From 9cf706ced50e5bf66645a7661c995d2dccac256f Mon Sep 17 00:00:00 2001 From: BBcan177 Date: Mon, 15 Dec 2014 00:04:06 -0500 Subject: Mods to pfblockerng.php, .inc, _sync, _v4 and _v6 files. pfblockerng.inc - - Remove redundant ['action'] argument in if() statements. - If no interfaces are selected, defined empty variable and Array. - Separate "Skip & Hold" List download functionality into its own ['state'] process. This allows more fine grain control of each individual list in an Alias. - Remove argument for empty Interfaces in the Rules Re-order process. pfblockerng_sync.xml - - Fix broken link in sync file. pfblockerng_v4lists.xml and _v6 - - Separate "Skip & Hold" List download functionality into its own ['state'] process. This allows more fine grain control of each individual list in an Alias. - Minor Text improvements. --- config/pfblockerng/pfblockerng.inc | 37 ++++++++++++++--------- config/pfblockerng/pfblockerng.php | 9 ++++-- config/pfblockerng/pfblockerng_sync.xml | 2 +- config/pfblockerng/pfblockerng_v4lists.xml | 42 +++++++++++++++----------- config/pfblockerng/pfblockerng_v6lists.xml | 47 +++++++++++++++++------------- 5 files changed, 83 insertions(+), 54 deletions(-) diff --git a/config/pfblockerng/pfblockerng.inc b/config/pfblockerng/pfblockerng.inc index 2f0c90de..9f35397a 100644 --- a/config/pfblockerng/pfblockerng.inc +++ b/config/pfblockerng/pfblockerng.inc @@ -429,7 +429,7 @@ function sync_package_pfblockerng($cron = "") { foreach ($continents as $continent => $pfb_alias) { if (is_array($config['installedpackages']['pfblockerng' . strtolower(preg_replace('/ /','',$continent))]['config'])) { $continent_config = $config['installedpackages']['pfblockerng' . strtolower(preg_replace('/ /','',$continent))]['config'][0]; - if ($continent_config['action'] != "Disabled" && $continent_config['action'] != "" && in_array($continent_config['action'],array('Deny_Both','Deny_Inbound','Deny_Outbound','Match_Both','Match_Inbound','Match_Outbound','Permit_Both','Permit_Inbound','Permit_Outbound'))) { + if ($continent_config['action'] != "Disabled" && in_array($continent_config['action'],array('Deny_Both','Deny_Inbound','Deny_Outbound','Match_Both','Match_Inbound','Match_Outbound','Permit_Both','Permit_Inbound','Permit_Outbound'))) { $pfb['autorules'] = TRUE; $pfb['found'] = TRUE; break; @@ -441,7 +441,7 @@ function sync_package_pfblockerng($cron = "") { foreach ($list_type as $ip_type) { if ($config['installedpackages'][$ip_type]['config'] != "" && !$pfb['found']) { foreach($config['installedpackages'][$ip_type]['config'] as $list) { - if ($list['action'] != "Disabled" && $list['action'] != "" && in_array($list['action'],array('Deny_Both','Deny_Inbound','Deny_Outbound','Match_Both','Match_Inbound','Match_Outbound','Permit_Both','Permit_Inbound','Permit_Outbound'))) { + if ($list['action'] != "Disabled" && in_array($list['action'],array('Deny_Both','Deny_Inbound','Deny_Outbound','Match_Both','Match_Inbound','Match_Outbound','Permit_Both','Permit_Inbound','Permit_Outbound'))) { $pfb['autorules'] = TRUE; break; } @@ -517,6 +517,10 @@ function sync_package_pfblockerng($cron = "") { $base_rule = $base_rule_reg; $pfb['inbound_interfaces'] = explode(",",$pfb['config']['inbound_interface']); } + } else { + # Define Empty Variable/Array + $pfb['inbound_interfaces_float'] = ""; + $pfb['inbound_interfaces'] = array(); } if (!empty($pfb['config']['outbound_interface'])) { @@ -545,6 +549,10 @@ function sync_package_pfblockerng($cron = "") { if (!in_array("openvpn",$sort_interfaces)) array_push($pfb['outbound_interfaces'], "openvpn"); } + } else { + # Define Empty Variable/Array + $pfb['outbound_interfaces_float'] = ""; + $pfb['outbound_interfaces'] = array(); } @@ -581,7 +589,7 @@ function sync_package_pfblockerng($cron = "") { foreach ($continents as $continent => $pfb_alias) { if (is_array($config['installedpackages']['pfblockerng' . strtolower(preg_replace('/ /','',$continent))]['config']) && $pfb['enable'] == "on") { $continent_config = $config['installedpackages']['pfblockerng' . strtolower(preg_replace('/ /','',$continent))]['config'][0]; - if ($continent_config['action'] != "Disabled" && $continent_config['action'] != "") { + if ($continent_config['action'] != "Disabled") { $cont_type = array ("countries4" => "_v4", "countries6" => "_v6"); foreach ($cont_type as $c_type => $vtype) { if ($continent_config[$c_type] != "") { @@ -606,7 +614,7 @@ function sync_package_pfblockerng($cron = "") { foreach ($list_type as $ip_type => $vtype) { if ($config['installedpackages'][$ip_type]['config'] != "" && $pfb['enable'] == "on") { foreach ($config['installedpackages'][$ip_type]['config'] as $list) { - if (is_array($list['row']) && $list['action'] != "Disabled" && $list['action'] != "") { + if (is_array($list['row']) && $list['action'] != "Disabled") { foreach ($list['row'] as $row) { if ($vtype == "_v4") { $pfb_alias = "{$row['header']}"; @@ -614,7 +622,7 @@ function sync_package_pfblockerng($cron = "") { $pfb_alias = "{$row['header']}_v6"; } # Collect Enabled Lists - if ($row['url'] != "" && $row['format'] != "skip") { + if ($row['url'] != "" && $row['state'] != "Disabled") { # Set Parameters for 'Match', 'Permit', 'Native' and 'Deny' if (in_array($list['action'],array('Match_Both','Match_Inbound','Match_Outbound','Alias_Match'))) { $pfb['existing']['match'][] = "{$pfb_alias}"; @@ -638,10 +646,10 @@ function sync_package_pfblockerng($cron = "") { if ($config['installedpackages'][$ip_type]['config'] != "" && $pfb['enable'] == "on") { $count = -1; foreach ($config['installedpackages'][$ip_type]['config'] as $list) { - if (is_array($list['row']) && $list['action'] != "Disabled" && $list['action'] != "") { + if (is_array($list['row']) && $list['action'] != "Disabled") { $count++; # Check if 'Emerging Threats Update' Needs Updating before next CRON Event. - if (is_array($list['row']) && $pfb['etupdate'] == "enabled" && $vtype == "_v4") { + if (is_array($list['row']) && $row['state'] != "Disabled" && $pfb['etupdate'] == "enabled" && $vtype == "_v4") { foreach ($list['row'] as $row) { $aliasname = $row['header']; if ($row['format'] == "et") { @@ -810,7 +818,7 @@ function sync_package_pfblockerng($cron = "") { foreach ($continents as $continent => $pfb_alias) { if (is_array($config['installedpackages']['pfblockerng' . strtolower(preg_replace('/ /','',$continent))]['config'])) { $continent_config = $config['installedpackages']['pfblockerng' . strtolower(preg_replace('/ /','',$continent))]['config'][0]; - if ($continent_config['action'] != "Disabled" && $continent_config['action'] != "" && $pfb['enable'] == "on") { + if ($continent_config['action'] != "Disabled" && $pfb['enable'] == "on") { # Determine Folder Location for Alias (return array $pfbarr) pfb_determine_list_detail($continent_config['action']); @@ -1065,11 +1073,11 @@ function sync_package_pfblockerng($cron = "") { foreach ($list_type as $ip_type => $vtype) { if ($config['installedpackages'][$ip_type]['config'] != "") { foreach ($config['installedpackages'][$ip_type]['config'] as $list) { - if ($list['action'] != "Disabled" && $list['action'] != "" && $pfb['enable'] == "on" && !$pfb['save'] && is_array($list['row'])) { + if ($list['action'] != "Disabled" && $pfb['enable'] == "on" && !