From dbbc2d6e11a770fa786e4bd3a26fb4c6c6684f76 Mon Sep 17 00:00:00 2001 From: Marcello Coutinho Date: Tue, 25 Oct 2011 18:38:16 -0200 Subject: CountryBlock-dev new package --- config/countryblock-dev/countryblock.inc | 363 ++++++++++++++++++++++++++ config/countryblock-dev/countryblock.php | 195 ++++++++++++++ config/countryblock-dev/countryblock.xml | 236 +++++++++++++++++ config/countryblock-dev/countryblock_sync.xml | 144 ++++++++++ pkg_config.8.xml | 14 + pkg_config.8.xml.amd64 | 14 + 6 files changed, 966 insertions(+) create mode 100755 config/countryblock-dev/countryblock.inc create mode 100644 config/countryblock-dev/countryblock.php create mode 100755 config/countryblock-dev/countryblock.xml create mode 100644 config/countryblock-dev/countryblock_sync.xml diff --git a/config/countryblock-dev/countryblock.inc b/config/countryblock-dev/countryblock.inc new file mode 100755 index 00000000..c17a5d9e --- /dev/null +++ b/config/countryblock-dev/countryblock.inc @@ -0,0 +1,363 @@ + ""){ + $ips.=file_get_contents('/usr/local/pkg/countryblock/'.$iso.'.txt'); + } + } + #create all ip block lists based on gui + file_put_contents('/usr/local/pkg/cb.txt',$ips, LOCK_EX); + + #write white_list to filesystem + file_put_contents('/usr/local/pkg/cbw.txt',cb_text_area_decode($countryblock_config['whitelist']), LOCK_EX); + + #edit or assign alias "Countryblock" and "CountryblockWL" + $aliases=$config['aliases']['alias']; + print "
";
+	foreach($aliases as $cbalias){
+		$cb_id =($cb_id == "name"?"name":array_search('Countryblock', $cbalias));
+		$cbw_id =($cb_id == "name"?"name":array_search('CountryblockWL', $cbalias));
+	}
+	if ($cb_id <> 'name'){
+		$config['aliases']['alias'][]=array(
+					"name"=> 'Countryblock',
+				  	"url"=> $web_local.'?cb=1',
+				  	"updatefreq"=> "7",
+				  	"address"=>"",
+				  	"descr"=> "Countryblock deny list",
+				  	"type"=> "urltable",
+				  	"detail"=> "DO NOT EDIT THIS ALIAS");
+	}
+	if ($cbw_id <> 'name'){
+		$config['aliases']['alias'][]=array(
+					"name"=> 'CountryblockWL',
+				  	"url"=> $web_local.'?cbw=1',
+				  	"updatefreq"=> "7",
+				  	"address"=>"",
+				  	"descr"=> "Countryblock white list",
+				  	"type"=> "urltable",
+				  	"detail"=> "DO NOT EDIT THIS ALIAS");
+	}
+	if ($cb_id <> 'name' || $cbw_id <> 'name'){
+		write_config();
+	}
+	
+	# check contryblock filter options
+	$rules=$config['filter']['rule'];
+	$ifaces = $countryblock_config['inbound_interface'];
+    foreach (explode(",", $ifaces) as $i => $iface) {
+		${$iface}[0]=array("id" => "",
+					"type"=>"pass",
+					"tag"=>	"",
+					"interface" => $iface,
+					"tagged"=> "",
+					"max"=>	 "",
+					"max-src-nodes"=>"",
+					"max-src-conn"=> "",
+					"max-src-states"=>"",
+					"statetimeout"=>"",
+					"statetype"=>"keep state",
+					"os"=> "",
+					"source"=>array("address"=>"CoutryblockWL"),
+    				"destination"=>array("any"=>""),
+    				"descr"=>"Countryblock inbound whitelist rule");
+		
+		${$iface}[1]=array(	"id" => "",
+							"type"=>"block",
+							"tag"=>	"",
+							"interface" => $iface,
+							"tagged"=> "",
+							"max"=>	 "",
+							"max-src-nodes"=>"",
+							"max-src-conn"=> "",
+							"max-src-states"=>"",
+							"statetimeout"=>"",
+						    "statetype"=>"keep state",
+							"os"=> "",
+							"source"=>array("address"=>"Coutryblock"),
+    						"destination"=>array("any"=>""),
+    						"descr"=>"Countryblock inbound deny rule");
+
+		if ($countryblock_config['enable_log']){
+				${$iface}[0]["log"]="";
+				${$iface}[1]["log"]="";
+		}
+	}
+	$ifaces = $countryblock_config['outbound_interface'];
+    foreach (explode(",", $ifaces) as $i => $iface) {
+		${$iface}[2]=array(	"id" => "",
+							"type"=>"pass",
+							"tag"=>	"",
+							"interface" => $iface,
+							"tagged"=> "",
+							"max"=>	 "",
+							"max-src-nodes"=>"",
