aboutsummaryrefslogtreecommitdiffstats
path: root/config
diff options
context:
space:
mode:
Diffstat (limited to 'config')
-rw-r--r--config/haproxy-devel/pkg/haproxy.inc1
-rw-r--r--config/haproxy1_5/pkg/haproxy.inc1
-rw-r--r--config/havp/havp.inc105
-rw-r--r--config/havp/havp.xml5
-rw-r--r--config/squid3/31/squid.inc2
-rwxr-xr-xconfig/squid3/33/squid.inc7
-rwxr-xr-xconfig/squid3/33/squid_cache.xml4
-rwxr-xr-xconfig/squid3/34/squid.inc8
-rwxr-xr-xconfig/squid3/34/squid_cache.xml4
-rw-r--r--config/systempatches/patches.inc6
-rw-r--r--config/systempatches/systempatches.xml2
11 files changed, 54 insertions, 91 deletions
diff --git a/config/haproxy-devel/pkg/haproxy.inc b/config/haproxy-devel/pkg/haproxy.inc
index 13477677..1bc62cb9 100644
--- a/config/haproxy-devel/pkg/haproxy.inc
+++ b/config/haproxy-devel/pkg/haproxy.inc
@@ -453,7 +453,6 @@ EOD;
$haproxy_ocsp = <<<EOD
#!/usr/local/bin/php -f
-
<?php
/*
diff --git a/config/haproxy1_5/pkg/haproxy.inc b/config/haproxy1_5/pkg/haproxy.inc
index f539cff5..30692c3c 100644
--- a/config/haproxy1_5/pkg/haproxy.inc
+++ b/config/haproxy1_5/pkg/haproxy.inc
@@ -433,7 +433,6 @@ EOD;
$haproxy_ocsp = <<<EOD
#!/usr/local/bin/php -f
-
<?php
/*
diff --git a/config/havp/havp.inc b/config/havp/havp.inc
index 9e931a95..e097e122 100644
--- a/config/havp/havp.inc
+++ b/config/havp/havp.inc
@@ -36,11 +36,6 @@ require_once('pfsense-utils.inc');
require_once('pkg-utils.inc');
require_once('service-utils.inc');
-if (!function_exists("filter_configure")) {
- require_once("filter.inc");
-}
-
-
/*
* ------------------------------------------------------------------------------
* Globals
@@ -79,20 +74,23 @@ define('HVFORM_AVSET', 'havpavset');
* ------------------------------------------------------------------------------
*/
/* HAVP */
+global $pf_version;
+$pf_version = substr(trim(file_get_contents("/etc/version")), 0, 3);
define('HVDEF_ADDR', '127.0.0.1');
define('HVDEF_PROXYPORT', '8080');
define('HVDEF_MAXSCANSIZE', '5000000'); // [bytes] ! do not enter 0 or big size !
define('HVDEF_MAXARCSCANSIZE', '5000000'); // [bytes] ! do not enter 0 or big size !