$pfb['save'] && is_array($list['row'])) { # Capture Alias Name $alias = "pfB_" . preg_replace("/\W/","",$list['aliasname']); foreach ($list['row'] as $row) { - if ($row['url'] != "" && $row['format'] != "skip") { + if ($row['url'] != "" && $row['state'] != "Disabled") { # Determine Folder Location for Alias (return array $pfbarr) pfb_determine_list_detail($list['action']); @@ -1100,8 +1108,9 @@ function sync_package_pfblockerng($cron = "") { } if (file_exists($pfbfolder . '/' . $header_url . '.txt') && $pfb['reuse'] == "") { - if ($row['format'] == "hold") { + if ($row['state'] == "Hold") { $log = "\n[ {$header_url} ] {$log_tab} Static Hold [ NOW ]\n"; + $row['format'] = "Hold"; } else { $log = "\n[ {$header_url} ] {$log_tab} exists, Reloading File [ NOW ]\n"; } @@ -1576,13 +1585,13 @@ function sync_package_pfblockerng($cron = "") { $final_alias = array_unique($pfb_alias_lists); } - if ($list['action'] != "Disabled" && $list['action'] != "") { + if ($list['action'] != "Disabled") { #remove empty lists files if any if (is_array($list['row'])) { $update = 0; ${$alias} = ""; foreach ($list['row'] as $row) { - if ($row['url'] != "" && $row['format'] != "skip") { + if ($row['url'] != "" && $row['state'] != "Disabled") { if ($vtype == "_v4") { $header_url = "{$row['header']}"; } else { @@ -1829,7 +1838,7 @@ function sync_package_pfblockerng($cron = "") { # Collect Existing pfSense Rules 'Pass', 'Match' and 'Other' pfSense rules into new Arrays. if (!empty($rules)) { foreach ($rules as $rule) { - if (!preg_match("/pfB_.*" . $pfb['suffix'] . "/",$rule['descr']) && ($rule['interface'] != "")) { + if (!preg_match("/pfB_.*" . $pfb['suffix'] . "/",$rule['descr'])) { // Floating rules collection 'Floating Pass/Match'. Balance to 'other' if ($pfb['float'] == "on") { if ($rule['type'] == "pass" && $rule['floating'] == "yes") { diff --git a/config/pfblockerng/pfblockerng.php b/config/pfblockerng/pfblockerng.php index 7539e9fd..4e643cd6 100644 --- a/config/pfblockerng/pfblockerng.php +++ b/config/pfblockerng/pfblockerng.php @@ -304,9 +304,9 @@ if ($argv[1] == 'cron') { foreach ($list_type as $ip_type => $vtype) { if ($config['installedpackages'][$ip_type]['config'] != "") { foreach ($config['installedpackages'][$ip_type]['config'] as $list) { - if (is_array($list['row']) && $list['action'] != "Disabled" && $list['action'] != "") { + if (is_array($list['row']) && $list['action'] != "Disabled") { foreach ($list['row'] as $row) { - if ($row['url'] != "" && $row['format'] != "hold" && $row['format'] != "skip") { + if ($row['url'] != "" && $row['state'] != "Disabled") { if ($vtype == "_v4") { $header_url = "{$row['header']}"; @@ -323,6 +323,11 @@ if ($argv[1] == 'cron') { $header_dow = $list['dow']; $url_format = $row['format']; + // Bypass update if state is defined as "Hold" and list file exists + if (file_exists($pfbfolder . '/' . $header_url . '.txt') && $row['state'] == "Hold") { + continue; + } + # Check if List file exists, if not found run Update if (!file_exists($pfbfolder . '/' . $header_url . '.txt')) { $log = " Updates Found\n"; diff --git a/config/pfblockerng/pfblockerng_sync.xml b/config/pfblockerng/pfblockerng_sync.xml index 3401ff31..c5777dcf 100644 --- a/config/pfblockerng/pfblockerng_sync.xml +++ b/config/pfblockerng/pfblockerng_sync.xml @@ -77,7 +77,7 @@ IPv4 - /pkg.php?xml=/pfblockerng/pfblockerng_v4.xml + /pkg.php?xml=/pfblockerng/pfblockerng_v4lists.xml IPv6 diff --git a/config/pfblockerng/pfblockerng_v4lists.xml b/config/pfblockerng/pfblockerng_v4lists.xml index 469607e6..17f1a14d 100644 --- a/config/pfblockerng/pfblockerng_v4lists.xml +++ b/config/pfblockerng/pfblockerng_v4lists.xml @@ -26,11 +26,11 @@ 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. + this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, @@ -197,7 +197,7 @@ IPv4 Lists]]> none - 'Format' - Choose the file format that URL will retrieve.
+ 'Format' - Select the file format that URL will retrieve.
  • 'txt' Plain txt Lists

