diff options
Diffstat (limited to 'config')
-rw-r--r-- | config/pf-blocker/pfBlocker.widget.php | 40 | ||||
-rwxr-xr-x | config/pf-blocker/pfblocker.inc | 53 | ||||
-rw-r--r-- | config/pf-blocker/pfblocker.php | 43 | ||||
-rwxr-xr-x | config/pf-blocker/pfblocker_lists.xml | 4 |
4 files changed, 109 insertions, 31 deletions
diff --git a/config/pf-blocker/pfBlocker.widget.php b/config/pf-blocker/pfBlocker.widget.php index 53b39ad9..239bfb49 100644 --- a/config/pf-blocker/pfBlocker.widget.php +++ b/config/pf-blocker/pfBlocker.widget.php @@ -28,7 +28,7 @@ @require_once("guiconfig.inc"); @require_once("pfsense-utils.inc"); @require_once("functions.inc"); - +?><div id='pfBlocker'><?php echo "<table style=\"padding-top:0px; padding-bottom:0px; padding-left:0px; padding-right:0px\" width=\"100%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\""; echo" <tr>"; @@ -47,6 +47,16 @@ foreach ($config['aliases']['alias'] as $cbalias){ } } } + +#check rule count +#(label, evaluations,packets total, bytes total, packets in, bytes in,packets out, bytes out) +$packets=exec("/sbin/pfctl -s labels",$debug); +foreach ($debug as $line){ + #USER_RULE: pfBlocker Outbound rule 1656 0 0 0 0 0 0 + if (preg_match("/USER_RULE: (\w+).*\s+\d+\s+(\d+)\s+\d+\s+\d+\s+\d+\s+\d+\s+\d+/",$line,$matches)) + ${$matches[1]}+=$matches[2]; +} + $rules=$config['filter']['rule']; #echo "<pre>"; foreach($rules as $rule){ @@ -61,14 +71,34 @@ print "<pre>"; #exit; print "<td class=\"listlr\"><strong>Alias</strong></td>"; print "<td class=\"listlr\"><strong>CIDRs</strong></td>"; + print "<td class=\"listlr\"><strong>Packets</strong></td>"; print "<td class=\"listlr\"><strong>Status</strong></td></tr>"; - - foreach ($pfb_table as $alias => $values){ print "<td class=\"listlr\">".$alias ."</td>"; print "<td class=\"listlr\">".$values["count"]."</td>"; + print "<td class=\"listlr\">".${$alias}."</td>"; print "<td class=\"listlr\">".$values["img"]."</td></tr>"; } echo" </tr>"; -echo"</table>"; -?>
\ No newline at end of file +echo"</table></div>"; +?> +<script type="text/javascript"> + function getstatus_pfblocker() { + scroll(0,0); + var url = "/widgets/widgets/pfBlocker.widget.php"; + var pars = 'getupdatestatus=yes'; + var myAjax = new Ajax.Request( + url, + { + method: 'get', + parameters: pars, + onComplete: activitycallback_pfblocker + }); + //I know it's ugly but works. + setTimeout('getstatus_pfblocker()', 10000); + } + function activitycallback_pfblocker(transport) { + $('pfBlocker').innerHTML = transport.responseText; + } + getstatus_pfblocker(); +</script>
\ No newline at end of file diff --git a/config/pf-blocker/pfblocker.inc b/config/pf-blocker/pfblocker.inc index 53bf9366..c0ea4982 100755 --- a/config/pf-blocker/pfblocker.inc +++ b/config/pf-blocker/pfblocker.inc @@ -34,6 +34,7 @@ require_once("functions.inc"); require_once("pkg-utils.inc"); require_once("globals.inc"); require_once("filter.inc"); +require_once("services.inc"); function pfb_text_area_decode($text){ return preg_replace('/\r\n/', "\n",base64_decode($text)); @@ -169,7 +170,7 @@ function sync_package_pfblocker() { case "Deny_Outbound": $rule = $base_rule; $rule["type"] = $deny_action_outbound; - $rule["descr"]= "pfBlocker Outbound rule"; + $rule["descr"]= "$pfb_alias auto rule"; $rule["source"]=array("any"=>""); $rule["destination"]= array("address"=> $pfb_alias); if ($pfblocker_config['enable_log']) @@ -179,7 +180,7 @@ function sync_package_pfblocker() { case "Deny_Inbound": $rule = $base_rule; $rule["type"] = $deny_action_inbound; - $rule["descr"]= "pfBlocker Inbound rule"; + $rule["descr"]= "$pfb_alias auto rule"; $rule["source"]= array("address"=> $pfb_alias); $rule["destination"]=array("any"=>""); if ($pfblocker_config['enable_log']) @@ -189,7 +190,7 @@ function sync_package_pfblocker() { case "Permit_Outbound": $rule = $base_rule; $rule["type"] = "pass"; - $rule["descr"]= "pfBlocker Outbound rule"; + $rule["descr"]= "$pfb_alias auto rule"; $rule["source"]=array("any"=>""); $rule["destination"]= array("address"=> $pfb_alias); if ($pfblocker_config['enable_log']) @@ -199,7 +200,7 @@ function sync_package_pfblocker() { case "Permit_Inbound": $rule = $base_rule; $rule["type"] = "pass"; - $rule["descr"]= "pfBlocker Inbound rule"; + $rule["descr"]= "$pfb_alias auto rule"; $rule["source"]= array("address"=> $pfb_alias); $rule["destination"]=array("any"=>""); if ($pfblocker_config['enable_log']) @@ -291,7 +292,7 @@ function sync_package_pfblocker() { case "Deny_Outbound": $rule = $base_rule; $rule["type"] = $deny_action_outbound; - $rule["descr"]= "pfBlocker Outbound rule"; + $rule["descr"]= "$alias auto rule"; $rule["source"]=array("any"=>""); $rule["destination"]= array("address"=> $alias); if ($pfblocker_config['enable_log']) @@ -301,7 +302,7 @@ function sync_package_pfblocker() { case "Deny_Inbound": $rule = $base_rule; $rule["type"] = $deny_action_inbound; - $rule["descr"]= "pfBlocker Inbound rule"; + $rule["descr"]= "$alias auto rule"; $rule["source"]= array("address"=> $alias); $rule["destination"]=array("any"=>""); if ($pfblocker_config['enable_log']) @@ -311,7 +312,7 @@ function sync_package_pfblocker() { case "Permit_Outbound": $rule = $base_rule; $rule["type"] = "pass"; - $rule["descr"]= "pfBlocker Outbound rule"; + $rule["descr"]= "$alias auto rule"; $rule["source"]=array("any"=>""); $rule["destination"]= array("address"=> $alias); if ($pfblocker_config['enable_log']) @@ -321,7 +322,7 @@ function sync_package_pfblocker() { case "Permit_Inbound": $rule = $base_rule; $rule["type"] = "pass"; - $rule["descr"]= "pfBlocker Inbound rule"; + $rule["descr"]= "$alias auto rule"; $rule["source"]= array("address"=> $alias); $rule["destination"]=array("any"=>""); if ($pfblocker_config['enable_log']) @@ -440,10 +441,29 @@ function sync_package_pfblocker() { } $config['filter']['rule']=$new_rules; } - + if ($message == ""){ - #save and apply all changes - + #check cron + $cron_found=0; + if (is_array($config['cron']['item'])){ + $new_cron=array(); + foreach($config['cron']['item'] as $cron){ + if ($cron["command"] == "/usr/local/www/pfblocker.php cron") + $cron_found=1; + $new_cron['item'][]=$cron; + } + if ($cron_found == 0){ + $new_cron['item'][]=array( "minute" => "0", + "hour" => "*", + "mday" => "*", + "month" => "*", + "wday" => "*", + "who" => "root", + "command"=> "/usr/local/www/pfblocker.php cron"); + $config['cron']=$new_cron; + } + } + # to be removed in final version $aliases_list[]="pfBlockerInbound"; #remove previous version lists $aliases_list[]="pfBlockerOutbound";#remove previous version lists @@ -452,11 +472,15 @@ function sync_package_pfblocker() { #update