diff options
Diffstat (limited to 'config')
-rw-r--r-- | config/arpwatch.xml | 2 | ||||
-rw-r--r-- | config/haproxy-devel/haproxy.inc | 14 | ||||
-rw-r--r-- | config/mailreport/mail_reports.inc | 6 | ||||
-rw-r--r-- | config/mailreport/mailreport.xml | 10 | ||||
-rw-r--r-- | config/mailreport/status_mail_report.php | 22 | ||||
-rw-r--r-- | config/mailreport/status_mail_report_add_cmd.php | 6 | ||||
-rw-r--r-- | config/mailreport/status_mail_report_add_graph.php | 6 | ||||
-rw-r--r-- | config/mailreport/status_mail_report_add_log.php | 6 | ||||
-rw-r--r-- | config/mailreport/status_mail_report_edit.php | 8 | ||||
-rwxr-xr-x | config/pf-blocker/pfblocker.inc | 36 | ||||
-rwxr-xr-x | config/pf-blocker/pfblocker_lists.xml | 40 | ||||
-rw-r--r-- | config/unbound/unbound.inc | 22 |
12 files changed, 88 insertions, 90 deletions
diff --git a/config/arpwatch.xml b/config/arpwatch.xml index bf163ad6..7f2e72ef 100644 --- a/config/arpwatch.xml +++ b/config/arpwatch.xml @@ -119,7 +119,7 @@ } $int = convert_friendly_interface_to_real_interface_name($int); $start = "touch {$log_file}\n"; - $start .= "/usr/local/sbin/arpwatch {$debug} -f {$log_file} {$mail} -i {$int} > /var/log/arpwatch.reports 2>&1 &"; + $start .= "/usr/local/sbin/arpwatch {$debug} -f {$log_file} \"{$mail}\" -i {$int} > /var/log/arpwatch.reports 2>&1 &"; $stop = "/usr/bin/killall arpwatch"; write_rcfile(array( "file" => "arpwatch.sh", diff --git a/config/haproxy-devel/haproxy.inc b/config/haproxy-devel/haproxy.inc index d039b55a..9bc0dd80 100644 --- a/config/haproxy-devel/haproxy.inc +++ b/config/haproxy-devel/haproxy.inc @@ -1137,14 +1137,6 @@ function haproxy_check_run($reload) { $a_global = &$config['installedpackages']['haproxy']; $configpath = "{$g['varetc_path']}/haproxy"; - exec("/usr/bin/limits -n 300014"); - - if(use_transparent_clientip_proxying()) { - filter_configure(); - load_ipfw_rules(); - } else - mwexec("/usr/local/sbin/ipfw_context -d haproxy", true); - if(isset($a_global['enable'])) { if (isset($a_global['carpdev'])) { $status = get_carp_interface_status($a_global['carpdev']); @@ -1163,6 +1155,12 @@ function haproxy_check_run($reload) { } else if ($reload == 0) return (0); + if(use_transparent_clientip_proxying()) { + filter_configure(); + load_ipfw_rules(); + } else + mwexec("/usr/local/sbin/ipfw_context -d haproxy", true); + if (haproxy_is_running()) { if (isset($a_global['terminate_on_reload'])) $sf_st = "-st";//terminate old process as soon as the new process is listening diff --git a/config/mailreport/mail_reports.inc b/config/mailreport/mail_reports.inc index 94c7500c..746b4759 100644 --- a/config/mailreport/mail_reports.inc +++ b/config/mailreport/mail_reports.inc @@ -209,11 +209,11 @@ function mail_report_send($headertext, $cmdtext, $logtext, $attachments) { $mail->ContentType = 'text/html'; $mail->IsHTML(true); - $mail->AddReplyTo($config['notifications']['smtp']['fromaddress'], "Firewall Graph Report"); - $mail->SetFrom($config['notifications']['smtp']['fromaddress'], "Firewall Graph Report"); + $mail->AddReplyTo($config['notifications']['smtp']['fromaddress'], "Firewall Email Report"); + $mail->SetFrom($config['notifications']['smtp']['fromaddress'], "Firewall Email Report"); $address = $config['notifications']['smtp']['notifyemailaddress']; $mail->AddAddress($address, "Report Recipient"); - $mail->Subject = "{$config['system']['hostname']}.