define('HVDEF_PID_FILE', '/var/run/havp.pid');
-$pf_version=substr(trim(file_get_contents("/etc/version")), 0, 3);
if ($pf_version == "2.1" || $pf_version == "2.2") {
define("HVDEF_WORK_DIR", "/usr/pbi/havp-" . php_uname("m") . "/local/etc");
+ define("HVDEF_HAVP_PATH", "/usr/pbi/havp-" . php_uname("m") . "/local/sbin/havp");
define('HVDEF_TEMPLATES', "/usr/pbi/havp-" . php_uname("m") . "/local/share/examples/havp/templates");
define('HVDEF_TEMPLATES_EX', HVDEF_TEMPLATES . '_ex');
} else {
define("HVDEF_WORK_DIR", "/usr/local/etc/havp");
define('HVDEF_TEMPLATES', '/usr/local/share/examples/havp/templates');
+ define("HVDEF_HAVP_PATH", "/usr/local/sbin/havp");
define('HVDEF_TEMPLATES_EX', HVDEF_TEMPLATES . '_ex');
}
@@ -101,7 +99,6 @@ define('HVDEF_TEMP_DIR', '/var/tmp');
define('HVDEF_HAVPTEMP_DIR', HVDEF_TEMP_DIR . '/havp');
define('HVDEF_RAMTEMP_DIR', HVDEF_TEMP_DIR . '/havpRAM');
define('HVDEF_SCANTEMPFILE', '/havp-XXXXXX');
-define('HVDEF_FILTER_RULES', '/tmp/rules.havp');
define('HVDEF_HAVP_CONFIG', HVDEF_WORK_DIR . '/havp.config');
define('HVDEF_HAVP_XMLCONF', HVDEF_WORK_DIR . '/havp_conf.xml');
define('HVDEF_HAVP_WHITELIST', HVDEF_WORK_DIR . '/whitelist');
@@ -118,10 +115,22 @@ define('HVDEF_AVLOG_DIR', '/var/log/clamav');
define('HVDEF_CLAM_SOCKET', HVDEF_CLAM_RUNDIR . '/clamd.sock');
define('HVDEF_CLAM_PID', HVDEF_CLAM_RUNDIR . '/clamd.pid');
define('HVDEF_CLAM_LOG', HVDEF_AVLOG_DIR . '/clamd.log');
-define('HVDEF_CLAM_WORKDIR', '/usr/local/etc');
-define('HVDEF_CLAM_CONFIG', '/usr/local/etc/clamd.conf');
+if ($pf_version == "2.1" || $pf_version == "2.2") {
+ define('HVDEF_CLAM_WORKDIR', HVDEF_WORK_DIR);
+ define('HVDEF_CLAM_CONFIG', HVDEF_WORK_DIR . '/clamd.conf');
+ define('HVDEF_FRESHCLAM_CONF', HVDEF_WORK_DIR . '/freshclam.conf');
+ define("HVDEF_CLAMD_PATH", "/usr/pbi/havp-" . php_uname("m") . "/local/sbin/clamd");
+ define('HVDEF_FRESHCLAM_PATH', "/usr/pbi/havp-" . php_uname("m") . "/local/bin/freshclam");
+ define('HVDEF_SIGTOOL_PATH', "/usr/pbi/havp-" . php_uname("m") . "/local/bin/sigtool");
+} else {
+ define('HVDEF_CLAM_WORKDIR', '/usr/local/etc');
+ define('HVDEF_CLAM_CONFIG', '/usr/local/etc/clamd.conf');
+ define('HVDEF_FRESHCLAM_CONF', '/usr/local/etc/freshclam.conf');
+ define("HVDEF_CLAMD_PATH", "/usr/local/sbin/clamd");
+ define('HVDEF_FRESHCLAM_PATH', "/usr/local/bin/freshclam");
+ define('HVDEF_SIGTOOL_PATH', "/usr/local/bin/sigtool");
+}
define('HVDEF_CLAM_TCPSOCKET', '3310');
-define('HVDEF_FRESHCLAM_CONF', '/usr/local/etc/freshclam.conf');
define('HVDEF_FRESHCLAM_LOG', HVDEF_AVLOG_DIR . '/freshclam.log');
define('HVDEF_CLAMSCAN_LOG', '/var/log/clamscan.log');
define('HVDEF_STATUS_FILE', '/var/tmp/havp.status');
@@ -129,7 +138,6 @@ define('HVDEF_STATUS_FILE', '/var/tmp/havp.status');
/* Scripts */
define('HVDEF_SCRIPT_DIR', '/usr/local/etc/rc.d');
define('HVDEF_AVCRON_SCRIPT', '/clamav-freshclam');
