockerng'] = $config['installedpackages']['pfblockerng']; - $xml['pfblockerngreputation'] = $config['installedpackages']['pfblockerngreputation']; - $xml['pfblockernglistsv4'] = $config['installedpackages']['pfblockernglistsv4']; - $xml['pfblockernglistsv6'] = $config['installedpackages']['pfblockernglistsv6']; - $xml['pfblockerngtopspammers'] = $config['installedpackages']['pfblockerngtopspammers']; - $xml['pfblockerngafrica'] = $config['installedpackages']['pfblockerngafrica']; - $xml['pfblockerngantartica'] = $config['installedpackages']['pfblockerngantartica']; - $xml['pfblockerngasia'] = $config['installedpackages']['pfblockerngasia']; - $xml['pfblockerngeurope'] = $config['installedpackages']['pfblockerngeurope']; - $xml['pfblockerngnorthamerica'] = $config['installedpackages']['pfblockerngnorthamerica']; - $xml['pfblockerngoceania'] = $config['installedpackages']['pfblockerngoceania']; - $xml['pfblockerngsouthamerica'] = $config['installedpackages']['pfblockerngsouthamerica']; + $xml['pfblockerng'] = $config['installedpackages']['pfblockerng']; + $xml['pfblockerngreputation'] = $config['installedpackages']['pfblockerngreputation']; + $xml['pfblockernglistsv4'] = $config['installedpackages']['pfblockernglistsv4']; + $xml['pfblockernglistsv6'] = $config['installedpackages']['pfblockernglistsv6']; + $xml['pfblockerngtopspammers'] = $config['installedpackages']['pfblockerngtopspammers']; + $xml['pfblockerngafrica'] = $config['installedpackages']['pfblockerngafrica']; + $xml['pfblockerngantartica'] = $config['installedpackages']['pfblockerngantartica']; + $xml['pfblockerngasia'] = $config['installedpackages']['pfblockerngasia']; + $xml['pfblockerngeurope'] = $config['installedpackages']['pfblockerngeurope']; + $xml['pfblockerngnorthamerica'] = $config['installedpackages']['pfblockerngnorthamerica']; + $xml['pfblockerngoceania'] = $config['installedpackages']['pfblockerngoceania']; + $xml['pfblockerngsouthamerica'] = $config['installedpackages']['pfblockerngsouthamerica']; + $xml['pfblockerngproxyandsatellite'] = $config['installedpackages']['pfblockerngproxyandsatellite']; /* assemble xmlrpc payload */ $params = array( diff --git a/config/pfblockerng/pfblockerng.js b/config/pfblockerng/pfblockerng.js index cef0ce3b..e1c1ca20 100644 --- a/config/pfblockerng/pfblockerng.js +++ b/config/pfblockerng/pfblockerng.js @@ -1,6 +1,6 @@ /* pfBlockerNG update engine */ -// Part of pfBlockerNG by BBCan177@gmail.com (c) 2014 +// Part of pfBlockerNG by BBCan177@gmail.com (c) 2015 // // Javascript and Integration modifications by J. Nieuwenhuizen diff --git a/config/pfblockerng/pfblockerng.php b/config/pfblockerng/pfblockerng.php index 1db36334..8c0c478d 100644 --- a/config/pfblockerng/pfblockerng.php +++ b/config/pfblockerng/pfblockerng.php @@ -3,7 +3,7 @@ pfBlockerNG.php pfBlockerNG - Copyright (C) 2014 BBcan177@gmail.com + Copyright (C) 2015 BBcan177@gmail.com All rights reserved. Based upon pfBlocker by @@ -12,7 +12,7 @@ Hour Schedule Convertor code by Snort Package - Copyright (c) 2014 Bill Meeks + Copyright (c) 2015 Bill Meeks Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: @@ -44,9 +44,13 @@ require_once("functions.inc"); require_once("pkg-utils.inc"); require_once("globals.inc"); require_once("services.inc"); -require_once("/usr/local/pkg/pfblockerng/pfblockerng.inc"); -pfb_global(); +// Call Include File and Collect updated Global Settings +if (in_array($argv[1], array( 'update','dc','uc','gc','cron' ))) { + require_once("/usr/local/pkg/pfblockerng/pfblockerng.inc"); + pfb_global(); +} + // IPv6 Range to CIDR function used courtesey from: // https://github.com/stilez/pfsense-leases/blob/50cc0fa81dba5fe91bcddaea016c245d1b8479cc/etc/inc/util.inc @@ -147,7 +151,7 @@ $uname = posix_uname(); if ($uname['machine'] == "amd64") ini_set('memory_limit', '256M'); -function pfb_update_check($header_url, $list_url, $url_format) { +function pfb_update_check($header_url, $list_url, $url_format, $pfbfolder) { global $pfb; $pfb['cron_update'] = FALSE; @@ -230,6 +234,12 @@ if ($argv[1] == 'dc') { } pfblockerng_uc_countries(); pfblockerng_get_countries(); + + // Remove Original Maxmind Database Files + @unlink_if_exists("{$pfb['dbdir']}/GeoIPCountryCSV.zip"); + @unlink_if_exists("{$pfb['dbdir']}/GeoIPCountryWhois.csv"); + @unlink_if_exists("{$pfb['dbdir']}/GeoIPv6.csv"); + @unlink_if_exists("{$pfb['dbdir']}/country_continent.csv"); } if ($argv[1] == 'uc') { @@ -241,7 +251,7 @@ if ($argv[1] == 'gc') { } if ($argv[1] == 'cron') { - $hour = date('H'); + $hour = date('G'); $dow = date('N'); $pfb['update_cron'] = FALSE; @@ -260,7 +270,7 @@ if ($argv[1] == 'cron') { $sch2 = strval($shour); for ($i=0; $i<11; $i++) { $shour += 2; - if ($shour > 24) + if ($shour >= 24) $shour -= 24; $sch2 .= "," . strval($shour); } @@ -270,7 +280,7 @@ if ($argv[1] == 'cron') { $sch3 = strval($shour); for ($i=0; $i<7; $i++) { $shour += 3; - if ($shour > 24) + if ($shour >= 24) $shour -= 24; $sch3 .= "," . strval($shour); } @@ -280,7 +290,7 @@ if ($argv[1] == 'cron') { $sch4 = strval($shour); for ($i=0; $i<5; $i++) { $shour += 4; - if ($shour > 24) + if ($shour >= 24) $shour -= 24; $sch4 .= "," . strval($shour); } @@ -290,7 +300,7 @@ if ($argv[1] == 'cron') { $sch6 = strval($shour); for ($i=0; $i<3; $i++) { $shour += 6; - if ($shour > 24) + if ($shour >= 24) $shour -= 24; $sch6 .= "," . strval($shour); } @@ -300,7 +310,7 @@ if ($argv[1] == 'cron') { $sch8 = strval($shour); for ($i=0; $i<2; $i++) { $shour += 8; - if ($shour > 24) + if ($shour >= 24) $shour -= 24; $sch8 .= "," . strval($shour); } @@ -309,7 +319,7 @@ if ($argv[1] == 'cron') { $shour = intval(substr($pfb['hour'], 0, 2)); $sch12 = strval($shour) . ","; $shour += 12; - if ($shour > 24) + if ($shour >= 24) $shour -= 24; $sch12 .= strval($shour); @@ -408,13 +418,11 @@ if ($argv[1] == 'cron') { if ($pfb['update_cron']) { sync_package_pfblockerng("cron"); } else { - $log = "\n No Updates required. \n\n"; + sync_package_pfblockerng("noupdates"); + $log = "\n No Updates required.\n CRON PROCESS ENDED\n UPDATE PROCESS ENDED\n"; pfb_logger("{$log}","1"); } - $log = " CRON PROCESS ENDED [ NOW ]\n"; - pfb_logger("{$log}","1"); - # Call Log Mgmt Function // If Update GUI 'Manual view' is selected. Last output will be missed. So sleep for 5 secs. sleep(5); @@ -425,7 +433,6 @@ if ($argv[1] == 'cron') { // Function to process the downloaded Maxmind Database and format into Continent txt files. function pfblockerng_uc_countries() { global $g,$pfb; - pfb_global(); $maxmind_cont = "{$pfb['dbdir']}/country_continent.csv"; $maxmind_cc4 = "{$pfb['dbdir']}/GeoIPCountryWhois.csv"; @@ -584,7 +591,6 @@ function pfblockerng_uc_countries() { // Function to process Continent txt files and create Country ISO files and to Generate GUI XML files. function pfblockerng_get_countries() { global $g,$pfb; - pfb_global(); $files = array ( "Africa" => "{$pfb['ccdir']}/Africa_v4.txt", "Asia" => "{$pfb['ccdir']}/Asia_v4.txt", @@ -622,7 +628,9 @@ function pfblockerng_get_countries() { if (preg_match("/#/",$line)) { if ($pfb['complete']) { ${'coptions' . $type}[] = $country . '-' . $isocode . ' ('. $total .') ' . ' </name><value>' . $isocode . '</value></option>'; - ${'roptions' . $type}[] = $country . '-' . $isocode . ' ('. $total .') ' . ' </name><value>' . $isocode . '</value></option>'; + // Only collect IPv4 for Reputation Tab + if ($type == "4") + $roptions4[] = $country . '-' . $isocode . ' ('. $total .') ' . ' </name><value>' . $isocode . '</value></option>'; // Save ISO data @file_put_contents($pfb['ccdir'] . '/' . $isocode . '_v' . $type . '.txt', $xml_data, LOCK_EX); @@ -646,7 +654,8 @@ function pfblockerng_get_countries() { if ($keycount == $lastkey) { if (preg_match("/Total Networks: 0/", $line)) { continue;} // Dont Display Countries with Null Data ${'coptions' . $type}[] = $country . '-' . $isocode . ' ('. $total .') ' . ' </name><value>' . $isocode . '</value></option>'; - ${'roptions' . $type}[] = $country . '-' . $isocode . ' ('. $total .') ' . ' </name><value>' . $isocode . '</value></option>'; + if ($type == "4") + $roptions4[] = $country . '-' . $isocode . ' ('. $total .') ' . ' </name><value>' . $isocode . '</value></option>'; @file_put_contents($pfb['ccdir'] . '/' . $isocode . '_v' . $type . '.txt', $xml_data, LOCK_EX); unset($total, $xml_data); } @@ -687,7 +696,7 @@ $xml = <<<EOF pfblockerng_{$cont_name}.xml pfBlockerNG - Copyright (C) 2014 BBcan177@gmail.com + Copyright (C) 2015 BBcan177@gmail.com All rights reserved. Based upon pfblocker for pfSense @@ -962,13 +971,12 @@ EOF; // Sort Countries IPv4 Alphabetically and Build XML <option> Data for Reputation Tab (IPv6 not used by ET IQRisk) - $type = "4"; - sort(${'roptions' . $type}, SORT_STRING); - $eoa = count(${'roptions' . $type}); + sort($roptions4, SORT_STRING); + $eoa = count($roptions4); $count = 1; $etoptions = ""; - foreach (${'roptions' . $type} as $option4) { + foreach ($roptions4 as $option4) { if ($count == 1) { $et_options .= "\t" . '<option><name>' . $option4 . "\n"; $count++; continue; } if ($eoa == $count) { $et_options .= "\t\t\t\t" . '<option><name>' . $option4; @@ -993,7 +1001,7 @@ $xmlrep = <<<EOF pfBlockerNG_Reputation.xml pfBlockerNG - Copyright (C) 2014 BBcan177@gmail.com + Copyright (C) 2015 BBcan177@gmail.com All rights reserved. Based upon pfblocker for pfSense @@ -1470,6 +1478,6 @@ EOF; pfb_logger("{$log}","3"); // Unset Arrays - unset ($et_options, $xmlrep); + unset ($roptions4, $et_options, $xmlrep); } ?>