{$config['system']['domain']} Graph Report: {$headertext}"; + $mail->Subject = "{$config['system']['hostname']}.{$config['system']['domain']} Email Report: {$headertext}"; $mail->Body .= "This is a periodic report from your firewall, {$config['system']['hostname']}.{$config['system']['domain']}.<br /><br />Current report: {$headertext}<br />\n<br />\n"; if (!empty($cmdtext)) $mail->Body .= $cmdtext; diff --git a/config/mailreport/mailreport.xml b/config/mailreport/mailreport.xml index d9c5dfff..72fe6c87 100644 --- a/config/mailreport/mailreport.xml +++ b/config/mailreport/mailreport.xml @@ -37,8 +37,8 @@ ]]> </copyright> <name>mailreport</name> - <version>2.0.9</version> - <title>Status: Mail Reports</title> + <version>2.0.10</version> + <title>Status: Email Reports</title> <additional_files_needed> <prefix>/usr/local/bin/</prefix> <chmod>0755</chmod> @@ -81,8 +81,8 @@ <item>http://www.pfsense.com/packages/config/mailreport/status_mail_report_add_graph.php</item> </additional_files_needed> <menu> - <name>E-Mail Reports</name> - <tooltiptext>Setup periodic e-mail reports.</tooltiptext> + <name>Email Reports</name> + <tooltiptext>Setup periodic email reports.</tooltiptext> <section>Status</section> <url>/status_mail_report.php</url> </menu> @@ -101,4 +101,4 @@ exec("rm /usr/local/www/status_mail_report_add_graph.php"); ]]> </custom_php_deinstall_command> -</packagegui>
\ No newline at end of file +</packagegui> diff --git a/config/mailreport/status_mail_report.php b/config/mailreport/status_mail_report.php index e08a7272..b530587f 100644 --- a/config/mailreport/status_mail_report.php +++ b/config/mailreport/status_mail_report.php @@ -33,8 +33,8 @@ ##|+PRIV ##|*IDENT=page-status-mailreports -##|*NAME=Status: E-Mail Reports page -##|*DESCR=Allow access to the 'Status: E-Mail Reports' page. +##|*NAME=Status: Email Reports page +##|*DESCR=Allow access to the 'Status: Email Reports' page. ##|*MATCH=status_mail_report.php* ##|-PRIV @@ -54,14 +54,14 @@ if ($_GET['act'] == "del") { // Fix up cron job(s) set_mail_report_cron_jobs($a_mailreports); - write_config("Removed Mail Report '{$name}'"); + write_config("Removed Email Report '{$name}'"); configure_cron(); header("Location: status_mail_report.php"); exit; } } -$pgtitle = array(gettext("Status"),gettext("Mail Reports")); +$pgtitle = array(gettext("Status"),gettext("Email Reports")); include("head.inc"); ?> <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> @@ -69,15 +69,15 @@ include("head.inc"); <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr><td><div id="mainarea"> <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr><td colspan="4">Here you can define a list of reports to be sent by e-mail. </td></tr> + <tr><td colspan="4">Here you can define a list of reports to be sent by email. </td></tr> <tr><td> </td></tr> <tr> - <td width="35%" class="listhdr"><?=gettext("Description");?></td> - <td width="25%" class="listhdr"><?=gettext("Schedule");?></td> - <td width="10%" class="listhdr"><?=gettext("Cmds");?></td> - <td width="10%" class="listhdr"><?=gettext("Logs");?></td> - <td width="10%" class="listhdr"><?=gettext("Graphs");?></td> - <td width="10%" class="list"><a href="status_mail_report_edit.php"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> + <td width="34%" class="listhdr"><?=gettext("Description");?></td> + <td width="24%" class="listhdr"><?=gettext("Schedule");?></td> + <td width="12%" class="listhdr"><?