From 782d8d038eb18ef69afebd4ad156a91576b1a026 Mon Sep 17 00:00:00 2001
From: Scott Ullrich <sullrich@pfsense.org>
Date: Sat, 29 May 2010 14:31:48 -0400
Subject: Update package for IP-Blocklist from Tom

---
 config/ipblocklist/convert-execute.sh | 27 +++++++++++++++++++++++++--
 config/ipblocklist/ipblocklist.inc    | 12 ++++++------
 config/ipblocklist/ipblocklist.tmp    | 32 +++++++++++++++++---------------
 config/ipblocklist/ipblocklist.xml    |  2 +-
 config/ipblocklist/purgeip.tmp        |  8 ++++----
 pkg_config.7.xml                      |  6 +++---
 pkg_config.8.xml                      |  8 ++++----
 pkg_config.8.xml.amd64                |  6 +++---
 8 files changed, 63 insertions(+), 38 deletions(-)
 mode change 100644 => 100755 config/ipblocklist/convert-execute.sh

diff --git a/config/ipblocklist/convert-execute.sh b/config/ipblocklist/convert-execute.sh
old mode 100644
new mode 100755
index 00b8bb22..dd668baa
--- a/config/ipblocklist/convert-execute.sh
+++ b/config/ipblocklist/convert-execute.sh
@@ -1,9 +1,16 @@
+#Version 2
+
+#kill tables to elminate dups
 pfctl -t ipblocklist -T kill
+pfctl -t ipblocklistW -T kill
 sed -i -e '/ipblocklist/d' /tmp/rules.debug
+sed -i -e '/ipblocklistW/d' /tmp/rules.debug
 
-#ipfw -f -q flush (Version 0.1.4)
+#Generate lists to process
 ls lists > file_list.txt
+ls Wlists > file_Wlist.txt
 filelist="file_list.txt"
+Wfilelist="file_Wlist.txt"
 
 #READ contents in file_list.txt and process as file
 for fileline in $(cat $filelist); do
@@ -11,6 +18,13 @@ iplist="lists/$fileline"
 iplistout="lists/ipfw.ipfw"
 perl convert.pl $iplist $iplistout
 done
+
+#Whitelist
+for Wfileline in $(cat $Wfilelist); do
+Wiplist="Wlists/$Wfileline"
+Wiplistout="Wlists/whitelist"
+perl convert.pl $Wiplist $Wiplistout
+done
 #echo "ipfw made"
 
 #clean up ipfw.ipfw (duplicates)
@@ -19,12 +33,18 @@ sort lists/ipfw.ipfw | uniq -u >> lists/ipfw.ipfwTEMP
 mv lists/ipfw.ipfwTEMP lists/ipfw.ipfw
 #echo "ipfw clean"
 
+#clean up whitelist (duplicates)
+rm Wlists/whitelistTEMP
+sort Wlists/whitelist | uniq -u >> Wlists/whitelistTEMP
+mv Wlists/whitelistTEMP Wlists/whitelist
+#echo "whitelist clean"
+
 
 
 #Now edit /tmp/rules.debug
 
 #find my line for table
-export i=`grep -n 'block quick from any to <snort2c>' /tmp/rules.debug | grep -o '[0-9]\{2\}'`
+export i=`grep -n 'block quick from any to <snort2c>' /tmp/rules.debug | grep -o '[0-9]\{2,4\}'`
 export t=`grep -n 'User Aliases' /tmp/rules.debug |grep -o '[0-9]'`
 
