| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add TLSv1.1 to cURL SSL Options
* Improve 'Max daily download failure threshold' feature
* Improve function pfbng_text_area_decode() - add $mode variable to account for '#' comment lines in DNSBL Suppression Alias
* Improve dnsbl_suppression() function
* Implement 'Advanced Outbound Firewall Rules' customization options.
* Implement 'Advanced In/Outbound Firewall Rules' - Invert Source/Destination options
* Implement 'Advanced In/Outbound Firewall Rules' - Gateway options
* 'Advanced In/Outbound Firewall Rules' - Force any Invert Source/Destination Alias to use 'Alias Native' settings
* Allow Loopback and RFC1918 addresses in any Alias Custom List.
* Improve GZIP archive extraction function
* Re-factor Tracker IDs. (Convert all unique Alias details (via ascii table number) and return a 10 digit tracker ID)
If a duplicate Tracker ID is found, default to a pre-determined Tracker ID format starting with '1700000010'
* When DNSBL is enabled, but all Aliases/Feeds are 'Disabled', clear existing DNSBL Unbound Database properly.
* Improve Proofpoint/Emerging Threats IQRisk integrations
* Improve DNSBL domain name parser
* Force all DNSBL domains to lowercase
* Check for Firewall Rules 'created' tag, before attempting to unset
* Improve 'Kill States' feature - Collect all 'pfB_' Rules that are 'Block/Reject' and do not have bypass states enabled
* Improve 'Kill States' feature - Collect any 'Permit' Customlist IPs to suppress
* Add Input Validation for Header/Label field - Whitespace, special or International characters not allowed
|
|
|
| |
* Mod to DNSBL Reload (Background function call)
|
|
|
|
|
|
| |
* Fix 'Match Outbound' rule variable name
* Remove duplicate Alexa variable as its already in pfb_global()
* Determine if a DNSBL background reload is running before updating DNSBL
* Change "${cmd}" variable name to "{$cmd}"
|
|
|
|
| |
* Add string separator "|"
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
The cron comparison function must skip the hour comparison for the
Maxmind Cron task due to the hour being randomized (0-23).
Add "addedit_string" to XML files. This will give description to the
config backups.
|
|
|
|
| |
Was previously fixed by Renato, but PR reverted that...
|
| |
|
| |
|
|
|
|
| |
s/ccdif/ccdir/
|
|
|
|
| |
package and will be missed during port removal on 2.3+
|
|
|
|
| |
non-PBI paths
|
|
|
|
|
| |
-Previous version would not clear old suppression file when Alias is
empty.
|
| |
|
|
|
|
| |
Add RW/RO commands for Aliastables Archiving for Nano/Ramdisk Installs.
|
|
|
|
| |
This reverts commit e49ea2af46ed44cd955c1f4513b66ca984c2fc8a.
|
|
|
|
| |
This reverts commit 7a9603b71a68fd1edec153151ce78eff7a17b05f.
|
| |
|
| |
|
|
|
|
|
| |
Move the unlink_if_exists outside of the if statement, as it needs to be
called independently.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1. On Nano/Ramdisk Installations, the /var/db/aliastables folder gets
deleted on reboot. This causes a 60 second delay per alias. This PR
archives the /var/db/aliastable/pfB_*.txt files to the pfBNG pbi /etc
folder. On reboot the contents of this archive are restored.
2. Remove the previous Fetch Timeout code.
3. Improve the IPv6 Regex code.
4. Minor text improvements
5. Add conf_mount RW/RO to the sh script.
6. Add the aliastables() function to restore the aliastables files on
reboot.
|
|
|
|
|
| |
Add functionality to skip lines beginning with a comment (#) when
querying for IP Addresses.
|
|
|
|
|
|
| |
1) Add 0.0.0.0/32 to Regex for Suppression.
2) Improve IPv4 Regex validation.
3) Move Cron Define/Apply function to last step.
|
| |
|
|
|
|
|
|
|
|
|
| |
- Missed removing the /cc folder reference in pfblockerng.xml.
No Version bump is required as this is only required for new
installations.
The countrycodes.tar.bz2 file is provided as a backup in case the user
has a download failure from MaxMind Inc. Website.
|
|
|
|
|
|
|
|
|
| |
Changes:
1) When the User selects "Force Cron" and "no updates" are required, the
function doesn't complete properly, and didn't restore the Cron Task.