=gettext("Commands");?></td> + <td width="12%" class="listhdr"><?=gettext("Logs");?></td> + <td width="12%" class="listhdr"><?=gettext("Graphs");?></td> + <td width="6%" class="list"><a href="status_mail_report_edit.php"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> </tr> <?php $i = 0; foreach ($a_mailreports as $mailreport): ?> <tr ondblclick="document.location='status_mail_report_edit.php?id=<?=$i;?>'"> diff --git a/config/mailreport/status_mail_report_add_cmd.php b/config/mailreport/status_mail_report_add_cmd.php index b4527584..6a924142 100644 --- a/config/mailreport/status_mail_report_add_cmd.php +++ b/config/mailreport/status_mail_report_add_cmd.php @@ -34,8 +34,8 @@ ##|+PRIV ##|*IDENT=page-status-mailreportsaddcmd -##|*NAME=Status: E-Mail Reports: Add Command page -##|*DESCR=Allow access to the 'Status: E-Mail Reports: Add Command' page. +##|*NAME=Status: Email Reports: Add Command page +##|*DESCR=Allow access to the 'Status: Email Reports: Add Command' page. ##|*MATCH=status_mail_report_add_cmd.php* ##|-PRIV @@ -89,7 +89,7 @@ if ($_POST) { } -$pgtitle = array(gettext("Status"),gettext("Add Mail Report Command")); +$pgtitle = array(gettext("Status"),gettext("Add Email Report Command")); include("head.inc"); ?> <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> diff --git a/config/mailreport/status_mail_report_add_graph.php b/config/mailreport/status_mail_report_add_graph.php index 663d8f9b..3f629d56 100644 --- a/config/mailreport/status_mail_report_add_graph.php +++ b/config/mailreport/status_mail_report_add_graph.php @@ -34,8 +34,8 @@ ##|+PRIV ##|*IDENT=page-status-mailreportsaddgraph -##|*NAME=Status: E-Mail Reports: Add Graph page -##|*DESCR=Allow access to the 'Status: E-Mail Reports: Add Graph' page. +##|*NAME=Status: Email Reports: Add Graph page +##|*DESCR=Allow access to the 'Status: Email Reports: Add Graph' page. ##|*MATCH=status_mail_report_add_graph.php* ##|-PRIV @@ -158,7 +158,7 @@ if ($_POST) { } -$pgtitle = array(gettext("Status"),gettext("Add Mail Report Graph")); +$pgtitle = array(gettext("Status"),gettext("Add Email Report Graph")); include("head.inc"); ?> <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> diff --git a/config/mailreport/status_mail_report_add_log.php b/config/mailreport/status_mail_report_add_log.php index 0b140723..83786994 100644 --- a/config/mailreport/status_mail_report_add_log.php +++ b/config/mailreport/status_mail_report_add_log.php @@ -34,8 +34,8 @@ ##|+PRIV ##|*IDENT=page-status-mailreportsaddlog -##|*NAME=Status: E-Mail Reports: Add Log page -##|*DESCR=Allow access to the 'Status: E-Mail Reports: Add Log' page. +##|*NAME=Status: Email Reports: Add Log page +##|*DESCR=Allow access to the 'Status: Email Reports: Add Log' page. ##|*MATCH=status_mail_report_add_log.php* ##|-PRIV @@ -95,7 +95,7 @@ if ($_POST) { } -$pgtitle = array(gettext("Status"),gettext("Add Mail Report Log")); +$pgtitle = array(gettext("Status"),gettext("Add Email Report Log")); include("head.inc"); ?