From 94d57a9f85b242766f272c4e9a1dbee7d1694b8f Mon Sep 17 00:00:00 2001 From: marcelloc Date: Fri, 28 Oct 2011 11:32:36 -0200 Subject: pfBlocker - more improvements --- config/pf-blocker/pfblocker.inc | 12 ++++++----- config/pf-blocker/pfblocker.xml | 48 ++++++++++++++++++++++++++++++----------- 2 files changed, 43 insertions(+), 17 deletions(-) diff --git a/config/pf-blocker/pfblocker.inc b/config/pf-blocker/pfblocker.inc index 11a2b30a..57c24c2d 100755 --- a/config/pf-blocker/pfblocker.inc +++ b/config/pf-blocker/pfblocker.inc @@ -178,7 +178,7 @@ function sync_package_pfblocker() { #print "
";
 	$new_aliases=array();
 	$pfBlockerInbound='/var/db/aliastables/pfBlockerInbound.txt';
-	if ($ips_in != ""){
+	if ($ips_in != "" && $config['installedpackages']['pfblocker']['config'][0]['enable_cb'] == "on"){
 		#create or reaply alias
 		$new_aliases[]=array("name"=> 'pfBlockerInbound',
 					  		 "url"=> $web_local.'?pfb=in',
@@ -197,7 +197,7 @@ function sync_package_pfblocker() {
 			unlink($pfBlockerInbound);
 	}
 	$pfBlockerOutbound='/var/db/aliastables/pfBlockerOutbound.txt';
-	if ($ips_out != ""){
+	if ($ips_out != "" && $config['installedpackages']['pfblocker']['config'][0]['enable_cb'] == "on"){
 		#create or reaply alias
 		$new_aliases[]=array("name"=> 'pfBlockerOutbound',
 					  		 "url"=> $web_local.'?pfb=out',
@@ -217,7 +217,7 @@ function sync_package_pfblocker() {
 	}
 	
 	$pfblockerWL='/var/db/aliastables/pfBlockerWL.txt';
-	if ($whitelist != ""){
+	if ($whitelist != "" && $config['installedpackages']['pfblocker']['config'][0]['enable_cb'] == "on"){
 		#create or reaply alias
 		$new_aliases[]=array("name"=> 'pfBlockerWL',
 						  	 "url"=> $web_local.'?pfb=white',
@@ -267,8 +267,9 @@ function sync_package_pfblocker() {
 				${$iface}[0]["log"]="";
     	}
 		if ($ips_in != ""){
+			$action=($pfblocker_config['inbound_deny_action']!= ""?$pfblocker_config['inbound_deny_action']:"block");
 			${$iface}[1]=array(	"id" => "",
-							"type"=>"block",
+							"type"=>$action,
 							"tag"=>	"",
 							"interface" => $iface,
 							"tagged"=> "",
@@ -309,8 +310,9 @@ function sync_package_pfblocker() {
 				${$iface}[2]["log"]="";			
     	}
 		if ($ips_out != ""){
+			$action=($pfblocker_config['outbound_deny_action']!= ""?$pfblocker_config['outbound_deny_action']:"block");
 			${$iface}[3]= array("id" => "",
-							"type"=>"block",
+							"type"=>$action,
 							"tag"=>	"",
 							"interface" => $iface,
 							"tagged"=> "",
diff --git a/config/pf-blocker/pfblocker.xml b/config/pf-blocker/pfblocker.xml
index 7294dffa..77c8a4f2 100755
--- a/config/pf-blocker/pfblocker.xml
+++ b/config/pf-blocker/pfblocker.xml
@@ -68,12 +68,12 @@
 		0755
 	
 	
-		http://www.pfsense.org/packages/config/pf-blocker/pfblocker_topspammers.xml
+		http://www.countryipblocks.net/e_country_data/Africa_cidr.txt
 		/usr/local/pkg/
 		0555
 	
 	
-		http://www.countryipblocks.net/e_country_data/Africa_cidr.txt
+		http://www.countryipblocks.net/e_country_data/Antartica_cidr.txt
 		/usr/local/pkg/
 		0555
 	
@@ -170,6 +170,17 @@
 			
 			
 		
+		
+			Inbound deny action
+			inbound_deny_action
+			Block
+ Select deny action for inbound rules]]>
+ select + + + + +
Outbound Interface(s) outbound_interface @@ -179,24 +190,37 @@ + + Outbound deny action + outbound_deny_action + Reject
+ Select deny action for outbound rules]]>
+ select + + + + +
+ Network ranges / CIDR lists listtopic + Country Action countryblock Block Inbound
Select action for countries you have selected

- Note:
'Block Inbound' traffic will deny access from selected countries to your network.
- 'Block Outgoing' traffic will deny access from your users to countries you selected to block
+ Note:
'Deny Inbound' traffic will deny access from selected countries to your network.
+ 'Deny Outgoing' traffic will deny access from your users to countries you selected to block
'Whitelist' will allow access from and to selected countries to your network.
'None' will not apply rules to selected countries.]]>
select - - - + + + @@ -205,7 +229,7 @@ Update frequency update Never
- Select how often pfsense will download Lists files]]>
+ Select how often pfsense will download List files]]> select @@ -236,8 +260,8 @@ action select - - + + @@ -255,7 +279,7 @@ Url url input - 57 + 65
@@ -281,7 +305,7 @@ Whitelist whitelist - + Example: 192.168.1.0/24]]> textarea 50 -- cgit v1.2.3