 i=$(($i+'1'))
@@ -62,6 +82,9 @@ while read line
 		echo "" >> /tmp/rules.debug.tmp
 		echo "#ipblocklist" >> /tmp/rules.debug.tmp
 		echo "table <ipblocklist> persist file '/usr/local/www/packages/ipblocklist/lists/ipfw.ipfw'" >> /tmp/rules.debug.tmp
+		echo "table <ipblocklistW> persist file '/usr/local/www/packages/ipblocklist/Wlists/whitelist'" >> /tmp/rules.debug.tmp
+		echo "pass quick from <ipblocklistW> to any label 'IP-Blocklist'" >> /tmp/rules.debug.tmp
+		echo "pass quick from any to <ipblocklistW> label 'IP-Blocklist'" >> /tmp/rules.debug.tmp
 		echo "block quick from <ipblocklist> to any label 'IP-Blocklist'" >> /tmp/rules.debug.tmp
 		echo "block quick from any to <ipblocklist> label 'IP-Blocklist'" >> /tmp/rules.debug.tmp
 	fi
diff --git a/config/ipblocklist/ipblocklist.inc b/config/ipblocklist/ipblocklist.inc
index a950d188..c5ce30f4 100755
--- a/config/ipblocklist/ipblocklist.inc
+++ b/config/ipblocklist/ipblocklist.inc
@@ -3,7 +3,7 @@
 /*
 /* ========================================================================== */
 /*
-	dnsblacklist.inc
+	ipblocklist.inc v2
 	Copyright (C) 2010 Tom Schaefer
 	All rights reserved.
 																			*/
@@ -29,7 +29,7 @@
 	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 	POSSIBILITY OF SUCH DAMAGE.
-*/
+
 
 function pkg_is_service_running($servicename) 
 {
@@ -45,7 +45,7 @@ function pkg_is_service_running($servicename)
 		return false;
 	}
 }
-
+*/
 function byte_convert( $bytes ) {
 	if ($bytes<=0)
 		return '0 Byte';
@@ -94,8 +94,8 @@ function php_install_command()
 	unlink_if_exists("/tmp/purge.tmp");
 	exec("cp /tmp/index.tmp /usr/local/www/packages/ipblocklist/index.php");
 	unlink_if_exists("/tmp/index.tmp");
-	exec("cp /tmp/manual_add.tmp /usr/local/www/packages/ipblocklist/manual_add.php");
-	unlink_if_exists("/tmp/manual_add.tmp");
+	exec("cp /tmp/whitelist.tmp /usr/local/www/packages/ipblocklist/whitelist.php");
+	unlink_if_exists("/tmp/whitelist.tmp");
 	exec("cp /tmp/purgeip.tmp /usr/local/www/packages/ipblocklist/purgeip.php");
 	unlink_if_exists("/tmp/purgeip.tmp");
 	//Get scripts
@@ -104,7 +104,7 @@ function php_install_command()
 	exec("cp /tmp/convert-execute.sh /usr/local/www/packages/ipblocklist/convert-execute.sh");
 	unlink_if_exists("/tmp/convert-execute.sh");
 	exec("cp /tmp/IP-Blocklist.sh /usr/local/etc/rc.d/IP-Blocklist.sh");
-	unlink_if_exists("/tmp/convert-execute.sh");
+	unlink_if_exists("/tmp/IP-Blocklist.sh");
 	
 	
 
diff --git a/config/ipblocklist/ipblocklist.tmp b/config/ipblocklist/ipblocklist.tmp
index cf61bfc8..6387cb34 100755
--- a/config/ipblocklist/ipblocklist.tmp
+++ b/config/ipblocklist/ipblocklist.tmp
@@ -1,5 +1,5 @@
 <?php
-
+	//Version 2
 	
 	require_once('config.inc');
 	require("guiconfig.inc");
@@ -23,24 +23,34 @@ if (count($_POST)>0) {
 		//echo "enabled";
 		$config['installedpackages']['ipblocklist_settings']['config'][0]['enable'] = 1;
 		
