diff options
Diffstat (limited to 'config')
-rw-r--r-- | config/haproxy-devel/pkg/haproxy.inc | 1 | ||||
-rw-r--r-- | config/haproxy1_5/pkg/haproxy.inc | 1 | ||||
-rw-r--r-- | config/havp/havp.inc | 105 | ||||
-rw-r--r-- | config/havp/havp.xml | 5 | ||||
-rwxr-xr-x | config/squid3/34/squid.inc | 8 | ||||
-rwxr-xr-x | config/squid3/34/squid_cache.xml | 4 | ||||
-rw-r--r-- | config/systempatches/patches.inc | 6 | ||||
-rw-r--r-- | config/systempatches/systempatches.xml | 2 |
8 files changed, 46 insertions, 86 deletions
diff --git a/config/haproxy-devel/pkg/haproxy.inc b/config/haproxy-devel/pkg/haproxy.inc index 13477677..1bc62cb9 100644 --- a/config/haproxy-devel/pkg/haproxy.inc +++ b/config/haproxy-devel/pkg/haproxy.inc @@ -453,7 +453,6 @@ EOD; $haproxy_ocsp = <<<EOD #!/usr/local/bin/php -f - <?php /* diff --git a/config/haproxy1_5/pkg/haproxy.inc b/config/haproxy1_5/pkg/haproxy.inc index f539cff5..30692c3c 100644 --- a/config/haproxy1_5/pkg/haproxy.inc +++ b/config/haproxy1_5/pkg/haproxy.inc @@ -433,7 +433,6 @@ EOD; $haproxy_ocsp = <<<EOD #!/usr/local/bin/php -f - <?php /* diff --git a/config/havp/havp.inc b/config/havp/havp.inc index 9e931a95..e097e122 100644 --- a/config/havp/havp.inc +++ b/config/havp/havp.inc @@ -36,11 +36,6 @@ require_once('pfsense-utils.inc'); require_once('pkg-utils.inc'); require_once('service-utils.inc'); -if (!function_exists("filter_configure")) { - require_once("filter.inc"); -} - - /* * ------------------------------------------------------------------------------ * Globals @@ -79,20 +74,23 @@ define('HVFORM_AVSET', 'havpavset'); * ------------------------------------------------------------------------------ */ /* HAVP */ +global $pf_version; +$pf_version = substr(trim(file_get_contents("/etc/version")), 0, 3); define('HVDEF_ADDR', '127.0.0.1'); define('HVDEF_PROXYPORT', '8080'); define('HVDEF_MAXSCANSIZE', '5000000'); // [bytes] ! do not enter 0 or big size ! define('HVDEF_MAXARCSCANSIZE', '5000000'); // [bytes] ! do not enter 0 or big size ! define('HVDEF_PID_FILE', '/var/run/havp.pid'); -$pf_version=substr(trim(file_get_contents("/etc/version")), 0, 3); if ($pf_version == "2.1" || $pf_version == "2.2") { define("HVDEF_WORK_DIR", "/usr/pbi/havp-" . php_uname("m") . "/local/etc"); + define("HVDEF_HAVP_PATH", "/usr/pbi/havp-" . php_uname("m") . "/local/sbin/havp"); define('HVDEF_TEMPLATES', "/usr/pbi/havp-" . php_uname("m") . "/local/share/examples/havp/templates"); define('HVDEF_TEMPLATES_EX', HVDEF_TEMPLATES . '_ex'); } else { define("HVDEF_WORK_DIR", "/usr/local/etc/havp"); define('HVDEF_TEMPLATES', '/usr/local/share/examples/havp/templates'); + define("HVDEF_HAVP_PATH", "/usr/local/sbin/havp"); define('HVDEF_TEMPLATES_EX', HVDEF_TEMPLATES . '_ex'); } @@ -101,7 +99,6 @@ define('HVDEF_TEMP_DIR', '/var/tmp'); define('HVDEF_HAVPTEMP_DIR', HVDEF_TEMP_DIR . '/havp'); define('HVDEF_RAMTEMP_DIR', HVDEF_TEMP_DIR . '/havpRAM'); define('HVDEF_SCANTEMPFILE', '/havp-XXXXXX'); -define('HVDEF_FILTER_RULES', '/tmp/rules.havp'); define('HVDEF_HAVP_CONFIG', HVDEF_WORK_DIR . '/havp.config'); define('HVDEF_HAVP_XMLCONF', HVDEF_WORK_DIR . '/havp_conf.xml'); define('HVDEF_HAVP_WHITELIST', HVDEF_WORK_DIR . '/whitelist'); @@ -118,10 +115,22 @@ define('HVDEF_AVLOG_DIR', '/var/log/clamav'); define('HVDEF_CLAM_SOCKET', HVDEF_CLAM_RUNDIR . '/clamd.sock'); define('HVDEF_CLAM_PID', HVDEF_CLAM_RUNDIR . '/clamd.pid'); define('HVDEF_CLAM_LOG', HVDEF_AVLOG_DIR . '/clamd.log'); -define('HVDEF_CLAM_WORKDIR', '/usr/local/etc'); -define('HVDEF_CLAM_CONFIG', '/usr/local/etc/clamd.conf'); +if ($pf_version == "2.1" || $pf_version == "2.2") { + define('HVDEF_CLAM_WORKDIR', HVDEF_WORK_DIR); + define('HVDEF_CLAM_CONFIG', HVDEF_WORK_DIR . '/clamd.conf'); + define('HVDEF_FRESHCLAM_CONF', HVDEF_WORK_DIR . '/freshclam.conf'); + define("HVDEF_CLAMD_PATH", "/usr/pbi/havp-" . php_uname("m") . "/local/sbin/clamd"); + define('HVDEF_FRESHCLAM_PATH', "/usr/pbi/havp-" . php_uname("m") . "/local/bin/freshclam"); + define('HVDEF_SIGTOOL_PATH', "/usr/pbi/havp-" . php_uname("m") . "/local/bin/sigtool"); +} else { + define('HVDEF_CLAM_WORKDIR', '/usr/local/etc'); + define('HVDEF_CLAM_CONFIG', '/usr/local/etc/clamd.conf'); + define('HVDEF_FRESHCLAM_CONF', '/usr/local/etc/freshclam.conf'); + define("HVDEF_CLAMD_PATH", "/usr/local/sbin/clamd"); + define('HVDEF_FRESHCLAM_PATH', "/usr/local/bin/freshclam"); + define('HVDEF_SIGTOOL_PATH', "/usr/local/bin/sigtool"); +} define('HVDEF_CLAM_TCPSOCKET', '3310'); -define('HVDEF_FRESHCLAM_CONF', '/usr/local/etc/freshclam.conf'); define('HVDEF_FRESHCLAM_LOG', HVDEF_AVLOG_DIR . '/freshclam.log'); define('HVDEF_CLAMSCAN_LOG', '/var/log/clamscan.log'); define('HVDEF_STATUS_FILE', '/var/tmp/havp.status'); @@ -129,7 +138,6 @@ define('HVDEF_STATUS_FILE', '/var/tmp/havp.status'); /* Scripts */ define('HVDEF_SCRIPT_DIR', '/usr/local/etc/rc.d'); define('HVDEF_AVCRON_SCRIPT', '/clamav-freshclam'); -define('HVDEF_FILTER_RESYNC_SCRIPT', '/usr/local/pkg/pf/havp_filter_resync.sh'); define('HVDEF_HAVP_STARTUP_SCRIPT', HVDEF_SCRIPT_DIR . '/havp.sh'); define('HVDEF_CLAM_STARTUP_SCRIPT', HVDEF_SCRIPT_DIR . '/clamd'); define('HVDEF_AVUPD_SCRIPT', HVDEF_SCRIPT_DIR . '/havp_avupdate'); @@ -234,7 +242,6 @@ function havp_deinstall() { install_cron_job($crontask, false); mwexec("/usr/bin/killall -9 havp"); unlink_if_exists(HVDEF_HAVP_STARTUP_SCRIPT); - unlink_if_exists(HVDEF_FILTER_RESYNC_SCRIPT); unlink_if_exists(HVDEF_PID_FILE); // unlink_if_exists(HVDEF_CLAM_STARTUP_SCRIPT); // unlink_if_exists(HVDEF_AVUPD_SCRIPT); @@ -375,8 +382,6 @@ function havp_resync() { havp_reconfigure_freshclam(); havp_reconfigure_cron(); - /* Configure firewall */ - filter_configure(); } function havp_avset_resync() { @@ -497,9 +502,6 @@ function havp_check_system() { havp_startup_script(); hv_clamd_startup_script(); - /* Delete stale script that was used for pfSense 1.2.x */ - unlink_if_exists(HVDEF_FILTER_RESYNC_SCRIPT); - /* mount RAMDisk */ mountRAMdisk(true); } @@ -1179,7 +1181,7 @@ function check_bw_domain($_dm) { * Filter rules * ------------------------------------------------------------------------------ */ -function havp_generate_rules($type = 'filter') { +function havp_generate_rules($type) { global $config, $havp_config; $rules = array(); @@ -1257,45 +1259,9 @@ function havp_generate_rules($type = 'filter') { $rules[] = ""; } - if ($type == 'pfearly') { - return; - } - - if ($type == 'pflate') { - return; - } - return implode("\n", $rules); } -function havp_filter_update_3() { - - $rules_file = '/tmp/rules.debug'; - if (file_exists($rules_file)) { - $newrules = array(); - $rules = file_get_contents($rules_file); - $rules = explode("\n", $rules); - - foreach ($rules as $val) { - $newrules[] = $val; - // rdr - if (trim($val) === "rdr-anchor \"miniupnpd\"") { - $newrules[] = "# havp rdr"; - $newrules[] = havp_generate_rules('nat'); - $newrules[] = ""; - } elseif (trim($val) === "anchor \"miniupnpd\"") { - // rules - $newrules[] = "# havp rules"; - $newrules[] = havp_generate_rules('filter'); - $newrules[] = ""; - } - $rules = implode("\n", $newrules); - } - file_put_contents($rules_file, $rules); - mwexec("/sbin/pfctl -f $rules_file"); - } -} - /* AV update script */ function havp_update_AV() { file_put_contents(HVDEF_AVUPD_SCRIPT, havp_AVupdate_script()); @@ -1310,17 +1276,19 @@ function havp_update_AV() { */ /* AV update script */ function havp_AVupdate_script() { + $hvdef_freshclam_path = HVDEF_FRESHCLAM_PATH; + $hvdef_sigtool_path = HVDEF_SIGTOOL_PATH; $f = HVDEF_UPD_STATUS_FILE; $u = HVDEF_FRESHCLAM_STATUS_FILE; return <<< EOD #!