\ No newline at end of file diff --git a/config/pfblockerng/pfblockerng.sh b/config/pfblockerng/pfblockerng.sh index cc11be6b..e010a6e5 100644 --- a/config/pfblockerng/pfblockerng.sh +++ b/config/pfblockerng/pfblockerng.sh @@ -1,6 +1,6 @@ #!/bin/sh # pfBlockerNG IP Reputation Script - By BBcan177@gmail.com - 04-12-14 -# Copyright (C) 2014 BBcan177@gmail.com +# Copyright (C) 2015 BBcan177@gmail.com # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License Version 2 as @@ -35,6 +35,7 @@ etblock=$(echo $8 | sed 's/,/, /g') etmatch=$(echo $9 | sed 's/,/, /g') # File Locations +aliasarchive="/usr/pbi/pfblockerng-$mtype/etc/aliastables.tar.bz2" pathgeoipdat=/usr/pbi/pfblockerng-$mtype/share/GeoIP/GeoIP.dat pfbsuppression=/var/db/pfblockerng/pfbsuppression.txt masterfile=/var/db/pfblockerng/masterfile @@ -46,6 +47,7 @@ errorlog=/var/log/pfblockerng/error.log etdir=/var/db/pfblockerng/ET tmpxlsx=/tmp/xlsx/ +pfbdbdir=/var/db/pfblockerng/ pfbdeny=/var/db/pfblockerng/deny/ pfborig=/var/db/pfblockerng/original/ pfbmatch=/var/db/pfblockerng/match/ @@ -65,6 +67,17 @@ syncfile=/tmp/pfbsyncfile matchfile=/tmp/pfbmatchfile tempmatchfile=/tmp/pfbtempmatchfile +PLATFORM=`cat /etc/platform` +USE_MFS_TMPVAR=`/usr/bin/grep -c use_mfs_tmpvar /cf/conf/config.xml` +DISK_NAME=`/bin/df /var/db/rrd | /usr/bin/tail -1 | /usr/bin/awk '{print $1;}'` +DISK_TYPE=`/usr/bin/basename ${DISK_NAME} | /usr/bin/cut -c1-2` + +if [ "${PLATFORM}" != "pfSense" ] || [ ${USE_MFS_TMPVAR} -gt 0 ] || [ "${DISK_TYPE}" = "md" ]; then + /usr/local/bin/php /etc/rc.conf_mount_rw >/dev/null 2>&1 + if [ ! -d $pfbdbdir ]; then mkdir $pfbdbdir; fi + if [ ! -d $pfsense_alias_dir ]; then mkdir $pfsense_alias_dir; fi +fi + if [ ! -f $masterfile ]; then touch $masterfile; fi if [ ! -f $mastercat ]; then touch $mastercat; fi if [ ! -f $tempfile ]; then touch $tempfile; fi @@ -79,6 +92,16 @@ if [ ! -d $pfbmatch ]; then mkdir $pfbmatch; fi if [ ! -d $etdir ]; then mkdir $etdir; fi if [ ! -d $tmpxlsx ]; then mkdir $tmpxlsx; fi + +# Exit Function to set mount RO if required before Exiting +exitnow() { + if [ "${PLATFORM}" != "pfSense" ] || [ ${USE_MFS_TMPVAR} -gt 0 ] || [ "${DISK_TYPE}" = "md" ]; then + /usr/local/bin/php /etc/rc.conf_mount_ro >/dev/null 2>&1 + fi + exit +} + + ########## # Process to condense an IP range if a "Max" amount of IP addresses are found in a /24 range per Alias Group. process24() { @@ -86,7 +109,7 @@ process24() { if [ ! -x $pathgeoip ]; then echo "Process24 - Application [ GeoIP ] Not found. Can't proceed." echo "Process24 - Application [ GeoIP ] Not found. Can't proceed. [ $now ]" >> $errorlog - exit + exitnow fi # Download MaxMind GeoIP.dat Binary on first Install. @@ -98,7 +121,7 @@ fi if [ ! -f $pathgeoipdat ]; then echo "Process24 - Database GeoIP [ GeoIP.Dat ] not found. Can't proceed." echo "Process24 - Database GeoIP [ GeoIP.Dat ] not found. Can't proceed. [ $now ]" >> $errorlog - exit + exitnow fi count=$(grep -c ^ $pfbdeny$alias".txt") @@ -192,6 +215,7 @@ echo "-------------------------------------------------------" cocount=$(grep -cv "^1\.1\.1\.1" $pfbdeny$alias".txt") echo "Post /24 Count [ $cocount ]"; echo fi +exitnow } @@ -247,6 +271,7 @@ printf "%-10s %-10s %-10s %-30s\n" "Original" "Masterfile" "Outfile" "Sanity Che echo "----------------------------------------------------------" printf "%-10s %-10s %-10s %-30s\n" "$countg" "$countm" "$counto" " [ $sanity ]" echo "----------------------------------------------------------" +exitnow } @@ -257,7 +282,7 @@ suppress() { if [ ! -x $pathgrepcidr ]; then echo "Application [ Grepcidr ] Not found. Can't proceed. [ $now ]" echo "Application [ Grepcidr ] Not found. Can't proceed. [ $now ]" >> errorlog - exit + exitnow fi if [ -e "$pfbsuppression" ] && [ -s "$pfbsuppression" ]; then @@ -270,7 +295,7 @@ if [ -e "$pfbsuppression" ] && [ -s "$pfbsuppression" ]; then echo; echo "===[ Suppression Stats ]========================================"; echo printf "%-20s %-10s %-10s %-10s %-10s\n" "List" "Pre" "RFC1918" "Suppress" "Masterfile" echo "----------------------------------------------------------------" - exit + exitnow fi for i in $cc; do @@ -342,7 +367,7 @@ else echo "===[ Suppression Stats ]========================================"; echo printf "%-20s %-10s %-10s %-10s %-10s\n" "List" "Pre" "RFC1918" "Suppress" "Masterfile" echo "----------------------------------------------------------------" - exit + exitnow fi for i in $cc; do alias=$(echo "${i%|*}") @@ -372,6 +397,7 @@ else fi done fi +exitnow } @@ -382,7 +408,7 @@ duplicate() { if [ ! -x $pathgrepcidr ]; then echo "Application [ Grepcidr ] Not found. Can't proceed. [ $now ]" echo "Application [ Grepcidr ] Not found. Can't proceed. [ $now ]" >> errorlog - exit + exitnow fi dupcheck=yes @@ -415,6 +441,7 @@ printf "%-10s %-10s %-10s %-30s\n" "Original" "Masterfile" "Outfile" " [ Post Du echo "----------------------------------------------------------" printf "%-10s %-10s %-10s %-30s\n" "$countg" "$countm" "$counto" " [ $sanity ]" echo "----------------------------------------------------------" +exitnow } @@ -425,7 +452,7 @@ deduplication() { if [ ! -x $pathgeoip ]; then echo "d-duplication - Application [ GeoIP ] Not found. Can't proceed." echo "d-duplication - Application [ GeoIP ] Not found. Can't proceed. [ $now ]" >> $errorlog - exit + exitnow fi # Download MaxMind GeoIP.dat on first Install. @@ -438,7 +465,7 @@ fi if [ ! -f $pathgeoipdat ]; then echo "d-duplication - Database GeoIP [ GeoIP.Dat ] not found. Can't proceed." echo "d-duplication - Database GeoIP [ GeoIP.Dat ] not found. Can't proceed. [ $now ]" >> $errorlog - exit + exitnow fi > $tempfile; > $tempfile2; > $dupfile; > $addfile; > $dedupfile; > $matchfile; > $tempmatchfile; count=0; dcount=0; mcount=0; mmcount=0 @@ -541,6 +568,7 @@ echo " [ Post d-Deduplication count ] [ $count ]"; echo # Write "1.1.1.1" to empty Final Blocklist Files emptyfiles=$(find $pfbdeny -size 0) for i in $emptyfiles; do echo "1.1.1.1" > $i; done +exitnow } @@ -551,7 +579,7 @@ pdeduplication(){ if [ ! -x $pathgeoip ]; then echo "p-duplication - Application [ GeoIP ] Not found. Can't proceed." echo "p-duplication - Application [ GeoIP ] Not found. Can't proceed. [ $now ]" >> $errorlog - exit + exitnow fi # Download MaxMind GeoIP.dat on first Install. @@ -563,7 +591,7 @@ fi if [ ! -f $pathgeoipdat ]; then echo "p-duplication - Database GeoIP [ GeoIP.Dat ] not found. Can't proceed." echo "p-duplication - Database GeoIP [ GeoIP.Dat ] not found. Can't proceed. [ $now ]" >> $errorlog - exit + exitnow fi > $tempfile; > $tempfile2; > $dupfile; > $addfile; > $dedupfile; count=0; dcount=0 @@ -616,6 +644,7 @@ echo; echo " [ Post p-Deduplication count ] [ $count ]" # Write "1.1.1.1" to empty Final Blocklist Files emptyfiles=$(find $pfbdeny -size 0) for i in $emptyfiles; do echo "1.1.1.1" > $i; done +exitnow } @@ -626,7 +655,7 @@ processet() { if [ ! -x $pathgunzip ]; then echo "Application [ Gunzip ] Not found, Can't proceed." echo "Application [ Gunzip ] Not found, Can't proceed. [ $now ]" >> $errorlog - exit + exitnow fi if [ -s $pfborig$alias".gz" ]; then @@ -714,6 +743,7 @@ if [ -s $pfborig$alias".gz" ]; then else echo; echo "No ET .GZ File Found!" fi +exitnow } # Process to extract IP addresses from XLSX Files @@ -722,7 +752,7 @@ processxlsx() { if [ ! -x $pathtar ]; then echo "Application [ TAR ] Not found, Can't proceed." echo "Application [ TAR ] Not found, Can't proceed. [ $now ]" >> $errorlog - exit + exitnow fi if [ -s $pfborig$alias".zip" ]; then @@ -738,6 +768,7 @@ else echo "XLSX Download File Missing" echo " [ $alias ] XLSX Download File Missing [ $now ]" >> $errorlog fi +exitnow } closingprocess() { @@ -856,6 +887,7 @@ echo; echo "pfSense Table Stats"; echo "-------------------" $pathpfctl -s memory | grep "table-entries" pfctlcount=$($pathpfctl -vvsTables | awk '/Addresses/ {s+=$2}; END {print s}') echo "Table Usage Count " $pfctlcount +exitnow } remove() { @@ -883,6 +915,15 @@ emptychk=$(find $masterfile -size 0) if [ ! "$emptychk" == "" ]; then rm -r $masterfile; rm -r $mastercat fi +exitnow +} + +# Process to restore aliasables from archive on reboot ( NanoBSD and Ramdisk Installations only ) +aliastables() { + if [ "${PLATFORM}" != "pfSense" ] || [ ${USE_MFS_TMPVAR} -gt 0 ] || [ "${DISK_TYPE}" = "md" ]; then + [ -f $aliasarchive ] && cd $pfsense_alias_dir && /usr/bin/tar -jxvf $aliasarchive + fi + exitnow } @@ -920,8 +961,11 @@ case $1 in remove) remove ;; + aliastables) + aliastables + ;; *) - exit + exitnow ;; esac -exit