+							"max-src-conn"=> "",
+							"max-src-states"=>"",
+							"statetimeout"=>"",
+							"statetype"=>"keep state",
+							"os"=> "",
+    						"source"=>array("any"=>""),
+    						"destination"=>array("address"=>"CoutryblockWL"),
+    						"descr"=>"Countryblock outbound whitelist rule");
+		${$iface}[3]= array("id" => "",
+							"type"=>"block",
+							"tag"=>	"",
+							"interface" => $iface,
+							"tagged"=> "",
+							"max"=>	 "",
+							"max-src-nodes"=>"",
+							"max-src-conn"=> "",
+							"max-src-states"=>"",
+							"statetimeout"=>"",
+							"statetype"=>"keep state",
+							"os"=> "",
+    						"source"=>array("any"=>""),
+    						"destination"=>array("address"=>"Coutryblock"),
+    						"descr"=>"Countryblock inbound deny rule");
+
+		if ($countryblock_config['enable_log']){
+				${$iface}[2]["log"]="";
+				${$iface}[3]["log"]="";
+		}
+	}
+	$last_iface="";
+	foreach ($rules as $rule){
+		if ($rule['interface'] <> $last_iface){
+			$last_iface = $rule['interface'];
+			#apply countryblock rules if enabled
+			if ($config['installedpackages']['countryblock']['config'][0]['enable_cb'] == "on")
+				foreach (${$rule['interface']} as $cb_rules)
+					$new_rules[]=$cb_rules;
+		}
+		if (!preg_match("/Countryblock.*rule/",$rule['descr']))
+			$new_rules[]=$rule;	
+	}
+	$config['filter']['rule']=$new_rules;
+	write_config();
+		
+	countryblock_sync_on_changes();
+}
+
+function countryblock_validate_input($post, &$input_errors) {
+	foreach ($post as $key => $value) {
+		if (empty($value))
+			continue;
+		if($key == "greet_time" && !preg_match("/(\d+),(\d+)(s|m|h|w)/",$value))
+				$input_errors[] = "Wrong greet time sintax.";			
+		if($key == "message_size_limit" && !is_numeric($value))
+				$input_errors[] = "Message size limit must be numeric.";
+		if($key == "process_limit" && !is_numeric($value))
+				$input_errors[] = "Process limit must be numeric.";	
+		if($key == "freq" && (!preg_match("/^\d+(h|m|d)$/",$value) || $value == 0))
+				$input_errors[] = "A valid number with a time reference is required for the field 'Frequency'";
+		if (substr($key, 0, 2) == "dc" && !is_hostname($value))
+				$input_errors[] = "{$value} is not a valid host name.";
+		if (substr($key, 0, 6) == "domain" && is_numeric(substr($key, 6))) {
+			if (!is_domain($value))
+				$input_errors[] = "{$value} is not a valid domain name.";
+		} else if (substr($key, 0, 12) == "mailserverip" && is_numeric(substr($key, 12))) {
+			if (empty($post['domain' . substr($key, 12)]))
+				$input_errors[] = "Domain for {$value} cannot be blank.";
+			if (!is_ipaddr($value) && !is_hostname($value))
+				$input_errors[] = "{$value} is not a valid IP address or host name.";
+		}
+	}
+}
+
+function countryblock_php_install_command() {
+	include_once '/usr/local/www/countryblock.php';
+	countryblock_get_countries();
+	sync_package_countryblock();
+}
+
+function countryblock_php_deinstall_command() {
+	global $config;
+	$config['installedpackages']['countryblock']['config'][0]['enable_cb']="";
+	write_config();
+	sync_package_countryblock();
+}
+
+/* Uses XMLRPC to synchronize the changes to a remote node */
+function countryblock_sync_on_changes() {
+	global $config, $g;
+	log_error("[countryblock] countryblock_xmlrpc_sync.php is starting.");
+	$synconchanges = $config['installedpackages']['countryblocksync']['config'][0]['synconchanges'];	
+	if(!$synconchanges) 
+		return;
+	foreach ($config['installedpackages']['countryblocksync']['config'] as $rs ){
+		foreach($rs['row'] as $sh){
+		$sync_to_ip = $sh['ipaddress'];
+		$password   = $sh['password'];
+		if($password && $sync_to_ip)
+			countryblock_do_xmlrpc_sync($sync_to_ip, $password);
+		}
+	}
+	log_error("[countryblock] countryblock_xmlrpc_sync.php is ending.");
+}
+
+/* Do the actual XMLRPC sync */
+function countryblock_do_xmlrpc_sync($sync_to_ip, $password) {
