aboutsummaryrefslogtreecommitdiffstats
path: root/config
diff options
context:
space:
mode:
Diffstat (limited to 'config')
-rw-r--r--config/apcupsd/apcupsd.inc40
-rw-r--r--config/apcupsd/apcupsd.xml2
-rwxr-xr-xconfig/apcupsd/apcupsd_mail.php2
-rwxr-xr-xconfig/apcupsd/apcupsd_status.php70
-rw-r--r--config/freeradius2/freeradius.inc37
-rw-r--r--config/freeradius2/freeradiussettings.xml8
-rw-r--r--config/ftpproxy/ftpproxy.inc147
-rw-r--r--config/ftpproxy/ftpproxy.xml116
-rw-r--r--config/lightsquid/lightsquid.inc3
-rw-r--r--config/lightsquid/lightsquid.xml2
-rw-r--r--config/ntopng/ntopng.xml59
-rwxr-xr-xconfig/openvpn-client-export/openvpn-client-export.inc2
-rwxr-xr-xconfig/openvpn-client-export/openvpn-client-export.xml2
-rw-r--r--config/pfblockerng/geoipupdate.sh2
-rw-r--r--config/pfblockerng/pfblockerng.inc116
-rw-r--r--config/pfblockerng/pfblockerng.js2
-rw-r--r--config/pfblockerng/pfblockerng.php22
-rw-r--r--config/pfblockerng/pfblockerng.sh74
-rw-r--r--config/pfblockerng/pfblockerng.widget.php2
-rw-r--r--config/pfblockerng/pfblockerng.xml5
-rw-r--r--config/pfblockerng/pfblockerng_alerts.php440
-rw-r--r--config/pfblockerng/pfblockerng_diag_dns.php189
-rw-r--r--config/pfblockerng/pfblockerng_log.php4
-rw-r--r--config/pfblockerng/pfblockerng_sync.xml2
-rw-r--r--config/pfblockerng/pfblockerng_top20.xml2
-rw-r--r--config/pfblockerng/pfblockerng_update.php2
-rw-r--r--config/pfblockerng/pfblockerng_v4lists.xml2
-rw-r--r--config/pfblockerng/pfblockerng_v6lists.xml2
-rw-r--r--config/quagga_ospfd/quagga_ospfd.inc64
-rw-r--r--config/quagga_ospfd/quagga_ospfd.xml7
-rw-r--r--config/siproxd/siproxd.inc12
-rwxr-xr-xconfig/snort/snort.xml4
-rw-r--r--config/snort/snort_alerts.widget.php8
-rw-r--r--config/snort/snort_defs.inc2
-rw-r--r--config/snort/snort_generate_conf.php2
-rw-r--r--config/snort/snort_migrate_config.php2
-rw-r--r--config/snort/snort_post_install.php4
-rwxr-xr-xconfig/snort/snort_rulesets.php6
-rw-r--r--config/sudo/sudo.inc6
-rw-r--r--config/sudo/sudo.xml2
-rw-r--r--config/vhosts/vhosts.inc4
-rw-r--r--config/vnstat2/vnstat2.inc12
-rw-r--r--config/zabbix-lts/zabbix-agent-lts.xml179
-rw-r--r--config/zabbix-lts/zabbix-lts.inc360
-rw-r--r--config/zabbix-lts/zabbix-proxy-lts.xml150
45 files changed, 1873 insertions, 307 deletions
diff --git a/config/apcupsd/apcupsd.inc b/config/apcupsd/apcupsd.inc
index c123861c..9ebb263b 100644
--- a/config/apcupsd/apcupsd.inc
+++ b/config/apcupsd/apcupsd.inc
@@ -224,5 +224,45 @@ EOF;
}
+function check_nis_running_apcupsd(){
+ global $config, $g;
+
+ if (is_array($config['installedpackages']['apcupsd'])){
+ $apcupsd_config = $config['installedpackages']['apcupsd']['config'][0];
+
+ if ($apcupsd_config['apcupsdenabled']=="on" && $apcupsd_config['netserver']=="on" )
+ return(true);
+ }
+
+ return(false);
+}
+
+
+function check_nis_ip_apcupsd(){
+ global $config, $g;
+
+ if (is_array($config['installedpackages']['apcupsd'])){
+ $apcupsd_config = $config['installedpackages']['apcupsd']['config'][0];
+
+ if ($apcupsd_config['apcupsdenabled']=="on" && $apcupsd_config['netserver']=="on" )
+ return($apcupsd_config['nisip']);
+ }
+
+ return(false);
+}
+
+function check_nis_port_apcupsd(){
+ global $config, $g;
+
+ if (is_array($config['installedpackages']['apcupsd'])){
+ $apcupsd_config = $config['installedpackages']['apcupsd']['config'][0];
+
+ if ($apcupsd_config['apcupsdenabled']=="on" && $apcupsd_config['netserver']=="on" )
+ return($apcupsd_config['nisport']);
+ }
+
+ return(false);
+}
+
?>
diff --git a/config/apcupsd/apcupsd.xml b/config/apcupsd/apcupsd.xml
index 8a42f352..bef6c330 100644
--- a/config/apcupsd/apcupsd.xml
+++ b/config/apcupsd/apcupsd.xml
@@ -40,7 +40,7 @@
<name>Apcupsd</name>
<title>Services: Apcupsd (General)</title>
<category>Monitoring</category>
- <version>0.3.2</version>
+ <version>0.3.4</version>
<include_file>/usr/local/pkg/apcupsd.inc</include_file>
<addedit_string>Apcupsd has been created/modified.</addedit_string>
<delete_string>Apcupsd has been deleted.</delete_string>
diff --git a/config/apcupsd/apcupsd_mail.php b/config/apcupsd/apcupsd_mail.php
index d5b97f92..3b13309c 100755
--- a/config/apcupsd/apcupsd_mail.php
+++ b/config/apcupsd/apcupsd_mail.php
@@ -29,7 +29,7 @@
require_once("pkg-utils.inc");
require_once("globals.inc");
-require_once("phpmailer/class.phpmailer.php");
+require_once("phpmailer/PHPMailerAutoload.php");
global $config, $g;
diff --git a/config/apcupsd/apcupsd_status.php b/config/apcupsd/apcupsd_status.php
index 693ec290..a8d3776d 100755
--- a/config/apcupsd/apcupsd_status.php
+++ b/config/apcupsd/apcupsd_status.php
@@ -28,6 +28,7 @@
*/
require("guiconfig.inc");
+require_once("apcupsd.inc");
$pf_version=substr(trim(file_get_contents("/etc/version")),0,3);
if ($pf_version < 2.0)
@@ -38,6 +39,9 @@ include("head.inc");
function puts( $arg ) { echo "$arg\n"; }
+if (isset($_GET['strapcaccess']))
+ $strapcaccess = trim($_GET['strapcaccess']);
+
?>
<style>
@@ -98,14 +102,66 @@ pre {
<div id="mainarea" style="padding-top: 0px; padding-bottom: 0px; ">
<table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="6">
- <tr><td>
+ <form name="frm_apcupsd_status" method="GET">
+ <tr>
+ <td width="14%" valign="top" class="vncellreq">Host:</td>
+ <td width="86%" class="vtable">
+ <input name="strapcaccess" type="text" class="formfld unknown" id="strapcaccess" size="22" value="<? echo "{$strapcaccess}"; ?>">
+ <br/>
+ <span class="vexpl">
+ Default: <b>localhost</b><br/>
+ apcaccess uses apcupsd's inbuilt Network Information Server (NIS) to obtain the current status information <br/>
+ from the UPS on the local or remote computer. It is therefore necessary to have the following configuration directives: <br/>
+ NETSERVER on<br/>
+ NISPORT 3551<br/>
+ <br/>
+ <?php if ($pf_version < 2.2): ?>
+ <input type="Submit" value="Execute" class="formbtn" disabled/>
+ <?php else: ?>
+ <input type="Submit" value="Execute" class="formbtn"/>
+ <?php endif; ?>
+ </span>
+ </td>
+ </tr>
+ </form>
+ <tr><td colspan="2">
<?php
- puts("<pre>");
- putenv("PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin");
- $ph = popen('apcaccess 2>&1', "r" );
- while ($line = fgets($ph)) echo htmlspecialchars($line);
- pclose($ph);
- puts("</pre>");
+ $nis_server = check_nis_running_apcupsd();
+
+ if ($pf_version >= 2.2){
+ if($strapcaccess) {
+ echo "Running: apcaccess -h {$strapcaccess} <br/>";
+ puts("<pre>");
+ putenv("PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin");
+ $ph = popen("apcaccess -h {$strapcaccess} 2>&1", "r" );
+ while ($line = fgets($ph)) echo htmlspecialchars($line);
+ pclose($ph);
+ puts("</pre>");
+ }elseif($nis_server){
+ $nisip=(check_nis_ip_apcupsd() != ''? check_nis_ip_apcupsd() : "0.0.0.0");
+ $nisport=(check_nis_port_apcupsd() != ''? check_nis_port_apcupsd() : "3551");
+ echo "Running: apcaccess -h {$nisip}:{$nisport} <br/>";
+ puts("<pre>");
+ putenv("PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin");
+ $ph = popen("apcaccess -h localhost 2>&1", "r" );
+ while ($line = fgets($ph)) echo htmlspecialchars($line);
+ pclose($ph);
+ puts("</pre>");
+ }else
+ echo "Network Information Server (NIS) not running, in order to run apcaccess on localhost, you need to enable it on APCupsd General settings. <br/>";
+ }else{
+ echo "pfSense version prior to 2.2 runs APCupsd 3.14.10 and apcaccess doesn't accept host parameter. <br/>";
+ if ($nis_server){
+ puts("<pre>");
+ putenv("PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin");
+ $ph = popen("apcaccess 2>&1", "r" );
+ while ($line = fgets($ph)) echo htmlspecialchars($line);
+ pclose($ph);
+ puts("</pre>");
+ }else
+ echo "Network Information Server (NIS) not running, in order to run apcaccess on localhost, you need to enable it on APCupsd General settings. <br/>";
+ }
+
?>
</td></tr>
</table>
diff --git a/config/freeradius2/freeradius.inc b/config/freeradius2/freeradius.inc
index df231821..00076816 100644
--- a/config/freeradius2/freeradius.inc
+++ b/config/freeradius2/freeradius.inc
@@ -134,7 +134,42 @@ function freeradius_install_command() {
$rcfile = array();
$rcfile['file'] = 'radiusd.sh';
- $rcfile['start'] = FREERADIUS_ETC . '/rc.d/radiusd onestart';
+ $freeradius_etc_dir = FREERADIUS_ETC;
+ $rcfile['start'] = <<<EOD
+SERVICENAME="radiusd"
+ LOCKFILE="/tmp/\${SERVICENAME}_start.lock"
+ PIDFILE="/var/run/\${SERVICENAME}.pid"
+
+ # prevent this part of script from running in parallel
+ if ( set -o noclobber; echo "\$\$" > "\$LOCKFILE") 2> /dev/null; then
+ # make sure lock file is removed even if script is terminated
+ trap 'rm -f "\$LOCKFILE"; exit \$?' INT TERM EXIT
+
+ {$freeradius_etc_dir}/rc.d/radiusd onestart
+
+ # try to wait until the service starts
+ if [ ! -f "\$PIDFILE" ]; then
+ echo "\$SERVICENAME.sh: PID file was not found"
+
+ for i in 1 2 3 4 5; do
+ if [ -f "\$PIDFILE" ]; then
+ echo "\$SERVICENAME.sh: Service started PID: `cat \$PIDFILE`"
+ break
+ else
+ echo "\$SERVICENAME.sh: Waiting 0.5 seconds"
+ sleep 0.5
+ fi
+ done
+ else
+ echo "\$SERVICENAME.sh: Service running PID: `cat \$PIDFILE`"
+ fi
+
+ rm -f "\$LOCKFILE"
+ trap - INT TERM EXIT
+ else
+ echo "\$SERVICENAME.sh: Cannot continue at this moment, this script is already trying to start service PID: \$(cat \$LOCKFILE)"
+ fi
+EOD;
$rcfile['stop'] = FREERADIUS_ETC . '/rc.d/radiusd onestop';
write_rcfile($rcfile);
conf_mount_ro();
diff --git a/config/freeradius2/freeradiussettings.xml b/config/freeradius2/freeradiussettings.xml
index 78c65372..8982d93e 100644
--- a/config/freeradius2/freeradiussettings.xml
+++ b/config/freeradius2/freeradiussettings.xml
@@ -183,9 +183,9 @@
</options>
</field>
<field>
- <fielddescr>Log Bad Authentication Attempts</fielddescr>
+ <fielddescr>Log Password on Authentication Failure</fielddescr>
<fieldname>varsettingsauthbadpass</fieldname>
- <description><![CDATA[If an authentication fails then it will log the username and <b>wrong</b> password visible in syslog. Logging must be enabled. (Default: no)]]></description>
+ <description><![CDATA[Log the <b>password</b> of failed authentication attempts to syslog. Not recommended for security reasons. Logging must be enabled. (Default: no)]]></description>
<type>select</type>
<default_value>no</default_value>
<options>
@@ -204,9 +204,9 @@
<size>80</size>
</field>
<field>
- <fielddescr>Log good authentication attempts?</fielddescr>
+ <fielddescr>Log Password on Authentication Success</fielddescr>
<fieldname>varsettingsauthgoodpass</fieldname>
- <description><![CDATA[If an authentication succeeds then it will log the username and <b>correct</b> password visible in syslog. Logging must be enabled. (Default: no)]]></description>
+ <description><![CDATA[Log the <b>password</b> of successful authentication attempts to syslog. Not recommended for security reasons. Logging must be enabled. (Default: no)]]></description>
<type>select</type>
<default_value>no</default_value>
<options>
diff --git a/config/ftpproxy/ftpproxy.inc b/config/ftpproxy/ftpproxy.inc
new file mode 100644
index 00000000..7fc54775
--- /dev/null
+++ b/config/ftpproxy/ftpproxy.inc
@@ -0,0 +1,147 @@
+<?php
+function sync_package_ftpproxy() {
+ conf_mount_rw();
+ config_lock();
+ global $config;
+ $cf = $config['installedpackages']['ftpclientproxy']['config'][0];
+
+ /* Proxy is not enabled, kill the daemon and issue a filter reload. */
+ if ($cf["proxy_enable"] != "on") {
+ mwexec("/usr/bin/killall -9 ftp-proxy");
+ filter_configure();
+ return;
+ }
+ $interface_list = explode(",", $cf['localints']);
+ /* Bail if there is nothing to do */
+ if (empty($interface_list)) {
+ log_error("FTP Proxy cannot sync: No interfaces selected.");
+ return;
+ }
+
+ $start = "/usr/bin/killall -9 ftp-proxy\n";
+ $start .= "\t/usr/sbin/ftp-proxy ";
+
+ if ($cf["anononly"] == "on") {
+ $start .= " -A ";
+ }
+ if (is_ipaddr($cf["sourceaddr"])) {
+ $start .= " -a " . escapeshellarg($cf["sourceaddr"]);
+ }
+ if (is_port($cf["bindport"])) {
+ $start .= " -p " . escapeshellarg($cf["bindport"]);
+ }
+ if (is_numeric($cf["maxessions"]) && ($cf["maxessions"] >= 1) && ($cf["maxessions"] <= 500)) {
+ $start .= " -m " . escapeshellarg($cf["maxessions"]);
+ }
+ if (!empty($cf["tsq"])) {
+ $start .= " -q " . escapeshellarg($cf["tsq"]);
+ }
+ if ($cf["src20"] == "on") {
+ $start .= " -r ";
+ }
+ if (is_numeric($cf["idletimeout"]) && ($cf["idletimeout"] > 0) && ($cf["idletimeout"] <= 86400)) {
+ $start .= " -t " . escapeshellarg($cf["idletimeout"]);
+ }
+ if ($cf["log"] == "on") {
+ $start .= " -v ";
+ }
+ $start .= "\n";
+
+ write_rcfile(array(
+ "file" => "ftp-proxy.sh",
+ "start" => $start,
+ "stop" => "/usr/bin/killall -9 ftp-proxy"
+ )
+ );
+ restart_service("ftp-proxy");
+ conf_mount_ro();
+ config_unlock();
+ filter_configure();
+}
+
+function validate_form_ftpproxy($post, &$input_errors) {
+ if (empty($post["localints"])) {
+ $input_errors[] = 'One or more Local Interfaces must be selected';
+ }
+ if (!empty($post["sourceaddr"]) && !is_ipaddr($post["sourceaddr"])) {
+ $input_errors[] = 'You must specify a valid ip address in the \'Source Address\' field';
+ }
+ if (!empty($post["bindport"]) && !is_port($post["bindport"])) {
+ $input_errors[] = 'You must specify a valid port number in the \'Bind Port\' field';
+ }
+ if (!empty($post["maxessions"]) && (!is_numeric($post["maxessions"]) || ($post["maxessions"] < 1) || ($post["maxessions"] > 500))) {
+ $input_errors[] = 'You must specify a valid number in the \'Max Sessions\' field (Between 1 and 500)';
+ }
+ if (!empty($post["idletimeout"]) && (is_numeric($post["idletimeout"]) || ($post["idletimeout"] <= 0) || ($post["idletimeout"] > 86400))) {
+ $input_errors[] = 'You must specify a valid number in the \'Idle Timeout\' field (Between 1 and 86400)';
+ }
+ if (!empty($post["bypasssrc"]) && !(is_alias($post["bypasssrc"]) || is_subnetv4($post["bypasssrc"]) || is_ipaddr($post["bypasssrc"]))) {
+ $input_errors[] = 'You must specify a valid IP address or alias for Proxy Bypass: Source';
+ }
+ if (!empty($post["bypassdst"]) && !(is_alias($post["bypassdst"]) || is_subnetv4($post["bypassdst"]) || is_ipaddr($post["bypassdst"]))) {
+ $input_errors[] = 'You must specify a valid IP address or alias for Proxy Bypass: Destination';
+ }
+}
+
+function ftpproxy_get_port() {
+ global $config;
+ $cf = $config['installedpackages']['ftpclientproxy']['config'][0];
+ if (!empty($cf["bindport"]) && is_port($cf["bindport"])) {
+ return $cf["bindport"];
+ } else {
+ return 8021;
+ }
+}
+
+function ftpproxy_generate_rules($type) {
+ global $config;
+ $cf = $config['installedpackages']['ftpclientproxy']['config'][0];
+ $interface_list = explode(",", $cf['localints']);
+
+ /* Proxy is not enabled, therefore, no rules/anchors. */
+ if ($cf["proxy_enable"] != "on") {
+ return;
+ }
+
+ /* Bail if there is nothing to do */
+ if (empty($interface_list)) {
+ log_error("FTP Proxy cannot sync: No interfaces selected.");
+ return;
+ }
+
+ $rules = "";
+ switch ($type) {
+ case "nat":
+ $rules .= "nat-anchor \"ftp-proxy/*\"\n";
+ $rules .= "rdr-anchor \"ftp-proxy/*\"\n";
+
+ foreach ($interface_list as $interface_friendly) {
+ if (empty($interface_friendly)) {
+ continue;
+ }
+ $interface = get_real_interface($interface_friendly);
+ if (empty($interface)) {
+ continue;
+ }
+ if (is_subnetv4($cf["bypasssrc"]) || is_ipaddr($cf["bypasssrc"])) {
+ $rules .= "no rdr on {$interface} inet proto tcp from {$cf['bypasssrc']} to any port 21\n";
+ } elseif (is_alias($cf["bypasssrc"])) {
+ $rules .= "no rdr on {$interface} inet proto tcp from \${$cf['bypasssrc']} to any port 21\n";
+ }
+ if (is_subnetv4($cf["bypassdst"]) || is_ipaddr($cf["bypassdst"])) {
+ $rules .= "no rdr on {$interface} inet proto tcp from any to {$cf['bypassdst']} port 21\n";
+ } elseif (is_alias($cf["bypassdst"])) {
+ $rules .= "no rdr on {$interface} inet proto tcp from any to \${$cf['bypassdst']} port 21\n";
+ }
+ $rules .= "rdr pass on {$interface} inet proto tcp from any to any port 21 -> 127.0.0.1 port " . ftpproxy_get_port() . "\n";
+ }
+ break;
+ case "filter":
+ $rules .= "anchor \"ftp-proxy/*\"\n";
+ // $rules = "pass out proto tcp from any to any port 21\n";
+ break;
+
+ }
+ return $rules;
+}
+?> \ No newline at end of file
diff --git a/config/ftpproxy/ftpproxy.xml b/config/ftpproxy/ftpproxy.xml
new file mode 100644
index 00000000..5bd123dc
--- /dev/null
+++ b/config/ftpproxy/ftpproxy.xml
@@ -0,0 +1,116 @@
+<packagegui>
+ <name>FTP Client Proxy</name>
+ <version>0.2</version>
+ <title>FTP Client Proxy</title>
+ <aftersaveredirect>pkg_edit.php?xml=ftpproxy.xml</aftersaveredirect>
+ <include_file>/usr/local/pkg/ftpproxy.inc</include_file>
+ <additional_files_needed>
+ <prefix>/usr/local/pkg/</prefix>
+ <chmod>077</chmod>
+ <item>https://packages.pfsense.org/packages/config/ftpproxy/ftpproxy.inc</item>
+ </additional_files_needed>
+ <menu>
+ <name>FTP Client Proxy</name>
+ <tooltiptext>Modify FTP Client Proxy settings.</tooltiptext>
+ <section>Services</section>
+ <configfile>ftpproxy.xml</configfile>
+ <url>/pkg_edit.php?xml=ftpproxy.xml</url>
+ </menu>
+ <service>
+ <name>ftp-proxy</name>
+ <rcfile>ftp-proxy.sh</rcfile>
+ <executable>ftp-proxy</executable>
+ <description>Client FTP Proxy Daemon</description>
+ </service>
+ <fields>
+ <field>
+ <name>General Settings</name>
+ <type>listtopic</type>
+ </field>
+ <field>
+ <fielddescr>Proxy Enabled</fielddescr>
+ <fieldname>proxy_enable</fieldname>
+ <description>Enable the FTP Proxy.</description>
+ <type>checkbox</type>
+ <default_value>off</default_value>
+ </field>
+ <field>
+ <fielddescr>Local Interface</fielddescr>
+ <fieldname>localints</fieldname>
+ <type>interfaces_selection</type>
+ <description>Select the local (LAN type) interfaces which contain FTP clients.</description>
+ <required/>
+ <multiple/>
+ </field>
+ <field>
+ <fielddescr>Anonymous Only</fielddescr>
+ <fieldname>anononly</fieldname>
+ <description>Only permit anonymous FTP connections using the &quot;ftp&quot; or &quot;anonymous&quot; users.</description>
+ <type>checkbox</type>
+ <default_value>off</default_value>
+ </field>
+ <field>
+ <fielddescr>Source Address</fielddescr>
+ <fieldname>sourceaddr</fieldname>
+ <description>Enter a VIP to be the source of outgoing control traffic. Leave blank to use the default WAN IP address.</description>
+ <type>input</type>
+ </field>
+ <field>
+ <fielddescr>Proxy Bypass: Source</fielddescr>
+ <fieldname>bypasssrc</fieldname>
+ <description>Enter an IP address or alias for source client host(s) which should bypass the proxy.</description>
+ <type>input</type>
+ </field>
+ <field>
+ <fielddescr>Proxy Bypass: Destination</fielddescr>
+ <fieldname>bypassdst</fieldname>
+ <description>Enter an IP address or alias for destination server host(s) which should bypass the proxy.</description>
+ <type>input</type>
+ </field>
+ <field>
+ <fielddescr>Bind Port (Default: 8021)</fielddescr>
+ <fieldname>bindport</fieldname>
+ <description>Port where the proxy will listen for redirected connections. Do not set this to 21.</description>
+ <type>input</type>
+ </field>
+ <field>
+ <fielddescr>Maximum Sessions (Default: 100)</fielddescr>
+ <fieldname>maxessions</fieldname>
+ <description>Maximum number of concurrent FTP sessions. When the proxy reaches this limit, new connections are denied. Must be between 1 and 500.</description>
+ <type>input</type>
+ </field>
+ <field>
+ <fielddescr>Traffic Shaping Queue</fielddescr>
+ <fieldname>tsq</fieldname>
+ <description>Create rules with the specified queue appended so that data connections can be queued.</description>
+ <type>input</type>
+ </field>
+ <field>
+ <fielddescr>Rewrite Source to Port 20</fielddescr>
+ <fieldname>src20</fieldname>
+ <description>Rewrite source port to 20 in active mode to suit ancient clients that insist on this behavior.</description>
+ <type>checkbox</type>
+ <default_value>off</default_value>
+ </field>
+ <field>
+ <fielddescr>Idle Timeout (Default: 86400)</fielddescr>
+ <fieldname>idletimeout</fieldname>
+ <description>(Seconds) Number of seconds that the control connection can be idle, before the proxy will disconnect. The maximum is 86400 seconds. Do not set this too low, because the control connection is usually idle when large data transfers are taking place.</description>
+ <type>input</type>
+ </field>
+ <field>
+ <fielddescr>Log Connections</fielddescr>
+ <fieldname>log</fieldname>
+ <description>Set the 'log' flag on pf rules committed by ftp-proxy.</description>
+ <type>checkbox</type>
+ <default_value>off</default_value>
+ </field>
+
+ </fields>
+ <custom_php_resync_config_command>
+ sync_package_ftpproxy();
+ </custom_php_resync_config_command>
+ <custom_php_validation_command>
+ validate_form_ftpproxy($_POST, $input_errors);
+ </custom_php_validation_command>
+</packagegui>
diff --git a/config/lightsquid/lightsquid.inc b/config/lightsquid/lightsquid.inc
index 399e0572..054713a1 100644
--- a/config/lightsquid/lightsquid.inc
+++ b/config/lightsquid/lightsquid.inc
@@ -175,6 +175,9 @@ function lightsquid_resync() {
if (!file_exists("/usr/bin/perl"))
mwexec("ln -s /usr/local/bin/perl /usr/bin/perl");
+ // Fixup library path so GD can find its libraries for graphs.