\ No newline at end of file +exitnow
\ No newline at end of file diff --git a/config/pfblockerng/pfblockerng.widget.php b/config/pfblockerng/pfblockerng.widget.php index 647017ff..229e084b 100644 --- a/config/pfblockerng/pfblockerng.widget.php +++ b/config/pfblockerng/pfblockerng.widget.php @@ -3,7 +3,7 @@ pfBlockerNG.widget.php pfBlockerNG - Copyright (C) 2014 BBcan177@gmail.com + Copyright (C) 2015 BBcan177@gmail.com All rights reserved. Based Upon pfblocker : diff --git a/config/pfblockerng/pfblockerng.xml b/config/pfblockerng/pfblockerng.xml index e2f4b508..6f7e34ec 100644 --- a/config/pfblockerng/pfblockerng.xml +++ b/config/pfblockerng/pfblockerng.xml @@ -10,7 +10,7 @@ pfBlockerNG.xml pfBlockerNG - Copyright (C) 2014 BBcan177@gmail.com + Copyright (C) 2015 BBcan177@gmail.com All rights reserved. Based upon pfblocker for pfSense @@ -131,7 +131,7 @@ </additional_files_needed> <additional_files_needed> <item>https://packages.pfsense.org/packages/config/pfblockerng/countrycodes.tar.bz2</item> - <prefix>/var/db/pfblockerng/cc/</prefix> + <prefix>/var/db/pfblockerng/</prefix> <chmod>0444</chmod> </additional_files_needed> <additional_files_needed> @@ -230,6 +230,13 @@ If "Keep Settings" is not "enabled" on pkg Install/De-Install, all Settings will be Wiped!]]></description> </field> <field> + <fielddescr><![CDATA[<strong>Keep Settings</strong>/Lists After Disable/Re-Install/De-Install]]></fielddescr> + <fieldname>pfb_keep</fieldname> + <type>checkbox</type> + <description>Keep Settings and Lists intact when pfBlockerNG is Disabled or After pfBlockerNG Re-Install/De-Install</description> + <default_value>on</default_value> + </field> + <field> <fielddescr>CRON MIN Start Time</fielddescr> <fieldname>pfb_min</fieldname> <description><![CDATA[Default: <strong> : 00</strong><br /> @@ -327,12 +334,6 @@ </description> </field> <field> - <fielddescr><![CDATA[<strong>Keep Settings</strong>/Lists After Disable/Re-Install/De-Install]]></fielddescr> - <fieldname>pfb_keep</fieldname> - <type>checkbox</type> - <description>Keep Settings and Lists intact when pfBlockerNG is Disabled or After pfBlockerNG Re-Install/De-Install</description> - </field> - <field> <fielddescr>Global Enable Logging</fielddescr> <fieldname>enable_log</fieldname> <type>checkbox</type> @@ -455,7 +456,7 @@ <fieldname>credits</fieldname> <type>info</type> <description><![CDATA[<strong> - pfBlockerNG</strong> Created in 2014 by <a target=_new href='https://forum.pfsense.org/index.php?action=profile;u=238481'>BBcan177.</a> + pfBlockerNG</strong> Created in 2015 by <a target=_new href='https://forum.pfsense.org/index.php?action=profile;u=238481'>BBcan177.</a> <br /><br />Based upon pfBlocker by Marcello Coutinho and Tom Schaefer.<br /> Country Database GeoLite distributed under the Creative Commons Attribution-ShareAlike 3.0 Unported License by: MaxMind Inc. @ <a target=_new href='http://www.maxmind.com'>MaxMind.com</a>. diff --git a/config/pfblockerng/pfblockerng_alerts.php b/config/pfblockerng/pfblockerng_alerts.php index 7b84bca8..c67420b9 100644 --- a/config/pfblockerng/pfblockerng_alerts.php +++ b/config/pfblockerng/pfblockerng_alerts.php @@ -3,14 +3,14 @@ pfBlockerNG_Alerts.php pfBlockerNG - Copyright (C) 2014 BBcan177@gmail.com + Copyright (C) 2015 BBcan177@gmail.com All rights reserved. Portions of this code are based on original work done for pfSense from the following contributors: Parts based on works from Snort_alerts.php - Copyright (C) 2014 Bill Meeks + Copyright (C) 2015 Bill Meeks All rights reserved. Javascript Hostname Lookup modifications by J. Nieuwenhuizen @@ -39,12 +39,25 @@ POSSIBILITY OF SUCH DAMAGE. */ +// Auto-Resolve Hostnames +if (isset($_REQUEST['getpfhostname'])) { + $getpfhostname = trim(htmlspecialchars($_REQUEST['getpfhostname'])); + if (strlen($getpfhostname) >= 8) { + $hostname = htmlspecialchars(gethostbyaddr($getpfhostname), ENT_QUOTES); + } else { + $hostname = $getpfhostname; + } + if ($hostname == $getpfhostname) { + $hostname = 'unknown'; + } + echo $hostname; + die; +} + require_once("util.inc"); require_once("guiconfig.inc"); -require_once("globals.inc"); -require_once("filter_log.inc"); require_once("/usr/local/pkg/pfblockerng/pfblockerng.inc"); - +global $rule_list; pfb_global(); // Application Paths @@ -56,6 +69,9 @@ $filter_logfile = "{$g['varlog_path']}/filter.log"; $pathgeoipdat = "/usr/pbi/pfblockerng-" . php_uname("m") . "/share/GeoIP/GeoIP.dat"; $pathgeoipdat6 = "/usr/pbi/pfblockerng-" . php_uname("m") . "/share/GeoIP/GeoIPv6.dat"; +// Define Alerts Log filter Rollup window variable. (Alert Filtering Code adapted from B.Meeks - Snort Package) +$pfb['filterlogentries'] = FALSE; + // Emerging Threats IQRisk Header Name Reference $pfb['et_header'] = TRUE; $et_header = $config['installedpackages']['pfblockerngreputation']['config'][0]['et_header']; @@ -78,11 +94,11 @@ $rule_list = array(); $results = array(); $data = exec ("/sbin/pfctl -vv -sr | grep 'pfB_'", $results); -if (empty($config['installedpackages']['pfblockerngglobal']['pfbdenycnt'])) +if (!isset($config['installedpackages']['pfblockerngglobal']['pfbdenycnt'])) $config['installedpackages']['pfblockerngglobal']['pfbdenycnt'] = '25'; -if (empty($config['installedpackages']['pfblockerngglobal']['pfbpermitcnt'])) +if (!isset($config['installedpackages']['pfblockerngglobal']['pfbpermitcnt'])) $config['installedpackages']['pfblockerngglobal']['pfbpermitcnt'] = '5'; -if (empty($config['installedpackages']['pfblockerngglobal']['pfbmatchcnt'])) +if (!isset($config['installedpackages']['pfblockerngglobal']['pfbmatchcnt'])) $config['installedpackages']['pfblockerngglobal']['pfbmatchcnt'] = '5'; if (empty($config['installedpackages']['pfblockerngglobal']['alertrefresh'])) $config['installedpackages']['pfblockerngglobal']['alertrefresh'] = 'off'; @@ -114,6 +130,53 @@ if (is_array($config['installedpackages']['pfblockerngglobal'])) { $pfbmatchcnt = $config['installedpackages']['pfblockerngglobal']['pfbmatchcnt']; } + +function pfb_match_filter_field($flent, $fields) { + foreach ($fields as $key => $field) { + if ($field == null) + continue; + if ((strpos($field, '!') === 0)) { + $field = substr($field, 1); + $field_regex = str_replace('/', '\/', str_replace('\/', '/', $field)); + if (@preg_match("/{$field_regex}/i", $flent[$key])) + return false; + } + else { + $field_regex = str_replace('/', '\/', str_replace('\/', '/', $field)); + if (!@preg_match("/{$field_regex}/i", $flent[$key])) + return false; + } + } + return true; +} + + +if ($_POST['filterlogentries_submit']) { + // Set flag for filtering alert entries + $pfb['filterlogentries'] = TRUE; + + // Note the order of these fields must match the order decoded from the alerts log + $filterfieldsarray = array(); + $filterfieldsarray[0] = $_POST['filterlogentries_rule'] ? $_POST['filterlogentries_rule'] : null; + $filterfieldsarray[2] = $_POST['filterlogentries_int'] ? $_POST['filterlogentries_int'] : null; + $filterfieldsarray[6] = strtolower($_POST['filterlogentries_proto']) ? $_POST['filterlogentries_proto'] : null; + + // Remove any zero-length spaces added to the IP address that could creep in from a copy-paste operation + $filterfieldsarray[7] = $_POST['filterlogentries_srcip'] ? str_replace("\xE2\x80\x8B", "", $_POST['filterlogentries_srcip']) : null; + $filterfieldsarray[8] = $_POST['filterlogentries_dstip'] ? str_replace("\xE2\x80\x8B", "", $_POST['filterlogentries_dstip']) : null; + + $filterfieldsarray[9] = $_POST['filterlogentries_srcport'] ? $_POST['filterlogentries_srcport'] : null; + $filterfieldsarray[10] = $_POST['filterlogentries_dstport'] ? $_POST['filterlogentries_dstport'] : null; + $filterfieldsarray[99] = $_POST['filterlogentries_date'] ? $_POST['filterlogentries_date'] : null; +} + + +if ($_POST['filterlogentries_clear']) { + $pfb['filterlogentries'] = TRUE; + $filterfieldsarray = array(); +} + + // Collect pfBlockerNG Firewall Rules if (!empty($results)) { foreach ($results as $result) { @@ -267,18 +330,6 @@ if (isset($_POST['addsuppress'])) { } } -// Auto-Resolve Hostnames -if (isset($_REQUEST['getpfhostname'])) { - $getpfhostname = htmlspecialchars($_REQUEST['getpfhostname']); - $hostname = htmlspecialchars(gethostbyaddr($getpfhostname), ENT_QUOTES); - if ($hostname == $getpfhostname) { - $hostname = 'unknown'; - } - echo $hostname; - die; -} - - // Host Resolve Function lookup function getpfbhostname($type = 'src', $hostip, $countme = 0) { $hostnames['src'] = ''; @@ -295,6 +346,112 @@ function check_lan_dest($lan_ip,$lan_mask,$dest_ip,$dest_mask="32") { } +// Parse Filter log for pfBlockerNG Alerts +function conv_log_filter_lite($logfile, $nentries, $tail, $pfbdenycnt, $pfbpermitcnt, $pfbmatchcnt) { + global $pfb, $rule_list, $filterfieldsarray; + $fields_array = array(); + $logarr = ""; + $denycnt = 0; + $permitcnt = 0; + $matchcnt = 0; + + if (file_exists($logfile)) { + exec("/usr/local/sbin/clog " . escapeshellarg($logfile) . " | grep -v \"CLOG\" | grep -v \"\033\" | /usr/bin/grep 'filterlog:' | /usr/bin/tail -r -n {$tail}", $logarr); + } + else return; + + if (!empty($logarr) && !empty($rule_list['id'])) { + foreach ($logarr as $logent) { + $pfbalert = array(); + $log_split = ""; + + if (!preg_match("/(.