-define('HVDEF_FILTER_RESYNC_SCRIPT', '/usr/local/pkg/pf/havp_filter_resync.sh');
define('HVDEF_HAVP_STARTUP_SCRIPT', HVDEF_SCRIPT_DIR . '/havp.sh');
define('HVDEF_CLAM_STARTUP_SCRIPT', HVDEF_SCRIPT_DIR . '/clamd');
define('HVDEF_AVUPD_SCRIPT', HVDEF_SCRIPT_DIR . '/havp_avupdate');
@@ -234,7 +242,6 @@ function havp_deinstall() {
install_cron_job($crontask, false);
mwexec("/usr/bin/killall -9 havp");
unlink_if_exists(HVDEF_HAVP_STARTUP_SCRIPT);
- unlink_if_exists(HVDEF_FILTER_RESYNC_SCRIPT);
unlink_if_exists(HVDEF_PID_FILE);
// unlink_if_exists(HVDEF_CLAM_STARTUP_SCRIPT);
// unlink_if_exists(HVDEF_AVUPD_SCRIPT);
@@ -375,8 +382,6 @@ function havp_resync() {
havp_reconfigure_freshclam();
havp_reconfigure_cron();
- /* Configure firewall */
- filter_configure();
}
function havp_avset_resync() {
@@ -497,9 +502,6 @@ function havp_check_system() {
havp_startup_script();
hv_clamd_startup_script();
- /* Delete stale script that was used for pfSense 1.2.x */
- unlink_if_exists(HVDEF_FILTER_RESYNC_SCRIPT);
-
/* mount RAMDisk */
mountRAMdisk(true);
}
@@ -1179,7 +1181,7 @@ function check_bw_domain($_dm) {
* Filter rules
* ------------------------------------------------------------------------------
*/
-function havp_generate_rules($type = 'filter') {
+function havp_generate_rules($type) {
global $config, $havp_config;
$rules = array();
@@ -1257,45 +1259,9 @@ function havp_generate_rules($type = 'filter') {
$rules[] = "";
}
- if ($type == 'pfearly') {
- return;
- }
-
- if ($type == 'pflate') {
- return;
- }
-
return implode("\n", $rules);
}
-function havp_filter_update_3() {
-
- $rules_file = '/tmp/rules.debug';
- if (file_exists($rules_file)) {
- $newrules = array();
- $rules = file_get_contents($rules_file);
- $rules = explode("\n", $rules);
-
- foreach ($rules as $val) {
- $newrules[] = $val;
- // rdr
- if (trim($val) === "rdr-anchor \"miniupnpd\"") {
- $newrules[] = "# havp rdr";
- $newrules[] = havp_generate_rules('nat');
- $newrules[] = "";
- } elseif (trim($val) === "anchor \"miniupnpd\"") {
- // rules
- $newrules[] = "# havp rules";
- $newrules[] = havp_generate_rules('filter');
- $newrules[] = "";
- }
- $rules = implode("\n", $newrules);
- }
- file_put_contents($rules_file, $rules);
- mwexec("/sbin/pfctl -f $rules_file");
- }
-}
-
/* AV update script */
function havp_update_AV() {
file_put_contents(HVDEF_AVUPD_SCRIPT, havp_AVupdate_script());
@@ -1310,17 +1276,19 @@ function havp_update_AV() {
*/
/* AV update script */
function havp_AVupdate_script() {
+ $hvdef_freshclam_path = HVDEF_FRESHCLAM_PATH;
+ $hvdef_sigtool_path = HVDEF_SIGTOOL_PATH;
$f = HVDEF_UPD_STATUS_FILE;
$u = HVDEF_FRESHCLAM_STATUS_FILE;
return <<< EOD
#!/bin/sh
/bin/date +"%Y.%m.%d %H:%M:%S Antivirus update started." > $f
/bin/date +"%Y.%m.%d %H:%M:%S Antivirus database already is updated." > $u
-/usr/local/bin/freshclam
+{$hvdef_freshclam_path}
wait
-cat $u >> $f