+ mwexec("/sbin/ldconfig -m " . LIGHTSQUID_BASE . "/lib/");
+
// create lightsquid report catalog
if (!file_exists(LS_REPORTPATH)) {
update_log("lightsquid_install: Create report dir " . LS_REPORTPATH);
diff --git a/config/lightsquid/lightsquid.xml b/config/lightsquid/lightsquid.xml
index 0f6baf37..63eaabe4 100644
--- a/config/lightsquid/lightsquid.xml
+++ b/config/lightsquid/lightsquid.xml
@@ -46,7 +46,7 @@
<requirements>Describe your package requirements here</requirements>
<faq>Currently there are no FAQ items provided.</faq>
<name>lightsquid</name>
- <version>1.8.2 pkg v.2.34</version>
+ <version>1.8.2 pkg v.2.35</version>
<title>Services: Proxy Reports (LightSquid, SQStat) -> Settings</title>
<category>Status</category>
<include_file>/usr/local/pkg/lightsquid.inc</include_file>
diff --git a/config/ntopng/ntopng.xml b/config/ntopng/ntopng.xml
index b656e483..9382912a 100644
--- a/config/ntopng/ntopng.xml
+++ b/config/ntopng/ntopng.xml
@@ -39,7 +39,7 @@
]]>
</copyright>
<name>ntopng</name>
- <version>1.1 v0.1</version>
+ <version>1.2 v0.5</version>
<title>Diagnostics: ntopng Settings</title>
<savetext>Change</savetext>
<aftersaveredirect>pkg_edit.php?xml=ntopng.xml</aftersaveredirect>
@@ -96,7 +96,12 @@
<field>
<fielddescr>DNS Mode</fielddescr>
<fieldname>dns_mode</fieldname>
- <description>Configures how name resolution is handled</description>
+ <description>
+ Configures how name resolution is handled&lt;br/&gt;&lt;br/&gt;
+ Additionally, GeoIP Data can provide location information about IP addresses.&lt;br/&gt;
+ This product includes GeoLite data created by MaxMind, available from &lt;a href=&quot;http://www.maxmind.com&quot;&gt;http://www.maxmind.com&lt;/a&gt;.&lt;br/&gt;
+ &lt;input type=&quot;submit&quot; name=&quot;Submit&quot; value=&quot;Update GeoIP Data&quot;&gt;
+ </description>
<type>select</type>
<default_value>0</default_value>
<options>
@@ -121,13 +126,22 @@
<field>
<fielddescr>Historical Data Storage</fielddescr>
<fieldname>dump_flows</fieldname>
- <description>Turn historical data storages on</description>
+ <description>Enable historical data storage</description>
+ <type>checkbox</type>
+ </field>
+ <field>
+ <fielddescr>Disable Alerts</fielddescr>
+ <fieldname>disable_alerts</fieldname>
+ <description>Disables all alerts generated by ntopng, such as flooding notifications</description>
<type>checkbox</type>
</field>
</fields>
<custom_php_global_functions>
<![CDATA[
function sync_package_ntopng() {
+ if ($_POST['Submit'] == "Update GeoIP Data") {
+ return;
+ }
conf_mount_rw();
config_lock();
global $config;
@@ -185,7 +199,12 @@
if ($ntopng_config['dump_flows'] >= on) {
$dump_flows = "-F";
}
-
+
+ // Disable alerts
+ if ($ntopng_config['disable_alerts'] >= on) {
+ $disable_alerts = "-H";
+ }
+
$pf_version=substr(trim(file_get_contents("/etc/version")),0,3);
if ($pf_version >= 2.2) {
$redis_path = "/usr/pbi/ntopng-" . php_uname("m") . "/local/bin";
@@ -199,7 +218,7 @@
// Add support for --data-dir /somewhere, --httpdocs-dir /somewhereelse,
// --dump-timeline (on/off) --http-port, --https-port
- $start .= "\t/usr/local/bin/ntopng -d /var/db/ntopng -G /var/run/ntopng.pid -s -e {$dump_flows} {$ifaces} {$dns_mode} {$aggregations} {$local_networks} &";
+ $start .= "\t/usr/local/bin/ntopng -d /var/db/ntopng -G /var/run/ntopng.pid -s -e {$disable_alerts} {$dump_flows} {$ifaces} {$dns_mode} {$aggregations} {$local_networks} &";
write_rcfile(array(
"file" => "ntopng.sh",
"start" => $start,
@@ -211,6 +230,7 @@
// Wait for ntopng to shut down cleanly.
sleep(20);
}
+ ntopng_fixup_geoip();
start_service("ntopng");
sleep(2);
@@ -222,6 +242,30 @@
conf_mount_ro();
config_unlock();
}
+ function ntopng_update_geoip() {
+ mwexec("/usr/pbi/ntopng-" . php_uname("m") . "/bin/ntopng-geoipupdate.sh");
+ ntopng_fixup_geoip();
+ restart_service("ntopng");
+ }
+ function ntopng_fixup_geoip() {
+ $target_dir = "/usr/pbi/ntopng-" . php_uname("m") . "/local/share/ntopng/httpdocs/geoip";
+ $source_dir = "/usr/pbi/ntopng-" . php_uname("m") . "/share/ntopng";
+
+ foreach(glob("{$source_dir}/Geo*.dat*") as $geofile) {
+ /* Decompress if needed. */
+ if (substr($geofile, -3, 3) == ".gz") {
+ mwexec("/usr/bin/gzip -d " . escapeshellarg($geofile));
+ }
+ }
+
+ /* Use a separate glob since the filenames could have changed since the last run */
+ foreach(glob("{$source_dir}/Geo*.dat*") as $geofile) {
+ $target_file = $target_dir . '/' . basename($geofile);
+ if (!file_exists($target_file)) {
+ symlink($geofile, $target_file);
+ }
+ }
+ }
]]>
</custom_php_global_functions>
<custom_add_php_command>
@@ -232,7 +276,7 @@
</custom_php_resync_config_command>
<custom_php_install_command>
<![CDATA[
- mwexec_bg("/usr/pbi/ntopng-" . php_uname("m") . "/bin/geoipupdate.sh");
+ ntopng_update_geoip();
sync_package_ntopng();
]]>
</custom_php_install_command>
@@ -246,6 +290,9 @@
$input_errors[] = "You must provide (and confirm) ntopng's password.";
if ($_POST['password'] != $_POST['passwordagain'])
$input_errors[] = "The provided passwords did not match.";
+ if ($_POST['Submit'] == "Update GeoIP Data") {
+ ntopng_update_geoip();
+ }
}
]]>
</custom_php_validation_command>
diff --git a/config/openvpn-client-export/openvpn-client-export.inc b/config/openvpn-client-export/openvpn-client-export.inc
index f635bbd0..16ccb6a4 100755
--- a/config/openvpn-client-export/openvpn-client-export.inc
+++ b/config/openvpn-client-export/openvpn-client-export.inc
@@ -40,7 +40,7 @@ require_once("pfsense-utils.inc");
global $current_openvpn_version, $current_openvpn_version_rev;
$current_openvpn_version = "2.3.6";
-$current_openvpn_version_rev = "01";
+$current_openvpn_version_rev = "03";
function openvpn_client_export_install() {
global $current_openvpn_version;
diff --git a/config/openvpn-client-export/openvpn-client-export.xml b/config/openvpn-client-export/openvpn-client-export.xml
index 15986428..42a3c327 100755
--- a/config/openvpn-client-export/openvpn-client-export.xml
+++ b/config/openvpn-client-export/openvpn-client-export.xml
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="utf-8" ?>
<packagegui>
<name>OpenVPN Client Export</name>
- <version>1.2.15</version>
+ <version>1.2.16</version>
<title>OpenVPN Client Export</title>
<include_file>/usr/local/pkg/openvpn-client-export.inc</include_file>
<backup_file></backup_file>
diff --git a/config/pfblockerng/geoipupdate.sh b/config/pfblockerng/geoipupdate.sh
index 302f81f5..dc6f2af6 100644
--- a/config/pfblockerng/geoipupdate.sh
+++ b/config/pfblockerng/geoipupdate.sh
@@ -1,7 +1,7 @@
#!/bin/sh
#
# pfBlockerNG MaxMind GeoLite GeoIP Updater Script - By BBcan177@gmail.com
-# Copyright (C) 2014 BBcan177@gmail.com
+# Copyright (C) 2015 BBcan177@gmail.com
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License Version 2 as
diff --git a/config/pfblockerng/pfblockerng.inc b/config/pfblockerng/pfblockerng.inc
index a1ee6abc..1a1c87a2 100644
--- a/config/pfblockerng/pfblockerng.inc
+++ b/config/pfblockerng/pfblockerng.inc
@@ -3,7 +3,7 @@
pfBlockerNG.inc
pfBlockerNG
- Copyright (C) 2014 BBcan177@gmail.com
+ Copyright (C) 2015 BBcan177@gmail.com
All rights reserved.
part of the Postfix package for pfSense
@@ -78,6 +78,7 @@ function pfb_global() {
$pfb['log'] = "{$pfb['logdir']}/pfblockerng.log";
$pfb['supptxt'] = "{$pfb['dbdir']}/pfbsuppression.txt";
$pfb['script'] = 'sh /usr/local/pkg/pfblockerng/pfblockerng.sh';
+ $pfb['aliasarchive'] = "/usr/pbi/pfblockerng-" . php_uname("m") . "/etc/aliastables.tar.bz2";
# General Variables
$pfb['config'] = $config['installedpackages']['pfblockerng']['config'][0];
@@ -225,8 +226,11 @@ function pfb_create_suppression_file() {
if ($pfb['found']) {
$pfb_suppress = str_replace(" ", "\n", $config['aliases']['alias'][$pfb_id]['address']);
- if (!empty($pfb_suppress))
+ if (!empty($pfb_suppress)) {
@file_put_contents("{$pfb['supptxt']}",$pfb_suppress, LOCK_EX);
+ } else {
+ unlink_if_exists("{$pfb['supptxt']}");
+ }
} else {
# Delete Suppression File if Alias is Empty.
unlink_if_exists("{$pfb['supptxt']}");
@@ -334,6 +338,58 @@ function ip_range_to_subnet_array_temp2($ip1, $ip2) {
}
+// Archive Aliastables for NanoBSD and RAMDisk Installations
+function pfb_aliastables($mode) {
+ global $g,$config,$pfb;
+ $earlyshellcmd = "/usr/local/pkg/pfblockerng/pfblockerng.sh aliastables";
+ $msg = "";
+
+ // Only Execute function if Platform is NanoBSD or Ramdisks are used.
+ if (($g['platform'] != "pfSense") || isset($config['system']['use_mfs_tmpvar'])) {
+ conf_mount_rw();
+ if ($mode == "update") {
+ // Archive Aliastable Folder
+ exec ("cd {$pfb['aliasdir']}; ls -A pfB_*.txt && /usr/bin/tar -jcvf {$pfb['aliasarchive']} pfB_*.txt >/dev/null 2>&1");
+ $msg = "\n\nArchiving Aliastable Folder\n";
+ }
+ elseif ($mode == "conf") {
+ // Check conf file for earlyshellcmd
+ if (is_array($config['system']['earlyshellcmd'])) {
+ $a_earlyshellcmd = &$config['system']['earlyshellcmd'];
+ if (!preg_grep("/pfblockerng.sh aliastables/", $a_earlyshellcmd)) {
+ $a_earlyshellcmd[] = "{$earlyshellcmd}";
+ $msg = "\n** Adding earlyshellcmd **\n";
+ }
+ }
+ else {
+ $config['system']['earlyshellcmd'] = "{$earlyshellcmd}";
+ $msg = "\n** Adding earlyshellcmd **\n";
+ }
+ }
+ conf_mount_ro();
+ }
+ else {
+ if (file_exists("{$pfb['aliasarchive']}")) {
+ // Remove Aliastables archive if found.
+ conf_mount_rw();
+ @unlink_if_exists("{$pfb['aliasarchive']}");
+ conf_mount_ro();
+ }
+ // Remove earlyshellcmd if found.
+ if (is_array($config['system']['earlyshellcmd'])) {
+ $a_earlyshellcmd = &$config['system']['earlyshellcmd'];
+ if (preg_grep("/pfblockerng.sh aliastables/", $a_earlyshellcmd)) {
+ $a_earlyshellcmd = preg_grep("/pfblockerng.sh aliastables/", $a_earlyshellcmd, PREG_GREP_INVERT);
+ $msg = "\n** Removing earlyshellcmd **\n";
+ }
+ }
+ }
+
+ if ($msg != "")
+ pfb_logger("{$msg}","1");
+}
+
+
# Main pfBlockerNG Function
function sync_package_pfblockerng($cron = "") {
@@ -365,14 +421,8 @@ function sync_package_pfblockerng($cron = "") {
}
}
- # TBC if Required ! (Fetch Timeout in 2.2)
-
- #apply fetch timeout to pfsense-utils.inc
- $pfsense_utils = file_get_contents('/etc/inc/pfsense-utils.inc');
- $new_pfsense_utils = preg_replace("/\/usr\/bin\/fetch -q/","/usr/bin/fetch -T 5 -q",$pfsense_utils);
- if ($new_pfsense_utils != $pfsense_utils) {
- @file_put_contents('/etc/inc/pfsense-utils.inc',$new_pfsense_utils, LOCK_EX);
- }
+ // Call function for NanoBSD/Ramdisk processes.
+ pfb_aliastables("conf");
# Collect pfSense Max Table Size Entry
$pfb['table_limit'] = ($config['system']['maximumtableentries'] != "" ? $config['system']['maximumtableentries'] : "2000000");
@@ -1173,7 +1223,7 @@ function sync_package_pfblockerng($cron = "") {
$pattern8 = '[A-Fa-f0-9]{1,4}:[A-Fa-f0-9]{1,4}:[A-Fa-f0-9]{1,4}::\/[0-9]{2}';
$pattern9 = '[A-Fa-f0-9]{1,4}:([A-Fa-f0-9]{1,4}::)\/[0-9]{2}';
$pattern10 = '[A-Fa-f0-9]{1,4}::\/[0-9]{2}';
- $pfb['ipv6'] = "/^($pattern1)$|^($pattern2)$|^($pattern3)$|^($pattern4)$|^($pattern5)$|^($pattern6)$|^($pattern7)$|^($pattern8)$|^($pattern9)$|^($pattern10)$/";
+ $pfb['ipv6'] = "/($pattern1)|($pattern2)|($pattern3)|($pattern4)|($pattern5)|($pattern6)|($pattern7)|($pattern8)|($pattern9)|($pattern10)/";
$pfb['supp_update'] = FALSE;
$list_type = array ("pfblockernglistsv4" => "_v4", "pfblockernglistsv6" => "_v6");
@@ -2191,6 +2241,7 @@ function sync_package_pfblockerng($cron = "") {
unset ($other_rules,$fother_rules,$permit_rules,$fpermit_rules,$match_rules,$fmatch_rules);
}
+
#################################
# Closing Processes #
#################################
@@ -2223,6 +2274,9 @@ function sync_package_pfblockerng($cron = "") {
#load filter file which will create the pfctl tables
filter_configure();
+
+ // Call function for NanoBSD/Ramdisk processes.
+ pfb_aliastables("update");
} else {
# Don't Execute on User 'Save'
if (!$pfb['save']) {
@@ -2253,8 +2307,11 @@ function sync_package_pfblockerng($cron = "") {
$log = implode($result_pfctl);
pfb_logger("{$log}","1");
}
+
+ // Call function for NanoBSD/Ramdisk processes.