*)\s(.*)\sfilterlog:\s(.*)$/", $logent, $log_split)) + continue; + + list($all, $pfbalert[99], $host, $rule) = $log_split; + $rule_data = explode(",", $rule); + $pfbalert[0] = $rule_data[0]; // Rulenum + + // Skip Alert if Rule is not a pfBNG Alert + if (!in_array($pfbalert[0], $rule_list['id'])) + continue; + + $pfbalert[1] = $rule_data[4]; // Realint + $pfbalert[3] = $rule_data[6]; // Act + $pfbalert[4] = $rule_data[8]; // Version + + if ($pfbalert[4] == "4") { + $pfbalert[5] = $rule_data[15]; // Protocol ID + $pfbalert[6] = $rule_data[16]; // Protocol + $pfbalert[7] = $rule_data[18]; // SRC IP + $pfbalert[8] = $rule_data[19]; // DST IP + $pfbalert[9] = $rule_data[20]; // SRC Port + $pfbalert[10] = $rule_data[21]; // DST Port + $pfbalert[11] = $rule_data[23]; // TCP Flags + } else { + $pfbalert[5] = $rule_data[13]; // Protocol ID + $pfbalert[6] = $rule_data[12]; // Protocol + $pfbalert[7] = $rule_data[15]; // SRC IP + $pfbalert[8] = $rule_data[16]; // DST IP + $pfbalert[9] = $rule_data[17]; // SRC Port + $pfbalert[10] = $rule_data[18]; // DST Port + $pfbalert[11] = $rule_data[20]; // TCP Flags + } + + if ($pfbalert[5] == "6" || $pfbalert[5] == "17") { + // skip + } else { + $pfbalert[9] = ""; + $pfbalert[10] = ""; + $pfbalert[11] = ""; + } + + // Skip Repeated Alerts + if (($pfbalert[3] . $pfbalert[8] . $pfbalert[10]) == $previous_dstip || ($pfbalert[3] . $pfbalert[7] . $pfbalert[9]) == $previous_srcip) + continue; + + $pfbalert[2] = convert_real_interface_to_friendly_descr($rule_data[4]); // Friendly Interface Name + $pfbalert[6] = str_replace("TCP", "TCP-", strtoupper($pfbalert[6]), $pfbalert[6]) . $pfbalert[11]; // Protocol Flags + + // If Alerts Filtering is selected, process Filters as required. + if ($pfb['filterlogentries'] && !pfb_match_filter_field($pfbalert, $filterfieldsarray)) { + continue; + } + + if ($pfbalert[3] == "block") { + if ($denycnt < $pfbdenycnt) { + $fields_array['Deny'][] = $pfbalert; + $denycnt++; + } + } + elseif ($pfbalert[3] == "pass") { + if ($permitcnt < $pfbpermitcnt) { + $fields_array['Permit'][] = $pfbalert; + $permitcnt++; + } + } + elseif ($pfbalert[3] == "unkn(%u)" || $pfbalert[3] == "unkn(11)") { + if ($matchcnt < $pfbmatchcnt) { + $fields_array['Match'][] = $pfbalert; + $matchcnt++; + } + } + + // Exit function if Sufficinet Matches found. + if ($denycnt >= $pfbdenycnt && $permitcnt >= $pfbpermitcnt && $matchcnt >= $pfbmatchcnt) { + unset ($pfbalert, $logarr); + return $fields_array; + } + + // Collect Details for Repeated Alert Comparison + $previous_srcip = $pfbalert[3] . $pfbalert[7] . $pfbalert[9]; + $previous_dstip = $pfbalert[3] . $pfbalert[8] . $pfbalert[10]; + } + unset ($pfbalert, $logarr); + return $fields_array; + } +} + $pgtitle = gettext("pfBlockerNG: Alerts"); include_once("head.inc"); ?> @@ -343,7 +500,7 @@ if ($savemsg) { </tr> <tr> <td><div id="mainarea"> - <table id="maintable" class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="6"> + <table id="maintable" class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="4"> <tr> <td colspan="3" class="vncell" align="left"><?php echo gettext("LINKS :"); ?> <a href='/firewall_aliases.php' target="_blank"><?php echo gettext("Firewall Alias"); ?></a> @@ -371,6 +528,70 @@ if ($savemsg) { <?php printf(gettext("Currently Suppressing %s$pfbsupp_cnt%s Hosts."), '<strong>', '</strong>');?> </td> </tr> + <tr> + <td colspan="3" class="listtopic"><?php echo gettext("Alert Log View Filter"); ?></td> + </tr> + <tr id="filter_enable_row" style="display:<?php if (!$pfb['filterlogentries']) {echo "table-row;";} else {echo "none;";} ?>"> + <td width="10%" class="vncell"><?php echo gettext('Filter Options'); ?></td> + <td width="90%" class="vtable"> + <input name="show_filter" id="show_filter" type="button" class="formbtns" value="<?=gettext("Show Filter");?>" onclick="enable_showFilter();" /> + <?=gettext("Click to display advanced filtering options dialog");?> + </td> + </tr> + <tr id="filter_options_row" style="display:<?php if (!$pfb['filterlogentries']) {echo "none;";} else {echo "table-row;";} ?>"> + <td colspan="2"> + <table width="100%" border="0" cellspacing="0" cellpadding="1" summary="action"> + <tr> + <td valign="top"> + <div align="center"><?=gettext("Date");?></div> + <div align="center"><input id="filterlogentries_date" name="filterlogentries_date" class="formfld search" type="text" size="15" value="<?= $filterfieldsarray[99] ?>" /></div> + </td> + <td valign="top"> + <div align="center"><?=gettext("Interface");?></div> + <div align="center"><input id="filterlogentries_int" name="filterlogentries_int" class="formfld search" type="text" size="15" value="<?= $filterfieldsarray[2] ?>" /></div> + </td> + <td valign="top"> + <div align="center"><?=gettext("Rule Number Only");?></div> + <div align="center"><input id="filterlogentries_rule" name="filterlogentries_rule" class="formfld search" type="text" size="15" value="<?= $filterfieldsarray[0] ?>" /></div> + </td> + <td valign="top"> + <div align="center"><?=gettext("Protocol");?></div> + <div align="center"><input id="filterlogentries_proto" name="filterlogentries_proto" class="formfld search" type="text" size="15" value="<?= $filterfieldsarray[6] ?>" /></div> + </td> + </tr> + <tr> + <td valign="top"> + <div align="center"><?=gettext("Source IP Address");?></div> + <div align="center"><input id="filterlogentries_srcip" name="filterlogentries_srcip" class="formfld search" type="text" size="28" value="<?= $filterfieldsarray[7] ?>" /></div> + </td> + <td valign="top"> + <div align="center"><?=gettext("Source Port");?></div> + <div align="center"><input id="filterlogentries_srcport" name="filterlogentries_srcport" class="formfld search" type="text" size="5" value="<?= $filterfieldsarray[9] ?>" /></div> + </td> + <td valign="top"> + <div align="center"><?=gettext("Destination IP Address");?></div> + <div align="center"><input id="filterlogentries_dstip" name="filterlogentries_dstip" class="formfld search" type="text" size="28" value="<?= $filterfieldsarray[8] ?>" /></div> + </td> + <td valign="top"> + <div align="center"><?=gettext("Destination Port");?></div> + <div align="center"><input id="filterlogentries_dstport" name="filterlogentries_dstport" class="formfld search" type="text" size="5" value="<?= $filterfieldsarray[10] ?>" /></div> + </td> + </tr> + <td colspan="5" style="vertical-align:bottom"> + <br /><?printf(gettext('Regex Style Matching Only! %1$s Regular Expression Help link%2$s.'), '<a target="_blank" href="http://www.php.net/manual/en/book.pcre.php">', '</a>');?> <?=gettext("Precede with exclamation (!) as first character to exclude match.) ");?> + <br /><?printf(gettext("Example: ( ^80$ - Match Port 80, ^80$|^8080$ - Match both port 80 & 8080 ) "));?><br /> + </tr> + <tr> + <td colspan="1" style="vertical-align:bottom"> + <div align="left"><input id="filterlogentries_submit" name="filterlogentries_submit" type="submit" class="formbtns" value="<?=gettext("Apply Filter");?>" title="<?=gettext("Apply filter"); ?>" /> + <input id="filterlogentries_clear" name="filterlogentries_clear" type="submit" class="formbtns" value="<?=gettext("Clear");?>" title="<?=gettext("Remove filter");?>" /> + <input id="filterlogentries_hide" name="filterlogentries_hide" type="button" class="formbtns" value="<?=gettext("Hide");?>" onclick="enable_hideFilter();" title="<?=gettext("Hide filter options");?>" /></div> + </td> + </tr> + </table> + </td> + </tr> + <!--Create Three Output Windows 'Deny', 'Permit' and 'Match'--> <?php foreach (array ("Deny" => $pfb['denydir'] . " " . $pfb['nativedir'], "Permit" => $pfb['permitdir'], "Match" => $pfb['matchdir']) as $type => $pfbfolder ): switch($type) { @@ -396,16 +617,9 @@ if ($savemsg) { <table id="maintable" class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="6"> <tr> <!