/bin/sh /bin/date +"%Y.%m.%d %H:%M:%S Antivirus update started." > $f /bin/date +"%Y.%m.%d %H:%M:%S Antivirus database already is updated." > $u -/usr/local/bin/freshclam +{$hvdef_freshclam_path} wait -cat $u >> $f -/usr/local/bin/sigtool --unpack-current daily.cvd -/usr/local/bin/sigtool --unpack-current main.cvd +/bin/cat $u >> $f +{$hvdef_sigtool_path} --unpack-current daily.cvd +{$hvdef_sigtool_path} --unpack-current main.cvd wait /bin/date +"%Y.%m.%d %H:%M:%S Antivirus update end." >> $f EOD; @@ -1363,7 +1331,7 @@ function havp_startup_script() { $s[] = "\t\tfi"; $s[] = ""; } - $s[] = "\t\t/usr/local/sbin/havp -c " . HVDEF_HAVP_CONFIG . " 2>/dev/null"; + $s[] = "\t\t" . HVDEF_HAVP_PATH . " -c " . HVDEF_HAVP_CONFIG . " 2>/dev/null"; $s[] = "\t\twait"; $s[] = "\tfi"; @@ -1409,7 +1377,7 @@ function hv_clamd_startup_script() { $s[] = "# start"; $s[] = "\tif [ -z \"`{$clamdchk}`\" ]; then"; - $s[] = "\t\t/usr/local/sbin/clamd -c " . HVDEF_CLAM_CONFIG . " 2>/dev/null"; + $s[] = "\t\t" . HVDEF_CLAMD_PATH . " -c " . HVDEF_CLAM_CONFIG . " 2>/dev/null"; $s[] = "\t\twait"; $s[] = "\tfi"; $s[] = "\techo 'Started' > " . HVDEF_CLAM_STATUS_FILE; @@ -1430,23 +1398,6 @@ function hv_clamd_startup_script() { write_rcfile($rc); } - -/* HAVP filter resync script */ -function havp_filter_resync_script() { - - return <<<EOD -#!/usr/local/bin/php -f -<?php -// havp filter hook -if (file_exists('/usr/local/pkg/havp.inc')) { - require_once('havp.inc'); - havp_filter_update_3(); -} -?> -EOD; - -} - /* * ============================================================================== * RAM Disk diff --git a/config/havp/havp.xml b/config/havp/havp.xml index a1484a59..cc11b7a6 100644 --- a/config/havp/havp.xml +++ b/config/havp/havp.xml @@ -45,7 +45,7 @@ <name>havp</name> <title>Antivirus: HTTP proxy (HAVP + ClamAV)</title> <category>Status</category> - <version>1.06</version> + <version>1.10.0</version> <include_file>/usr/local/pkg/havp.inc</include_file> <menu> <name>Antivirus</name> @@ -381,4 +381,7 @@ <custom_php_deinstall_command> havp_deinstall(); </custom_php_deinstall_command> + <filter_rules_needed> + havp_generate_rules + </filter_rules_needed> </packagegui> diff --git a/config/squid3/34/squid.inc b/config/squid3/34/squid.inc index e5eb2f6c..ec30910f 100755 --- a/config/squid3/34/squid.inc +++ b/config/squid3/34/squid.inc @@ -1073,7 +1073,8 @@ function squid_resync_cache() { $conf.='acl dynamic urlpath_regex cgi-bin \?'."\n"; $conf.="cache deny dynamic\n"; } else if (preg_match('/youtube/',$settings['refresh_patterns'])) { - $conf.=<<< EOC +// Broken (Bug #3847) and not working (http://wiki.squid-cache.org/ConfigExamples/DynamicContent/YouTube#Discussion) +/* $conf.=<<< EOC # Break HTTP standard for flash videos. Keep them in cache even if asked not to. refresh_pattern -i \.flv$ 10080 90% 999999 ignore-no-cache override-expire ignore-private @@ -1082,6 +1083,7 @@ acl youtube dstdomain .youtube.com cache allow youtube EOC; +*/ } if (preg_match('/windows/',$settings['refresh_patterns'])) { $conf.