+ pfb_aliastables("update");
} else {
- $log = "\n No Changes to Aliases, Skipping pfctl Update \n";
+ $log = "\nNo Changes to Aliases, Skipping pfctl Update \n";
pfb_logger("{$log}","1");
}
}
@@ -2282,7 +2339,7 @@ function sync_package_pfblockerng($cron = "") {
#########################################
- # Define/Apply CRON Jobs #
+ # Define/Apply CRON Jobs #
#########################################
# Clear any existing pfBlockerNG Cron Jobs
@@ -2291,13 +2348,13 @@ function sync_package_pfblockerng($cron = "") {
# Replace Cron job with any User Changes to $pfb_min
if ($pfb['enable'] == "on") {
# Define pfBlockerNG CRON Job
- $pfb_cmd = "/usr/local/bin/php /usr/local/www/pfblockerng/pfblockerng.php cron >> {$pfb['log']} 2>&1";
+ $pfb_cmd = "/usr/local/bin/php /usr/local/www/pfblockerng/pfblockerng.php cron >> {$pfb['log']} 2>&1";
# $pfb['min'] ( User Defined Variable. Variable defined at start of Script )
- $pfb_hour = "*";
- $pfb_mday = "*";
- $pfb_month = "*";
- $pfb_wday = "*";
- $pfb_who = "root";
+ $pfb_hour = "*";
+ $pfb_mday = "*";
+ $pfb_month = "*";
+ $pfb_wday = "*";
+ $pfb_who = "root";
install_cron_job($pfb_cmd, true, $pfb['min'], $pfb_hour, $pfb_mday, $pfb_month, $pfb_wday, $pfb_who);
}
@@ -2311,12 +2368,12 @@ function sync_package_pfblockerng($cron = "") {
# MaxMind GeoIP Cron Hour is randomized between 0-23 Hour to minimize effect on MaxMind Website
- $pfb_gmin = "0";
- $pfb_ghour = rand(0,23);
- $pfb_gmday = "1,2,3,4,5,6,7";
- $pfb_gmonth = "*";
- $pfb_gwday = "2";
- $pfb_gwho = "root";
+ $pfb_gmin = "0";
+ $pfb_ghour = rand(0,23);
+ $pfb_gmday = "1,2,3,4,5,6,7";
+ $pfb_gmonth = "*";
+ $pfb_gwday = "2";
+ $pfb_gwho = "root";
install_cron_job($pfb_gcmd, true, $pfb_gmin, $pfb_ghour, $pfb_gmday, $pfb_gmonth, $pfb_gwday, $pfb_gwho);
}
@@ -2413,6 +2470,15 @@ function pfblockerng_php_deinstall_command() {
rmdir_recursive("{$pfb['dbdir']}");
rmdir_recursive("{$pfb['logdir']}");
+ // Remove Aliastables archive and earlyshellcmd if found.
+ @unlink_if_exists("{$pfb['aliasarchive']}");
+ if (is_array($config['system']['earlyshellcmd'])) {
+ $a_earlyshellcmd = &$config['system']['earlyshellcmd'];
+ if (preg_grep("/pfblockerng.sh aliastables/", $a_earlyshellcmd)) {
+ $a_earlyshellcmd = preg_grep("/pfblockerng.sh aliastables/", $a_earlyshellcmd, PREG_GREP_INVERT);
+ }
+ }
+
# Remove Settings from Config
if (is_array($config['installedpackages']['pfblockerng']))
unset($config['installedpackages']['pfblockerng']);
diff --git a/config/pfblockerng/pfblockerng.js b/config/pfblockerng/pfblockerng.js
index cef0ce3b..e1c1ca20 100644
--- a/config/pfblockerng/pfblockerng.js
+++ b/config/pfblockerng/pfblockerng.js
@@ -1,6 +1,6 @@
/* pfBlockerNG update engine */
-// Part of pfBlockerNG by BBCan177@gmail.com (c) 2014
+// Part of pfBlockerNG by BBCan177@gmail.com (c) 2015
//
// Javascript and Integration modifications by J. Nieuwenhuizen
diff --git a/config/pfblockerng/pfblockerng.php b/config/pfblockerng/pfblockerng.php
index 0ca3aa7d..8c0c478d 100644
--- a/config/pfblockerng/pfblockerng.php
+++ b/config/pfblockerng/pfblockerng.php
@@ -3,7 +3,7 @@
pfBlockerNG.php
pfBlockerNG
- Copyright (C) 2014 BBcan177@gmail.com
+ Copyright (C) 2015 BBcan177@gmail.com
All rights reserved.
Based upon pfBlocker by
@@ -12,7 +12,7 @@
Hour Schedule Convertor code by
Snort Package
- Copyright (c) 2014 Bill Meeks
+ Copyright (c) 2015 Bill Meeks
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
@@ -251,7 +251,7 @@ if ($argv[1] == 'gc') {
}
if ($argv[1] == 'cron') {
- $hour = date('H');
+ $hour = date('G');
$dow = date('N');
$pfb['update_cron'] = FALSE;
@@ -270,7 +270,7 @@ if ($argv[1] == 'cron') {
$sch2 = strval($shour);
for ($i=0; $i<11; $i++) {
$shour += 2;
- if ($shour > 24)
+ if ($shour >= 24)
$shour -= 24;
$sch2 .= "," . strval($shour);
}
@@ -280,7 +280,7 @@ if ($argv[1] == 'cron') {
$sch3 = strval($shour);
for ($i=0; $i<7; $i++) {
$shour += 3;
- if ($shour > 24)
+ if ($shour >= 24)
$shour -= 24;
$sch3 .= "," . strval($shour);
}
@@ -290,7 +290,7 @@ if ($argv[1] == 'cron') {
$sch4 = strval($shour);
for ($i=0; $i<5; $i++) {
$shour += 4;
- if ($shour > 24)
+ if ($shour >= 24)
$shour -= 24;
$sch4 .= "," . strval($shour);
}
@@ -300,7 +300,7 @@ if ($argv[1] == 'cron') {
$sch6 = strval($shour);
for ($i=0; $i<3; $i++) {
$shour += 6;
- if ($shour > 24)
+ if ($shour >= 24)
$shour -= 24;
$sch6 .= "," . strval($shour);
}
@@ -310,7 +310,7 @@ if ($argv[1] == 'cron') {
$sch8 = strval($shour);
for ($i=0; $i<2; $i++) {
$shour += 8;
- if ($shour > 24)
+ if ($shour >= 24)
$shour -= 24;
$sch8 .= "," . strval($shour);
}
@@ -319,7 +319,7 @@ if ($argv[1] == 'cron') {
$shour = intval(substr($pfb['hour'], 0, 2));
$sch12 = strval($shour) . ",";
$shour += 12;
- if ($shour > 24)
+ if ($shour >= 24)
$shour -= 24;
$sch12 .= strval($shour);
@@ -696,7 +696,7 @@ $xml = <<<EOF
pfblockerng_{$cont_name}.xml
pfBlockerNG
- Copyright (C) 2014 BBcan177@gmail.com
+ Copyright (C) 2015 BBcan177@gmail.com
All rights reserved.
Based upon pfblocker for pfSense
@@ -1001,7 +1001,7 @@ $xmlrep = <<<EOF
pfBlockerNG_Reputation.xml
pfBlockerNG
- Copyright (C) 2014 BBcan177@gmail.com
+ Copyright (C) 2015 BBcan177@gmail.com
All rights reserved.
Based upon pfblocker for pfSense
diff --git a/config/pfblockerng/pfblockerng.sh b/config/pfblockerng/pfblockerng.sh
index cc11be6b..e010a6e5 100644
--- a/config/pfblockerng/pfblockerng.sh
+++ b/config/pfblockerng/pfblockerng.sh
@@ -1,6 +1,6 @@
#!/bin/sh
# pfBlockerNG IP Reputation Script - By BBcan177@gmail.com - 04-12-14
-# Copyright (C) 2014 BBcan177@gmail.com
+# Copyright (C) 2015 BBcan177@gmail.com
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License Version 2 as
@@ -35,6 +35,7 @@ etblock=$(echo $8 | sed 's/,/, /g')
etmatch=$(echo $9 | sed 's/,/, /g')
# File Locations
+aliasarchive="/usr/pbi/pfblockerng-$mtype/etc/aliastables.tar.bz2"
pathgeoipdat=/usr/pbi/pfblockerng-$mtype/share/GeoIP/GeoIP.dat
pfbsuppression=/var/db/pfblockerng/pfbsuppression.txt
masterfile=/var/db/pfblockerng/masterfile
@@ -46,6 +47,7 @@ errorlog=/var/log/pfblockerng/error.log
etdir=/var/db/pfblockerng/ET
tmpxlsx=/tmp/xlsx/
+pfbdbdir=/var/db/pfblockerng/
pfbdeny=/var/db/pfblockerng/deny/
pfborig=/var/db/pfblockerng/original/
pfbmatch=/var/db/pfblockerng/match/
@@ -65,6 +67,17 @@ syncfile=/tmp/pfbsyncfile
matchfile=/tmp/pfbmatchfile
tempmatchfile=/tmp/pfbtempmatchfile
+PLATFORM=`cat /etc/platform`
+USE_MFS_TMPVAR=`/usr/bin/grep -c use_mfs_tmpvar /cf/conf/config.xml`
+DISK_NAME=`/bin/df /var/db/rrd | /usr/bin/tail -1 | /usr/bin/awk '{print $1;}'`
+DISK_TYPE=`/usr/bin/basename ${DISK_NAME} | /usr/bin/cut -c1-2`
+
+if [ "${PLATFORM}" != "pfSense" ] || [ ${USE_MFS_TMPVAR} -gt 0 ] || [ "${DISK_TYPE}" = "md" ]; then
+ /usr/local/bin/php /etc/rc.conf_mount_rw >/dev/null 2>&1
+ if [ ! -d $pfbdbdir ]; then mkdir $pfbdbdir; fi
+ if [ ! -d $pfsense_alias_dir ]; then mkdir $pfsense_alias_dir; fi
+fi
+
if [ ! -f $masterfile ]; then touch $masterfile; fi
if [ ! -f $mastercat ]; then touch $mastercat; fi
if [ ! -f $tempfile ]; then touch $tempfile; fi
@@ -79,6 +92,16 @@ if [ ! -d $pfbmatch ]; then mkdir $pfbmatch; fi
if [ ! -d $etdir ]; then mkdir $etdir; fi
if [ ! -d $tmpxlsx ]; then mkdir $tmpxlsx; fi
+
+# Exit Function to set mount RO if required before Exiting
+exitnow() {
+ if [ "${PLATFORM}" != "pfSense" ] || [ ${USE_MFS_TMPVAR} -gt 0 ] || [ "${DISK_TYPE}" = "md" ]; then
+ /usr/local/bin/php /etc/rc.conf_mount_ro >/dev/null 2>&1
+ fi
+ exit
+}
+
+
##########
# Process to condense an IP range if a "Max" amount of IP addresses are found in a /24 range per Alias Group.
process24() {
@@ -86,7 +109,7 @@ process24() {
if [ ! -x $pathgeoip ]; then
echo "Process24 - Application [ GeoIP ] Not found. Can't proceed."
echo "Process24 - Application [ GeoIP ] Not found. Can't proceed. [ $now ]" >> $errorlog
- exit
+ exitnow
fi
# Download MaxMind GeoIP.dat Binary on first Install.
@@ -98,7 +121,7 @@ fi
if [ ! -f $pathgeoipdat ]; then
echo "Process24 - Database GeoIP [ GeoIP.Dat ] not found. Can't proceed."
echo "Process24 - Database GeoIP [ GeoIP.Dat ] not found. Can't proceed. [ $now ]" >> $errorlog
- exit
+ exitnow
fi
count=$(grep -c ^ $pfbdeny$alias".txt")
@@ -192,6 +215,7 @@ echo "-------------------------------------------------------"
cocount=$(grep -cv "^1\.1\.1\.1" $pfbdeny$alias".txt")
echo "Post /24 Count [ $cocount ]"; echo
fi
+exitnow
}
@@ -247,6 +271,7 @@ printf "%-10s %-10s %-10s %-30s\n" "Original" "Masterfile" "Outfile" "Sanity Che
echo "----------------------------------------------------------"
printf "%-10s %-10s %-10s %-30s\n" "$countg" "$countm" "$counto" " [ $sanity ]"
echo "----------------------------------------------------------"
+exitnow
}
@@ -257,7 +282,7 @@ suppress() {
if [ ! -x $pathgrepcidr ]; then
echo "Application [ Grepcidr ] Not found. Can't proceed. [ $now ]"
echo "Application [ Grepcidr ] Not found. Can't proceed. [ $now ]" >> errorlog
- exit
+ exitnow
fi
if [ -e "$pfbsuppression" ] && [ -s "$pfbsuppression" ]; then
@@ -270,7 +295,7 @@ if [ -e "$pfbsuppression" ] && [ -s "$pfbsuppression" ]; then
echo; echo "===[ Suppression Stats ]========================================"; echo
printf "%-20s %-10s %-10s %-10s %-10s\n" "List" "Pre" "RFC1918" "Suppress" "Masterfile"
echo "----------------------------------------------------------------"
- exit
+ exitnow
fi
for i in $cc; do
@@ -342,7 +367,7 @@ else
echo "===[ Suppression Stats ]========================================"; echo
printf "%-20s %-10s %-10s %-10s %-10s\n" "List" "Pre" "RFC1918" "Suppress" "Masterfile"
echo "----------------------------------------------------------------"
- exit
+ exitnow
fi
for i in $cc; do
alias=$(echo "${i%|*}")
@@ -372,6 +397,7 @@ else
fi
done
fi
+exitnow
}
@@ -382,7 +408,7 @@ duplicate() {
if [ ! -x $pathgrepcidr ]; then
echo "Application [ Grepcidr ] Not found. Can't proceed. [ $now ]"
echo "Application [ Grepcidr ] Not found. Can't proceed. [ $now ]" >> errorlog
- exit
+ exitnow
fi
dupcheck=yes
@@ -415,6 +441,7 @@ printf "%-10s %-10s %-10s %-30s\n" "Original" "Masterfile" "Outfile" " [ Post Du
echo "----------------------------------------------------------"
printf "%-10s %-10s %-10s %-30s\n" "$countg" "$countm" "$counto" " [ $sanity ]"
echo "----------------------------------------------------------"
+exitnow
}
@@ -425,7 +452,7 @@ deduplication() {
if [ ! -x $pathgeoip ]; then
echo "d-duplication - Application [ GeoIP ] Not found. Can't proceed."
echo "d-duplication - Application [ GeoIP ] Not found. Can't proceed. [ $now ]" >> $errorlog
- exit
+ exitnow
fi
# Download MaxMind GeoIP.dat on first Install.
@@ -438,7 +465,7 @@ fi
if [ ! -f $pathgeoipdat ]; then
echo "d-duplication - Database GeoIP [ GeoIP.Dat ] not found. Can't proceed."
echo "d-duplication - Database GeoIP [ GeoIP.Dat ] not found. Can't proceed. [ $now ]" >> $errorlog
- exit
+ exitnow
fi
> $tempfile; > $tempfile2; > $dupfile; > $addfile; > $dedupfile; > $matchfile; > $tempmatchfile; count=0; dcount=0; mcount=0; mmcount=0
@@ -541,6 +568,7 @@ echo " [ Post d-Deduplication count ] [ $count ]"; echo
# Write "1.1.1.1" to empty Final Blocklist Files
emptyfiles=$(find $pfbdeny -size 0)
for i in $emptyfiles; do echo "1.1.1.1" > $i; done
+exitnow
}
@@ -551,7 +579,7 @@ pdeduplication(){
if [ ! -x $pathgeoip ]; then
echo "p-duplication - Application [ GeoIP ] Not found. Can't proceed."
echo "p-duplication - Application [ GeoIP ] Not found. Can't proceed. [ $now ]" >> $errorlog
- exit
+ exitnow
fi
# Download MaxMind GeoIP.dat on first Install.
@@ -563,7 +591,7 @@ fi
if [ ! -f $pathgeoipdat ]; then
echo "p-duplication - Database GeoIP [ GeoIP.Dat ] not found. Can't proceed."
echo "p-duplication - Database GeoIP [ GeoIP.Dat ] not found. Can't proceed. [ $now ]" >> $errorlog
- exit
+ exitnow
fi
> $tempfile; > $tempfile2; > $dupfile; > $addfile; > $dedupfile; count=0; dcount=0
@@ -616,6 +644,7 @@ echo; echo " [ Post p-Deduplication count ] [ $count ]"
# Write "1.1.1.1" to empty Final Blocklist Files
emptyfiles=$(find $pfbdeny -size 0)
for i in $emptyfiles; do echo "1.1.1.1" > $i; done
+exitnow
}
@@ -626,7 +655,7 @@ processet() {
if [ ! -x $pathgunzip ]; then
echo "Application [ Gunzip ] Not found, Can't proceed."
echo "Application [ Gunzip ] Not found, Can't proceed. [ $now ]" >> $errorlog
- exit
+ exitnow
fi
if [ -s $pfborig$alias".gz" ]; then
@@ -714,6 +743,7 @@ if [ -s $pfborig$alias".gz" ]; then
else
echo; echo "No ET .GZ File Found!"
fi
+exitnow
}
# Process to extract IP addresses from XLSX Files
@@ -722,7 +752,7 @@ processxlsx() {
if [ ! -x $pathtar ]; then
echo "Application [ TAR ] Not found, Can't proceed."
echo "Application [ TAR ] Not found, Can't proceed. [ $now ]" >> $errorlog
- exit
+ exitnow
fi
if [ -s $pfborig$alias".zip" ]; then
@@ -738,6 +768,7 @@ else
echo "XLSX Download File Missing"
echo " [ $alias ] XLSX Download File Missing [ $now ]" >> $errorlog
fi
+exitnow
}
closingprocess() {
@@ -856,6 +887,7 @@ echo; echo "pfSense Table Stats"; echo "-------------------"
$pathpfctl -s memory | grep "table-entries"
pfctlcount=$($pathpfctl -vvsTables | awk '/Addresses/ {s+=$2}; END {print s}')
echo "Table Usage Count " $pfctlcount
+exitnow
}
remove() {
@@ -883,6 +915,15 @@ emptychk=$(find $masterfile -size 0)
if [ ! "$emptychk" == "" ]; then
rm -r $masterfile; rm -r $mastercat
fi
+exitnow
+}
+
+# Process to restore aliasables from archive on reboot ( NanoBSD and Ramdisk Installations only )
+aliastables() {
+ if [ "${PLATFORM}" != "pfSense" ] || [ ${USE_MFS_TMPVAR} -gt 0 ] || [ "${DISK_TYPE}" = "md" ]; then
+ [ -f $aliasarchive ] && cd $pfsense_alias_dir && /usr/bin/tar -jxvf $aliasarchive
+ fi
+ exitnow
}
@@ -920,8 +961,11 @@ case $1 in
remove)
remove
;;
+ aliastables)
+ aliastables
+ ;;
*)
- exit
+ exitnow
;;
esac
-exit \ No newline at end of file
+exitnow \ No newline at end of file
diff --git a/config/pfblockerng/pfblockerng.widget.php b/config/pfblockerng/pfblockerng.widget.php
index 647017ff..229e084b 100644
--- a/config/pfblockerng/pfblockerng.widget.php
+++ b/config/pfblockerng/pfblockerng.widget.php
@@ -3,7 +3,7 @@
pfBlockerNG.widget.php
pfBlockerNG
- Copyright (C) 2014 BBcan177@gmail.com
+ Copyright (C) 2015 BBcan177@gmail.com
All rights reserved.
Based Upon pfblocker :
diff --git a/config/pfblockerng/pfblockerng.xml b/config/pfblockerng/pfblockerng.xml
index 54c6c061..6f7e34ec 100644
--- a/config/pfblockerng/pfblockerng.xml
+++ b/config/pfblockerng/pfblockerng.xml
@@ -10,7 +10,7 @@
pfBlockerNG.xml
pfBlockerNG
- Copyright (C) 2014 BBcan177@gmail.com
+ Copyright (C) 2015 BBcan177@gmail.com
All rights reserved.
Based upon pfblocker for pfSense
@@ -234,6 +234,7 @@
<fieldname>pfb_keep</fieldname>
<type>checkbox</type>
<description>Keep Settings and Lists intact when pfBlockerNG is Disabled or After pfBlockerNG Re-Install/De-Install</description>
+ <default_value>on</default_value>
</field>
<field>
<fielddescr>CRON MIN Start Time</fielddescr>
@@ -455,7 +456,7 @@
<fieldname>credits</fieldname>
<type>info</type>
<description><![CDATA[<strong>
- pfBlockerNG</strong> Created in 2014 by <a target=_new href='https://forum.pfsense.org/index.php?action=profile;u=238481'>BBcan177.</a>
+ pfBlockerNG</strong> Created in 2015 by <a target=_new href='https://forum.pfsense.org/index.php?action=profile;u=238481'>BBcan177.</a>
<br /><br />Based upon pfBlocker by Marcello Coutinho and Tom Schaefer.<br />
Country Database GeoLite distributed under the Creative Commons Attribution-ShareAlike 3.0 Unported License by:
MaxMind Inc. @ <a target=_new href='http://www.maxmind.com'>MaxMind.com</a>.
diff --git a/config/pfblockerng/pfblockerng_alerts.php b/config/pfblockerng/pfblockerng_alerts.php
index f03f7040..c67420b9 100644
--- a/config/pfblockerng/pfblockerng_alerts.php
+++ b/config/pfblockerng/pfblockerng_alerts.php
@@ -3,14 +3,14 @@
pfBlockerNG_Alerts.php
pfBlockerNG
- Copyright (C) 2014 BBcan177@gmail.com
+ Copyright (C) 2015 BBcan177@gmail.com
All rights reserved.
Portions of this code are based on original work done for
pfSense from the following contributors:
Parts based on works from Snort_alerts.php
- Copyright (C) 2014 Bill Meeks
+ Copyright (C) 2015 Bill Meeks
All rights reserved.