> <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> diff --git a/config/mailreport/status_mail_report_edit.php b/config/mailreport/status_mail_report_edit.php index 6cbb8a67..e51a4fc6 100644 --- a/config/mailreport/status_mail_report_edit.php +++ b/config/mailreport/status_mail_report_edit.php @@ -33,8 +33,8 @@ ##|+PRIV ##|*IDENT=page-status-mailreportsedit -##|*NAME=Status: E-Mail Reports: Edit Report page -##|*DESCR=Allow access to the 'Status: E-Mail Reports: Edit Report' page. +##|*NAME=Status: Email Reports: Edit Report page +##|*DESCR=Allow access to the 'Status: Email Reports: Edit Report' page. ##|*MATCH=status_mail_report_edit.php* ##|-PRIV @@ -203,7 +203,7 @@ if ($_POST) { return; } -$pgtitle = array(gettext("Status"),gettext("Edit Mail Reports")); +$pgtitle = array(gettext("Status"),gettext("Edit Email Reports")); include("head.inc"); ?> <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> @@ -235,7 +235,7 @@ include("head.inc"); <option value="<?php echo $freq; ?>" <?php if($pconfig["frequency"] === $freq) echo "selected"; ?>><?php echo ucwords($freq); ?></option> <?php endforeach; ?> </select> - <br/>Select the frequency for the report to be sent via e-mail. + <br/>Select the frequency for the report to be sent via email. <br/> </td> <td></td> diff --git a/config/pf-blocker/pfblocker.inc b/config/pf-blocker/pfblocker.inc index c40d742e..9740dce5 100755 --- a/config/pf-blocker/pfblocker.inc +++ b/config/pf-blocker/pfblocker.inc @@ -167,15 +167,6 @@ function sync_package_pfblocker($cron="") { #Create rule if action permits switch($continent_config['action']){ case "Deny_Both": - $rule = $base_rule; - $rule["type"] = $deny_action_inbound; - $rule["descr"]= "$pfb_alias auto rule"; - $rule["source"]= array("address"=> $pfb_alias); - $rule["destination"]=array("any"=>""); - if ($pfblocker_config['enable_log']){ - $rule["log"]=""; - } - $deny_inbound[]=$rule; case "Deny_Outbound": $rule = $base_rule; $rule["type"] = $deny_action_outbound; @@ -185,8 +176,9 @@ function sync_package_pfblocker($cron="") { if ($pfblocker_config['enable_log']){ $rule["log"]=""; } - $deny_outbound[]=$rule; - break; + $deny_outbound[]=$rule; + if ($continent_config['action'] != "Deny_Both") + break; case "Deny_Inbound": $rule = $base_rule; $rule["type"] = $deny_action_inbound; @@ -198,6 +190,7 @@ function sync_package_pfblocker($cron="") { } $deny_inbound[]=$rule; break; + case "Permit_Both": case "Permit_Outbound": $rule = $base_rule; $rule["type"] = "pass"; @@ -208,7 +201,8 @@ function sync_package_pfblocker($cron="") { $rule["log"]=""; } $permit_outbound[]=$rule; - break; + if ($continent_config['action'] != "Permit_Both") + break; case "Permit_Inbound": $rule = $base_rule; $rule["type"] = "pass"; @@ -317,15 +311,6 @@ function sync_package_pfblocker($cron="") { #Create rule if action permits switch($list['action']){ case "Deny_Both": - $rule = $base_rule; - $rule["type"] = $deny_action_inbound; - $rule["descr"]= "$alias auto rule"; - $rule["source"]= array("address"=> $alias); - $rule["destination"]=array("any"=>""); - if ($pfblocker_config['enable_log']){ - $rule["log"]=""; - } - $deny_inbound[]=$rule; case "Deny_Outbound": $rule = $base_rule; $rule["type"] = $deny_action_outbound; @@ -335,8 +320,9 @@ function sync_package_pfblocker($cron="") { if ($pfblocker_config['enable_log']){ $rule["log"]=""; } - $deny_outbound[]=$rule; - break; + $deny_outbound[]=$rule; + if ($list['action'] != "Deny_Both") + break; case "Deny_Inbound": $rule = $base_rule; $rule["type"] = $deny_action_inbound; @@ -348,6 +334,7 @@ function sync_package_pfblocker($cron="") { } $deny_inbound[]=$rule; break; + case "Permit_Both": case "Permit_Outbound": $rule = $base_rule; $rule["type"] = "pass"; @@ -358,7 +345,8 @@ function