-/usr/local/bin/sigtool --unpack-current daily.cvd
-/usr/local/bin/sigtool --unpack-current main.cvd
+/bin/cat $u >> $f
+{$hvdef_sigtool_path} --unpack-current daily.cvd
+{$hvdef_sigtool_path} --unpack-current main.cvd
wait
/bin/date +"%Y.%m.%d %H:%M:%S Antivirus update end." >> $f
EOD;
@@ -1363,7 +1331,7 @@ function havp_startup_script() {
$s[] = "\t\tfi";
$s[] = "";
}
- $s[] = "\t\t/usr/local/sbin/havp -c " . HVDEF_HAVP_CONFIG . " 2>/dev/null";
+ $s[] = "\t\t" . HVDEF_HAVP_PATH . " -c " . HVDEF_HAVP_CONFIG . " 2>/dev/null";
$s[] = "\t\twait";
$s[] = "\tfi";
@@ -1409,7 +1377,7 @@ function hv_clamd_startup_script() {
$s[] = "# start";
$s[] = "\tif [ -z \"`{$clamdchk}`\" ]; then";
- $s[] = "\t\t/usr/local/sbin/clamd -c " . HVDEF_CLAM_CONFIG . " 2>/dev/null";
+ $s[] = "\t\t" . HVDEF_CLAMD_PATH . " -c " . HVDEF_CLAM_CONFIG . " 2>/dev/null";
$s[] = "\t\twait";
$s[] = "\tfi";
$s[] = "\techo 'Started' > " . HVDEF_CLAM_STATUS_FILE;
@@ -1430,23 +1398,6 @@ function hv_clamd_startup_script() {
write_rcfile($rc);
}
-
-/* HAVP filter resync script */
-function havp_filter_resync_script() {
-
- return <<<EOD
-#!/usr/local/bin/php -f
-<?php
-// havp filter hook
-if (file_exists('/usr/local/pkg/havp.inc')) {
- require_once('havp.inc');
- havp_filter_update_3();
-}
-?>
-EOD;
-
-}
-
/*
* ==============================================================================
* RAM Disk
diff --git a/config/havp/havp.xml b/config/havp/havp.xml
index a1484a59..cc11b7a6 100644
--- a/config/havp/havp.xml
+++ b/config/havp/havp.xml
@@ -45,7 +45,7 @@
<name>havp</name>
<title>Antivirus: HTTP proxy (HAVP + ClamAV)</title>
<category>Status</category>
- <version>1.06</version>
+ <version>1.10.0</version>
<include_file>/usr/local/pkg/havp.inc</include_file>
<menu>
<name>Antivirus</name>
@@ -381,4 +381,7 @@
<custom_php_deinstall_command>
havp_deinstall();
</custom_php_deinstall_command>
+ <filter_rules_needed>
+ havp_generate_rules
+ </filter_rules_needed>
</packagegui>
diff --git a/config/squid3/31/squid.inc b/config/squid3/31/squid.inc
index e6de88c4..d565810c 100644
--- a/config/squid3/31/squid.inc
+++ b/config/squid3/31/squid.inc
@@ -976,9 +976,9 @@ cache_mem $memory_cache_size MB
maximum_object_size_in_memory {$max_objsize_in_mem} KB
memory_replacement_policy {$memory_policy}
cache_replacement_policy {$cache_policy}
-$disk_cache_opts
minimum_object_size {$min_objsize} KB
maximum_object_size {$max_objsize}
+$disk_cache_opts
offline_mode {$offline_mode}
EOD;
diff --git a/config/squid3/33/squid.inc b/config/squid3/33/squid.inc
index 669ae2f3..73be7162 100755
--- a/config/squid3/33/squid.inc
+++ b/config/squid3/33/squid.inc
@@ -1055,6 +1055,8 @@ if(empty($settings['cache_dynamic_content'])){
}
else{
if(preg_match('/youtube/',$settings['refresh_patterns'])){
+ // Broken (Bug #3847) and not working (http://wiki.squid-cache.org/ConfigExamples/DynamicContent/YouTube#Discussion)