--Print Table Info--> - <td colspan="2" class="listtopic"><?php printf(gettext(" {$type} - Last %s Alert Entries."), "{$pfbentries}"); ?> - <?php if ($pfb['pfsenseversion'] >= '2.2'): ?> - <?php if (!is_array($config['syslog']) || !array_key_exists("reverse", $config['syslog'])): ?> - <?php echo gettext("Firewall Logs must be in Reverse Order."); ?> - <?php endif; ?> - <?php else: ?> - <?php echo gettext("Firewall Rule changes can unsync these Alerts."); ?> - <?php if (!is_array($config['syslog']) || !array_key_exists("reverse", $config['syslog'])): ?> - <?php echo gettext("Firewall Logs must be in Reverse Order."); ?> - <?php endif; ?> + <td colspan="2" class="listtopic"><?php printf(gettext(" {$type} - Last %s Alert Entries."),"{$pfbentries}"); ?> + <?php if ($type == "Deny"): ?> + <?php echo gettext("Firewall Rule changes can unsync these Alerts."); ?> <?php endif; ?> </td> </tr> @@ -413,12 +627,12 @@ if ($savemsg) { <td width="100%" colspan="2"> <table id="pfbAlertsTable" style="table-layout: fixed;" width="100%" class="sortable" border="0" cellpadding="0" cellspacing="0"> <colgroup> - <col width="8%" align="center" axis="date"> + <col width="7%" align="center" axis="date"> <col width="6%" align="center" axis="string"> - <col width="16%" align="center" axis="string"> + <col width="15%" align="center" axis="string"> <col width="6%" align="center" axis="string"> - <col width="20%" align="center" axis="string"> - <col width="20%" align="center" axis="string"> + <col width="21%" align="center" axis="string"> + <col width="21%" align="center" axis="string"> <col width="3%" align="center" axis="string"> <col width="13%" align="center" axis="string"> </colgroup> @@ -448,13 +662,13 @@ if ($pfb['runonce']) { // pfSense versions below 2.2 have the Logfiles in two lines. if ($pfb['pfsenseversion'] >= '2.2') { - $pfblines = exec("/usr/bin/grep -c ^ {$filter_logfile}"); + $pfblines = exec("/usr/local/sbin/clog {$filter_logfile} | /usr/bin/grep -c ^"); } else { - $pfblines = (exec("/usr/bin/grep -c ^ {$filter_logfile}") /2 ); + $pfblines = (exec("/usr/local/sbin/clog {$filter_logfile} | /usr/bin/grep -c ^") /2 ); } - $fields_array = conv_log_filter($filter_logfile, $pfblines, $pfblines); - $continents = array('pfB_Africa','pfB_Antartica','pfB_Asia','pfB_Europe','pfB_NAmerica','pfB_Oceania','pfB_SAmerica','pfB_Top'); + $fields_array = conv_log_filter_lite($filter_logfile, $pfblines, $pfblines, $pfbdenycnt, $pfbpermitcnt, $pfbmatchcnt); + $continents = array('pfB_Africa','pfB_Antartica','pfB_Asia','pfB_Europe','pfB_NAmerica','pfB_Oceania','pfB_SAmerica','pfB_Top'); $supp_ip_txt .= "Clicking this Suppression Icon, will immediately remove the Block.\n\nSuppressing a /32 CIDR is better than Suppressing the full /24"; $supp_ip_txt .= " CIDR.\nThe Host will be added to the pfBlockerNG Suppress Alias Table.\n\nOnly 32 or 24 CIDR IPs can be Suppressed with the '+' Icon."; @@ -475,7 +689,10 @@ if ($pfb['runonce']) { // Collect Virtual IP Aliases for Inbound/Outbound List Matching if (is_array($config['virtualip']['vip'])) { foreach ($config['virtualip']['vip'] as $list) { - $pfb_local[] = $list['subnet']; + if ($list['type'] == "single" && $list['subnet_bits'] == "32") + $pfb_local[] = $list['subnet']; + elseif ($list['type'] == "single" || $list['type'] == "network") + $pfb_local = array_merge (subnet_expand ("{$list['subnet']}/{$list['subnet_bits']}"), $pfb_local); } } // Collect NAT IP Addresses for Inbound/Outbound List Matching @@ -516,30 +733,31 @@ if ($pfb['runonce']) { $counter = 0; // Process Fields_array and generate Output -if (!empty($fields_array)) { - foreach ($fields_array as $fields) { +if (!empty($fields_array[$type]) && !empty($rule_list)) { + $key = 0; + foreach ($fields_array[$type] as $fields) { $rulenum = ""; $alert_ip = ""; $supp_ip = ""; $pfb_query = ""; - $rulenum = $fields['rulenum']; - if ($fields['act'] == $rtype && !empty($rule_list) && in_array($rulenum, $rule_list['id']) && $counter < $pfbentries) { - - // Skip Repeated Events - if (($fields['dstip'] . $fields['dstport']) == $previous_dstip || ($fields['srcip'] . $fields['srcport']) == $previous_srcip) { - continue; - } - - $proto = str_replace("TCP", "TCP-", $fields['proto']) . $fields['tcpflags']; + /* Fields_array Reference [0] = Rulenum [6] = Protocol + [1] = Real Interface [7] = SRC IP + [2] = Friendly Interface Name [8] = DST IP + [3] = Action [9] = SRC Port + [4] = Version [10] = DST Port + [5] = Protocol ID [11] = Flags + [99] = Timestamp */ + $rulenum = $fields[0]; + if ($counter < $pfbentries) { // Cleanup Port Output - if ($fields['proto'] == "ICMP") { - $srcport = $fields['srcport']; - $dstport = $fields['dstport']; + if ($fields[6] == "ICMP" || $fields[6] == "ICMPV6") { + $srcport = ""; + $dstport = ""; } else { - $srcport = " :" . $fields['srcport']; - $dstport = " :" . $fields['dstport']; + $srcport = ":" . $fields[9]; + $dstport = ":" . $fields[10]; } // Don't add Suppress Icon to Country Block Lines @@ -548,16 +766,10 @@ if (!empty($fields_array)) { } // Add DNS Resolve and Suppression Icons to External IPs only. GeoIP Code to External IPs only. - if (in_array($fields['dstip'], $pfb_local) || check_lan_dest($lan_ip,$lan_mask,$fields['dstip'],"32")) { + if (in_array($fields[8], $pfb_local) || check_lan_dest($lan_ip,$lan_mask,$fields[8],"32")) { // Destination is Gateway/NAT/VIP $rule = $rule_list[$rulenum]['name'] . "<br />(" . $rulenum .")"; - $host = $fields['srcip']; - - if (is_ipaddrv4($host)) { - $country = substr(exec("$pathgeoip -f $pathgeoipdat $host"),23,2); - } else { - $country = substr(exec("$pathgeoip6 -f $pathgeoipdat6 $host"),26,2); - } + $host = $fields[7]; $alert_ip .= "<a href='/pfblockerng/pfblockerng_diag_dns.php?host={$host}' title=\" " . gettext("Resolve host via Rev. DNS lookup"); $alert_ip .= "\"> <img src=\"/themes/{$g['theme']}/images/icons/icon_log.gif\" width=\"11\" height=\"11\" border=\"0\" "; @@ -565,30 +777,22 @@ if (!empty($fields_array)) { if ($pfb_query != "Country" && $rtype == "block" && $pfb['supp'] == "on") { $supp_ip .= "<input type='image' name='addsuppress[]' onclick=\"hostruleid('{$host}','{$rule_list[$rulenum]['name']}');\" "; - $supp_ip .= "src=\"../themes/{$g['theme']}/images/icons/icon_plus.gif\" title=\""; + $supp_ip .= "src=\"../themes/{$g['theme']}/images/icons/icon_pass_add.gif\" title=\""; $supp_ip .= gettext($supp_ip_txt) . "\" border=\"0\" width='11' height='11'/>"; } if ($pfb_query != "Country" && $rtype == "block" && $hostlookup == "on") { - $hostname = getpfbhostname('src', $fields['srcip'], $counter); + $hostname = getpfbhostname('src', $fields[7], $counter); } else { $hostname = ""; } - $src_icons = $alert_ip . " " . $supp_ip . " "; - $dst_icons = ""; - $scc = $country; - $dcc = ""; + $src_icons = $alert_ip . " " . $supp_ip . " "; + $dst_icons = ""; } else { // Outbound $rule = $rule_list[$rulenum]['name'] . "<br />(" . $rulenum .")"; - $host = $fields['dstip']; - - if (is_ipaddrv4($host)) { - $country = substr(exec("$pathgeoip -f $pathgeoipdat $host"),23,2); - } else { - $country = substr(exec("$pathgeoip6 -f $pathgeoipdat6 $host"),26,2); - } + $host = $fields[8]; $alert_ip .= "<a href='/pfblockerng/pfblockerng_diag_dns.php?host={$host}' title=\"" . gettext("Resolve host via Rev. DNS lookup"); $alert_ip .= "\"> <img src=\"/themes/{$g['theme']}/images/icons/icon_log.gif\" width=\"11\" height=\"11\" border=\"0\" "; @@ -596,20 +800,25 @@ if (!empty($fields_array)) { if ($pfb_query != "Country" && $rtype == "block" && $pfb['supp'] == "on") { $supp_ip .= "<input type='image' name='addsuppress[]' onclick=\"hostruleid('{$host}','{$rule_list[$rulenum]['name']}');\" "; - $supp_ip .= "src=\"../themes/{$g['theme']}/images/icons/icon_plus.gif\" title=\""; + $supp_ip .= "src=\"../themes/{$g['theme']}/images/icons/icon_pass_add.gif\" title=\""; $supp_ip .= gettext($supp_ip_txt) . "\" border=\"0\" width='11' height='11'/>"; } if ($pfb_query != "Country" && $rtype == "block" && $hostlookup == "on") { - $hostname = getpfbhostname('dst', $fields['dstip'], $counter); + $hostname = getpfbhostname('dst', $fields[8], $counter); } else { $hostname = ""; } - $src_icons = ""; - $dst_icons = $alert_ip . " " . $supp_ip . " "; - $scc = ""; - $dcc = $country; + $src_icons = ""; + $dst_icons = $alert_ip . " " . $supp_ip . " "; + } + + // Determine Country Code of Host + if (is_ipaddrv4($host)) { + $country = substr(exec("$pathgeoip -f $pathgeoipdat $host"),23,2); + } else { + $country = substr(exec("$pathgeoip6 -f $pathgeoipdat6 $host"),26,2); } # IP Query Grep Exclusion @@ -617,21 +826,19 @@ if (!empty($fields_array)) { $pfb_ex2 = "grep -v 'pfB\_\|/32\|/24\|\_v6\.txt' | grep -m1 '/'"; // Find List which contains Blocked IP Host - if ($pfb_query == "Country") { - # Skip - } else { + if (is_ipaddrv4($host) && $pfb_query != "Country") { // Search for exact IP Match $host1 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '\'$1\.