+	global $config, $g;
+
+	if(!$password)
+		return;
+
+	if(!$sync_to_ip)
+		return;
+
+	$xmlrpc_sync_neighbor = $sync_to_ip;
+    if($config['system']['webgui']['protocol'] != "") {
+		$synchronizetoip = $config['system']['webgui']['protocol'];
+		$synchronizetoip .= "://";
+    }
+    $port = $config['system']['webgui']['port'];
+    /* if port is empty lets rely on the protocol selection */
+    if($port == "") {
+		if($config['system']['webgui']['protocol'] == "http") 
+			$port = "80";
+		else 
+			$port = "443";
+    }
+	$synchronizetoip .= $sync_to_ip;
+
+	/* xml will hold the sections to sync */
+	$xml = array();
+	$xml['countryblock'] = $config['installedpackages']['countryblock'];
+	$xml['countryblockacl'] = $config['installedpackages']['countryblockacl'];
+	$xml['countryblockrecipients'] = $config['installedpackages']['countryblockrecipients'];
+	$xml['countryblockantispam'] = $config['installedpackages']['countryblockantispam'];
+	
+	/* assemble xmlrpc payload */
+	$params = array(
+		XML_RPC_encode($password),
+		XML_RPC_encode($xml)
+	);
+
+	/* set a few variables needed for sync code borrowed from filter.inc */
+	$url = $synchronizetoip;
+	log_error("Beginning countryblock XMLRPC sync to {$url}:{$port}.");
+	$method = 'pfsense.merge_installedpackages_section_xmlrpc';
+	$msg = new XML_RPC_Message($method, $params);
+	$cli = new XML_RPC_Client('/xmlrpc.php', $url, $port);
+	$cli->setCredentials('admin', $password);
+	if($g['debug'])
+		$cli->setDebug(1);
+	/* send our XMLRPC message and timeout after 250 seconds */
+	$resp = $cli->send($msg, "250");
+	if(!$resp) {
+		$error = "A communications error occurred while attempting countryblock XMLRPC sync with {$url}:{$port}.";
+		log_error($error);
+		file_notice("sync_settings", $error, "countryblock Settings Sync", "");
+	} elseif($resp->faultCode()) {
+		$cli->setDebug(1);
+		$resp = $cli->send($msg, "250");
+		$error = "An error code was received while attempting countryblock XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
+		log_error($error);
+		file_notice("sync_settings", $error, "countryblock Settings Sync", "");
+	} else {
+		log_error("countryblock XMLRPC sync successfully completed with {$url}:{$port}.");
+	}
+	
+	/* tell countryblock to reload our settings on the destionation sync host. */
+	$method = 'pfsense.exec_php';
+	$execcmd  = "require_once('/usr/local/pkg/countryblock.inc');\n";
+	$execcmd .= "sync_package_countryblock();";
+	
+	/* assemble xmlrpc payload */
+	$params = array(
+		XML_RPC_encode($password),
+		XML_RPC_encode($execcmd)
+	);
+
+	log_error("countryblock XMLRPC reload data {$url}:{$port}.");
+	$msg = new XML_RPC_Message($method, $params);
+	$cli = new XML_RPC_Client('/xmlrpc.php', $url, $port);
+	$cli->setCredentials('admin', $password);
+	$resp = $cli->send($msg, "250");
+	if(!$resp) {
+		$error = "A communications error occurred while attempting countryblock XMLRPC sync with {$url}:{$port} (pfsense.exec_php).";
+		log_error($error);
+		file_notice("sync_settings", $error, "countryblock Settings Sync", "");
+	} elseif($resp->faultCode()) {
+		$cli->setDebug(1);
+		$resp = $cli->send($msg, "250");
+		$error = "An error code was received while attempting countryblock XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
+		log_error($error);
+		file_notice("sync_settings", $error, "countryblock Settings Sync", "");
+	} else {
+		log_error("countryblock XMLRPC reload data success with {$url}:{$port} (pfsense.exec_php).");
+	}
+
+}
+
+?>
diff --git a/config/countryblock-dev/countryblock.php b/config/countryblock-dev/countryblock.php
new file mode 100644
index 00000000..26b454d5
--- /dev/null
+++ b/config/countryblock-dev/countryblock.php
@@ -0,0 +1,195 @@
+";
+		print $return;
+}
+
+if ($_REQUEST['cb']== 1){# and $_SERVER['REMOTE_ADDR']== '127.0.0.1'){