Javascript Hostname Lookup modifications by J. Nieuwenhuizen
@@ -41,8 +41,12 @@
// Auto-Resolve Hostnames
if (isset($_REQUEST['getpfhostname'])) {
- $getpfhostname = htmlspecialchars($_REQUEST['getpfhostname']);
- $hostname = htmlspecialchars(gethostbyaddr($getpfhostname), ENT_QUOTES);
+ $getpfhostname = trim(htmlspecialchars($_REQUEST['getpfhostname']));
+ if (strlen($getpfhostname) >= 8) {
+ $hostname = htmlspecialchars(gethostbyaddr($getpfhostname), ENT_QUOTES);
+ } else {
+ $hostname = $getpfhostname;
+ }
if ($hostname == $getpfhostname) {
$hostname = 'unknown';
}
@@ -52,9 +56,8 @@ if (isset($_REQUEST['getpfhostname'])) {
require_once("util.inc");
require_once("guiconfig.inc");
-require_once("filter_log.inc");
require_once("/usr/local/pkg/pfblockerng/pfblockerng.inc");
-
+global $rule_list;
pfb_global();
// Application Paths
@@ -66,6 +69,9 @@ $filter_logfile = "{$g['varlog_path']}/filter.log";
$pathgeoipdat = "/usr/pbi/pfblockerng-" . php_uname("m") . "/share/GeoIP/GeoIP.dat";
$pathgeoipdat6 = "/usr/pbi/pfblockerng-" . php_uname("m") . "/share/GeoIP/GeoIPv6.dat";
+// Define Alerts Log filter Rollup window variable. (Alert Filtering Code adapted from B.Meeks - Snort Package)
+$pfb['filterlogentries'] = FALSE;
+
// Emerging Threats IQRisk Header Name Reference
$pfb['et_header'] = TRUE;
$et_header = $config['installedpackages']['pfblockerngreputation']['config'][0]['et_header'];
@@ -88,11 +94,11 @@ $rule_list = array();
$results = array();
$data = exec ("/sbin/pfctl -vv -sr | grep 'pfB_'", $results);
-if (empty($config['installedpackages']['pfblockerngglobal']['pfbdenycnt']))
+if (!isset($config['installedpackages']['pfblockerngglobal']['pfbdenycnt']))
$config['installedpackages']['pfblockerngglobal']['pfbdenycnt'] = '25';
-if (empty($config['installedpackages']['pfblockerngglobal']['pfbpermitcnt']))
+if (!isset($config['installedpackages']['pfblockerngglobal']['pfbpermitcnt']))
$config['installedpackages']['pfblockerngglobal']['pfbpermitcnt'] = '5';
-if (empty($config['installedpackages']['pfblockerngglobal']['pfbmatchcnt']))
+if (!isset($config['installedpackages']['pfblockerngglobal']['pfbmatchcnt']))
$config['installedpackages']['pfblockerngglobal']['pfbmatchcnt'] = '5';
if (empty($config['installedpackages']['pfblockerngglobal']['alertrefresh']))
$config['installedpackages']['pfblockerngglobal']['alertrefresh'] = 'off';
@@ -124,6 +130,53 @@ if (is_array($config['installedpackages']['pfblockerngglobal'])) {
$pfbmatchcnt = $config['installedpackages']['pfblockerngglobal']['pfbmatchcnt'];
}
+
+function pfb_match_filter_field($flent, $fields) {
+ foreach ($fields as $key => $field) {
+ if ($field == null)
+ continue;
+ if ((strpos($field, '!') === 0)) {
+ $field = substr($field, 1);
+ $field_regex = str_replace('/', '\/', str_replace('\/', '/', $field));
+ if (@preg_match("/{$field_regex}/i", $flent[$key]))
+ return false;
+ }
+ else {
+ $field_regex = str_replace('/', '\/', str_replace('\/', '/', $field));
+ if (!@preg_match("/{$field_regex}/i", $flent[$key]))
+ return false;
+ }
+ }
+ return true;
+}
+
+
+if ($_POST['filterlogentries_submit']) {
+ // Set flag for filtering alert entries
+ $pfb['filterlogentries'] = TRUE;
+
+ // Note the order of these fields must match the order decoded from the alerts log
+ $filterfieldsarray = array();
+ $filterfieldsarray[0] = $_POST['filterlogentries_rule'] ? $_POST['filterlogentries_rule'] : null;
+ $filterfieldsarray[2] = $_POST['filterlogentries_int'] ? $_POST['filterlogentries_int'] : null;
+ $filterfieldsarray[6] = strtolower($_POST['filterlogentries_proto']) ? $_POST['filterlogentries_proto'] : null;
+
+ // Remove any zero-length spaces added to the IP address that could creep in from a copy-paste operation
+ $filterfieldsarray[7] = $_POST['filterlogentries_srcip'] ? str_replace("\xE2\x80\x8B", "", $_POST['filterlogentries_srcip']) : null;
+ $filterfieldsarray[8] = $_POST['filterlogentries_dstip'] ? str_replace("\xE2\x80\x8B", "", $_POST['filterlogentries_dstip']) : null;
+
+ $filterfieldsarray[9] = $_POST['filterlogentries_srcport'] ? $_POST['filterlogentries_srcport'] : null;
+ $filterfieldsarray[10] = $_POST['filterlogentries_dstport'] ? $_POST['filterlogentries_dstport'] : null;
+ $filterfieldsarray[99] = $_POST['filterlogentries_date'] ? $_POST['filterlogentries_date'] : null;
+}
+
+
+if ($_POST['filterlogentries_clear']) {
+ $pfb['filterlogentries'] = TRUE;
+ $filterfieldsarray = array();
+}
+
+
// Collect pfBlockerNG Firewall Rules
if (!empty($results)) {
foreach ($results as $result) {
@@ -293,6 +346,112 @@ function check_lan_dest($lan_ip,$lan_mask,$dest_ip,$dest_mask="32") {
}
+// Parse Filter log for pfBlockerNG Alerts
+function conv_log_filter_lite($logfile, $nentries, $tail, $pfbdenycnt, $pfbpermitcnt, $pfbmatchcnt) {
+ global $pfb, $rule_list, $filterfieldsarray;
+ $fields_array = array();
+ $logarr = "";
+ $denycnt = 0;
+ $permitcnt = 0;
+ $matchcnt = 0;
+
+ if (file_exists($logfile)) {
+ exec("/usr/local/sbin/clog " . escapeshellarg($logfile) . " | grep -v \"CLOG\" | grep -v \"\033\" | /usr/bin/grep 'filterlog:' | /usr/bin/tail -r -n {$tail}", $logarr);
+ }
+ else return;
+
+ if (!empty($logarr) && !empty($rule_list['id'])) {
+ foreach ($logarr as $logent) {
+ $pfbalert = array();
+ $log_split = "";
+
+ if (!preg_match("/(.*)\s(.*)\sfilterlog:\s(.*)$/", $logent, $log_split))
+ continue;
+
+ list($all, $pfbalert[99], $host, $rule) = $log_split;
+ $rule_data = explode(",", $rule);
+ $pfbalert[0] = $rule_data[0]; // Rulenum
+
+ // Skip Alert if Rule is not a pfBNG Alert
+ if (!in_array($pfbalert[0], $rule_list['id']))
+ continue;
+
+ $pfbalert[1] = $rule_data[4]; // Realint
+ $pfbalert[3] = $rule_data[6]; // Act
+ $pfbalert[4] = $rule_data[8]; // Version
+
+ if ($pfbalert[4] == "4") {
+ $pfbalert[5] = $rule_data[15]; // Protocol ID
+ $pfbalert[6] = $rule_data[16]; // Protocol
+ $pfbalert[7] = $rule_data[18]; // SRC IP
+ $pfbalert[8] = $rule_data[19]; // DST IP
+ $pfbalert[9] = $rule_data[20]; // SRC Port
+ $pfbalert[10] = $rule_data[21]; // DST Port
+ $pfbalert[11] = $rule_data[23]; // TCP Flags
+ } else {
+ $pfbalert[5] = $rule_data[13]; // Protocol ID
+ $pfbalert[6] = $rule_data[12]; // Protocol
+ $pfbalert[7] = $rule_data[15]; // SRC IP
+ $pfbalert[8] = $rule_data[16]; // DST IP
+ $pfbalert[9] = $rule_data[17]; // SRC Port
+ $pfbalert[10] = $rule_data[18]; // DST Port
+ $pfbalert[11] = $rule_data[20]; // TCP Flags
+ }
+
+ if ($pfbalert[5] == "6" || $pfbalert[5] == "17") {
+ // skip
+ } else {
+ $pfbalert[9] = "";
+ $pfbalert[10] = "";
+ $pfbalert[11] = "";
+ }
+
+ // Skip Repeated Alerts
+ if (($pfbalert[3] . $pfbalert[8] . $pfbalert[10]) == $previous_dstip || ($pfbalert[3] . $pfbalert[7] . $pfbalert[9]) == $previous_srcip)
+ continue;
+
+ $pfbalert[2] = convert_real_interface_to_friendly_descr($rule_data[4]); // Friendly Interface Name
+ $pfbalert[6] = str_replace("TCP", "TCP-", strtoupper($pfbalert[6]), $pfbalert[6]) . $pfbalert[11]; // Protocol Flags
+
+ // If Alerts Filtering is selected, process Filters as required.
+ if ($pfb['filterlogentries'] && !pfb_match_filter_field($pfbalert, $filterfieldsarray)) {
+ continue;
+ }
+
+ if ($pfbalert[3] == "block") {
+ if ($denycnt < $pfbdenycnt) {
+ $fields_array['Deny'][] = $pfbalert;
+ $denycnt++;
+ }
+ }
+ elseif ($pfbalert[3] == "pass") {
+ if ($permitcnt < $pfbpermitcnt) {
+ $fields_array['Permit'][] = $pfbalert;
+ $permitcnt++;
+ }
+ }
+ elseif ($pfbalert[3] == "unkn(%u)" || $pfbalert[3] == "unkn(11)") {
+ if ($matchcnt < $pfbmatchcnt) {
+ $fields_array['Match'][] = $pfbalert;
+ $matchcnt++;
+ }
+ }
+
+ // Exit function if Sufficinet Matches found.
+ if ($denycnt >= $pfbdenycnt && $permitcnt >= $pfbpermitcnt && $matchcnt >= $pfbmatchcnt) {
+ unset ($pfbalert, $logarr);
+ return $fields_array;
+ }
+
+ // Collect Details for Repeated Alert Comparison
+ $previous_srcip = $pfbalert[3] . $pfbalert[7] . $pfbalert[9];
+ $previous_dstip = $pfbalert[3] . $pfbalert[8] . $pfbalert[10];
+ }
+ unset ($pfbalert, $logarr);
+ return $fields_array;
+ }
+}
+
$pgtitle = gettext("pfBlockerNG: Alerts");
include_once("head.inc");
?>
@@ -341,7 +500,7 @@ if ($savemsg) {
</tr>
<tr>
<td><div id="mainarea">
- <table id="maintable" class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="6">
+ <table id="maintable" class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="4">
<tr>
<td colspan="3" class="vncell" align="left"><?php echo gettext("LINKS :"); ?>&nbsp;
<a href='/firewall_aliases.php' target="_blank"><?php echo gettext("Firewall Alias"); ?></a>&nbsp;
@@ -369,6 +528,70 @@ if ($savemsg) {
<?php printf(gettext("Currently Suppressing &nbsp; %s$pfbsupp_cnt%s &nbsp; Hosts."), '<strong>', '</strong>');?>
</td>
</tr>
+ <tr>
+ <td colspan="3" class="listtopic"><?php echo gettext("Alert Log View Filter"); ?></td>
+ </tr>
+ <tr id="filter_enable_row" style="display:<?php if (!$pfb['filterlogentries']) {echo "table-row;";} else {echo "none;";} ?>">
+ <td width="10%" class="vncell"><?php echo gettext('Filter Options'); ?></td>
+ <td width="90%" class="vtable">
+ <input name="show_filter" id="show_filter" type="button" class="formbtns" value="<?=gettext("Show Filter");?>" onclick="enable_showFilter();" />
+ &nbsp;&nbsp;<?=gettext("Click to display advanced filtering options dialog");?>
+ </td>
+ </tr>
+ <tr id="filter_options_row" style="display:<?php if (!$pfb['filterlogentries']) {echo "none;";} else {echo "table-row;";} ?>">
+ <td colspan="2">
+ <table width="100%" border="0" cellspacing="0" cellpadding="1" summary="action">
+ <tr>
+ <td valign="top">
+ <div align="center"><?=gettext("Date");?></div>
+ <div align="center"><input id="filterlogentries_date" name="filterlogentries_date" class="formfld search" type="text" size="15" value="<?= $filterfieldsarray[99] ?>" /></div>
+ </td>
+ <td valign="top">
+ <div align="center"><?=gettext("Interface");?></div>
+ <div align="center"><input id="filterlogentries_int" name="filterlogentries_int" class="formfld search" type="text" size="15" value="<?= $filterfieldsarray[2] ?>" /></div>
+ </td>
+ <td valign="top">
+ <div align="center"><?=gettext("Rule Number Only");?></div>
+ <div align="center"><input id="filterlogentries_rule" name="filterlogentries_rule" class="formfld search" type="text" size="15" value="<?= $filterfieldsarray[0] ?>" /></div>
+ </td>
+ <td valign="top">
+ <div align="center"><?=gettext("Protocol");?></div>
+ <div align="center"><input id="filterlogentries_proto" name="filterlogentries_proto" class="formfld search" type="text" size="15" value="<?= $filterfieldsarray[6] ?>" /></div>
+ </td>
+ </tr>
+ <tr>
+ <td valign="top">
+ <div align="center"><?=gettext("Source IP Address");?></div>
+ <div align="center"><input id="filterlogentries_srcip" name="filterlogentries_srcip" class="formfld search" type="text" size="28" value="<?= $filterfieldsarray[7] ?>" /></div>
+ </td>
+ <td valign="top">
+ <div align="center"><?=gettext("Source Port");?></div>
+ <div align="center"><input id="filterlogentries_srcport" name="filterlogentries_srcport" class="formfld search" type="text" size="5" value="<?= $filterfieldsarray[9] ?>" /></div>
+ </td>
+ <td valign="top">
+ <div align="center"><?=gettext("Destination IP Address");?></div>
+ <div align="center"><input id="filterlogentries_dstip" name="filterlogentries_dstip" class="formfld search" type="text" size="28" value="<?= $filterfieldsarray[8] ?>" /></div>
+ </td>
+ <td valign="top">
+ <div align="center"><?=gettext("Destination Port");?></div>
+ <div align="center"><input id="filterlogentries_dstport" name="filterlogentries_dstport" class="formfld search" type="text" size="5" value="<?= $filterfieldsarray[10] ?>" /></div>
+ </td>
+ </tr>
+ <td colspan="5" style="vertical-align:bottom">
+ <br /><?printf(gettext('Regex Style Matching Only! %1$s Regular Expression Help link%2$s.'), '<a target="_blank" href="http://www.php.net/manual/en/book.pcre.php">', '</a>');?>&nbsp;&nbsp; <?=gettext("Precede with exclamation (!) as first character to exclude match.) ");?>
+ <br /><?printf(gettext("Example: ( ^80$ - Match Port 80, ^80$|^8080$ - Match both port 80 & 8080 ) "));?><br />
+ </tr>
+ <tr>
+ <td colspan="1" style="vertical-align:bottom">
+ <div align="left"><input id="filterlogentries_submit" name="filterlogentries_submit" type="submit" class="formbtns" value="<?=gettext("Apply Filter");?>" title="<?=gettext("Apply filter"); ?>" />
+ &nbsp;&nbsp;&nbsp;<input id="filterlogentries_clear" name="filterlogentries_clear" type="submit" class="formbtns" value="<?=gettext("Clear");?>" title="<?=gettext("Remove filter");?>" />
+ &nbsp;&nbsp;&nbsp;<input id="filterlogentries_hide" name="filterlogentries_hide" type="button" class="formbtns" value="<?=gettext("Hide");?>" onclick="enable_hideFilter();" title="<?=gettext("Hide filter options");?>" /></div>
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+
<!--Create Three Output Windows 'Deny', 'Permit' and 'Match'-->
<?php foreach (array ("Deny" => $pfb['denydir'] . " " . $pfb['nativedir'], "Permit" => $pfb['permitdir'], "Match" => $pfb['matchdir']) as $type => $pfbfolder ):
switch($type) {
@@ -394,16 +617,9 @@ if ($savemsg) {
<table id="maintable" class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="6">
<tr>
<!--Print Table Info-->
- <td colspan="2" class="listtopic"><?php printf(gettext("&nbsp;{$type}&nbsp;&nbsp; - &nbsp; Last %s Alert Entries."), "{$pfbentries}"); ?>
- <?php if ($pfb['pfsenseversion'] >= '2.2'): ?>
- <?php if (!is_array($config['syslog']) || !array_key_exists("reverse", $config['syslog'])): ?>
- &nbsp;&nbsp;<?php echo gettext("Firewall Logs must be in Reverse Order."); ?>
- <?php endif; ?>
- <?php else: ?>
- &nbsp;&nbsp;<?php echo gettext("Firewall Rule changes can unsync these Alerts."); ?>
- <?php if (!is_array($config['syslog']) || !array_key_exists("reverse", $config['syslog'])): ?>
- &nbsp;&nbsp;<?php echo gettext("Firewall Logs must be in Reverse Order."); ?>
- <?php endif; ?>
+ <td colspan="2" class="listtopic"><?php printf(gettext("&nbsp;{$type}&nbsp;&nbsp; - &nbsp; Last %s Alert Entries."),"{$pfbentries}"); ?>
+ <?php if ($type == "Deny"): ?>
+ &nbsp;&nbsp;&nbsp;&nbsp;<?php echo gettext("Firewall Rule changes can unsync these Alerts."); ?>
<?php endif; ?>
</td>
</tr>
@@ -411,12 +627,12 @@ if ($savemsg) {
<td width="100%" colspan="2">
<table id="pfbAlertsTable" style="table-layout: fixed;" width="100%" class="sortable" border="0" cellpadding="0" cellspacing="0">
<colgroup>
- <col width="8%" align="center" axis="date">
+ <col width="7%" align="center" axis="date">
<col width="6%" align="center" axis="string">
- <col width="16%" align="center" axis="string">
+ <col width="15%" align="center" axis="string">
<col width="6%" align="center" axis="string">
- <col width="20%" align="center" axis="string">
- <col width="20%" align="center" axis="string">
+ <col width="21%" align="center" axis="string">
+ <col width="21%" align="center" axis="string">
<col width="3%" align="center" axis="string">
<col width="13%" align="center" axis="string">
</colgroup>
@@ -450,9 +666,9 @@ if ($pfb['runonce']) {
} else {
$pfblines = (exec("/usr/local/sbin/clog {$filter_logfile} | /usr/bin/grep -c ^") /2 );
}
- $fields_array = conv_log_filter($filter_logfile, $pfblines, $pfblines);
- $continents = array('pfB_Africa','pfB_Antartica','pfB_Asia','pfB_Europe','pfB_NAmerica','pfB_Oceania','pfB_SAmerica','pfB_Top');
+ $fields_array = conv_log_filter_lite($filter_logfile, $pfblines, $pfblines, $pfbdenycnt, $pfbpermitcnt, $pfbmatchcnt);
+ $continents = array('pfB_Africa','pfB_Antartica','pfB_Asia','pfB_Europe','pfB_NAmerica','pfB_Oceania','pfB_SAmerica','pfB_Top');
$supp_ip_txt .= "Clicking this Suppression Icon, will immediately remove the Block.\n\nSuppressing a /32 CIDR is better than Suppressing the full /24";
$supp_ip_txt .= " CIDR.\nThe Host will be added to the pfBlockerNG Suppress Alias Table.\n\nOnly 32 or 24 CIDR IPs can be Suppressed with the '+' Icon.";
@@ -473,7 +689,10 @@ if ($pfb['runonce']) {
// Collect Virtual IP Aliases for Inbound/Outbound List Matching
if (is_array($config['virtualip']['vip'])) {
foreach ($config['virtualip']['vip'] as $list) {
- $pfb_local[] = $list['subnet'];
+ if ($list['type'] == "single" && $list['subnet_bits'] == "32")
+ $pfb_local[] = $list['subnet'];
+ elseif ($list['type'] == "single" || $list['type'] == "network")
+ $pfb_local = array_merge (subnet_expand ("{$list['subnet']}/{$list['subnet_bits']}"), $pfb_local);
}
}
// Collect NAT IP Addresses for Inbound/Outbound List Matching
@@ -514,30 +733,31 @@ if ($pfb['runonce']) {
$counter = 0;
// Process Fields_array and generate Output
-if (!empty($fields_array)) {
- foreach ($fields_array as $fields) {
+if (!empty($fields_array[$type]) && !empty($rule_list)) {
+ $key = 0;
+ foreach ($fields_array[$type] as $fields) {
$rulenum = "";
$alert_ip = "";
$supp_ip = "";
$pfb_query = "";
- $rulenum = $fields['rulenum'];
- if ($fields['act'] == $rtype && !empty($rule_list) && in_array($rulenum, $rule_list['id']) && $counter < $pfbentries) {
-
- // Skip Repeated Events
- if (($fields['dstip'] . $fields['dstport']) == $previous_dstip || ($fields['srcip'] . $fields['srcport']) == $previous_srcip) {
- continue;
- }
-
- $proto = str_replace("TCP", "TCP-", $fields['proto']) . $fields['tcpflags'];
+ /* Fields_array Reference [0] = Rulenum [6] = Protocol
+ [1] = Real Interface [7] = SRC IP
+ [2] = Friendly Interface Name [8] = DST IP
+ [3] = Action [9] = SRC Port
+ [4] = Version [10] = DST Port
+ [5] = Protocol ID [11] = Flags
+ [99] = Timestamp */
+ $rulenum = $fields[0];
+ if ($counter < $pfbentries) {
// Cleanup Port Output
- if ($fields['proto'] == "ICMP") {
- $srcport = $fields['srcport'];
- $dstport = $fields['dstport'];
+ if ($fields[6] == "ICMP" || $fields[6] == "ICMPV6") {
+ $srcport = "";
+ $dstport = "";
} else {
- $srcport = " :" . $fields['srcport'];
- $dstport = " :" . $fields['dstport'];
+ $srcport = ":" . $fields[9];
+ $dstport = ":" . $fields[10];
}
// Don't add Suppress Icon to Country Block Lines
@@ -546,16 +766,10 @@ if (!empty($fields_array)) {
}
// Add DNS Resolve and Suppression Icons to External IPs only. GeoIP Code to External IPs only.