pfctrl tables foreach ($aliases_list as $table) exec("/sbin/pfctl -t " . escapeshellarg($table) . " -T kill 2>&1", $result_pfb); - + #write config write_config(); - #load filter file after editing + #update cron + if ($cron_found == 0) + configure_cron(); + + #load filter file after editing filter_configure(); #sync config @@ -471,11 +495,10 @@ function sync_package_pfblocker() { } function pfblocker_validate_input($post, &$input_errors) { + global $config; foreach ($post as $key => $value) { if (empty($value)) continue; - if($key == "greet_time" && !preg_match("/(\d+),(\d+)(s|m|h|w)/",$value)) - $input_errors[] = "Wrong greet time sintax."; if($key == "message_size_limit" && !is_numeric($value)) $input_errors[] = "Message size limit must be numeric."; if($key == "process_limit" && !is_numeric($value)) diff --git a/config/pf-blocker/pfblocker.php b/config/pf-blocker/pfblocker.php index d6803b49..e6fcd75e 100644 --- a/config/pf-blocker/pfblocker.php +++ b/config/pf-blocker/pfblocker.php @@ -12,16 +12,41 @@ if (preg_match("/(\w+)/",$_REQUEST['pfb'],$matches)) get_networks($matches[1]); #} -if ($argv[1]=='cron' && preg_match("/\d+/",$argv[2],$matches)){ - #require_once("/etc/inc/util.inc"); - #require_once("/etc/inc/functions.inc"); - #require_once("/etc/inc/etpkg-utils.inc"); - #require_once("/etc/inc/globals.inc"); - #require_once("/etc/inc/filter.inc"); +if ($argv[1]=='cron'){ + require_once("/etc/inc/util.inc"); + require_once("/etc/inc/functions.inc"); + require_once("/etc/inc/pkg-utils.inc"); + require_once("/etc/inc/globals.inc"); + require_once("/etc/inc/filter.inc"); + $hour=date('H'); + $pfbdir='/usr/local/pkg/pfblocker'; + $updates=0; + $cron=array('01hour' => 1, + '04hours' => 4, + '12hours' => 12, + 'EveryDay' => 23); + + if($config['installedpackages']['pfblockerlists']['config'] != "") + foreach($config['installedpackages']['pfblockerlists']['config'] as $list){ + if (is_array($list['row'])) + foreach ($list['row'] as $row){ + if ($row['url'] != "" && $hour > 0 ){ + $md5_url = md5($row['url']); + $update_hour=(array_key_exists($list['cron'], $cron)?$cron[$list['cron']]:25); + if($row['url'] && ($hour%$update_hour == 0)){ + print $update_hour." ".$pfbdir.'/'.$md5_url.'.txt'."\n"; + unlink_if_exists($pfbdir.'/'.$md5_url.'.txt'); + $updates++; + } + } + } + } + + if ($updates > 0){ include "/usr/local/pkg/pfblocker.inc"; - print "id".$argv[2]; - sync_package_pfblocker($argv[2]); - } + sync_package_pfblocker(); + } + } function pfblocker_get_countries(){ $files= array ( "Africa" => "/usr/local/pkg/Africa_cidr.txt", diff --git a/config/pf-blocker/pfblocker_lists.xml b/config/pf-blocker/pfblocker_lists.xml index 08574783..0d327165 100755 --- a/config/pf-blocker/pfblocker_lists.xml +++ b/config/pf-blocker/pfblocker_lists.xml @@ -201,10 +201,10 @@ <type>select</type> <options> <option><name>Never</name><value>Never</value></option> + <option><name>Every Hours</name><value>01hour</value></option> <option><name>Every 4 Hours</name><value>04hours</value></option> <option><name>Every 12 Hours</name><value>12hours</value></option> - <option><name>Once a day</name><value>Day</value></option> - <option><name>Once a week</name><value>Week</value></option> + <option><name>Once a day</name><value>EveryDay</value></option> </options> </field> <field> |