-	//Load ipfw.ko
-	//exec("kldload ipfw.ko"); (Version 0.1.4)
 	//Process list by downloading and extracting
 		$myFile = "lists.txt";
+		$myWFile = "wlists.txt";
 		$fileContents = file_get_contents($myFile);
+		$fileWContents = file_get_contents($myWFile);
 		$lines = explode(PHP_EOL, $fileContents);
+		$Wlines = explode(PHP_EOL, $fileWContents);
 	//Remove DIR lists to eliminate duplates
 		exec("rm -R lists");
+		exec("rm -R Wlists");
 	//Process each list URL, Extract, and put in DIR lists
 		exec("mkdir lists");
+		exec("mkdir Wlists");
 		foreach ($lines as $line) {
 			exec("fetch -o lists $line");
 		 	$filename = basename($line);
 		 	//Extract list
 		 	exec("gzip -d lists/$filename");
 		 	}
+		foreach ($Wlines as $Wline) {
+			exec("fetch -o Wlists $Wline");
+			$Wfilename = basename($Wline);
+			//Extract Whitelist
+			exec("gzip -d Wlists/$Wfilename");
+			}
 	//Prep pfctl
 	mwexec("touch lists/ipfw.ipfw");
+	mwexec("touch Wlists/whitelist");
        //Now clear ipfw, and process each list to ipfw commands
 		mwexec("sh convert-execute.sh");
 				
@@ -101,23 +111,15 @@ else {
 	<a href="http://iblocklist.whitacrecomputers.com/files/bt_level2.gz">Level2</a>,
 	<a href="http://iblocklist.whitacrecomputers.com/files/bt_level3.gz">Level3</a>)
 	<br/>
-	Compressed lists should have .gz extention	<br/>
-	<br/>
-	<!--
-	<br/>
-	Be Patient - <u>Level3</u> lists take about 5m. <u>Level1</u> lists take about 1h<br/>
-	
-	 
-	<br/>If you use a Level1 list or multiple lists, the webserver will become unresponsive <a href="http://forum.pfsense.org/index.php/topic,24769.0.html"><img src="../../themes/nervecenter/images/icons/icon_log.gif"></a>
-	(version 0.1.4) 
-	-->
-	<br/><span style="color:red">Warning!</span> - Apply after each reboot or firewall change. Use at your own risk.
+	Compressed lists should have .gz extention and follows PeerBlock syntax	<br/>
+		
+	<br/><span style="color:red">Warning!</span> - Apply after firewall change or state reset. Use at your own risk.
 	<?php 
 	echo "<br/><br/>Current Status = ";
 	ob_start();
 	$results = exec("pfctl -s rules | grep -c ipblocklist");
 	ob_end_clean(); 
-	if ($results == '2') echo "Running";
+	if ($results > '2') echo "Running";
 	else
 	 echo "<span style='color:red'>NOT running</span>";
 		
diff --git a/config/ipblocklist/ipblocklist.xml b/config/ipblocklist/ipblocklist.xml
index 55c0bf24..16c26c3e 100755
--- a/config/ipblocklist/ipblocklist.xml
+++ b/config/ipblocklist/ipblocklist.xml
@@ -102,7 +102,7 @@
 	<additional_files_needed>
 		<prefix>/tmp/</prefix>
 		<chmod>0755</chmod>
-		<item>http://www.pfsense.com/packages/config/ipblocklist/manual_add.tmp</item>
+		<item>http://www.pfsense.com/packages/config/ipblocklist/whitelist.tmp</item>
 	</additional_files_needed>
 	<additional_files_needed>
 		<prefix>/tmp/</prefix>
diff --git a/config/ipblocklist/purgeip.tmp b/config/ipblocklist/purgeip.tmp
index 3622797a..449cb262 100755
--- a/config/ipblocklist/purgeip.tmp
+++ b/config/ipblocklist/purgeip.tmp
@@ -4,12 +4,12 @@ $line = $_GET["line"];
 //echo("$line");
 //exec("more ips.ipfw > temp_ips.ipfw");
 if ($line == 0) {
-	exec("rm ips.ipfw");
+	exec("rm wlists.txt");
 	} else {
-	exec("sed $line'd' ips.ipfw > temp_ips.ipfw");
+	exec("sed $line'd' wlists.txt > temp_wlists.txt");
 	}
-exec("more temp_ips.ipfw > ips.ipfw");
-exec("rm temp_ips.ipfw");
+exec("more temp_wlists.txt > wlists.txt");
+exec("rm temp_wlists.txt");
 