=<<< EOC @@ -1142,9 +1144,9 @@ cache_mem $memory_cache_size MB maximum_object_size_in_memory {$max_objsize_in_mem} KB memory_replacement_policy {$memory_policy} cache_replacement_policy {$cache_policy} -$disk_cache_opts minimum_object_size {$min_objsize} KB maximum_object_size {$max_objsize} +$disk_cache_opts offline_mode {$offline_mode} EOD; @@ -2390,7 +2392,7 @@ function squid_do_xmlrpc_sync($sync_to_ip, $username, $password, $synctimeout) { $xml['squid'] = $config['installedpackages']['squid']; $xml['squidupstream'] = $config['installedpackages']['squidupstream']; $xml['squidcache'] = $config['installedpackages']['squidcache']; - $xml['squidantivirus'] = $config['installedpackages']['squidanitivirus']; + $xml['squidantivirus'] = $config['installedpackages']['squidantivirus']; $xml['squidnac'] = $config['installedpackages']['squidnac']; $xml['squidtraffic'] = $config['installedpackages']['squidtraffic']; $xml['squidreversegeneral'] = $config['installedpackages']['squidreversegeneral']; diff --git a/config/squid3/34/squid_cache.xml b/config/squid3/34/squid_cache.xml index f9204d46..3b2cd406 100755 --- a/config/squid3/34/squid_cache.xml +++ b/config/squid3/34/squid_cache.xml @@ -280,14 +280,14 @@ <field> <fielddescr>Refresh Patterns</fielddescr> <fieldname>refresh_patterns</fieldname> - <description><![CDATA[With dynamic cache enabled, you can also apply squid wiki refresh_patterns to sites like <a target=_new href='http://wiki.squid-cache.org/ConfigExamples/DynamicContent/YouTube'>Youtube</a> and <a target=_new href='http://wiki.squid-cache.org/SquidFaq/WindowsUpdate'>windowsupdate</a><br> + <description><![CDATA[With dynamic cache enabled, you can also apply squid wiki refresh_patterns to sites like <a target=_new href='http://wiki.squid-cache.org/SquidFaq/WindowsUpdate'>windowsupdate</a><br> <br><strong>Notes:</strong><br> Squid wiki suggests 'Finish transfer if less than x KB remaining' on 'traffic mgmt' squid tab to -1 but you can apply your own values to control cache.<br><br> set Maximum download size on 'traffic mgmt' squid tab to a value that fits patterns your are applying.<br>Microsoft may need 200Mb and youtube 4GB.]]></description> <type>select</type> <default_value>none</default_value> <options> - <option><name>Youtube</name><value>youtube</value></option> + <!--<option><name>Youtube</name><value>youtube</value></option>--> <option><name>Windows Update</name><value>windows</value></option> <option><name>Symantec Antivirus</name><value>symantec</value></option> <option><name>Avira</name><value>avira</value></option> diff --git a/config/systempatches/patches.inc b/config/systempatches/patches.inc index 0aa37fb8..2298e170 100644 --- a/config/systempatches/patches.inc +++ b/config/systempatches/patches.inc @@ -94,6 +94,12 @@ function patch_fetch(& $patch) { return false; } else { $patch['patch'] = base64_encode($text); + // Detect pfSense move from / to /src and fix pathstrip + if (is_github_url($patch['location']) && + $patch['pathstrip'] == 1 && + preg_match('/\n--- a\/src\//', $text)) { + $patch['pathstrip'] = 2; + } write_config("Fetched patch {$patch['descr']}"); return true; } diff --git a/config/systempatches/systempatches.xml b/config/systempatches/systempatches.xml index 06f024a8..61f3df84 100644 --- a/config/systempatches/systempatches.xml +++ b/config/systempatches/systempatches.xml @@ -43,7 +43,7 @@ </copyright> <description>System Patches applies patches supplied by the user to the firewall.</description> <name>System Patches</name> - <version>1.0.5</version> + <version>1.0.6</version> <title>System: Patches</title> <include_file>/usr/local/pkg/patches.inc</include_file> <menu> |