$2\.$3\.$4\'', $host); - $pfb_query = exec("grep -rHm1 {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/:.*//' -e 's/\..*/ /' | {$pfb_ex1}"); + $pfb_query = exec("/usr/bin/grep -rHm1 {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/:.*//' -e 's/\..*/ /' | {$pfb_ex1}"); // Search for IP in /24 CIDR if (empty($pfb_query)) { $host1 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '\'$1\.$2\.$3\.0/24\'', $host); - $pfb_query = exec("grep -rHm1 {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex1}"); + $pfb_query = exec("/usr/bin/grep -rHm1 {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex1}"); } // Search for First Two IP Octets in CIDR Matches Only. Skip any pfB (Country Lists) or /32,/24 Addresses. if (empty($pfb_query)) { $host1 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '\'^$1\.$2\.\'', $host); - $pfb_query = exec("grep -rH {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex2}"); + $pfb_query = exec("/usr/bin/grep -rH {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex2}"); } // Search for First Two IP Octets in CIDR Matches Only (Subtract 1 from second Octet on each loop). // Skip (Country Lists) or /32,/24 Addresses. @@ -640,7 +847,7 @@ if (!empty($fields_array)) { $host2 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '$2', $host); for ($cnt = 1; $cnt <= 5; $cnt++) { $host3 = $host2 - $cnt . '\''; - $pfb_query = exec("grep -rH {$host1}{$host3} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex2}"); + $pfb_query = exec("/usr/bin/grep -rH {$host1}{$host3} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex2}"); // Break out of loop if found. if (!empty($pfb_query)) $cnt = 6; @@ -649,26 +856,30 @@ if (!empty($fields_array)) { // Search for First Three Octets if (empty($pfb_query)) { $host1 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '\'^$1\.$2\.$3\.\'', $host); - $pfb_query = exec("grep -rH {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex2}"); + $pfb_query = exec("/usr/bin/grep -rH {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex2}"); } // Search for First Two Octets if (empty($pfb_query)) { $host1 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '\'^$1\.$2\.\'', $host); - $pfb_query = exec("grep -rH {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex2}"); + $pfb_query = exec("/usr/bin/grep -rH {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex2}"); } // Report Specific ET IQRisk Details if ($pfb['et_header'] && preg_match("/{$et_header}/", $pfb_query)) { $host1 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '\'$1\.$2\.$3\.$4\'', $host); - $pfb_query = exec("grep -Hm1 {$host1} {$pfb['etdir']}/* | sed -e 's/^.*[a-zA-Z]\///' -e 's/:.*//' -e 's/\..*/ /' -e 's/ET_/ET IPrep /' "); + $pfb_query = exec("/usr/bin/grep -Hm1 {$host1} {$pfb['etdir']}/* | sed -e 's/^.*[a-zA-Z]\///' -e 's/:.*//' -e 's/\..*/ /' -e 's/ET_/ET IPrep /' "); if (empty($pfb_query)) { $host1 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '\'$1.$2.$3.0/24\'', $host); - $pfb_query = exec("grep -rHm1 {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex1}"); + $pfb_query = exec("/usr/bin/grep -rHm1 {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex1}"); } } - // Default to "No Match" if not found. - if (empty($pfb_query)) - $pfb_query = "No Match"; } + elseif (is_ipaddrv6($host) && $pfb_query != "Country") { + $pfb_query = exec("/usr/bin/grep -Hm1 {$host} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | grep -v 'pfB\_'"); + } + + // Default to "No Match" if not found. + if (empty($pfb_query)) + $pfb_query = "No Match"; # Split List Column into Two lines. unset ($pfb_match); @@ -683,33 +894,48 @@ if (!empty($fields_array)) { } } + // Add []'s to IPv6 Addresses and add a zero-width space as soft-break opportunity after each colon if we have an IPv6 address (from Snort) + if ($fields[4] == "6") { + $fields[97] = "[" . str_replace(":", ":​", $fields[7]) . "]"; + $fields[98] = "[" . str_replace(":", ":​", $fields[8]) . "]"; + } + else { + $fields[97] = $fields[7]; + $fields[98] = $fields[8]; + } + + // Truncate Long List Names + $pfb_matchtitle = "Country Block Rules cannot be suppressed.\n\nTo allow a particular Country IP, either remove the particular Country or add the Host\nto a Permit Alias in the Firewall Tab.\n\nIf the IP is not listed beside the List, this means that the Block is a /32 entry.\nOnly /32 or /24 CIDR Hosts can be suppressed.\n\nIf (Duplication) Checking is not enabled. You may see /24 and /32 CIDR Blocks for a given blocked Host"; + + if (strlen($pfb_match[1]) >= 17) { + $pfb_matchtitle = $pfb_match[1]; + $pfb_match[1] = substr($pfb_match[1], 0, 16) . '...'; + } + // Print Alternating Line Shading if ($pfb['pfsenseversion'] > '2.0') { - $alertRowEvenClass = "listMReven"; - $alertRowOddClass = "listMRodd"; + $alertRowEvenClass = "listMReven"; + $alertRowOddClass = "listMRodd"; } else { - $alertRowEvenClass = "listr"; - $alertRowOddClass = "listr"; + $alertRowEvenClass = "listr"; + $alertRowOddClass = "listr"; } - // Collect Details for Repeated Alert Comparison - $previous_srcip = $fields['srcip'] . $fields['srcport']; - $previous_dstip = $fields['dstip'] . $fields['dstport']; - $countrycode = trim($scc . $dcc); - $alertRowClass = $counter % 2 ? $alertRowEvenClass : $alertRowOddClass; echo "<tr class='{$alertRowClass}'> - <td class='listMRr' align='center'>{$fields['time']}</td> - <td class='listMRr' align='center'>{$fields['interface']}</td> + <td class='listMRr' align='center'>{$fields[99]}</td> + <td class='listMRr' align='center'>{$fields[2]}</td> <td class='listMRr' align='center' title='The pfBlockerNG Rule that Blocked this Host.'>{$rule}</td> - <td class='listMRr' align='center'>{$proto}</td> - <td nowrap='nowrap' class='listMRr' align='center' style='sorttable_customkey:{$fields['srcip']};' sorttable_customkey='{$fields['srcip']}'>{$src_icons}{$fields['srcip']}{$srcport}<br /><small>{$hostname['src']}</small></td> - <td nowrap='nowrap' class='listMRr' align='center' style='sorttable_customkey:{$fields['dstip']};' sorttable_customkey='{$fields['dstip']}'>{$dst_icons}{$fields['dstip']}{$dstport}<br /><small>{$hostname['dst']}</small></td> - <td class='listMRr' align='center'>{$countrycode}</td> - <td class='listbg' align='center' title='Country Block Rules cannot be suppressed.\n\nTo allow a particular Country IP, either remove the particular Country or add the Host\nto a Permit Alias in the Firewall Tab.\n\nIf the IP is not listed beside the List, this means that the Block is a /32 entry.\nOnly /32 or /24 CIDR Hosts can be suppressed.\n\nIf (Duplication) Checking is not enabled. You may see /24 and /32 CIDR Blocks for a given blocked Host' style=\"font-size: 10px word-wrap:break-word;\">{$pfb_match[1]}<br />{$pfb_match[2]}</td></tr>"; + <td class='listMRr' align='center'>{$fields[6]}</td> + <td class='listMRr' align='center' style='sorttable_customkey:{$fields[7]};' sorttable_customkey='{$fields[7]}'>{$src_icons}{$fields[97]}{$srcport}<br /><small>{$hostname['src']}</small></td> + <td class='listMRr' align='center' style='sorttable_customkey:{$fields[8]};' sorttable_customkey='{$fields[8]}'>{$dst_icons}{$fields[98]}{$dstport}<br /><small>{$hostname['dst']}</small></td> + <td class='listMRr' align='center'>{$country}</td> + <td class='listbg' align='center' title='{$pfb_matchtitle}' style=\"font-size: 10px word-wrap:break-word;\">{$pfb_match[1]}<br />{$pfb_match[2]}</td></tr>"; $counter++; if ($counter > 0 && $rtype == "block") { $mycounter = $counter; + } else { + $mycounter = 0; } } } @@ -719,6 +945,7 @@ if (!empty($fields_array)) { </table> </table> <?php endforeach; ?> <!--End - Create Three Output Windows 'Deny', 'Permit' and 'Match'--> +<?php unset ($fields_array); ?> </td></tr> </table> @@ -756,10 +983,23 @@ function findhostnames(counter) { ) } - var lines = <?php echo $mycounter; ?>; - for (i = 0; i < lines; i++) { - findhostnames(i); +var alertlines = <?php echo $mycounter; ?>; +var autoresolve = "<?php echo $config['installedpackages']['pfblockerngglobal']['hostlookup']; ?