sync_package_pfblocker($cron="") { $rule["log"]=""; } $permit_outbound[]=$rule; - break; + if ($list['action'] != "Permit_Both") + break; case "Permit_Inbound": $rule = $base_rule; $rule["type"] = "pass"; diff --git a/config/pf-blocker/pfblocker_lists.xml b/config/pf-blocker/pfblocker_lists.xml index 4bde4b49..f1798d36 100755 --- a/config/pf-blocker/pfblocker_lists.xml +++ b/config/pf-blocker/pfblocker_lists.xml @@ -18,13 +18,16 @@ Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: + 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE @@ -63,20 +66,24 @@ <active/> </tab> + <tab> <text>Top Spammers</text> <url>/pkg_edit.php?xml=pfblocker_topspammers.xml&id=0</url> </tab> - + + <tab> <text>Africa</text> <url>/pkg_edit.php?xml=pfblocker_Africa.xml&id=0</url> - + + </tab> <tab> <text>Asia</text> <url>/pkg_edit.php?xml=pfblocker_Asia.xml&id=0</url> - + + </tab> <tab> <text>Europe</text> @@ -109,6 +116,7 @@ <fieldname>description</fieldname> </columnitem> + <columnitem> <fielddescr>Action</fielddescr> <fieldname>action</fieldname> @@ -176,15 +184,19 @@ <fielddescr>List Action</fielddescr> <description><![CDATA[Default:<strong>Deny Inbound</strong><br> Select action for network on lists you have selected.<br><br> - <strong>Note: </strong><br>'Deny Both' - Will deny access on Both directions.<br> - 'Deny Inbound' - Will deny access from selected lists to your network.<br> - 'Deny Outbound' - Will deny access from your users to ip lists you selected to block.<br> - 'Permit Inbound' - Will allow access from selected lists to your network.<br> - 'Permit Outbound' - Will allow access from your users to ip lists you selected to block.<br> - 'Disabled' - Will just keep selection and do nothing to selected Lists.<br> - 'Alias Only' - Will create an alias with selected Lists to help custom rule assignments.<br><br> - <strong>While creating rules with this list, keep aliasname in the beggining of rule description and do not end description with 'rule'.<br></strong> - custom rules with 'Aliasname something rule' description will be removed by package.]]></description> + <strong>'Deny' Rules:</strong><br> + 'Deny' rules create high priority 'block' or 'reject' rules on the stated interfaces. They don't change the 'pass' rules on other interfaces. Typical uses of 'Deny' rules are:<br> + <ul><li><strong>Deny Both</strong> - blocks all traffic in both directions, if the source or destination IP is in the block list</li> + <li><strong>Deny Inbound/Deny Outbound</strong> - blocks all traffic in one direction <u>unless</u> it is part of a session started by traffic sent in the other direction. Does not affect traffic in the other direction. </li> + <li>One way 'Deny' rules can be used to selectively block <u>unsolicited</u> incoming (new session) packets in one direction, while still allowing <u>deliberate</u> outgoing sessions to be created in the other direction.</li></ul> + <strong>'Permit' Rules:</strong><br> + 'Permit' rules create high priority 'pass' rules on the stated interfaces. They are not the opposite of Deny rules, and don't create any 'blocking' effect anywhere. They have priority over all Deny rules. Typical uses of 'Permit' rules are:<br> + <ul><li><strong>To ensure</strong> that traffic to/from the listed IPs will <u>always</u> be allowed in the stated directions. They override <u>almost all other</u> Firewall rules on the stated interfaces.