- if (in_array($fields['dstip'], $pfb_local) || check_lan_dest($lan_ip,$lan_mask,$fields['dstip'],"32")) {
+ if (in_array($fields[8], $pfb_local) || check_lan_dest($lan_ip,$lan_mask,$fields[8],"32")) {
// Destination is Gateway/NAT/VIP
$rule = $rule_list[$rulenum]['name'] . "<br />(" . $rulenum .")";
- $host = $fields['srcip'];
-
- if (is_ipaddrv4($host)) {
- $country = substr(exec("$pathgeoip -f $pathgeoipdat $host"),23,2);
- } else {
- $country = substr(exec("$pathgeoip6 -f $pathgeoipdat6 $host"),26,2);
- }
+ $host = $fields[7];
$alert_ip .= "<a href='/pfblockerng/pfblockerng_diag_dns.php?host={$host}' title=\" " . gettext("Resolve host via Rev. DNS lookup");
$alert_ip .= "\"> <img src=\"/themes/{$g['theme']}/images/icons/icon_log.gif\" width=\"11\" height=\"11\" border=\"0\" ";
@@ -563,30 +777,22 @@ if (!empty($fields_array)) {
if ($pfb_query != "Country" && $rtype == "block" && $pfb['supp'] == "on") {
$supp_ip .= "<input type='image' name='addsuppress[]' onclick=\"hostruleid('{$host}','{$rule_list[$rulenum]['name']}');\" ";
- $supp_ip .= "src=\"../themes/{$g['theme']}/images/icons/icon_plus.gif\" title=\"";
+ $supp_ip .= "src=\"../themes/{$g['theme']}/images/icons/icon_pass_add.gif\" title=\"";
$supp_ip .= gettext($supp_ip_txt) . "\" border=\"0\" width='11' height='11'/>";
}
if ($pfb_query != "Country" && $rtype == "block" && $hostlookup == "on") {
- $hostname = getpfbhostname('src', $fields['srcip'], $counter);
+ $hostname = getpfbhostname('src', $fields[7], $counter);
} else {
$hostname = "";
}
- $src_icons = $alert_ip . "&nbsp;" . $supp_ip . "&nbsp;";
- $dst_icons = "";
- $scc = $country;
- $dcc = "";
+ $src_icons = $alert_ip . "&nbsp;" . $supp_ip . "&nbsp;";
+ $dst_icons = "";
} else {
// Outbound
$rule = $rule_list[$rulenum]['name'] . "<br />(" . $rulenum .")";
- $host = $fields['dstip'];
-
- if (is_ipaddrv4($host)) {
- $country = substr(exec("$pathgeoip -f $pathgeoipdat $host"),23,2);
- } else {
- $country = substr(exec("$pathgeoip6 -f $pathgeoipdat6 $host"),26,2);
- }
+ $host = $fields[8];
$alert_ip .= "<a href='/pfblockerng/pfblockerng_diag_dns.php?host={$host}' title=\"" . gettext("Resolve host via Rev. DNS lookup");
$alert_ip .= "\"> <img src=\"/themes/{$g['theme']}/images/icons/icon_log.gif\" width=\"11\" height=\"11\" border=\"0\" ";
@@ -594,20 +800,25 @@ if (!empty($fields_array)) {
if ($pfb_query != "Country" && $rtype == "block" && $pfb['supp'] == "on") {
$supp_ip .= "<input type='image' name='addsuppress[]' onclick=\"hostruleid('{$host}','{$rule_list[$rulenum]['name']}');\" ";
- $supp_ip .= "src=\"../themes/{$g['theme']}/images/icons/icon_plus.gif\" title=\"";
+ $supp_ip .= "src=\"../themes/{$g['theme']}/images/icons/icon_pass_add.gif\" title=\"";
$supp_ip .= gettext($supp_ip_txt) . "\" border=\"0\" width='11' height='11'/>";
}
if ($pfb_query != "Country" && $rtype == "block" && $hostlookup == "on") {
- $hostname = getpfbhostname('dst', $fields['dstip'], $counter);
+ $hostname = getpfbhostname('dst', $fields[8], $counter);
} else {
$hostname = "";
}
- $src_icons = "";
- $dst_icons = $alert_ip . "&nbsp;" . $supp_ip . "&nbsp;";
- $scc = "";
- $dcc = $country;
+ $src_icons = "";
+ $dst_icons = $alert_ip . "&nbsp;" . $supp_ip . "&nbsp;";
+ }
+
+ // Determine Country Code of Host
+ if (is_ipaddrv4($host)) {
+ $country = substr(exec("$pathgeoip -f $pathgeoipdat $host"),23,2);
+ } else {
+ $country = substr(exec("$pathgeoip6 -f $pathgeoipdat6 $host"),26,2);
}
# IP Query Grep Exclusion
@@ -615,21 +826,19 @@ if (!empty($fields_array)) {
$pfb_ex2 = "grep -v 'pfB\_\|/32\|/24\|\_v6\.txt' | grep -m1 '/'";
// Find List which contains Blocked IP Host
- if ($pfb_query == "Country") {
- # Skip
- } else {
+ if (is_ipaddrv4($host) && $pfb_query != "Country") {
// Search for exact IP Match
$host1 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '\'$1\.$2\.$3\.$4\'', $host);
- $pfb_query = exec("grep -rHm1 {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/:.*//' -e 's/\..*/ /' | {$pfb_ex1}");
+ $pfb_query = exec("/usr/bin/grep -rHm1 {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/:.*//' -e 's/\..*/ /' | {$pfb_ex1}");
// Search for IP in /24 CIDR
if (empty($pfb_query)) {
$host1 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '\'$1\.$2\.$3\.0/24\'', $host);
- $pfb_query = exec("grep -rHm1 {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex1}");
+ $pfb_query = exec("/usr/bin/grep -rHm1 {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex1}");
}
// Search for First Two IP Octets in CIDR Matches Only. Skip any pfB (Country Lists) or /32,/24 Addresses.
if (empty($pfb_query)) {
$host1 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '\'^$1\.$2\.\'', $host);
- $pfb_query = exec("grep -rH {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex2}");
+ $pfb_query = exec("/usr/bin/grep -rH {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex2}");
}
// Search for First Two IP Octets in CIDR Matches Only (Subtract 1 from second Octet on each loop).
// Skip (Country Lists) or /32,/24 Addresses.
@@ -638,7 +847,7 @@ if (!empty($fields_array)) {
$host2 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '$2', $host);
for ($cnt = 1; $cnt <= 5; $cnt++) {
$host3 = $host2 - $cnt . '\'';
- $pfb_query = exec("grep -rH {$host1}{$host3} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex2}");
+ $pfb_query = exec("/usr/bin/grep -rH {$host1}{$host3} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex2}");
// Break out of loop if found.
if (!empty($pfb_query))
$cnt = 6;
@@ -647,26 +856,30 @@ if (!empty($fields_array)) {
// Search for First Three Octets
if (empty($pfb_query)) {
$host1 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '\'^$1\.$2\.$3\.\'', $host);
- $pfb_query = exec("grep -rH {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex2}");
+ $pfb_query = exec("/usr/bin/grep -rH {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex2}");
}
// Search for First Two Octets
if (empty($pfb_query)) {
$host1 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '\'^$1\.$2\.\'', $host);
- $pfb_query = exec("grep -rH {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex2}");
+ $pfb_query = exec("/usr/bin/grep -rH {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex2}");
}
// Report Specific ET IQRisk Details
if ($pfb['et_header'] && preg_match("/{$et_header}/", $pfb_query)) {
$host1 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '\'$1\.$2\.$3\.$4\'', $host);
- $pfb_query = exec("grep -Hm1 {$host1} {$pfb['etdir']}/* | sed -e 's/^.*[a-zA-Z]\///' -e 's/:.*//' -e 's/\..*/ /' -e 's/ET_/ET IPrep /' ");
+ $pfb_query = exec("/usr/bin/grep -Hm1 {$host1} {$pfb['etdir']}/* | sed -e 's/^.*[a-zA-Z]\///' -e 's/:.*//' -e 's/\..*/ /' -e 's/ET_/ET IPrep /' ");
if (empty($pfb_query)) {
$host1 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '\'$1.$2.$3.0/24\'', $host);
- $pfb_query = exec("grep -rHm1 {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex1}");
+ $pfb_query = exec("/usr/bin/grep -rHm1 {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex1}");
}
}
- // Default to "No Match" if not found.
- if (empty($pfb_query))
- $pfb_query = "No Match";
}
+ elseif (is_ipaddrv6($host) && $pfb_query != "Country") {
+ $pfb_query = exec("/usr/bin/grep -Hm1 {$host} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | grep -v 'pfB\_'");
+ }
+
+ // Default to "No Match" if not found.
+ if (empty($pfb_query))
+ $pfb_query = "No Match";
# Split List Column into Two lines.
unset ($pfb_match);
@@ -681,9 +894,19 @@ if (!empty($fields_array)) {
}
}
- $pfb_matchtitle = "Country Block Rules cannot be suppressed.\n\nTo allow a particular Country IP, either remove the particular Country or add the Host\nto a Permit Alias in the Firewall Tab.\n\nIf the IP is not listed beside the List, this means that the Block is a /32 entry.\nOnly /32 or /24 CIDR Hosts can be suppressed.\n\nIf (Duplication) Checking is not enabled. You may see /24 and /32 CIDR Blocks for a given blocked Host";
+ // Add []'s to IPv6 Addresses and add a zero-width space as soft-break opportunity after each colon if we have an IPv6 address (from Snort)
+ if ($fields[4] == "6") {
+ $fields[97] = "[" . str_replace(":", ":&#8203;", $fields[7]) . "]";
+ $fields[98] = "[" . str_replace(":", ":&#8203;", $fields[8]) . "]";
+ }
+ else {
+ $fields[97] = $fields[7];
+ $fields[98] = $fields[8];
+ }
// Truncate Long List Names
+ $pfb_matchtitle = "Country Block Rules cannot be suppressed.\n\nTo allow a particular Country IP, either remove the particular Country or add the Host\nto a Permit Alias in the Firewall Tab.\n\nIf the IP is not listed beside the List, this means that the Block is a /32 entry.\nOnly /32 or /24 CIDR Hosts can be suppressed.\n\nIf (Duplication) Checking is not enabled. You may see /24 and /32 CIDR Blocks for a given blocked Host";
+
if (strlen($pfb_match[1]) >= 17) {
$pfb_matchtitle = $pfb_match[1];
$pfb_match[1] = substr($pfb_match[1], 0, 16) . '...';
@@ -691,31 +914,28 @@ if (!empty($fields_array)) {
// Print Alternating Line Shading
if ($pfb['pfsenseversion'] > '2.0') {
- $alertRowEvenClass = "listMReven";
- $alertRowOddClass = "listMRodd";
+ $alertRowEvenClass = "listMReven";
+ $alertRowOddClass = "listMRodd";
} else {
- $alertRowEvenClass = "listr";
- $alertRowOddClass = "listr";
+ $alertRowEvenClass = "listr";
+ $alertRowOddClass = "listr";
}
- // Collect Details for Repeated Alert Comparison
- $previous_srcip = $fields['srcip'] . $fields['srcport'];
- $previous_dstip = $fields['dstip'] . $fields['dstport'];
- $countrycode = trim($scc . $dcc);
-
$alertRowClass = $counter % 2 ? $alertRowEvenClass : $alertRowOddClass;
echo "<tr class='{$alertRowClass}'>
- <td class='listMRr' align='center'>{$fields['time']}</td>
- <td class='listMRr' align='center'>{$fields['interface']}</td>
+ <td class='listMRr' align='center'>{$fields[99]}</td>
+ <td class='listMRr' align='center'>{$fields[2]}</td>
<td class='listMRr' align='center' title='The pfBlockerNG Rule that Blocked this Host.'>{$rule}</td>
- <td class='listMRr' align='center'>{$proto}</td>
- <td nowrap='nowrap' class='listMRr' align='center' style='sorttable_customkey:{$fields['srcip']};' sorttable_customkey='{$fields['srcip']}'>{$src_icons}{$fields['srcip']}{$srcport}<br /><small>{$hostname['src']}</small></td>
- <td nowrap='nowrap' class='listMRr' align='center' style='sorttable_customkey:{$fields['dstip']};' sorttable_customkey='{$fields['dstip']}'>{$dst_icons}{$fields['dstip']}{$dstport}<br /><small>{$hostname['dst']}</small></td>
- <td class='listMRr' align='center'>{$countrycode}</td>
+ <td class='listMRr' align='center'>{$fields[6]}</td>
+ <td class='listMRr' align='center' style='sorttable_customkey:{$fields[7]};' sorttable_customkey='{$fields[7]}'>{$src_icons}{$fields[97]}{$srcport}<br /><small>{$hostname['src']}</small></td>
+ <td class='listMRr' align='center' style='sorttable_customkey:{$fields[8]};' sorttable_customkey='{$fields[8]}'>{$dst_icons}{$fields[98]}{$dstport}<br /><small>{$hostname['dst']}</small></td>
+ <td class='listMRr' align='center'>{$country}</td>
<td class='listbg' align='center' title='{$pfb_matchtitle}' style=\"font-size: 10px word-wrap:break-word;\">{$pfb_match[1]}<br />{$pfb_match[2]}</td></tr>";
$counter++;
if ($counter > 0 && $rtype == "block") {
$mycounter = $counter;
+ } else {
+ $mycounter = 0;
}
}
}
@@ -725,6 +945,7 @@ if (!empty($fields_array)) {
</table>
</table>
<?php endforeach; ?> <!--End - Create Three Output Windows 'Deny', 'Permit' and 'Match'-->
+<?php unset ($fields_array); ?>
</td></tr>
</table>
@@ -762,9 +983,22 @@ function findhostnames(counter) {
)
}
-var lines = <?php echo $mycounter; ?>;
-for (alertcount = 0; alertcount < lines; alertcount++) {
- setTimeout(findhostnames(alertcount), 30);
+var alertlines = <?php echo $mycounter; ?>;
+var autoresolve = "<?php echo $config['installedpackages']['pfblockerngglobal']['hostlookup']; ?>";
+if ( autoresolve == "on" ) {
+ for (alertcount = 0; alertcount < alertlines; alertcount++) {
+ setTimeout(findhostnames(alertcount), 30);
+ }
+}
+
+function enable_showFilter() {
+ document.getElementById("filter_enable_row").style.display="none";
+ document.getElementById("filter_options_row").style.display="table-row";
+}
+
+function enable_hideFilter() {
+ document.getElementById("filter_enable_row").style.display="table-row";
+ document.getElementById("filter_options_row").style.display="none";
}
//]]>
diff --git a/config/pfblockerng/pfblockerng_diag_dns.php b/config/pfblockerng/pfblockerng_diag_dns.php
index b2f07464..b44bc71c 100644
--- a/config/pfblockerng/pfblockerng_diag_dns.php
+++ b/config/pfblockerng/pfblockerng_diag_dns.php
@@ -3,7 +3,7 @@
pfBlockerNG_diag_dns.php
pfBlockerNG
- Copyright (C) 2014 BBcan177@gmail.com
+ Copyright (C) 2015 BBcan177@gmail.com
All rights reserved.