+ /*
$conf.=<<< EOC
# Break HTTP standard for flash videos. Keep them in cache even if asked not to.
refresh_pattern -i \.flv$ 10080 90% 999999 ignore-no-cache override-expire ignore-private
@@ -1064,6 +1066,7 @@ acl youtube dstdomain .youtube.com
cache allow youtube
EOC;
+*/
}
if(preg_match('/windows/',$settings['refresh_patterns'])){
$conf.=<<< EOC
@@ -1125,9 +1128,9 @@ cache_mem $memory_cache_size MB
maximum_object_size_in_memory {$max_objsize_in_mem} KB
memory_replacement_policy {$memory_policy}
cache_replacement_policy {$cache_policy}
-$disk_cache_opts
minimum_object_size {$min_objsize} KB
maximum_object_size {$max_objsize}
+$disk_cache_opts
offline_mode {$offline_mode}
EOD;
@@ -2387,7 +2390,7 @@ function squid_do_xmlrpc_sync($sync_to_ip, $username, $password, $synctimeout) {
$xml['squid'] = $config['installedpackages']['squid'];
$xml['squidupstream'] = $config['installedpackages']['squidupstream'];
$xml['squidcache'] = $config['installedpackages']['squidcache'];
- $xml['squidantivirus'] = $config['installedpackages']['squidanitivirus'];
+ $xml['squidantivirus'] = $config['installedpackages']['squidantivirus'];
$xml['squidnac'] = $config['installedpackages']['squidnac'];
$xml['squidtraffic'] = $config['installedpackages']['squidtraffic'];
$xml['squidreversegeneral'] = $config['installedpackages']['squidreversegeneral'];
diff --git a/config/squid3/33/squid_cache.xml b/config/squid3/33/squid_cache.xml
index 612e9b73..34115f5e 100755
--- a/config/squid3/33/squid_cache.xml
+++ b/config/squid3/33/squid_cache.xml
@@ -280,14 +280,14 @@
<field>
<fielddescr>Refresh Patterns</fielddescr>
<fieldname>refresh_patterns</fieldname>
- <description><![CDATA[With dynamic cache enabled, you can also apply squid wiki refresh_patterns to sites like <a target=_new href='http://wiki.squid-cache.org/ConfigExamples/DynamicContent/YouTube'>Youtube</a> and <a target=_new href='http://wiki.squid-cache.org/SquidFaq/WindowsUpdate'>windowsupdate</a><br>
+ <description><![CDATA[With dynamic cache enabled, you can also apply squid wiki refresh_patterns to sites like <a target=_new href='http://wiki.squid-cache.org/SquidFaq/WindowsUpdate'>windowsupdate</a><br>
<br><strong>Notes:</strong><br>
Squid wiki suggests 'Finish transfer if less than x KB remaining' on 'traffic mgmt' squid tab to -1 but you can apply your own values to control cache.<br><br>
set Maximum download size on 'traffic mgmt' squid tab to a value that fits patterns your are applying.<br>Microsoft may need 200Mb and youtube 4GB.]]></description>
<type>select</type>
<default_value>none</default_value>
<options>
- <option><name>Youtube</name><value>youtube</value></option>
+ <!--<option><name>Youtube</name><value>youtube</value></option>-->
<option><name>Windows Update</name><value>windows</value></option>
<option><name>Symantec Antivirus</name><value>symantec</value></option>
<option><name>Avira</name><value>avira</value></option>
diff --git a/config/squid3/34/squid.inc b/config/squid3/34/squid.inc
index e5eb2f6c..ec30910f 100755
--- a/config/squid3/34/squid.inc
+++ b/config/squid3/34/squid.inc
@@ -1073,7 +1073,8 @@ function squid_resync_cache() {
$conf.='acl dynamic urlpath_regex cgi-bin \?'."\n";
$conf.="cache deny dynamic\n";
} else if (preg_match('/youtube/',$settings['refresh_patterns'])) {
- $conf.=<<< EOC
+// Broken (Bug #3847) and not working (http://wiki.squid-cache.org/ConfigExamples/DynamicContent/YouTube#Discussion)