2) XMLRPC Sync add Maxmind "Annonymous Proxy and Satellite Providers"
|
|
|
|
|
|
|
|
|
|
|
| |
Changes:
1) Add missing $pfbfolder variable to Cron Update function
2) Modify how the include files get loaded.
3) Reputation Tab only requires IPv4, simplify code to use IPv4 only for
this function.
4) Update geoipupdate.sh to use the New PBI folder location and remove
Archive folders after MaxMind Update process
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changes -
1) Relocate MaxMind folder from /var/db to /usr/pbi Folder. Nano and
Ramdisk Installations have the /var/db folder wiped on Reboot.
2) Add code to support MaxMind "Anonymous Proxy and Satellite Providers"
to inc file.
3) Move $pfb_alias_lists_all below the conditional "IF" statements.
4) Improve Header Name Validation.
5) Install/De-install - Changes to support MaxMind "Anonymous Proxy and
Satellite Providers" configuration. Delete previously used Folder
location, and remove MaxMind Working files after Installation is
completed.
|
|
|
|
|
|
|
| |
Some IBlock lists have an issue with the existing Range to CIDR
function. The Stilez Range to CIDR Function does not exhibit this
behaviour. Once the existing Range to CIDR function is fixed/or replaced
with the Stilez Function, this PR can be reverted.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Move $pfb['cc'] Variable to global array
- Edit log_error texts.
- Maxmind Update Cron task changes. Cron tasks are now launched via a
php script using the 'dc' Argument.
- Re-work of the XMLRPC Sync code.
- Previous code did not validate IP addresses or Port.
- Previous code did not use the "Replication Target" Hosts enabled
checkbox setting in Replication Target Lines.
- Add htmlspecialchars() to the Password entry
- Previous code did not use the correct user - defined "Protocol" entry.
- Previous code did not use the $username entry.
- Remove the 'post Sync' Host Target code execution as this can
collide with a Cron Task or User Forced Update.
- Allow user to skip the sync of the "General Tab" Settings.
- Clean up all the log_error() texts.. To make the system.log easier to
read.
|
|
|
|
|
|
| |
- Remove un-necessary code in de-install function of inc file.
- Remove check for logfile extension as other file extensions can now be
deleted in log browser.
|
|
|
|
|
|
| |
- Remove redundant $row['format'] variable
- When "Keep Settings" is enabled and a full uninstall is performed, the
widget does not uninstall cleanly. These changes fix this issue.
|
|
|
|
| |
This reverts commit 161032f05e1819550a32735d60c7b71994b1d9ef.
|
|
|
|
|
|
| |
- remove redundant $row['format'] variable
- When "Keep" Settings is enabled and a full uninstall is performed, the
widget doesn't uninstall cleanly. These changes fix this issue.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
pfblockerng.inc -
- Remove redundant ['action'] argument in if() statements.
- If no interfaces are selected, defined empty variable and Array.
- Separate "Skip & Hold" List download functionality into its own
['state'] process. This allows more fine grain control of each
individual list in an Alias.
- Remove argument for empty Interfaces in the Rules Re-order process.
pfblockerng_sync.xml -
- Fix broken link in sync file.
pfblockerng_v4lists.xml and _v6 -
- Separate "Skip & Hold" List download functionality into its own
['state'] process. This allows more fine grain control of each
individual list in an Alias.
- Minor Text improvements.
|
|
|
|
|
|
|
|
| |
- Mod the 'Global Enable Log' if() statement in the .inc file
- Use correct Folder Paths in Log Browser
- Check if syslog array exists in Alerts Tab.
|
|
|
|
|
|
|
|
|
| |
- Added IPv4 Filter Array to filter out Whitespaces, Loopback Addresses
(27/8), 0.0.0.0 and any leading zeros in each IPv4 octet.
- Edits to IPv4/6 Regex Definitions.
- Changed isset() to !empty()
|
|
|
|
| |
This reverts commit f433c8da1a68f5684a2fb43950c8d3ea6d7c396a.
|
|
|
|
|
|
|
|
|
| |
- Added IPv4 Filter Array to filter out Whitespaces, Loopback Addresses
(27/8), 0.0.0.0 and and Leading zeros in each IPv4 octet.
- Edits to IPv4/6 Regex definitions.
- Changed isset() to !empty()
|
| |
|
|
|
|
|
| |
Edits for pkg_config.10.xml
All Associated files for pkg pfBlockerNG
|