Original Code by:
@@ -47,11 +47,11 @@ if (is_array($config['aliases']['alias'])) {
}
$aliasname = str_replace(array(".","-"), "_", $host);
$alias_exists = false;
-$counter=0;
-foreach($a_aliases as $a) {
- if($a['name'] == $aliasname) {
+$counter = 0;
+foreach ($a_aliases as $a) {
+ if ($a['name'] == $aliasname) {
$alias_exists = true;
- $id=$counter;
+ $id = $counter;
}
$counter++;
}
@@ -65,36 +65,39 @@ if ($pfs_version > '2.2') {
$cmd = '/usr/bin/dig';
}
-
-if(isset($_POST['create_alias']) && (is_hostname($host) || is_ipaddr($host))) {
- if($_POST['override'])
+if (isset($_POST['create_alias']) && (is_hostname($host) || is_ipaddr($host))) {
+ if ($_POST['override']) {
$override = true;
+ }
$resolved = gethostbyname($host);
$type = "hostname";
- if($resolved) {
+ if ($resolved) {
$resolved = array();
exec("{$cmd} {$host_esc} A | /usr/bin/grep {$host_esc} | /usr/bin/grep -v ';' | /usr/bin/awk '{ print $5 }'", $resolved);
$isfirst = true;
- foreach($resolved as $re) {
- if($re <> "") {
- if(!$isfirst)
+ foreach ($resolved as $re) {
+ if ($re <> "") {
+ if (!$isfirst) {
$addresses .= " ";
+ }
$addresses .= rtrim($re) . "/32";
$isfirst = false;
}
}
$newalias = array();
- if($override)
+ if ($override) {
$alias_exists = false;
- if($alias_exists == false) {
+ }
+ if ($alias_exists == false) {
$newalias['name'] = $aliasname;
$newalias['type'] = "network";
$newalias['address'] = $addresses;
$newalias['descr'] = "Created from Diagnostics-> DNS Lookup";
- if($override)
+ if ($override) {
$a_aliases[$id] = $newalias;
- else
+ } else {
$a_aliases[] = $newalias;
+ }
write_config();
$createdalias = true;
}
@@ -118,8 +121,9 @@ if ($_POST) {
exec("/usr/bin/grep nameserver /etc/resolv.conf | /usr/bin/cut -f2 -d' '", $dns_servers);
foreach ($dns_servers as $dns_server) {
$query_time = exec("{$cmd} {$host_esc} " . escapeshellarg("@" . trim($dns_server)) . " | /usr/bin/grep Query | /usr/bin/cut -d':' -f2");
- if($query_time == "")
+ if ($query_time == "") {
$query_time = gettext("No response");
+ }
$new_qt = array();
$new_qt['dns_server'] = $dns_server;
$new_qt['query_time'] = $query_time;
@@ -137,18 +141,20 @@ if ($_POST) {
$type = "ip";
$resolved = gethostbyaddr($host);
$ipaddr = $host;
- if ($host != $resolved)
+ if ($host != $resolved) {
$hostname = $resolved;
+ }
} elseif (is_hostname($host)) {
$type = "hostname";
$resolved = gethostbyname($host);
- if($resolved) {
+ if ($resolved) {
$resolved = array();
exec("{$cmd} {$host_esc} A | /usr/bin/grep {$host_esc} | /usr/bin/grep -v ';' | /usr/bin/awk '{ print $5 }'", $resolved);
}
$hostname = $host;
- if ($host != $resolved)
+ if ($host != $resolved) {
$ipaddr = $resolved[0];
+ }
}
if ($host == $resolved) {
@@ -157,6 +163,11 @@ if ($_POST) {
}
}
+if ( ($_POST['host']) && ($_POST['dialog_output']) ) {
+ display_host_results ($host,$resolved,$dns_speeds);
+ exit;
+}
+
function display_host_results ($address,$hostname,$dns_speeds) {
$map_lengths = function($element) { return strlen($element[0]); };
@@ -179,12 +190,12 @@ function display_host_results ($address,$hostname,$dns_speeds) {
include("head.inc"); ?>
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
<?php include("fbegin.inc"); ?>
-<table width="100%" border="0" cellpadding="0" cellspacing="0">
+<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="pfblockerng diag dns">
<tr>
<td>
<?php if ($input_errors) print_input_errors($input_errors); ?>
<form action="/pfblockerng/pfblockerng_diag_dns.php" method="post" name="iform" id="iform">
- <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <table width="100%" border="0" cellpadding="6" cellspacing="0" summary="tabcont">
<tr>
<td colspan="2" valign="top" class="listtopic"> <?=gettext("Resolve DNS hostname or IP");?></td>
</tr>
@@ -192,68 +203,67 @@ include("head.inc"); ?>
<td width="22%" valign="top" class="vncellreq"><?=gettext("Hostname or IP");?></td>
<td width="78%" class="vtable">
<?=$mandfldhtml;?>
- <table>
+ <table summary="results">
<tr><td valign="top">
- <input name="host" type="text" class="formfld" id="host" size="20" value="<?=htmlspecialchars($host);?>">
+ <input name="host" type="text" class="formfld unknown" id="host" size="20" value="<?=htmlspecialchars($host);?>">
</td>
- <td>
<?php if ($resolved && $type) { ?>
- = <font size="+1">
+ <td valign="middle">&nbsp;=&nbsp;</td><td>
+ <font size="+1">
<?php
$found = 0;
- if(is_array($resolved)) {
- foreach($resolved as $hostitem) {
- if($hostitem <> "") {
- echo $hostitem . "<br/>";
+ if (is_array($resolved)) {
+ foreach ($resolved as $hostitem) {
+ if ($hostitem <> "") {
+ echo $hostitem . "<br />";
$found++;
}
}
} else {
- echo $resolved;
- }
- if($found > 0) { ?>
- <br/><font size='-2'>
- <?PHP if($alias_exists) { ?>
+ echo $resolved;
+ }
+ if ($found > 0) { ?>
+ <br /></font><font size='-2'>
+ <?php if ($alias_exists) { ?>
An alias already exists for the hostname <?= htmlspecialchars($host) ?>. <br />
<input type="hidden" name="override" value="true"/>
<input type="submit" name="create_alias" value="Overwrite Alias"/>
- <?PHP } else {
- if(!$createdalias) { ?>
+ <?php } else {
+ if (!$createdalias) { ?>
<input type="submit" name="create_alias" value="Create Alias from These Entries"/>
- <?PHP } else { ?>
+ <?php } else { ?>
Alias created with name <?= htmlspecialchars($newalias['name']) ?>
- <?PHP }
+ <?php }
}
}
?>
- <font size="-1">
- <? } ?>
- </td></tr></table>
- </td>
+ <?php } ?>
+ </font></td></tr></table>
+ </td>
</tr>
-<?php if($_POST): ?>
+<?php if ($_POST): ?>
<tr>
- <td width="22%" valign="top" class="vncell"><?=gettext("Resolution time per server");?></td>
- <td width="78%" class="vtable">
- <table width="170" border="1" cellpadding="2" style="border-width: 1px 1px 1px 1px; border-collapse: collapse;">
+ <td width="22%" valign="top" class="vncell"><?=gettext("Resolution time per server");?></td>
+ <td width="78%" class="vtable">
+ <table width="170" border="0" cellpadding="6" cellspacing="0" summary="resolution time">
<tr>
- <td>
- <b><?=gettext("Server");?></b>
+ <td class="listhdrr">
+ <?=gettext("Server");?>
</td>
- <td>
- <b><?=gettext("Query time");?></b>
+ <td class="listhdrr">
+ <?=gettext("Query time");?>
</td>
</tr>
<?php
- if(is_array($dns_speeds))
- foreach($dns_speeds as $qt):
+ if (is_array($dns_speeds))
+ foreach ($dns_speeds as $qt):
?>
<tr>
- <td>
+ <td class="listlr">
<?=$qt['dns_server']?>
</td>
- <td>
+ <td class="listr">
<?=$qt['query_time']?>
</td>
</tr>
@@ -261,58 +271,59 @@ include("head.inc"); ?>
endforeach;
?>
</table>
- </td>
+ </td>
</tr>
<?php endif; ?>
<?php if (!$input_errors && $ipaddr) { ?>
<tr>
-
- <td width="22%" valign="top" class="vncell"><?=gettext("More Information:");?></td>
+ <td width="22%" valign="top" class="vncell"><?=gettext("More Information:");?></td>
<td width="78%" class="vtable">
- <a target="_new" href ="/diag_ping.php?host=<?=htmlspecialchars($host)?>&interface=wan&count=3"><?=gettext("Ping");?></a> <br/>
+ <a target="_new" href ="/diag_ping.php?host=<?=htmlspecialchars($host)?>&interface=wan&count=3"><?=gettext("Ping");?></a> <br />
<a target="_new" href ="/diag_traceroute.php?host=<?=htmlspecialchars($host)?>&ttl=18"><?=gettext("Traceroute");?></a>
<p/>
- <?=gettext("NOTE: The following links are to external services, so their reliability cannot be guaranteed.");?><br/><br/>
+ <?=gettext("NOTE: The following links are to external services, so their reliability cannot be guaranteed.");?><br/><br />
<a target="_new" href="http://private.dnsstuff.com/tools/whois.ch?ip=<?php echo $ipaddr; ?>"><?=gettext("IP WHOIS @ DNS Stuff");?></a><br />
<a target="_new" href="http://private.dnsstuff.com/tools/ipall.ch?ip=<?php echo $ipaddr; ?>"><?=gettext("IP Info @ DNS Stuff");?></a>
- <?=gettext("NOTE: The following links are to external services, so their reliability cannot be guaranteed.");?><br/><br/>
- <a target="_new" href="http://kb.bothunter.net/ipInfo/nowait.php?IP=<?php echo $ipaddr; ?>"><?=gettext("BOTHunter");?></a><br/>
- <a target="_new" href="http://www.ipvoid.com/scan/<?php echo $ipaddr; ?>/"><?=gettext("IPVOID");?></a><br/>
- <a target="_new" href="http://www.tcpiputils.com/browse/ip-address/<?php echo $ipaddr; ?>/"><?=gettext("TCPUtils");?></a><br/>
- <a target="_new" href="https://www.herdprotect.com/ip-address-<?php echo $ipaddr; ?>.aspx"><?=gettext("Herd Protect");?></a><br/>
- <a target="_new" href="https://www.senderbase.org/lookup/ip/?search_string=<?php echo $ipaddr; ?>"><?=gettext("SenderBase");?></a><br/>
- <a target="_new" href="http://www.ip-tracker.org/locator/ip-lookup.php?ip=<?php echo $ipaddr; ?>"><?=gettext("IP Tracker");?></a><br/>
+ <?=gettext("NOTE: The following links are to external services, so their reliability cannot be guaranteed.");?><br /><br />
+ <a target="_new" href="http://kb.bothunter.net/ipInfo/nowait.php?IP=<?php echo $ipaddr; ?>"><?=gettext("BOTHunter");?></a><br />
+ <a target="_new" href="http://www.ipvoid.com/scan/<?php echo $ipaddr; ?>/"><?=gettext("IPVOID");?></a><br />
+ <a target="_new" href="http://www.tcpiputils.com/browse/ip-address/<?php echo $ipaddr; ?>/"><?=gettext("TCPUtils");?></a><br />
+ <a target="_new" href="https://www.herdprotect.com/ip-address-<?php echo $ipaddr; ?>.aspx"><?=gettext("Herd Protect");?></a><br />
+ <a target="_new" href="https://www.senderbase.org/lookup/ip/?search_string=<?php echo $ipaddr; ?>"><?=gettext("SenderBase");?></a><br />
+ <a target="_new" href="http://www.ip-tracker.org/locator/ip-lookup.php?ip=<?php echo $ipaddr; ?>"><?=gettext("IP Tracker");?></a><br />
- <a target="_new" href="https://www.fortiguard.com/ip_rep/index.php?data=/<?php echo $ipaddr; ?>?"><?=gettext("FortiGuard");?></a><br/>
- <a target="_new" href="https://www.projecthoneypot.org/ip_<?php echo $ipaddr; ?>"><?=gettext("Project HoneyPot");?></a><br/>
- <a target="_new" href="https://www.virustotal.com/en/ip-address/<?php echo $ipaddr; ?>/information"><?=gettext("VirusTotal Info");?></a><br/>
- <a target="_new" href="https://www.mcafee.com/threat-intelligence/ip/default.aspx?ip=<?php echo $ipaddr; ?>"><?=gettext("McAfee Threat Center");?></a><br/>
- <a target="_new" href="http://sitecheck2.sucuri.net/results/<?php echo $ipaddr; ?>"><?=gettext("Securi SiteCheck");?></a><br/>
- <a target="_new" href="https://www.dshield.org/ipinfo.html?IP=<?php echo $ipaddr; ?>"><?=gettext("DShield Threat Lookup");?></a><br/>
- <a target="_new" href="https://isc.sans.edu/ipinfo.html?ip=<?php echo $ipaddr; ?>"><?=gettext("Internet Storm Center");?></a><br/>
- <a target="_new" href="https://www.mywot.com/en/scorecard/<?php echo $ipaddr; ?>"><?=gettext("Web of Trust (WOT) Scorecard");?></a><br/>
- <a target="_new" href="https://quttera.com/sitescan/<?php echo $ipaddr; ?>"><?=gettext("Quattera");?></a><br/>
- <a target="_new" href="https://www.iblocklist.com/search.php?string=<?php echo $ipaddr; ?>"><?=gettext("I-Block List");?></a><br/>
+ <a target="_new" href="https://www.fortiguard.com/ip_rep/index.php?data=/<?php echo $ipaddr; ?>?"><?=gettext("FortiGuard");?></a><br />
+ <a target="_new" href="https://www.projecthoneypot.org/ip_<?php echo $ipaddr; ?>"><?=gettext("Project HoneyPot");?></a><br />
+ <a target="_new" href="https://www.virustotal.com/en/ip-address/<?php echo $ipaddr; ?>/information"><?=gettext("VirusTotal Info");?></a><br />
+ <a target="_new" href="https://www.mcafee.com/threat-intelligence/ip/default.aspx?ip=<?php echo $ipaddr; ?>"><?=gettext("McAfee Threat Center");?></a><br />
+ <a target="_new" href="http://sitecheck2.sucuri.net/results/<?php echo $ipaddr; ?>"><?=gettext("Securi SiteCheck");?></a><br />
+ <a target="_new" href="https://www.dshield.org/ipinfo.html?IP=<?php echo $ipaddr; ?>"><?=gettext("DShield Threat Lookup");?></a><br />
+ <a target="_new" href="https://isc.sans.edu/ipinfo.html?ip=<?php echo $ipaddr; ?>"><?=gettext("Internet Storm Center");?></a><br />
+ <a target="_new" href="https://www.mywot.com/en/scorecard/<?php echo $ipaddr; ?>"><?=gettext("Web of Trust (WOT) Scorecard");?></a><br />
+ <a target="_new" href="https://quttera.com/sitescan/<?php echo $ipaddr; ?>"><?=gettext("Quattera");?></a><br />
+ <a target="_new" href="https://www.iblocklist.com/search.php?string=<?php echo $ipaddr; ?>"><?=gettext("I-Block List");?></a><br />
<p/>
- <?=gettext("NOTE: Mail Server DNSRBL Lookups");?><br/><br/>
- <a target="_new" href="https://senderscore.org/lookup.php?lookup=<?php echo $ipaddr; ?>&ipLookup=Go"><?=gettext("SenderScore");?></a><br/>
- <a target="_new" href="http://www.spamhaus.org/query/bl?ip=<?php echo $ipaddr; ?>"><?=gettext("Spamhaus Blocklist");?></a><br/>
- <a target="_new" href="http://www.spamcop.net/w3m?action=checkblock&ip=<?php echo $ipaddr; ?>"><?=gettext("SPAMcop Blocklist");?></a><br/>
- <a target="_new" href="http://multirbl.valli.org/lookup/<?php echo $ipaddr; ?>.html"><?=gettext("multirbl RBL Lookup");?></a><br/>
- <a target="_new" href="http://mxtoolbox.com/SuperTool.aspx?action=blacklist%3a<?php echo $ipaddr; ?>&run=toolpage"><?=gettext("MXToolbox");?></a><br/>
+ <?=gettext("NOTE: Mail Server DNSRBL Lookups");?><br /><br />
+ <a target="_new" href="https://senderscore.org/lookup.php?lookup=<?php echo $ipaddr; ?>&ipLookup=Go"><?=gettext("SenderScore");?></a><br />
+ <a target="_new" href="http://www.spamhaus.org/query/bl?ip=<?php echo $ipaddr; ?>"><?=gettext("Spamhaus Blocklist");?></a><br />
+ <a target="_new" href="http://www.spamcop.net/w3m?action=checkblock&ip=<?php echo $ipaddr; ?>"><?=gettext("SPAMcop Blocklist");?></a><br />
+ <a target="_new" href="http://multirbl.valli.org/lookup/<?php echo $ipaddr; ?>.html"><?=gettext("multirbl RBL Lookup");?></a><br />
+ <a target="_new" href="http://mxtoolbox.com/SuperTool.aspx?action=blacklist%3a<?php echo $ipaddr; ?>&run=toolpage"><?=gettext("MXToolbox");?></a><br />
</td>
</tr>
<?php } ?>
<tr>
- <td width="22%" valign="top">&nbsp;</td>
- <td width="78%">
- <br/>&nbsp;
- <input name="Submit" type="submit" class="formbtn" value="<?=gettext("DNS Lookup");?>">
+ <td width="22%" valign="top">&nbsp;</td>
+ <td width="78%">
+ <br />&nbsp;
+ <input name="Submit" type="submit" class="formbtn" value="<?=gettext("DNS Lookup");?>">
</td>
</tr>
</table>
-</td></tr></table>
</form>
-<?php include("fend.inc"); ?> \ No newline at end of file
+</td></tr></table>
+<?php include("fend.inc"); ?>
+</body>
+</html> \ No newline at end of file
diff --git a/config/pfblockerng/pfblockerng_log.php b/config/pfblockerng/pfblockerng_log.php
index 74f513a2..4c25ce29 100644
--- a/config/pfblockerng/pfblockerng_log.php
+++ b/config/pfblockerng/pfblockerng_log.php
@@ -3,7 +3,7 @@
pfBlockerNG_Log.php
pfBlockerNG
- Copyright (c) 2014 BBcan177@gmail.com
+ Copyright (c) 2015 BBcan177@gmail.com
All rights reserved.
Portions of this code are based on original work done for the
@@ -17,7 +17,7 @@
All rights reserved.
Adapted for Suricata by:
- Copyright (C) 2014 Bill Meeks
+ Copyright (C) 2015 Bill Meeks
All rights reserved.
Javascript and Integration modifications by J. Nieuwenhuizen
diff --git a/config/pfblockerng/pfblockerng_sync.xml b/config/pfblockerng/pfblockerng_sync.xml
index 00186af8..f6cee305 100644
--- a/config/pfblockerng/pfblockerng_sync.xml
+++ b/config/pfblockerng/pfblockerng_sync.xml
@@ -10,7 +10,7 @@
pfBlockerNG_sync.xml
pfBlockerNG
- Copyright (C) 2014 BBcan177@gmail.com
+ Copyright (C) 2015 BBcan177@gmail.com
All rights reserved.
Based upon pfblocker for pfSense
diff --git a/config/pfblockerng/pfblockerng_top20.xml b/config/pfblockerng/pfblockerng_top20.xml
index ccaf68a0..db898112 100644
--- a/config/pfblockerng/pfblockerng_top20.xml
+++ b/config/pfblockerng/pfblockerng_top20.xml
@@ -10,7 +10,7 @@
pfBlockerNG_Top20.xml
pfBlockerNG
- Copyright (C) 2014 BBcan177@gmail.com
+ Copyright (C) 2015 BBcan177@gmail.com
All rights reserved.
Based upon pfblocker for pfSense
diff --git a/config/pfblockerng/pfblockerng_update.php b/config/pfblockerng/pfblockerng_update.php
index 99480900..f3a18231 100644
--- a/config/pfblockerng/pfblockerng_update.php
+++ b/config/pfblockerng/pfblockerng_update.php
@@ -3,7 +3,7 @@
/* pfBlockerNG_Update.php
pfBlockerNG
- Copyright (C) 2014 BBcan177@gmail.com
+ Copyright (C) 2015 BBcan177@gmail.com
All rights reserved.
Portions of this code are based on original work done for
diff --git a/config/pfblockerng/pfblockerng_v4lists.xml b/config/pfblockerng/pfblockerng_v4lists.xml
index 6df839ed..febfd597 100644
--- a/config/pfblockerng/pfblockerng_v4lists.xml
+++ b/config/pfblockerng/pfblockerng_v4lists.xml
@@ -9,7 +9,7 @@
pfBlockerNG_v4lists.xml
pfBlockerNG
- Copyright (C) 2014 BBcan177@gmail.com
+ Copyright (C) 2015 BBcan177@gmail.com
All rights reserved.
Based upon pfblocker for pfSense
diff --git a/config/pfblockerng/pfblockerng_v6lists.xml b/config/pfblockerng/pfblockerng_v6lists.xml
index 15d788cf..10a866c0 100644
--- a/config/pfblockerng/pfblockerng_v6lists.xml
+++ b/config/pfblockerng/pfblockerng_v6lists.xml
@@ -9,7 +9,7 @@
pfBlockerNG_v6lists.xml
pfBlockerNG
- Copyright (C) 2014 BBcan177@gmail.com
+ Copyright (C) 2015 BBcan177@gmail.com
All rights reserved.