</li> + <li><strong>To act as a whitelist</strong> for Deny rule exceptions, for example if a large IP range or pre-created blocklist blocks a few IPs that should be accessible.</li></ul> + <strong>'Alias' and 'Disabled' Rules:</strong><br> + <ul><li><strong>'Alias'</strong> rules create an <a href="/firewall_aliases.php">alias</a> for the list (and do nothing else). This enables a Pfblocker list to be used by name, in any firewall rule or Pfsense function, as desired.</li> + <li><strong>'Disabled'</strong> rules are kept for future use, but nothing is done with them.</li></ul><br> + <strong>While creating rules with this list, keep aliasname in the beginning of rule description and do not end description with 'rule'.</strong> Custom rules with 'Aliasname something rule' description will be removed by package.]]></description> <fieldname>action</fieldname> <type>select</type> <options> @@ -193,6 +205,7 @@ <option><name>Deny Both</name><value>Deny_Both</value></option> <option><name>Permit Inbound</name><value>Permit_Inbound</value></option> <option><name>Permit Outbound</name><value>Permit_Outbound</value></option> + <option><name>Permit Both</name><value>Permit_Both</value></option> <option><name>Alias only</name><value>Alias_only</value></option> <option><name>Disabled</name><value>Disabled</value></option> </options> @@ -238,4 +251,5 @@ <custom_php_resync_config_command> sync_package_pfblocker(); </custom_php_resync_config_command> -</packagegui>
\ No newline at end of file +</packagegui> + diff --git a/config/unbound/unbound.inc b/config/unbound/unbound.inc index d8520390..342b1f2b 100644 --- a/config/unbound/unbound.inc +++ b/config/unbound/unbound.inc @@ -450,8 +450,8 @@ EOF; $harden_dnssec_stripped = ($adv_config['harden_dnssec_stripped'] == "on") ? "yes" : "no"; $prefetch = ($adv_config['prefetch'] == "on") ? "yes" : "no"; $prefetch_key = ($adv_config['prefetch_key'] == "on") ? "yes" : "no"; - $outgoing_num_tcp = (!empty($adv_config['outgoing_num_tcp'])) ? $adv_config['outgoing_num_tcp'] : "10"; - $incoming_num_tcp = (!empty($adv_config['incoming_num_tcp'])) ? $adv_config['incoming_num_tcp'] : "10"; + $outgoing_num_tcp = isset($adv_config['outgoing_num_tcp']) ? $adv_config['outgoing_num_tcp'] : "10"; + $incoming_num_tcp = isset($adv_config['incoming_num_tcp']) ? $adv_config['incoming_num_tcp'] : "10"; $edns_buffer_size = (!empty($adv_config['edns_buffer_size'])) ? $adv_config['edns_buffer_size'] : "4096"; $num_queries_per_thread = (!empty($adv_config['num_queries_per_thread'])) ? $adv_config['num_queries_per_thread'] : "4096"; $jostle_timeout = (!empty($adv_config['jostle_timeout'])) ? $adv_config['jostle_timeout'] : "200"; @@ -541,6 +541,14 @@ access-control: ::1 allow EOD; + # Handle custom options + if (!empty($adv_config['custom_options'])) { + $custom_options = explode(";", ($adv_config['custom_options'])); + $unbound_conf .= "\n# Unbound Custom options\n"; + foreach ($custom_options as $ent) + $unbound_conf .= $ent."\n"; + } + // Set up forward-zones if configured if ($unbound_config['forwarding_mode'] == "on") { $dnsservers = array(); @@ -569,16 +577,6 @@ EOD; } } - - # Handle custom options - if (!empty($adv_config['custom_options'])) { - $custom_options = explode(";", ($unbound_config['custom_options'])); - $unbound_conf .= "\n# Unbound Custom options\n"; - foreach ($custom_options as $ent) { - $unbound_conf .= $ent."\n"; - } - } - $unbound_conf .= <<<EOD ### |