From 4230277cb8480d00b2664f0e333816f3ac5e32cd Mon Sep 17 00:00:00 2001 From: BBcan177 Date: Sun, 20 Mar 2016 22:14:55 -0400 Subject: Update pfblockerng.php * Improve 'Max daily download failure threshold' feature * Implement 'Advanced Outbound Firewall Rules' customization options. * Fix broken URL for Proofpoint/Emerging Threats IQRisk --- config/pfblockerng/pfblockerng.php | 183 +++++++++++++++++++++++++++++-------- 1 file changed, 147 insertions(+), 36 deletions(-) diff --git a/config/pfblockerng/pfblockerng.php b/config/pfblockerng/pfblockerng.php index c88e85a5..bb4964c7 100644 --- a/config/pfblockerng/pfblockerng.php +++ b/config/pfblockerng/pfblockerng.php @@ -142,31 +142,26 @@ function pfb_update_check($header, $list_url, $pfbfolder, $pfborig, $pflex, $for pfb_logger("{$log}", 1); $pfb['cron_update'] = FALSE; - // Determine if previous download fails have exceeded threshold. - if ($pfb['restore'] == 'on') { - if ($pfb['skipfeed'] != 0) { - // Call function to get all previous download fails - pfb_failures(); - - if ($pfb['failed'][$header] >= $pfb['skipfeed']) { - $log = " Max daily download failure attempts exceeded. Clear widget 'failed downloads' to reset.\n\n"; - pfb_logger("{$log}", 1); - unlink_if_exists("{$pfbfolder}/{$header}.fail"); - return; - } - } + // Call function to get all previous download fails + pfb_failures(); - // Attempt download, when a previous 'fail' file marker is found. - if (file_exists("{$pfbfolder}/{$header}.fail")) { - $log = "\t\t\tPrevious download failed.\tRe-attempt download\n"; + if ($pfb['skipfeed'] != 0) { + // Determine if previous download fails have exceeded threshold. ('0' no download failure threshold) + if ($pfb['failed'][$header] >= $pfb['skipfeed']) { + $log = " Max daily download failure attempts exceeded. Clear widget 'failed downloads' to reset.\n\n"; pfb_logger("{$log}", 1); - $pfb['update_cron'] = TRUE; - unlink_if_exists("{$pfbfolder}/{$header}.txt"); + unlink_if_exists("{$pfbfolder}/{$header}.fail"); return; } } - else { - unlink_if_exists("{$pfbfolder}/{$header}.fail"); + + // Attempt download, when a previous 'fail' file marker is found. + if (file_exists("{$pfbfolder}/{$header}.fail")) { + $log = "\t\t\tPrevious download failed.\tRe-attempt download\n"; + pfb_logger("{$log}", 1); + $pfb['update_cron'] = TRUE; + unlink_if_exists("{$pfbfolder}/{$header}.txt"); + return; } // Check if List file doesn't exist or Format is 'whois'. @@ -969,26 +964,32 @@ $xml .= << info - Note: In general, Auto-Rules are created as follows:
-
    Inbound  - 'any' port, 'any' protocol and 'any' destination
    - Outbound - 'any' port, 'any' protocol and 'any' destination address in the lists
- Configuring the Adv. Inbound Rule settings, will allow for more customization of the Inbound Auto-Rules.
- Select the pfSense 'Port' and/or 'Destination' Alias below:]]> + Note:  In general, Auto-Rules are created as follows:
+
    Inbound  - 'any' port, 'any' protocol, 'any' destination and 'any' gateway
+ Configuring the Adv. Inbound Rule settings, will allow for more customization of the Inbound Auto-Rules.]]>
- autoports + Invert Source + autoaddrnot_in + Invert - Option to invert the sense of the match. + ie - Not (!) Source Address(es)]]> + + checkbox + + Enable Custom Port + autoports_in checkbox - aliasports + aliasports_in begin Define Alias - aliasports + aliasports_in Click Here to add/edit Aliases - Do not manually enter port numbers.
Do not use 'pfB_' in the Port Alias name.]]> + Do not manually enter port numbers.
Do not use 'pfB_' in the Port Alias name.]]>
21 aliases @@ -998,17 +999,17 @@ $xml .= <<end
- autodest Enable Custom Destination + autoaddr_in checkbox - aliasdest,autonot + aliasaddr_in,autonot_in begin - aliasdest + aliasaddr_in Click Here to add/edit Aliases - Do not manually enter Addresses(es).
Do not use 'pfB_' in the 'IP Network Type' Alias name.]]> + Do not manually enter Addresses(es).
Do not use 'pfB_' in the 'IP Network Type' Alias name.]]>
21 aliases @@ -1019,7 +1020,7 @@ $xml .= << Invert - autonot + autonot_in Invert - Option to invert the sense of the match.
ie - Not (!) Destination Address(es)]]>
@@ -1030,7 +1031,7 @@ $xml .= << Custom Protocol - autoproto + autoproto_in Default: any
Select the Protocol used for Inbound Firewall Rule(s).
Do not use 'any' with Adv. Inbound Rules as it will bypass these settings!]]>
select @@ -1043,6 +1044,116 @@ $xml .= <<4
+ + Custom Gateway + agateway_in + + 1 + select_source + + name + name + default + default + + + Advanced Outbound Firewall Rule Settings + listtopic + + + info + Note:  In general, Auto-Rules are created as follows:
+
    Outbound  - 'any' port, 'any' protocol, 'any' destination and 'any' gateway
+ Configuring the Adv. Outbound Rule settings, will allow for more customization of the Outbound Auto-Rules.]]> +
+
+ + Invert Destination + autoaddrnot_out + Invert - Option to invert the sense of the match. + ie - Not (!) Destination Address(es)]]> + + checkbox + + + Enable Custom Port + autoports_out + checkbox + aliasports_out + + begin + + + Define Alias + aliasports_out + Click Here to add/edit Aliases + Do not manually enter port numbers.
Do not use 'pfB_' in the Port Alias name.]]> +
+ 21 + aliases + port + + + end +
+ + Enable Custom Source + autoaddr_out + checkbox + aliasaddr_out,autonot_out + + begin + + + aliasaddr_out + Click Here to add/edit Aliases + Do not manually enter Addresses(es).
Do not use 'pfB_' in the 'IP Network Type' Alias name.]]> +
+ 21 + aliases + network + + + +
+ + Invert + autonot_out + Invert - Option to invert the sense of the match.
+ ie - Not (!) Destination Address(es)]]> +
+ checkbox + + + end +
+ + Custom Protocol + autoproto_out + Default: any
Select the Protocol used for Outbound Firewall Rule(s).
+ Do not use 'any' with Adv. Outbound Rules as it will bypass these settings!]]>
+ select + + + + + + + 4 + +
+ + Custom Gateway + agateway_out + + 1 + select_source + + name + name + default + default + Click to SAVE Settings and/or Rule Edits.   Changes are Applied via CRON or 'Force Update']]> @@ -1384,7 +1495,7 @@ $xmlrep = <<https://rules.emergingthreatspro.com/XXXXXXXXXXXXXXXX/reputation/iprepdata.txt.gz Select the ET IQRisk' format. The URL should use the .gz File Type.
Enter your "ETPRO" code in URL. Further information can be found @ - ET IQRisk IP Reputation

+ Proofpoint IQRisk

To use 'Match' Lists, Create a new 'Alias' and select one of the Action 'Match' Formats and
enter the 'Localfile' as:
    /var/db/pfblockerng/match/ETMatch.txt
-- cgit v1.2.3