Based upon pfblocker for pfSense
diff --git a/config/quagga_ospfd/quagga_ospfd.inc b/config/quagga_ospfd/quagga_ospfd.inc
index 17c13246..140bac8a 100644
--- a/config/quagga_ospfd/quagga_ospfd.inc
+++ b/config/quagga_ospfd/quagga_ospfd.inc
@@ -266,8 +266,14 @@ function quagga_ospfd_install_conf() {
$carp_ip_status_check = "";
if (is_ipaddr($ospfd_conf['carpstatusip'])) {
- $carpcheckinterface = trim(find_carp_interface($ospfd_conf['carpstatusip']));
- $carp_ip_status_check = <<<EOF
+
+ $pfs_version = substr(trim(file_get_contents("/etc/version")),0,3);
+ switch ($pfs_version) {
+ case "2.0":
+ case "2.1":
+ /* Check for 2.1 and before */
+ $carpcheckinterface = trim(find_carp_interface($ospfd_conf['carpstatusip']));
+ $carp_ip_status_check = <<<EOF
CARP_STATUS=`/sbin/ifconfig {$carpcheckinterface} | /usr/bin/grep carp: | /usr/bin/awk '{print \$2;}'`
if [ \${CARP_STATUS} != "MASTER" ]; then
@@ -275,6 +281,27 @@ if [ \${CARP_STATUS} != "MASTER" ]; then
fi
EOF;
+ break;
+ case "2.2":
+ default:
+ /* Check for 2.2 and later */
+ if (is_array($config['virtualip']['vip'])) {
+ foreach ($config['virtualip']['vip'] as $vip) {
+ if (($vip['mode'] == "carp") && ($vip['subnet'] == $ospfd_conf['carpstatusip'])) {
+ $carpcheckinterface = escapeshellarg(get_real_interface($vip['interface']));
+ $vhid = escapeshellarg($vip['vhid']);
+ $carp_ip_status_check = <<<EOF
+
+CARP_STATUS=`/sbin/ifconfig {$carpcheckinterface} | /usr/bin/grep 'carp:' | /usr/bin/grep 'vhid {$vhid}' | /usr/bin/awk '{print \$2;}'`
+if [ \${CARP_STATUS} != "MASTER" ]; then
+ exit;
+fi
+EOF;
+ }
+ }
+ }
+ break;
+ }
}
@@ -395,4 +422,37 @@ function quagga_get_carp_status_by_ip($ipaddr) {
return $status;
}
+function quagga_ospfd_plugin_carp($pluginparams) {
+ global $config;
+ require_once("service-utils.inc");
+ // Called when a CARP interface changes state
+ // $pluginparams['event'] either 'rc.carpmaster' or 'rc.carpbackup'
+ // $pluginparams['interface'] contains the affected interface
+
+ /* If there is no OSPF config, then stop */
+ if(is_array($config['installedpackages']['quaggaospfd']['config'])) {
+ $ospfd_conf = &$config['installedpackages']['quaggaospfd']['config'][0];
+ } else {
+ return null;
+ }
+ /* If there is no properly configured CARP status check IP, then stop */
+ if (!is_ipaddr($ospfd_conf['carpstatusip'])) {
+ return null;
+ }
+ list($vhid, $iface) = explode("@", trim($pluginparams['interface']));
+ $friendly = convert_real_interface_to_friendly_interface_name($iface);
+ $carp_iface = "{$friendly}_vip${vhid}";
+
+ /* If this CARP transition is not from the IP address to check, then stop. */
+ if (get_interface_ip($carp_iface) != $ospfd_conf['carpstatusip']) {
+ return null;
+ }
+
+ /* Start or stop the service as needed based on the CARP transition. */
+ if ($pluginparams['event'] == "rc.carpmaster") {
+ start_service("Quagga OSPFd");
+ } elseif ($pluginparams['event'] == "rc.carpbackup") {
+ stop_service("Quagga OSPFd");
+ }
+}
?>
diff --git a/config/quagga_ospfd/quagga_ospfd.xml b/config/quagga_ospfd/quagga_ospfd.xml
index 8edfcc3f..617b5da0 100644
--- a/config/quagga_ospfd/quagga_ospfd.xml
+++ b/config/quagga_ospfd/quagga_ospfd.xml
@@ -1,6 +1,6 @@
<packagegui>
<name>quagga_ospfd</name>
- <version>0.6.1</version>
+ <version>0.6.5</version>
<title>Services: Quagga OSPFd</title>
<include_file>/usr/local/pkg/quagga_ospfd.inc</include_file>
<aftersaveredirect>pkg_edit.php?xml=quagga_ospfd.xml&amp;id=0</aftersaveredirect>
@@ -67,6 +67,11 @@
<executable>zebra</executable>
<description>Quagga core/abstraction daemon</description>
</service>
+ <plugins>
+ <item>
+ <type>plugin_carp</type>
+ </item>
+ </plugins>
<fields>
<field>
<fielddescr>Master Password</fielddescr>
diff --git a/config/siproxd/siproxd.inc b/config/siproxd/siproxd.inc
index d76f79d3..d9830fb2 100644
--- a/config/siproxd/siproxd.inc
+++ b/config/siproxd/siproxd.inc
@@ -32,7 +32,8 @@ if(!function_exists("filter_configure"))
require_once("service-utils.inc");
// Check to find out on which system the package is running
-if (substr(trim(file_get_contents("/etc/version")),0,3) == "2.0") {
+$pfs_version = substr(trim(file_get_contents("/etc/version")),0,3);
+if ($pfs_version == "2.0") {
define('SIPROXD', '/usr/local');
} else {
define('SIPROXD', '/usr/pbi/siproxd-' . php_uname("m"));
@@ -108,7 +109,7 @@ function siproxd_generate_rules($type) {
}
function sync_package_siproxd() {
- global $config;
+ global $config, $pfs_version;
// put the constant to a variable
$varSIPROXD = SIPROXD;
@@ -250,9 +251,14 @@ function sync_package_siproxd() {
fclose($fout);
+ if ($pfs_version == '2.2')
+ $bin_dir='bin';
+ else
+ $bin_dir='sbin';
+
write_rcfile(array(
"file" => "siproxd.sh",
- "start" => "$varSIPROXD/sbin/siproxd -c $varSIPROXD/etc/siproxd.conf &",
+ "start" => "$varSIPROXD/{$bin_dir}/siproxd -c $varSIPROXD/etc/siproxd.conf &",
"stop" => "/usr/bin/killall -9 siproxd"
)
);
diff --git a/config/snort/snort.xml b/config/snort/snort.xml
index 60573130..1f1a7d24 100755
--- a/config/snort/snort.xml
+++ b/config/snort/snort.xml
@@ -46,8 +46,8 @@
<requirements>None</requirements>
<faq>Currently there are no FAQ items provided.</faq>
<name>Snort</name>
- <version>2.9.7.0</version>
- <title>Services:2.9.7.0 pkg v3.2.3</title>
+ <version>2.9.7.2</version>
+ <title>Services:2.9.7.2 pkg v3.2.4</title>
<include_file>/usr/local/pkg/snort/snort.inc</include_file>
<menu>
<name>Snort</name>
diff --git a/config/snort/snort_alerts.widget.php b/config/snort/snort_alerts.widget.php
index 552dab61..96c70562 100644
--- a/config/snort/snort_alerts.widget.php
+++ b/config/snort/snort_alerts.widget.php
@@ -46,7 +46,7 @@ $alertColClass = "listMRr";
/* check if Snort widget alert display lines value is set */
$snort_nentries = $config['widgets']['widget_snort_display_lines'];
-if (!isset($snort_nentries) || $snort_nentries < 0)
+if (!isset($snort_nentries) || $snort_nentries <= 0)
$snort_nentries = 5;
/* array sorting of the alerts */
@@ -95,7 +95,11 @@ if (isset($_GET['getNewAlerts'])) {
// See if saving new display line count value
if(isset($_POST['widget_snort_display_lines'])) {
- $config['widgets']['widget_snort_display_lines'] = $_POST['widget_snort_display_lines'];
+ if($_POST['widget_snort_display_lines'] == "") {
+ unset($config['widgets']['widget_snort_display_lines']);
+ } else {
+ $config['widgets']['widget_snort_display_lines'] = max(intval($_POST['widget_snort_display_lines']), 1);
+ }
write_config("Saved Snort Alerts Widget Displayed Lines Parameter via Dashboard");
header("Location: ../../index.php");
}
diff --git a/config/snort/snort_defs.inc b/config/snort/snort_defs.inc
index 43ecada6..906dd465 100644
--- a/config/snort/snort_defs.inc
+++ b/config/snort/snort_defs.inc
@@ -50,7 +50,7 @@ if (!defined("SNORT_BIN_VERSION")) {
if (!empty($snortver[0]))
define("SNORT_BIN_VERSION", $snortver[0]);
else
- define("SNORT_BIN_VERSION", "2.9.7.0");
+ define("SNORT_BIN_VERSION", "2.9.7.2");
}
if (!defined("SNORT_SID_MODS_PATH"))
define('SNORT_SID_MODS_PATH', "{$g['vardb_path']}/snort/sidmods/");
diff --git a/config/snort/snort_generate_conf.php b/config/snort/snort_generate_conf.php
index 1d56fc13..297e833b 100644
--- a/config/snort/snort_generate_conf.php
+++ b/config/snort/snort_generate_conf.php
@@ -895,7 +895,7 @@ EOD;
/* def AppID preprocessor */
$appid_memcap = $snortcfg['sf_appid_mem_cap'] * 1024 * 1024;
-$appid_params = "app_detector_dir " . SNORT_APPID_ODP_PATH . ", \\\n\tmemcap {$appid_memcap}";
+$appid_params = "app_detector_dir " . rtrim(SNORT_APPID_ODP_PATH, '/') . ", \\\n\tmemcap {$appid_memcap}";
if ($snortcfg['sf_appid_statslog'] == "on") {
$appid_params .= ", \\\n\tapp_stats_filename app-stats.log";
$appid_params .= ", \\\n\tapp_stats_period {$snortcfg['sf_appid_stats_period']}";
diff --git a/config/snort/snort_migrate_config.php b/config/snort/snort_migrate_config.php
index de8ac308..941a8151 100644
--- a/config/snort/snort_migrate_config.php
+++ b/config/snort/snort_migrate_config.php
@@ -533,7 +533,7 @@ unset($r);
// Log a message if we changed anything
if ($updated_cfg) {
- $config['installedpackages']['snortglobal']['snort_config_ver'] = "3.2.3";
+ $config['installedpackages']['snortglobal']['snort_config_ver'] = "3.2.4";
log_error("[Snort] Settings successfully migrated to new configuration format...");
}
else
diff --git a/config/snort/snort_post_install.php b/config/snort/snort_post_install.php
index 7ab8b3db..f93f1c87 100644
--- a/config/snort/snort_post_install.php
+++ b/config/snort/snort_post_install.php
@@ -263,8 +263,8 @@ if (stristr($config['widgets']['sequence'], "snort_alerts-container") === FALSE)
$config['widgets']['sequence'] .= ",{$snort_widget_container}";
/* Update Snort package version in configuration */
-$config['installedpackages']['snortglobal']['snort_config_ver'] = "3.2.3";
-write_config("Snort pkg v3.2.3: post-install configuration saved.");
+$config['installedpackages']['snortglobal']['snort_config_ver'] = "3.2.4";
+write_config("Snort pkg v3.2.4: post-install configuration saved.");
/* Done with post-install, so clear flag */
unset($g['snort_postinstall']);
diff --git a/config/snort/snort_rulesets.php b/config/snort/snort_rulesets.php
index c29b1810..90ce1e7d 100755
--- a/config/snort/snort_rulesets.php
+++ b/config/snort/snort_rulesets.php
@@ -452,7 +452,7 @@ if ($savemsg) {
<tr>
<td width="5%" class="listr" style="text-align: center;">
<img src="../themes/<?=$g['theme'];?>/images/icons/icon_advanced.gif" width="11" height="11" border="0" title="<?=gettext("Auto-managed by settings on SID Mgmt tab");?>" /></td>
- <td colspan="5" class="listr"><a href='suricata_rules.php?id=<?=$id;?>&openruleset=<?=$community_rules_file;?>'><?=gettext("{$msg_community}");?></a></td>
+ <td colspan="5" class="listr"><a href='snort_rules.php?id=<?=$id;?>&openruleset=<?=$community_rules_file;?>'><?=gettext("{$msg_community}");?></a></td>
</tr>
<?php else: ?>
<tr>
@@ -465,7 +465,7 @@ if ($savemsg) {
<tr>
<td width="5%" class="listr" style="text-align: center;">
<input type="checkbox" name="toenable[]" value="<?=$community_rules_file;?>" checked="checked"/></td>
- <td colspan="5" class="listr"><a href='suricata_rules.php?id=<?=$id;?>&openruleset=<?=$community_rules_file;?>'><?php echo gettext("{$msg_community}"); ?></a></td>
+ <td colspan="5" class="listr"><a href='snort_rules.php?id=<?=$id;?>&openruleset=<?=$community_rules_file;?>'><?php echo gettext("{$msg_community}"); ?></a></td>
</tr>
<?php else: ?>
<tr>
@@ -531,7 +531,7 @@ if ($savemsg) {
sort($snortrules);
$i = count($emergingrules);
if ($i < count($snortsorules))
- $i = count(snortsorules);
+ $i = count($snortsorules);
if ($i < count($snortrules))
$i = count($snortrules);
diff --git a/config/sudo/sudo.inc b/config/sudo/sudo.inc
index a69d9211..a8107029 100644
--- a/config/sudo/sudo.inc
+++ b/config/sudo/sudo.inc
@@ -28,6 +28,7 @@
*/
require_once("config.inc");
+global $pfs_version;
$pfs_version = substr(trim(file_get_contents("/etc/version")),0,3);
switch ($pfs_version) {
case "1.2":
@@ -84,8 +85,11 @@ function sudo_install() {
}
function sudo_write_config() {
- global $config;
+ global $config, $pfs_version;
$sudoers = "";
+ if ($pfs_version == "2.2") {
+ mwexec_bg("/sbin/ldconfig -m /usr/pbi/sudo-" . php_uname("m") . "/local/lib/");
+ }
conf_mount_rw();
$sudoconf = "Plugin sudoers_policy " . SUDO_LIBEXEC_DIR . "/sudoers.so\n";
diff --git a/config/sudo/sudo.xml b/config/sudo/sudo.xml
index 2fccab24..069606ba 100644
--- a/config/sudo/sudo.xml
+++ b/config/sudo/sudo.xml
@@ -3,7 +3,7 @@
<description>Sudo Command Control</description>
<requirements>None</requirements>
<name>sudo</name>
- <version>0.2.1</version>
+ <version>0.2.5</version>
<title>Sudo - Shell Command Privilege Delegation Utility</title>
<include_file>/usr/local/pkg/sudo.inc</include_file>
<menu>
diff --git a/config/vhosts/vhosts.inc b/config/vhosts/vhosts.inc
index d0b14652..1958632e 100644
--- a/config/vhosts/vhosts.inc
+++ b/config/vhosts/vhosts.inc
@@ -659,7 +659,7 @@ function vhosts_sync_package_php()
$tmp .= " \"PHP_FCGI_MAX_REQUESTS\" => \"500\",\n";
$tmp .= " \"PHP_FCGI_CHILDREN\" => \"1\"\n";
$tmp .= " ),\n";
- $tmp .= " \"bin-path\" => \"/usr/local/php5/php-cgi\"\n";
+ $tmp .= " \"bin-path\" => \"/usr/local/bin/php\"\n";
$tmp .= " )\n";
$tmp .= " )\n";
$tmp .= ")\n";
@@ -681,11 +681,11 @@ function vhosts_sync_package_php()
);
//add or update a service
- $a_service = &$config['installedpackages']['service'];
$ent['name'] = "vhosts-ssl-$x";
$ent['rcfile'] = "vhosts-".$ipaddress."-".$port."-ssl.sh";
$ent['executable'] = "vhosts-".$ipaddress."-".$port."-ssl";
$ent['description'] = "vHosts SSL, Host: $host, IP Address: ".$ipaddress.", port: ".$port." desc: ".$description;
+ $ent['custom_php_service_status_command'] = "\$vhost_output=''; exec('/bin/pgrep -anf '.".escapeshellarg($ent['executable']).", \$vhost_output, \$retval); \$rc=(intval(\$retval) == 0);";
$a_service = $config['installedpackages']['service'];
$service_id = get_service_id ($a_service, 'name', "vhosts-ssl-$x");
if (is_int($service_id)) {
diff --git a/config/vnstat2/vnstat2.inc b/config/vnstat2/vnstat2.inc
index f248083e..c875be52 100644
--- a/config/vnstat2/vnstat2.inc
+++ b/config/vnstat2/vnstat2.inc
@@ -63,8 +63,8 @@ function change_vnstat_conf(){
$config['installedpackages']['vnstat2']['config'][0]['vnstat_phpfrontend'] = $_POST['vnstat_phpfrontend'];
write_conf_f();
write_config();
- $no_vnstat_phpfrontend = $config['installedpackages']['vnstat2']['config'][0]['vnstat_phpfrontend'];
- if ($no_vnstat_phpfrontend == "on"){
+
+ if ($config['installedpackages']['vnstat2']['config'][0]['vnstat_phpfrontend'] == "on"){
vnstat_php_frontend();
}
else {
@@ -195,12 +195,10 @@ function vnstat_install_config() {
}
vnstat_link_config();
// Add MonthRotate value to config.xml and write /usr/local/etc/vnstat.conf
- $no_monthrotate = $config['installedpackages']['vnstat2']['config'][0]['monthrotate'];
- if ($no_monthrotate == ""){
+ if ($config['installedpackages']['vnstat2']['config'][0]['monthrotate'] == ""){
$config['installedpackages']['vnstat2']['config'][0]['monthrotate'] = "1";
}
- $no_vnstat_phpfrontend = $config['installedpackages']['vnstat2']['config'][0]['vnstat_phpfrontend'];
- if ($no_vnstat_phpfrontend == "on"){
+ if ($config['installedpackages']['vnstat2']['config'][0]['vnstat_phpfrontend'] == "on"){
vnstat_php_frontend();
}
write_conf_f();
@@ -214,7 +212,7 @@ function vnstat_install_config() {
function vnstat_php_frontend(){
global $config;
// Copy vnstat_php_frontend to www
- exec("cp -a /usr/local/pkg/vnstat2/vnstat_php_frontend/. /usr/local/www/vnstat2/");
+ exec("/bin/cp -a /usr/local/pkg/vnstat2/vnstat_php_frontend/. /usr/local/www/vnstat2/");
// Find information to be writing in config.php
// $iface_list_array_items
exec("ls /conf/vnstat/ | grep -v '\.'", $vnstat_nic_in);
diff --git a/config/zabbix-lts/zabbix-agent-lts.xml b/config/zabbix-lts/zabbix-agent-lts.xml
new file mode 100644
index 00000000..b098eb62
--- /dev/null
+++ b/config/zabbix-lts/zabbix-agent-lts.xml
@@ -0,0 +1,179 @@
+<?xml version="1.0" encoding="utf-8"?>
+<packagegui>
+<copyright>
+ <![CDATA[
+/* $Id$ */
+/* ========================================================================== */
+/*
+ zabbix-agent-lts.xml
+ part of the Zabbix package for pfSense
+ Copyright (C) 2013 Danilo G. Baio
+ Copyright (C) 2013 Marcello Coutinho
+
+ All rights reserved.
+ */
+/* ========================================================================== */
+/*
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
+/* ========================================================================== */
+ ]]>
+ </copyright>
+ <name>zabbixagentlts</name>
+ <title>Services: Zabbix Agent LTS</title>
+ <category>Monitoring</category>
+ <version>0.8.3</version>
+ <include_file>/usr/local/pkg/zabbix-lts.inc</include_file>
+ <addedit_string>Zabbix Agent LTS has been created/modified.</addedit_string>
+ <delete_string>Zabbix Agent LTS has been deleted.</delete_string>
+ <restart_command>/usr/local/etc/rc.d/zabbix_agentd_lts.sh restart</restart_command>
+ <additional_files_needed>
+ <item>https://packages.pfsense.org/packages/config/zabbix-lts/zabbix-lts.inc</item>
+ <prefix>/usr/local/pkg/</prefix>
+ <chmod>0755</chmod>
+ </additional_files_needed>
+ <menu>
+ <name>Zabbix Agent LTS</name>
+ <tooltiptext>Setup Zabbix Agent specific settings</tooltiptext>
+ <section>Services</section>
+ <url>/pkg_edit.php?xml=zabbix-agent-lts.xml&amp;id=0</url>
+ </menu>
+ <service>
+ <name>zabbix_agentd_lts</name>
+ <rcfile>zabbix_agentd_lts.sh</rcfile>
+ <executable>zabbix_agentd</executable>
+ <description>Zabbix Agent LTS host monitor daemon</description>
+ </service>
+ <tabs>
+ <tab>
+ <text>Agent</text>
+ <url>/pkg_edit.php?xml=zabbix-agent-lts.xml&amp;id=0</url>
+ <active />
+ </tab>
+ </tabs>
+ <fields>
+ <field>
+ <name>Zabbix Agent LTS Settings</name>
+ <type>listtopic</type>
+ </field>
+ <field>
+ <fielddescr>Enable</fielddescr>
+ <fieldname>agentenabled</fieldname>
+ <description>Enable Zabbix Agent LTS service</description>
+ <type>checkbox</type>
+ </field>
+ <field>
+ <fielddescr>Server</fielddescr>
+ <fieldname>server</fieldname>
+ <description>List of comma delimited IP addresses (or hostnames) of ZABBIX servers</description>
+ <type>input</type>
+ <size>60</size>
+ </field>
+ <field>
+ <fielddescr>Server Active</fielddescr>
+ <fieldname>serveractive</fieldname>
+ <description>List of comma delimited IP:port (or hostname:port) pairs of Zabbix servers for active checks</description>
+ <type>input</type>
+ <size>60</size>
+ </field>
+ <field>
+ <fielddescr>Hostname</fielddescr>
+ <fieldname>hostname</fieldname>
+ <description>Unique hostname. Required for active checks and must match hostname as configured on the Zabbix server (case sensitive).</description>
+ <type>input</type>
+ <size>60</size>
+ </field>
+ <field>
+ <fielddescr>Listen IP</fielddescr>
+ <fieldname>listenip</fieldname>
+ <default_value>0.0.0.0</default_value>
+ <type>input</type>
+ <size>60</size>
+ <description>Listen IP for connections from the server (default 0.0.0.0 for all interfaces)</description>
+ </field>
+ <field>
+ <fielddescr>Listen Port</fielddescr>
+ <fieldname>listenport</fieldname>
+ <default_value>10050</default_value>
+ <type>input</type>
+ <size>5</size>
+ <description>Listen port for connections from the server (default 10050)</description>
+ </field>
+ <field>
+ <fielddescr>Refresh Active Checks</fielddescr>
+ <fieldname>refreshactchecks</fieldname>
+ <default_value>120</default_value>
+ <type>input</type>
+ <size>5</size>
+ <description>The agent will refresh list of active checks once per 120 (default) seconds.</description>
+ </field>
+ <field>
+ <fielddescr>Timeout</fielddescr>
+ <fieldname>timeout</fieldname>
+ <default_value>3</default_value>
+ <type>input</type>
+ <size>5</size>
+ <description>Timeout (default 3). Do not spend more that Timeout seconds on getting requested value (1-30). The agent does not kill timeouted User Parameters processes!</description>
+ </field>
+ <field>
+ <fielddescr>Buffer Send</fielddescr>
+ <fieldname>buffersend</fieldname>
+ <default_value>5</default_value>
+ <type>input</type>
+ <size>5</size>
+ <description>Buffer Send (default 5). Do not keep data longer than N seconds in buffer (1-3600).</description>
+ </field>
+ <field>
+ <fielddescr>Buffer Size</fielddescr>
+ <fieldname>buffersize</fieldname>
+ <default_value>100</default_value>
+ <type>input</type>
+ <size>5</size>
+ <description>Buffer Size (default 100). Maximum number of values in a memory buffer (2-65535). The agent will send all collected data to Zabbix server or proxy if the buffer is full.</description>
+ </field>
+ <field>
+ <fielddescr>Start Agents</fielddescr>
+ <fieldname>startagents</fieldname>
+ <default_value>3</default_value>
+ <type>input</type>
+ <size>5</size>
+ <description>Start Agents (default 3). Number of pre-forked instances of zabbix_agentd that process passive checks (0-100).If set to 0, disables passive checks and the agent will not listen on any TCP port.</description>
+ </field>
+ <field>
+ <fielddescr>User Parameters</fielddescr>
+ <fieldname>userparams</fieldname>
+ <encoding>base64</encoding>
+ <type>textarea</type>
+ <rows>5</rows>
+ <cols>50</cols>
+ <description>User-defined parameter to monitor. There can be several user-defined parameters. Value has form, example: UserParameter=users,who|wc -l</description>
+ </field>
+ </fields>
+ <custom_php_install_command>sync_package_zabbix_lts();</custom_php_install_command>
+ <custom_php_command_before_form></custom_php_command_before_form>
+ <custom_php_after_head_command></custom_php_after_head_command>
+ <custom_php_after_form_command></custom_php_after_form_command>
+ <custom_php_validation_command>validate_input_zabbix_lts($_POST, $input_errors);</custom_php_validation_command>
+ <custom_add_php_command></custom_add_php_command>
+ <custom_php_resync_config_command>sync_package_zabbix_lts();</custom_php_resync_config_command>
+ <custom_php_deinstall_command>php_deinstall_zabbix_agent_lts();</custom_php_deinstall_command>
+</packagegui>
diff --git a/config/zabbix-lts/zabbix-lts.inc b/config/zabbix-lts/zabbix-lts.inc
new file mode 100644
index 00000000..450b78a1
--- /dev/null
+++ b/config/zabbix-lts/zabbix-lts.inc
@@ -0,0 +1,360 @@
+<?php
+/* $Id$ */
+/* ========================================================================== */
+/*
+ zabbix-lts.inc
+ part of the Zabbix package for pfSense
+ Copyright (C) 2013 Danilo G. Baio
+ Copyright (C) 2013 Marcello Coutinho
+
+ All rights reserved.