>"; +if ( autoresolve == "on" ) { + for (alertcount = 0; alertcount < alertlines; alertcount++) { + setTimeout(findhostnames(alertcount), 30); } +} + +function enable_showFilter() { + document.getElementById("filter_enable_row").style.display="none"; + document.getElementById("filter_options_row").style.display="table-row"; +} + +function enable_hideFilter() { + document.getElementById("filter_enable_row").style.display="table-row"; + document.getElementById("filter_options_row").style.display="none"; +} //]]> </script> diff --git a/config/pfblockerng/pfblockerng_diag_dns.php b/config/pfblockerng/pfblockerng_diag_dns.php index b2f07464..b44bc71c 100644 --- a/config/pfblockerng/pfblockerng_diag_dns.php +++ b/config/pfblockerng/pfblockerng_diag_dns.php @@ -3,7 +3,7 @@ pfBlockerNG_diag_dns.php pfBlockerNG - Copyright (C) 2014 BBcan177@gmail.com + Copyright (C) 2015 BBcan177@gmail.com All rights reserved. Original Code by: @@ -47,11 +47,11 @@ if (is_array($config['aliases']['alias'])) { } $aliasname = str_replace(array(".","-"), "_", $host); $alias_exists = false; -$counter=0; -foreach($a_aliases as $a) { - if($a['name'] == $aliasname) { +$counter = 0; +foreach ($a_aliases as $a) { + if ($a['name'] == $aliasname) { $alias_exists = true; - $id=$counter; + $id = $counter; } $counter++; } @@ -65,36 +65,39 @@ if ($pfs_version > '2.2') { $cmd = '/usr/bin/dig'; } - -if(isset($_POST['create_alias']) && (is_hostname($host) || is_ipaddr($host))) { - if($_POST['override']) +if (isset($_POST['create_alias']) && (is_hostname($host) || is_ipaddr($host))) { + if ($_POST['override']) { $override = true; + } $resolved = gethostbyname($host); $type = "hostname"; - if($resolved) { + if ($resolved) { $resolved = array(); exec("{$cmd} {$host_esc} A | /usr/bin/grep {$host_esc} | /usr/bin/grep -v ';' | /usr/bin/awk '{ print $5 }'", $resolved); $isfirst = true; - foreach($resolved as $re) { - if($re <> "") { - if(!$isfirst) + foreach ($resolved as $re) { + if ($re <> "") { + if (!$isfirst) { $addresses .= " "; + } $addresses .= rtrim($re) . "/32"; $isfirst = false; } } $newalias = array(); - if($override) + if ($override) { $alias_exists = false; - if($alias_exists == false) { + } + if ($alias_exists == false) { $newalias['name'] = $aliasname; $newalias['type'] = "network"; $newalias['address'] = $addresses; $newalias['descr'] = "Created from Diagnostics-> DNS Lookup"; - if($override) + if ($override) { $a_aliases[$id] = $newalias; - else + } else { $a_aliases[] = $newalias; + } write_config(); $createdalias = true; } @@ -118,8 +121,9 @@ if ($_POST) { exec("/usr/bin/grep nameserver /etc/resolv.conf | /usr/bin/cut -f2 -d' '", $dns_servers); foreach ($dns_servers as $dns_server) { $query_time = exec("{$cmd} {$host_esc} " . escapeshellarg("@" . trim($dns_server)) . " | /usr/bin/grep Query | /usr/bin/cut -d':' -f2"); - if($query_time == "") + if ($query_time == "") { $query_time = gettext("No response"); + } $new_qt = array(); $new_qt['dns_server'] = $dns_server; $new_qt['query_time'] = $query_time; @@ -137,18 +141,20 @@ if ($_POST) { $type = "ip"; $resolved = gethostbyaddr($host); $ipaddr = $host; - if ($host != $resolved) + if ($host != $resolved) { $hostname = $resolved; + } } elseif (is_hostname($host)) { $type = "hostname"; $resolved = gethostbyname($host); - if($resolved) { + if ($resolved) { $resolved = array(); exec("{$cmd} {$host_esc} A | /usr/bin/grep {$host_esc} | /usr/bin/grep -v ';' | /usr/bin/awk '{ print $5 }'", $resolved); } $hostname = $host; - if ($host != $resolved) + if ($host != $resolved) { $ipaddr = $resolved[0]; + } } if ($host == $resolved) { @@ -157,6 +163,11 @@ if ($_POST) { } } +if ( ($_POST['host']) && ($_POST['dialog_output']) ) { + display_host_results ($host,$resolved,$dns_speeds); + exit; +} + function display_host_results ($address,$hostname,$dns_speeds) { $map_lengths = function($element) { return strlen($element[0]); }; @@ -179,12 +190,12 @@ function display_host_results ($address,$hostname,$dns_speeds) { include("head.inc"); ?> <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> <?php include("fbegin.inc"); ?> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> +<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="pfblockerng diag dns"> <tr> <td> <?php if ($input_errors) print_input_errors($input_errors); ?> <form action="/pfblockerng/pfblockerng_diag_dns.php" method="post" name="iform" id="iform"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> + <table width="100%" border="0" cellpadding="6" cellspacing="0" summary="tabcont"> <tr> <td colspan="2" valign="top" class="listtopic"> <?=gettext("Resolve DNS hostname or IP");?></td> </tr> @@ -192,68 +203,67 @@ include("head.inc"); ?> <td width="22%" valign="top" class="vncellreq"><?=gettext("Hostname or IP");?></td> <td width="78%" class="vtable"> <?=$mandfldhtml;?> - <table> + <table summary="results"> <tr><td valign="top"> - <input name="host" type="text" class="formfld" id="host" size="20" value="<?=htmlspecialchars($host);?>"> + <input name="host" type="text" class="formfld unknown" id="host" size="20" value="<?=htmlspecialchars($host);?>"> </td> - <td> <?php if ($resolved && $type) { ?> - = <font size="+1"> + <td valign="middle"> = </td><td> + <font size="+1"> <?php $found = 0; - if(is_array($resolved)) { - foreach($resolved as $hostitem) { - if($hostitem <> "") { - echo $hostitem . "<br/>"; + if (is_array($resolved)) { + foreach ($resolved as $hostitem) { + if ($hostitem <> "") { + echo $hostitem . "<br />"; $found++; } } } else { - echo $resolved; - } - if($found > 0) { ?> - <br/><font size='-2'> - <?PHP if($alias_exists) { ?> + echo $resolved; + } + if ($found > 0) { ?> + <br /></font><font size='-2'> + <?php if ($alias_exists) { ?> An alias already exists for the hostname <?= htmlspecialchars($host) ?>. <br /> <input type="hidden" name="override" value="true"/> <input type="submit" name="create_alias" value="Overwrite Alias"/> - <?PHP } else { - if(!$createdalias) { ?> + <?php } else { + if (!$createdalias) { ?> <input type="submit" name="create_alias" value="Create Alias from These Entries"/> - <?PHP } else { ?> + <?php } else { ?> Alias created with name <?= htmlspecialchars($newalias['name']) ?> - <?PHP } + <?php } } } ?> - <font size="-1"> - <? } ?> - </td></tr></table> - </td> + <?php } ?> + </font></td></tr></table> + </td> </tr> -<?php if($_POST): ?> +<?php if ($_POST): ?> <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Resolution time per server");?></td> - <td width="78%" class="vtable"> - <table width="170" border="1" cellpadding="2" style="border-width: 1px 1px 1px 1px; border-collapse: collapse;"> + <td width="22%" valign="top" class="vncell"><?=gettext("Resolution time per server");?></td> + <td width="78%" class="vtable"> + <table width="170" border="0" cellpadding="6" cellspacing="0" summary="resolution time"> <tr> - <td> - <b><?=gettext("Server");?></b> + <td class="listhdrr"> + <?=gettext("Server");?> </td> - <td> - <b><?=gettext("Query time");?></b> + <td class="listhdrr"> + <?=gettext("Query time");?> </td> </tr> <?php - if(is_array($dns_speeds)) - foreach($dns_speeds as $qt): + if (is_array($dns_speeds)) + foreach ($dns_speeds as $qt): ?> <tr> - <td> + <td class="listlr"> <?=$qt['dns_server']?> </td> - <td> + <td class="listr"> <?=$qt['query_time']?> </td> </tr> @@ -261,58 +271,59 @@ include("head.inc"); ?> endforeach; ?> </table> - </td> + </td> </tr> <?php endif; ?> <?php if (!$input_errors && $ipaddr) { ?> <tr> - - <td width="22%" valign="top" class="vncell"><?=gettext("More Information:");?></td> + <td width="22%" valign="top" class="vncell"><?=gettext("More Information:");?></td> <td width="78%" class="vtable"> - <a target="_new" href ="/diag_ping.php?host=<?=htmlspecialchars($host)?>&interface=wan&count=3"><?=gettext("Ping");?></a> <br/> + <a target="_new" href ="/diag_ping.php?host=<?=htmlspecialchars($host)?>&interface=wan&count=3"><?=gettext("Ping");?></a> <br /> <a target="_new" href ="/diag_traceroute.php?host=<?=htmlspecialchars($host)?>&ttl=18"><?=gettext("Traceroute");?></a> <p/> - <?=gettext("NOTE: The following links are to external services, so their reliability cannot be guaranteed.");?><br/><br/> + <?=gettext("NOTE: The following links are to external services, so their reliability cannot be guaranteed.");?><br/><br /> <a target="_new" href="http://private.dnsstuff.com/tools/whois.ch?ip=<?php echo $ipaddr; ?>"><?=gettext("IP WHOIS @ DNS Stuff");?></a><br /> <a target="_new" href="http://private.dnsstuff.com/tools/ipall.ch?ip=<?php echo $ipaddr; ?>"><?=gettext("IP Info @ DNS Stuff");?></a> - <?=gettext("NOTE: The following links are to external services, so their reliability cannot be guaranteed.");?><br/><br/> - <a target="_new" href="http://kb.bothunter.net/ipInfo/nowait.php?IP=<?php echo $ipaddr; ?>"><?=gettext("BOTHunter");?></a><br/> - <a target="_new" href="http://www.ipvoid.com/scan/<?php echo $ipaddr; ?>/"><?=gettext("IPVOID");?></a><br/> - <a target="_new" href="http://www.tcpiputils.com/browse/ip-address/<?php echo $ipaddr; ?>/"><?=gettext("TCPUtils");?></a><br/> - <a target="_new" href="https://www.herdprotect.com/ip-address-<?php echo $ipaddr; ?