  • 'gz' - IBlock GZ Lists in Range Format only.

    • @@ -208,15 +208,14 @@
  • 'html' - Web Links

  • 'xlsx' - Excel Lists

  • 'rsync' - RSync Lists

    • -
  • 'ET IQRisk' - Only

    • -
  • 'SKIP' - This format can be used to 'Disable' an Individual List.

    • -
  • 'HOLD' - Once a List has been Downloaded, you can change to 'HOLD' to keep this list Static.

    • - - Note:
    - Downloaded or pfsense local file must have only one network per line and follows the syntax below:
    - Network ranges: 172.16.1.0-172.16.1.255
    +
  • 'ET' IQRisk - Only
+ 'State' - Select the Run State for each list.
+
  • 'ON/OFF' - Enabled / Disabled

    • +
  • 'HOLD' - Once a List has been Downloaded, list will remain Static.
+ 'Note' - Downloaded or pfsense local file must have only one network per line and follows the syntax below: +
    Network ranges: 172.16.1.0-172.16.1.255
    IP Address: 172.16.1.10
    - CIDR: 172.16.1.0/24


]]> + CIDR: 172.16.1.0/24]]> rowhelper @@ -234,16 +233,24 @@ - - - + + + State + state + select + + + + + + URL or pfSense local file url input - 75 + 50 Header @@ -314,7 +321,8 @@ Update Frequency cron Never
- Select how often List files will be downloaded]]> + Select how often List files will be downloaded]]> + select diff --git a/config/pfblockerng/pfblockerng_v6lists.xml b/config/pfblockerng/pfblockerng_v6lists.xml index c324b310..2a381451 100644 --- a/config/pfblockerng/pfblockerng_v6lists.xml +++ b/config/pfblockerng/pfblockerng_v6lists.xml @@ -28,7 +28,6 @@ 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. @@ -61,7 +60,7 @@
Firewall
pfblockerng_v6lists.xml - + General /pkg_edit.php?xml=pfblockerng.xml&id=0 @@ -124,7 +123,7 @@ Sync /pkg_edit.php?xml=/pfblockerng/pfblockerng_sync.xml&id=0 - + Alias Name @@ -182,12 +181,12 @@ info 'Format' : Select the Format Type

'URL' : Add direct link to list: - (Example: Ads, + Example: Ads, Spyware, - Proxies )

+ Proxies

'pfSense Local File' Format :

  http(s)://127.0.0.1/NAME_OF_FILE   or   - /usr/local/www/NAME_OF_FILE    ((Files can also be placed in the /var/db/pfblockerng folders)

+ /usr/local/www/NAME_OF_FILE    (Files can also be placed in the /var/db/pfblockerng folders)

'Header' : The 'Header' Field must be Unique, it will name the List File and it will be referenced in the pfBlockerNG Widget. @@ -200,21 +199,20 @@ 'Format' - Choose the file format that URL will retrieve.
  • 'txt' Plain txt Lists

    • -
  • 'gz' - IBlock GZ Lists in Range Format

    • -
  • 'gz_2' - Other GZ Lists in IP or CIDR only

    • +
  • 'gz' - IBlock GZ Lists in Range Format only.

    • +
  • 'gz_2' - Other GZ Lists in IP or CIDR only.

  • 'zip' - ZIP'd Lists

  • 'block'- IP x.x.x.0 Block type

  • 'html' - Web Links

  • 'xlsx' - Excel Lists

  • 'rsync' - RSync Lists

    • -
  • 'SKIP' - This format can be used to 'Disable' an Individual List.

    • -
  • 'HOLD' - Once a List has been Downloaded, you can change to 'HOLD' to keep this list Static.

    • - - Note:
    - Downloaded or pfSense local file must have only one network per line and follows the syntax below:
    - Network ranges: TBC
    + 'State' - Select the Run State for each list.
    +
    • 'ON/OFF' - Enabled / Disabled

      • +
    • 'HOLD' - Once a List has been Downloaded, list will remain Static.
    + 'Note' - Downloaded or pfsense local file must have only one network per line and follows the syntax below: +
      Network ranges: TBC
      IP Address: TBC
      - CIDR: TBC


    ]]> + CIDR: TBC
]]> rowhelper @@ -231,15 +229,23 @@ - - + + State + state + select + + + + + + URL or pfSense local file url input - 75 + 50 Header @@ -349,7 +355,8 @@ aliaslog Enable
Select - Logging to Status: System Logs: FIREWALL ( Log )
- This can be overriden by the 'Global Logging' Option in the General Tab.]]> + This can be overriden by the 'Global Logging' Option in the General Tab.]]> + select @@ -389,7 +396,7 @@ Click to SAVE Settings and/or Rule Edits.       Changes are Applied via CRON or - 'Force Update']]> + 'Force Update']]> listtopic -- cgit v1.2.3