+ */
+/* ========================================================================== */
+/*
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
+/* ========================================================================== */
+require_once("util.inc");
+require_once("functions.inc");
+require_once("pkg-utils.inc");
+require_once("globals.inc");
+
+function php_install_zabbix_lts(){
+ sync_package_zabbix_lts();
+}
+
+function php_deinstall_zabbix_agent_lts(){
+ global $config, $g;
+
+ conf_mount_rw();
+
+ define('ZABBIX_AGENT_BASE', '/usr/pbi/zabbix22-agent-' . php_uname("m"));
+
+ exec("/usr/bin/killall zabbix_agentd");
+ unlink_if_exists(ZABBIX_AGENT_BASE . "/etc/rc.d/zabbix_agentd_lts.sh");
+ unlink_if_exists(ZABBIX_AGENT_BASE . "/etc/zabbix22/zabbix_agentd.conf");
+ unlink_if_exists("/var/log/zabbix-lts/zabbix_agentd_lts.log");
+ unlink_if_exists("/var/run/zabbix-lts/zabbix_agentd_lts.pid");
+
+ if (!is_array($config['installedpackages']['zabbixproxylts'])){
+ if (is_dir("/var/log/zabbix-lts"))
+ exec("/bin/rm -r /var/log/zabbix-lts/");
+ if (is_dir("/var/run/zabbix-lts"))
+ exec("/bin/rm -r /var/run/zabbix-lts/");
+ }
+
+ conf_mount_ro();
+}
+
+function php_deinstall_zabbix_proxy_lts(){
+ global $config, $g;
+
+ conf_mount_rw();
+
+ define('ZABBIX_PROXY_BASE', '/usr/pbi/zabbix22-proxy-' . php_uname("m"));
+
+ exec("/usr/bin/killall zabbix_proxy");
+ unlink_if_exists(ZABBIX_PROXY_BASE . "/etc/rc.d/zabbix_proxy_lts.sh");
+ unlink_if_exists(ZABBIX_PROXY_BASE . "/etc/zabbix22/zabbix_proxy.conf");
+ unlink_if_exists("/var/log/zabbix-lts/zabbix_proxy_lts.log");
+ unlink_if_exists("/var/run/zabbix-lts/zabbix_proxy_lts.pid");
+
+ if (!is_array($config['installedpackages']['zabbixagentlts'])){
+ if (is_dir("/var/log/zabbix-lts"))
+ exec("/bin/rm -r /var/log/zabbix-lts/");
+ if (is_dir("/var/run/zabbix-lts"))
+ exec("/bin/rm -r /var/run/zabbix-lts/");
+ }
+
+ if (is_dir("/var/db/zabbix-lts"))
+ exec("/bin/rm -r /var/db/zabbix-lts/");
+
+ conf_mount_ro();
+}
+
+function validate_input_zabbix_lts($post, &$input_errors){
+
+ if (isset($post['proxyenabled'])){
+ if (!is_numericint($post['serverport'])) {
+ $input_errors[]='Server Port is not numeric.'.$ServerPort;
+ }
+
+ if (!is_numericint($post['configfrequency'])) {
+ $input_errors[]='Config Frequency is not numeric.';
+ }
+ }
+ if (isset($post['agentenabled'])){
+ if (!preg_match("/\w+/", $post['server'])) {
+ $input_errors[]='Server field is required.';
+ }
+
+ if (!preg_match("/\w+/", $post['hostname'])) {
+ $input_errors[]='Hostname field is required.';
+ }
+
+ if ($post['listenip'] != '') {
+ if (!is_ipaddr_configured($post['listenip']) && !preg_match("/(127.0.0.1|0.0.0.0)/",$post['listenip'])) {
+ $input_errors[]='Listen IP is not a configured IP address.';
+ }
+ }
+
+ if ($post['listenport'] != '') {
+ if (!preg_match("/^\d+$/", $post['listenport'])) {
+ $input_errors[]='Listen Port is not numeric.';
+ }
+ }
+
+ if ($post['refreshactchecks'] != '') {
+ if (!preg_match("/^\d+$/", $post['refreshactchecks'])) {
+ $input_errors[]='Refresh Active Checks is not numeric.';
+ } elseif ( $post['refreshactchecks'] < 60 || $post['refreshactchecks'] > 3600 ) {
+ $input_errors[]='You must enter a valid value for \'Refresh Active Checks\'';
+ }
+ }
+
+ if ($post['timeout'] != '') {
+ if (!is_numericint($post['timeout'])) {
+ $input_errors[]='Timeout is not numeric.';
+ } elseif ( $post['timeout'] < 1 || $post['timeout'] > 30 ) {
+ $input_errors[]='You must enter a valid value for \'Timeout\'';
+ }
+ }
+
+ if ($post['buffersend'] != '') {
+ if (!is_numericint($post['buffersend'])) {
+ $input_errors[]='Buffer Send is not numeric.';
+ } elseif ( $post['buffersend'] < 1 || $post['buffersend'] > 3600 ) {
+ $input_errors[]='You must enter a valid value for \'Buffer Send\'';
+ }
+ }
+
+ if ($post['buffersize'] != '') {
+ if (!is_numericint($post['buffersize'])) {
+ $input_errors[]='Bufer Size is not numeric.';
+ } elseif ( $post['buffersize'] < 2 || $post['buffersize'] > 65535 ) {
+ $input_errors[]='You must enter a valid value for \'Buffer Size\'';
+ }
+ }
+
+ if ($post['startagents'] != '') {
+ if (!is_numericint($post['startagents'])) {
+ $input_errors[]='Start Agents is not numeric.';
+ } elseif ( $post['startagents'] < 0 || $post['startagents'] > 100 ) {
+ $input_errors[]='You must enter a valid value for \'Start Agents\'';
+ }
+ }
+ }
+}
+
+function sync_package_zabbix_lts(){
+ global $config, $g;
+
+ conf_mount_rw();
+
+ define('ZABBIX_AGENT_BASE', '/usr/pbi/zabbix22-agent-' . php_uname("m"));
+ define('ZABBIX_PROXY_BASE', '/usr/pbi/zabbix22-proxy-' . php_uname("m"));
+
+ #check zabbix proxy config
+ if (is_array($config['installedpackages']['zabbixproxylts'])){
+ $zbproxy_config = $config['installedpackages']['zabbixproxylts']['config'][0];
+ if ($zbproxy_config['proxyenabled']=="on"){
+ $Mode=(is_numericint($zbproxy_config['proxymode'])?$zbproxy_config['proxymode'] : 0);
+ $AdvancedParams=base64_decode($zbproxy_config['advancedparams']);
+
+ $zbproxy_conf_file = <<< EOF
+Server={$zbproxy_config['server']}
+ServerPort={$zbproxy_config['serverport']}
+Hostname={$zbproxy_config['hostname']}
+PidFile=/var/run/zabbix-lts/zabbix_proxy_lts.pid
+DBName=/var/db/zabbix-lts/proxy.db
+LogFile=/var/log/zabbix-lts/zabbix_proxy_lts.log
+ConfigFrequency={$zbproxy_config['configfrequency']}
+FpingLocation=/usr/local/sbin/fping
+#there's currently no fping6 (IPv6) dependency in the package, but if there was, the binary would likely also be in /usr/local/sbin
+Fping6Location=/usr/local/sbin/fping6
+ProxyMode={$Mode}
+{$AdvancedParams}
+
+EOF;
+ file_put_contents(ZABBIX_PROXY_BASE . "/etc/zabbix22/zabbix_proxy.conf", strtr($zbproxy_conf_file, array("\r" => "")));
+ }
+ }
+ /* check zabbix agent settings*/
+ if (is_array($config['installedpackages']['zabbixagentlts'])){
+ $zbagent_config = $config['installedpackages']['zabbixagentlts']['config'][0];
+ if ($zbagent_config['agentenabled']=="on"){
+ $RefreshActChecks=(preg_match("/(\d+)/",$zbagent_config['refreshactchecks'],$matches)? $matches[1] : "120");
+ $BufferSend=(preg_match("/(\d+)/",$zbagent_config['buffersend'],$matches)? $matches[1] : "5" );
+ $BufferSize=(preg_match("/(\d+)/",$zbagent_config['buffersize'],$matches)? $matches[1] : "100");
+ $StartAgents=(preg_match("/(\d+)/",$zbagent_config['startagents'],$matches)? $matches[1] :"3" );
+ $UserParams=base64_decode($zbagent_config['userparams']);
+ $ListenIp=($zbagent_config['listenip'] != ''? $zbagent_config['listenip'] : "0.0.0.0");
+ $ListenPort=($zbagent_config['listenport'] != ''? $zbagent_config['listenport'] : "10050");
+ $TimeOut=($zbagent_config['timeout'] != ''? $zbagent_config['timeout'] : "3");
+
+ $zbagent_conf_file = <<< EOF
+Server={$zbagent_config['server']}
+ServerActive={$zbagent_config['serveractive']}
+Hostname={$zbagent_config['hostname']}
+ListenIP={$ListenIp}
+ListenPort={$ListenPort}
+RefreshActiveChecks={$RefreshActChecks}
+DebugLevel=3
+PidFile=/var/run/zabbix-lts/zabbix_agentd_lts.pid
+LogFile=/var/log/zabbix-lts/zabbix_agentd_lts.log
+LogFileSize=1
+Timeout={$TimeOut}
+BufferSend={$BufferSend}
+BufferSize={$BufferSize}
+StartAgents={$StartAgents}
+{$UserParams}
+
+EOF;
+ file_put_contents(ZABBIX_AGENT_BASE . "/etc/zabbix22/zabbix_agentd.conf", strtr($zbagent_conf_file, array("\r" => "")));
+ }
+ }
+ $want_sysctls = array(
+ 'kern.ipc.shmall' => '2097152',
+ 'kern.ipc.shmmax' => '2147483648',
+ 'kern.ipc.semmsl' => '250'
+ );
+ $sysctls = array();
+ #check sysctl file values
+ $sc_file="";
+ if (file_exists("/etc/sysctl.conf")) {
+ $sc = file("/etc/sysctl.conf");
+ foreach ($sc as $line) {
+ list($sysk, $sysv) = explode("=", $line, 2);
+ if (preg_match("/\w/",$line) && !array_key_exists($sysk, $want_sysctls))
+ $sc_file.=$line;
+ }
+ }
+ foreach ($want_sysctls as $ws=> $wv) {
+ $sc_file .= "{$ws}={$wv}\n";
+ exec("/sbin/sysctl {$ws}={$wv}");
+ }
+ file_put_contents("/etc/sysctl.conf", $sc_file);
+
+ #check bootloader values
+ $lt_file="";
+ $want_tunables = array(
+ 'kern.ipc.semopm' => '100',
+ 'kern.ipc.semmni' => '128',
+ 'kern.ipc.semmns' => '32000',
+ 'kern.ipc.shmmni' => '4096'
+ );
+ $tunables = array();
+ if (file_exists("/boot/loader.conf")) {
+ $lt = file("/boot/loader.conf");
+ foreach ($lt as $line) {
+ list($tunable, $val) = explode("=", $line, 2);
+ if (preg_match("/\w/",$line) && !array_key_exists($tunable, $want_tunables))
+ $lt_file.=$line;
+ }
+ }
+ foreach ($want_tunables as $wt => $wv) {
+ $lt_file.= "{$wt}={$wv}\n";
+ }
+ file_put_contents("/boot/loader.conf", $lt_file);
+
+ /*check startup script files*/
+ /* create a few directories and ensure the sample files are in place */
+ if (!is_dir(ZABBIX_PROXY_BASE . "/etc/zabbix22"))
+ exec("/bin/mkdir -p " . ZABBIX_PROXY_BASE . "/etc/zabbix22");
+
+ $dir_checks = <<< EOF
+if [ ! -d /var/log/zabbix-lts ]
+ then
+ /bin/mkdir -p /var/log/zabbix-lts
+ /usr/sbin/chmod 755 /var/log/zabbix-lts
+ fi
+/usr/sbin/chown -R zabbix:zabbix /var/log/zabbix-lts
+
+if [ ! -d /var/run/zabbix-lts ]
+ then
+ /bin/mkdir -p /var/run/zabbix-lts
+ /usr/sbin/chmod 755 /var/run/zabbix-lts
+ fi
+/usr/sbin/chown -R zabbix:zabbix /var/run/zabbix-lts
+
+if [ ! -d /var/db/zabbix-lts ]
+ then
+ /bin/mkdir -p /var/db/zabbix-lts
+ /usr/sbin/chmod 755 /var/db/zabbix-lts
+ fi
+/usr/sbin/chown -R zabbix:zabbix /var/db/zabbix-lts
+
+EOF;
+
+ $zproxy_rcfile="/usr/local/etc/rc.d/zabbix_proxy_lts.sh";
+ if (is_array($zbproxy_config) && $zbproxy_config['proxyenabled']=="on"){
+ $zproxy_start= strtr($dir_checks, array("\r" => "")). "\necho \"Starting Zabbix Proxy LTS\"...\n";
+ /* start zabbix proxy */
+ $zproxy_start .= ZABBIX_PROXY_BASE . "/sbin/zabbix_proxy\n";
+
+ $zproxy_stop = "echo \"Stopping Zabbix Proxy LTS\"\n";
+ $zproxy_stop .= "/usr/bin/killall zabbix_proxy\n";
+ $zproxy_stop .= "/bin/sleep 5\n";
+
+ /* write out rc.d start/stop file */
+ write_rcfile(array(
+ "file" => "zabbix_proxy_lts.sh",
+ "start" => $zproxy_start,
+ "stop" => $zproxy_stop
+ )
+ );
+ mwexec("{$zproxy_rcfile} restart");
+ }else{
+ if (file_exists($zproxy_rcfile)){
+ mwexec("{$zproxy_rcfile} stop");
+ unlink($zproxy_rcfile);
+ }
+ }
+
+ $zagent_rcfile="/usr/local/etc/rc.d/zabbix_agentd_lts.sh";
+ if (is_array($zbagent_config) && $zbagent_config['agentenabled']=="on"){
+ $zagent_start .= strtr($dir_checks, array("\r" => "")). "\necho \"Starting Zabbix Agent LTS...\"\n";
+ $zagent_start .= ZABBIX_AGENT_BASE . "/sbin/zabbix_agentd\n";
+
+ $zagent_stop = "echo \"Stopping Zabbix Agent LTS...\"\n";
+ $zagent_stop .= "/usr/bin/killall zabbix_agentd\n";
+ $zagent_stop .= "/bin/sleep 5\n";
+
+ /* write out rc.d start/stop file */
+ write_rcfile(array(
+ "file" => "zabbix_agentd_lts.sh",
+ "start" => "$zagent_start",
+ "stop" => "$zagent_stop"
+ )
+ );
+ mwexec("{$zagent_rcfile} restart");
+ }else{
+ if (file_exists($zagent_rcfile)){
+ mwexec("{$zagent_rcfile} stop");
+ unlink($zagent_rcfile);
+ }
+ }
+
+ conf_mount_ro();
+}
+
+?>
diff --git a/config/zabbix-lts/zabbix-proxy-lts.xml b/config/zabbix-lts/zabbix-proxy-lts.xml
new file mode 100644
index 00000000..de9f1e1c
--- /dev/null
+++ b/config/zabbix-lts/zabbix-proxy-lts.xml
@@ -0,0 +1,150 @@
+<?xml version="1.0" encoding="utf-8"?>
+<packagegui>
+<copyright>
+ <![CDATA[
+/* $Id$ */
+/* ========================================================================== */
+/*
+ zabbix-proxy-lts.xml
+ part of the Zabbix package for pfSense
+ Copyright (C) 2013 Danilo G. Baio
+ Copyright (C) 2013 Marcello Coutinho
+
+ All rights reserved.
+ */
+/* ========================================================================== */
+/*
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
+/* ========================================================================== */
+ ]]>
+ </copyright>
+ <name>zabbixproxylts</name>
+ <title>Services: Zabbix Proxy LTS</title>
+ <category>Monitoring</category>
+ <version>0.8.3</version>
+ <include_file>/usr/local/pkg/zabbix-lts.inc</include_file>
+ <addedit_string>Zabbix Proxy has been created/modified.</addedit_string>
+ <delete_string>Zabbix Proxy has been deleted.</delete_string>
+ <restart_command>/usr/local/etc/rc.d/zabbix_proxy_lts.sh restart</restart_command>
+ <additional_files_needed>
+ <item>https://packages.pfsense.org/packages/config/zabbix-lts/zabbix-lts.inc</item>
+ <prefix>/usr/local/pkg/</prefix>
+ <chmod>0755</chmod>
+ </additional_files_needed>
+ <menu>
+ <name>Zabbix Proxy LTS</name>
+ <tooltiptext>Setup Zabbix Proxy LTS specific settings</tooltiptext>
+ <section>Services</section>
+ <url>/pkg_edit.php?xml=zabbix-proxy-lts.xml&amp;id=0</url>
+ </menu>
+ <service>
+ <name>zabbix_proxy_lts</name>
+ <rcfile>zabbix_proxy_lts.sh</rcfile>
+ <executable>zabbix_proxy</executable>
+ <description>Zabbix Proxy LTS collection daemon</description>
+ </service>
+ <tabs>
+ <tab>
+ <text>Proxy</text>
+ <url>/pkg_edit.php?xml=zabbix-proxy-lts.xml&amp;id=0</url>
+ <active />
+ </tab>
+ </tabs>
+ <fields>
+ <field>
+ <name>Zabbix Proxy LTS Settings</name>
+ <type>listtopic</type>
+ </field>
+ <field>
+ <fielddescr>Enable</fielddescr>
+ <fieldname>proxyenabled</fieldname>
+ <description>Enable Zabbix Proxy LTS service</description>
+ <type>checkbox</type>
+ </field>
+ <field>
+ <fielddescr>Server</fielddescr>
+ <fieldname>server</fieldname>
+ <description>List of comma delimited IP addresses (or hostnames) of ZABBIX servers</description>
+ <default_value>127.0.0.1</default_value>
+ <type>input</type>
+ <size>60</size>
+ <required>true</required>
+ </field>
+ <field>
+ <fielddescr>Server Port</fielddescr>
+ <fieldname>serverport</fieldname>
+ <description>Port of Zabbix trapper on Zabbix server. default value 10051</description>
+ <default_value>10051</default_value>
+ <type>input</type>
+ <size>6</size>
+ <required>true</required>
+ </field>
+ <field>
+ <fielddescr>Hostname</fielddescr>
+ <fieldname>hostname</fieldname>
+ <description>Unique, case-sensitive proxy name. Make sure the proxy name is known to the server</description>
+ <default_value>localhost</default_value>
+ <type>input</type>
+ <size>50</size>
+ <required>true</required>
+ </field>
+ <field>
+ <fielddescr>Proxy Mode</fielddescr>
+ <fieldname>proxymode</fieldname>
+ <description>Select Zabbix proxy mode (Active is default)</description>
+ <type>select</type>
+ <default_value>0</default_value>
+ <options>
+ <option><name>Active</name><value>0</value></option>
+ <option><name>Passive</name><value>1</value></option>
+ </options>
+ <required>true</required>
+ </field>
+ <field>
+ <fielddescr>Config Frequency</fielddescr>
+ <fieldname>configfrequency</fieldname>
+ <description>How often the proxy retrieves configuration data from the Zabbix server in seconds. Ignored if the proxy runs in passive mode.</description>
+ <default_value>3600</default_value>
+ <type>input</type>
+ <size>10</size>
+ <required>true</required>
+ </field>
+ <field>
+ <fielddescr>Advanced Parameters</fielddescr>
+ <fieldname>advancedparams</fieldname>
+ <encoding>base64</encoding>
+ <type>textarea</type>
+ <rows>5</rows>
+ <cols>50</cols>
+ <description>Advanced parameters. There are some rarely used parameters that sometimes need to be defined. Value has form, example: StartDiscoverers=10</description>
+ </field>
+ </fields>
+ <custom_php_install_command>sync_package_zabbix_lts();</custom_php_install_command>
+ <custom_php_command_before_form></custom_php_command_before_form>
+ <custom_php_after_head_command></custom_php_after_head_command>
+ <custom_php_after_form_command></custom_php_after_form_command>
+ <custom_php_validation_command>validate_input_zabbix_lts($_POST, $input_errors);</custom_php_validation_command>
+ <custom_add_php_command></custom_add_php_command>
+ <custom_php_resync_config_command>sync_package_zabbix_lts();</custom_php_resync_config_command>
+ <custom_php_deinstall_command>php_deinstall_zabbix_proxy_lts();</custom_php_deinstall_command>
+</packagegui>