>.aspx"><?=gettext("Herd Protect");?></a><br/> - <a target="_new" href="https://www.senderbase.org/lookup/ip/?search_string=<?php echo $ipaddr; ?>"><?=gettext("SenderBase");?></a><br/> - <a target="_new" href="http://www.ip-tracker.org/locator/ip-lookup.php?ip=<?php echo $ipaddr; ?>"><?=gettext("IP Tracker");?></a><br/> + <?=gettext("NOTE: The following links are to external services, so their reliability cannot be guaranteed.");?><br /><br /> + <a target="_new" href="http://kb.bothunter.net/ipInfo/nowait.php?IP=<?php echo $ipaddr; ?>"><?=gettext("BOTHunter");?></a><br /> + <a target="_new" href="http://www.ipvoid.com/scan/<?php echo $ipaddr; ?>/"><?=gettext("IPVOID");?></a><br /> + <a target="_new" href="http://www.tcpiputils.com/browse/ip-address/<?php echo $ipaddr; ?>/"><?=gettext("TCPUtils");?></a><br /> + <a target="_new" href="https://www.herdprotect.com/ip-address-<?php echo $ipaddr; ?>.aspx"><?=gettext("Herd Protect");?></a><br /> + <a target="_new" href="https://www.senderbase.org/lookup/ip/?search_string=<?php echo $ipaddr; ?>"><?=gettext("SenderBase");?></a><br /> + <a target="_new" href="http://www.ip-tracker.org/locator/ip-lookup.php?ip=<?php echo $ipaddr; ?>"><?=gettext("IP Tracker");?></a><br /> - <a target="_new" href="https://www.fortiguard.com/ip_rep/index.php?data=/<?php echo $ipaddr; ?>?"><?=gettext("FortiGuard");?></a><br/> - <a target="_new" href="https://www.projecthoneypot.org/ip_<?php echo $ipaddr; ?>"><?=gettext("Project HoneyPot");?></a><br/> - <a target="_new" href="https://www.virustotal.com/en/ip-address/<?php echo $ipaddr; ?>/information"><?=gettext("VirusTotal Info");?></a><br/> - <a target="_new" href="https://www.mcafee.com/threat-intelligence/ip/default.aspx?ip=<?php echo $ipaddr; ?>"><?=gettext("McAfee Threat Center");?></a><br/> - <a target="_new" href="http://sitecheck2.sucuri.net/results/<?php echo $ipaddr; ?>"><?=gettext("Securi SiteCheck");?></a><br/> - <a target="_new" href="https://www.dshield.org/ipinfo.html?IP=<?php echo $ipaddr; ?>"><?=gettext("DShield Threat Lookup");?></a><br/> - <a target="_new" href="https://isc.sans.edu/ipinfo.html?ip=<?php echo $ipaddr; ?>"><?=gettext("Internet Storm Center");?></a><br/> - <a target="_new" href="https://www.mywot.com/en/scorecard/<?php echo $ipaddr; ?>"><?=gettext("Web of Trust (WOT) Scorecard");?></a><br/> - <a target="_new" href="https://quttera.com/sitescan/<?php echo $ipaddr; ?>"><?=gettext("Quattera");?></a><br/> - <a target="_new" href="https://www.iblocklist.com/search.php?string=<?php echo $ipaddr; ?>"><?=gettext("I-Block List");?></a><br/> + <a target="_new" href="https://www.fortiguard.com/ip_rep/index.php?data=/<?php echo $ipaddr; ?>?"><?=gettext("FortiGuard");?></a><br /> + <a target="_new" href="https://www.projecthoneypot.org/ip_<?php echo $ipaddr; ?>"><?=gettext("Project HoneyPot");?></a><br /> + <a target="_new" href="https://www.virustotal.com/en/ip-address/<?php echo $ipaddr; ?>/information"><?=gettext("VirusTotal Info");?></a><br /> + <a target="_new" href="https://www.mcafee.com/threat-intelligence/ip/default.aspx?ip=<?php echo $ipaddr; ?>"><?=gettext("McAfee Threat Center");?></a><br /> + <a target="_new" href="http://sitecheck2.sucuri.net/results/<?php echo $ipaddr; ?>"><?=gettext("Securi SiteCheck");?></a><br /> + <a target="_new" href="https://www.dshield.org/ipinfo.html?IP=<?php echo $ipaddr; ?>"><?=gettext("DShield Threat Lookup");?></a><br /> + <a target="_new" href="https://isc.sans.edu/ipinfo.html?ip=<?php echo $ipaddr; ?>"><?=gettext("Internet Storm Center");?></a><br /> + <a target="_new" href="https://www.mywot.com/en/scorecard/<?php echo $ipaddr; ?>"><?=gettext("Web of Trust (WOT) Scorecard");?></a><br /> + <a target="_new" href="https://quttera.com/sitescan/<?php echo $ipaddr; ?>"><?=gettext("Quattera");?></a><br /> + <a target="_new" href="https://www.iblocklist.com/search.php?string=<?php echo $ipaddr; ?>"><?=gettext("I-Block List");?></a><br /> <p/> - <?=gettext("NOTE: Mail Server DNSRBL Lookups");?><br/><br/> - <a target="_new" href="https://senderscore.org/lookup.php?lookup=<?php echo $ipaddr; ?>&ipLookup=Go"><?=gettext("SenderScore");?></a><br/> - <a target="_new" href="http://www.spamhaus.org/query/bl?ip=<?php echo $ipaddr; ?>"><?=gettext("Spamhaus Blocklist");?></a><br/> - <a target="_new" href="http://www.spamcop.net/w3m?action=checkblock&ip=<?php echo $ipaddr; ?>"><?=gettext("SPAMcop Blocklist");?></a><br/> - <a target="_new" href="http://multirbl.valli.org/lookup/<?php echo $ipaddr; ?>.html"><?=gettext("multirbl RBL Lookup");?></a><br/> - <a target="_new" href="http://mxtoolbox.com/SuperTool.aspx?action=blacklist%3a<?php echo $ipaddr; ?>&run=toolpage"><?=gettext("MXToolbox");?></a><br/> + <?=gettext("NOTE: Mail Server DNSRBL Lookups");?><br /><br /> + <a target="_new" href="https://senderscore.org/lookup.php?lookup=<?php echo $ipaddr; ?>&ipLookup=Go"><?=gettext("SenderScore");?></a><br /> + <a target="_new" href="http://www.spamhaus.org/query/bl?ip=<?php echo $ipaddr; ?>"><?=gettext("Spamhaus Blocklist");?></a><br /> + <a target="_new" href="http://www.spamcop.net/w3m?action=checkblock&ip=<?php echo $ipaddr; ?>"><?=gettext("SPAMcop Blocklist");?></a><br /> + <a target="_new" href="http://multirbl.valli.org/lookup/<?php echo $ipaddr; ?>.html"><?=gettext("multirbl RBL Lookup");?></a><br /> + <a target="_new" href="http://mxtoolbox.com/SuperTool.aspx?action=blacklist%3a<?php echo $ipaddr; ?>&run=toolpage"><?=gettext("MXToolbox");?></a><br /> </td> </tr> <?php } ?> <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> - <br/> - <input name="Submit" type="submit" class="formbtn" value="<?=gettext("DNS Lookup");?>"> + <td width="22%" valign="top"> </td> + <td width="78%"> + <br /> + <input name="Submit" type="submit" class="formbtn" value="<?=gettext("DNS Lookup");?>"> </td> </tr> </table> -</td></tr></table> </form> -<?php include("fend.inc"); ?>
\ No newline at end of file +</td></tr></table> +<?php include("fend.inc"); ?> +</body> +</html>
\ No newline at end of file diff --git a/config/pfblockerng/pfblockerng_log.php b/config/pfblockerng/pfblockerng_log.php index 74f513a2..4c25ce29 100644 --- a/config/pfblockerng/pfblockerng_log.php +++ b/config/pfblockerng/pfblockerng_log.php @@ -3,7 +3,7 @@ pfBlockerNG_Log.php pfBlockerNG - Copyright (c) 2014 BBcan177@gmail.com + Copyright (c) 2015 BBcan177@gmail.com All rights reserved. Portions of this code are based on original work done for the @@ -17,7 +17,7 @@ All rights reserved. Adapted for Suricata by: - Copyright (C) 2014 Bill Meeks + Copyright (C) 2015 Bill Meeks All rights reserved. Javascript and Integration modifications by J. Nieuwenhuizen diff --git a/config/pfblockerng/pfblockerng_sync.xml b/config/pfblockerng/pfblockerng_sync.xml index 00186af8..f6cee305 100644 --- a/config/pfblockerng/pfblockerng_sync.xml +++ b/config/pfblockerng/pfblockerng_sync.xml @@ -10,7 +10,7 @@ pfBlockerNG_sync.xml pfBlockerNG - Copyright (C) 2014 BBcan177@gmail.com + Copyright (C) 2015 BBcan177@gmail.com All rights reserved. Based upon pfblocker for pfSense diff --git a/config/pfblockerng/pfblockerng_top20.xml b/config/pfblockerng/pfblockerng_top20.xml index ccaf68a0..db898112 100644 --- a/config/pfblockerng/pfblockerng_top20.xml +++ b/config/pfblockerng/pfblockerng_top20.xml @@ -10,7 +10,7 @@ pfBlockerNG_Top20.xml pfBlockerNG - Copyright (C) 2014 BBcan177@gmail.com + Copyright (C) 2015 BBcan177@gmail.com All rights reserved. Based upon pfblocker for pfSense diff --git a/config/pfblockerng/pfblockerng_update.php b/config/pfblockerng/pfblockerng_update.php index 99480900..f3a18231 100644 --- a/config/pfblockerng/pfblockerng_update.php +++ b/config/pfblockerng/pfblockerng_update.php @@ -3,7 +3,7 @@ /* pfBlockerNG_Update.php pfBlockerNG - Copyright (C) 2014 BBcan177@gmail.com + Copyright (C) 2015 BBcan177@gmail.com All rights reserved. Portions of this code are based on original work done for diff --git a/config/pfblockerng/pfblockerng_v4lists.xml b/config/pfblockerng/pfblockerng_v4lists.xml index 6df839ed..febfd597 100644 --- a/config/pfblockerng/pfblockerng_v4lists.xml +++ b/config/pfblockerng/pfblockerng_v4lists.xml @@ -9,7 +9,7 @@ pfBlockerNG_v4lists.xml pfBlockerNG - Copyright (C) 2014 BBcan177@gmail.com + Copyright (C) 2015 BBcan177@gmail.com All rights reserved. Based upon pfblocker for pfSense diff --git a/config/pfblockerng/pfblockerng_v6lists.xml b/config/pfblockerng/pfblockerng_v6lists.xml index 15d788cf..10a866c0 100644 --- a/config/pfblockerng/pfblockerng_v6lists.xml +++ b/config/pfblockerng/pfblockerng_v6lists.xml @@ -9,7 +9,7 @@ pfBlockerNG_v6lists.xml pfBlockerNG - Copyright (C) 2014 BBcan177@gmail.com + Copyright (C) 2015 BBcan177@gmail.com All rights reserved. Based upon pfblocker for pfSense |