 
 ?>
diff --git a/pkg_config.7.xml b/pkg_config.7.xml
index be8eb617..d43a0cd1 100755
--- a/pkg_config.7.xml
+++ b/pkg_config.7.xml
@@ -2,15 +2,15 @@
 <!-- pfSense packages -->
 <pfsensepkgs>
   <packages>
-	<package>
+      <package>
 		<name>IP-Blocklist</name>
 		<website/>
-		<descr>IP-Blocklist is like PeerGuardian2. IP lists are used to add deny rules to the firewall.</descr>
+		<descr>IP-Blocklist is like PeerGuardian2. IP lists are used to add deny/allow rules to the firewall for in & out traffic.</descr>
 		<category>Firewall</category>
 		<pkginfolink>http://forum.pfsense.org/index.php/topic,24769.0.html</pkginfolink>
 		<config_file>http://pfsense.org/packages/config/ipblocklist/ipblocklist.xml</config_file>
 		<depends_on_package_base_url>http://files.pfsense.org/packages/7/All/</depends_on_package_base_url>
-		<version>0.1.9</version>
+		<version>0.2.0</version>
 		<status>Beta</status>
 		<required_version>1.2.2</required_version>
 		<maintainer>tom@tomschaefer.org</maintainer>
diff --git a/pkg_config.8.xml b/pkg_config.8.xml
index 92833f82..0438ed73 100755
--- a/pkg_config.8.xml
+++ b/pkg_config.8.xml
@@ -2,15 +2,15 @@
 <!-- pfSense packages -->
 <pfsensepkgs>
   <packages>
-	<package>
+      <package>
 		<name>IP-Blocklist</name>
 		<website/>
-		<descr>IP-Blocklist is like PeerGuardian2. IP lists are used to add deny rules to the firewall.</descr>
+		<descr>IP-Blocklist is like PeerGuardian2. IP lists are used to add deny/allow rules to the firewall for in & out traffic.</descr>
 		<category>Firewall</category>
 		<pkginfolink>http://forum.pfsense.org/index.php/topic,24769.0.html</pkginfolink>
 		<config_file>http://pfsense.org/packages/config/ipblocklist/ipblocklist.xml</config_file>
-		<depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url>
-		<version>0.1.9</version>
+		<depends_on_package_base_url>http://files.pfsense.org/packages/7/All/</depends_on_package_base_url>
+		<version>0.2.0</version>
 		<status>Beta</status>
 		<required_version>1.2.2</required_version>
 		<maintainer>tom@tomschaefer.org</maintainer>
diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64
index 02ddbe6b..ab01b838 100755
--- a/pkg_config.8.xml.amd64
+++ b/pkg_config.8.xml.amd64
@@ -2,15 +2,15 @@
 <!-- pfSense packages -->
 <pfsensepkgs>
   <packages>
-	<package>
+      <package>
 		<name>IP-Blocklist</name>
 		<website/>
-		<descr>IP-Blocklist is like PeerGuardian2. IP lists are used to add deny rules to the firewall.</descr>
+		<descr>IP-Blocklist is like PeerGuardian2. IP lists are used to add deny/allow rules to the firewall for in & out traffic.</descr>
 		<category>Firewall</category>
 		<pkginfolink>http://forum.pfsense.org/index.php/topic,24769.0.html</pkginfolink>
 		<config_file>http://pfsense.org/packages/config/ipblocklist/ipblocklist.xml</config_file>
 		<depends_on_package_base_url>http://files.pfsense.org/packages/7/All/</depends_on_package_base_url>
-		<version>0.1.9</version>
+		<version>0.2.0</version>
 		<status>Beta</status>
 		<required_version>1.2.2</required_version>
 		<maintainer>tom@tomschaefer.org</maintainer>
-- 
cgit v1.2.3