+/* $conf.=<<< EOC
# Break HTTP standard for flash videos. Keep them in cache even if asked not to.
refresh_pattern -i \.flv$ 10080 90% 999999 ignore-no-cache override-expire ignore-private
@@ -1082,6 +1083,7 @@ acl youtube dstdomain .youtube.com
cache allow youtube
EOC;
+*/
}
if (preg_match('/windows/',$settings['refresh_patterns'])) {
$conf.=<<< EOC
@@ -1142,9 +1144,9 @@ cache_mem $memory_cache_size MB
maximum_object_size_in_memory {$max_objsize_in_mem} KB
memory_replacement_policy {$memory_policy}
cache_replacement_policy {$cache_policy}
-$disk_cache_opts
minimum_object_size {$min_objsize} KB
maximum_object_size {$max_objsize}
+$disk_cache_opts
offline_mode {$offline_mode}
EOD;
@@ -2390,7 +2392,7 @@ function squid_do_xmlrpc_sync($sync_to_ip, $username, $password, $synctimeout) {
$xml['squid'] = $config['installedpackages']['squid'];
$xml['squidupstream'] = $config['installedpackages']['squidupstream'];
$xml['squidcache'] = $config['installedpackages']['squidcache'];
- $xml['squidantivirus'] = $config['installedpackages']['squidanitivirus'];
+ $xml['squidantivirus'] = $config['installedpackages']['squidantivirus'];
$xml['squidnac'] = $config['installedpackages']['squidnac'];
$xml['squidtraffic'] = $config['installedpackages']['squidtraffic'];
$xml['squidreversegeneral'] = $config['installedpackages']['squidreversegeneral'];
diff --git a/config/squid3/34/squid_cache.xml b/config/squid3/34/squid_cache.xml
index f9204d46..3b2cd406 100755
--- a/config/squid3/34/squid_cache.xml
+++ b/config/squid3/34/squid_cache.xml
@@ -280,14 +280,14 @@
<field>
<fielddescr>Refresh Patterns</fielddescr>
<fieldname>refresh_patterns</fieldname>
- <description><![CDATA[With dynamic cache enabled, you can also apply squid wiki refresh_patterns to sites like <a target=_new href='http://wiki.squid-cache.org/ConfigExamples/DynamicContent/YouTube'>Youtube</a> and <a target=_new href='http://wiki.squid-cache.org/SquidFaq/WindowsUpdate'>windowsupdate</a><br>
+ <description><![CDATA[With dynamic cache enabled, you can also apply squid wiki refresh_patterns to sites like <a target=_new href='http://wiki.squid-cache.org/SquidFaq/WindowsUpdate'>windowsupdate</a><br>
<br><strong>Notes:</strong><br>
Squid wiki suggests 'Finish transfer if less than x KB remaining' on 'traffic mgmt' squid tab to -1 but you can apply your own values to control cache.<br><br>
set Maximum download size on 'traffic mgmt' squid tab to a value that fits patterns your are applying.<br>Microsoft may need 200Mb and youtube 4GB.]]></description>
<type>select</type>
<default_value>none</default_value>
<options>
- <option><name>Youtube</name><value>youtube</value></option>
+ <!--<option><name>Youtube</name><value>youtube</value></option>-->
<option><name>Windows Update</name><value>windows</value></option>
<option><name>Symantec Antivirus</name><value>symantec</value></option>
<option><name>Avira</name><value>avira</value></option>
diff --git a/config/systempatches/patches.inc b/config/systempatches/patches.inc
index 0aa37fb8..2298e170 100644
--- a/config/systempatches/patches.inc
+++ b/config/systempatches/patches.inc
@@ -94,6 +94,12 @@ function patch_fetch(& $patch) {
return false;
} else {
$patch['patch'] = base64_encode($text);
+ // Detect pfSense move from / to /src and fix pathstrip
+ if (is_github_url($patch['location']) &&
+ $patch['pathstrip'] == 1 &&
+ preg_match('/\n--- a\/src\//', $text)) {
+ $patch['pathstrip'] = 2;
+ }
write_config("Fetched patch {$patch['descr']}");
return true;
}
diff --git a/config/systempatches/systempatches.xml b/config/systempatches/systempatches.xml
index 06f024a8..61f3df84 100644
--- a/config/systempatches/systempatches.xml
+++ b/config/systempatches/systempatches.xml
@@ -43,7 +43,7 @@
</copyright>
<description>System Patches applies patches supplied by the user to the firewall.</description>
<name>System Patches</name>
- <version>1.0.5</version>
+ <version>1.0.6</version>
<title>System: Patches</title>
<include_file>/usr/local/pkg/patches.inc</include_file>
<menu>