+	get_networks(1);
+}
+if ($_REQUEST['cbw']== 1){# and $_SERVER['REMOTE_ADDR']== '127.0.0.1'){
+	get_networks(2);
+}
+
+function countryblock_get_countries(){
+$files= array (	"Africa" => "/usr/loca/pkg/Africa_cidr.txt",
+				"Antartica" => "/usr/loca/pkg/Antartica_cidr.txt",
+				"Asia" => "/usr/loca/pkg/Asia_cidr.txt",
+				"Europe" => "/usr/loca/pkg/Europe_cidr.txt",
+				"North America" => "/usr/loca/pkg/North_America_cidr.txt",
+				"Oceania" => "/usr/loca/pkg/Oceania_cidr.txt",
+				"South America"=>"/usr/loca/pkg/South_America_cidr.txt");
+$cdir='/usr/local/pkg/countryblock';
+foreach ($files as $cont => $file){
+	$ips=file_get_contents($file);	
+	$convert = explode("\n", $ips);
+	print $cont."\n";
+	$active= array("$cont" => '');
+	$options="";
+	$total=1;
+	foreach ($convert as $line){
+		if (preg_match('/#(.*):\s+(.*)$/',$line,$matches)){
+			if ($ISOCode <> "" && $ISOCode <> $matches[2] && preg_match("/ISO Code/",$line)){
+				if (! is_dir($cdir))
+					mkdir ($cdir,755);
+				file_put_contents($cdir.'/'.$ISOCode.'.txt',${$ISOCode},LOCK_EX);
+				$total++;
+				}
+			${preg_replace("/\s/","",$matches[1])}=$matches[2];
+		}
+		else{
+			if (${$ISOCode}==0){
+				${$ISOCode}++;
+			$options.= ''."\n";
+			}
+			${$ISOCode}.=$line."\n";
+		}
+	}
+$cont_name= preg_replace("/ /","",$cont);
+#file_put_contents($cdir.'/'.$cont_name.'.txt',$ips,LOCK_EX);
+$xml= <<
+
+
+
+	
+	
+	
+	Describe your package here
+	Describe your package requirements here
+	Currently there are no FAQ items provided.
+	countryblock_{$cont_name}
+	1.0
+	Firewall: Countryblock
+	/usr/local/pkg/countryblock.inc
+	
+		Countryblock
+		Configure Countryblock
+		
Firewall
+ pkg_edit.php?xml=countryblock.xml&id=0 +
+ + countryblock + + + + General + /pkg_edit.php?xml=countryblock.xml&id=0 + + + Africa + /pkg_edit.php?xml=countryblock_Africa.xml&id=0 + {$active['Africa']} + + + Antartica + /pkg_edit.php?xml=countryblock_Antartica.xml&id=0 + {$active['Antartica']} + + + Asia + /pkg_edit.php?xml=countryblock_Asia.xml&id=0 + {$active['Asia']} + + + Europe + /pkg_edit.php?xml=countryblock_Europe.xml&id=0 + {$active['Europe']} + + + North America + /pkg_edit.php?xml=countryblock_NorthAmerica.xml&id=0 + {$active['North America']} + + + Oceania + /pkg_edit.php?xml=countryblock_Oceania.xml&id=0 + {$active['Oceania']} + + + South America + /pkg_edit.php?xml=countryblock_SouthAmerica.xml&id=0 + {$active['South America']} + + + XMLRPC Sync + /pkg_edit.php?xml=countryblock_sync.xml&id=0 + + + + + Continent {$cont} + listtopic + + + Countries + countries + + + + select + + {$options} + + {$total} + + + + countryblock_php_install_command(); + + + countryblock_php_deinstall_command(); + + + countryblock_validate_input(\$_POST, &\$input_errors); + + + sync_package_countryblock(); + +
+EOF; + file_put_contents('/usr/local/pkg/countryblock_'.$cont_name.'.xml',$xml,LOCK_EX); + + #var_dump($ips); + +} + +} +?> \ No newline at end of file diff --git a/config/countryblock-dev/countryblock.xml b/config/countryblock-dev/countryblock.xml new file mode 100755 index 00000000..4bf3bda4 --- /dev/null +++ b/config/countryblock-dev/countryblock.xml @@ -0,0 +1,236 @@ + + + + + + + + Describe your package here + Describe your package requirements here + Currently there are no FAQ items provided. + countryblock + 1.0 + Firewall: Countryblock + /usr/local/pkg/countryblock.inc + + Countryblock + Configure Countryblock +
Firewall
+ pkg_edit.php?xml=countryblock.xml&id=0 +
+ + countryblock + + + http://www.pfsense.org/packages/config/countryblock-dev/countryblock.inc + /usr/local/pkg/ + 0755 + + + http://www.pfsense.org/packages/config/countryblock-dev/countryblock.php + /usr/local/www/ + 0755 + + + http://www.pfsense.org/packages/config/countryblock-dev/countryblock_sync.xml + /usr/local/pkg/ + 0755 + + + http://www.countryipblocks.net/e_country_data/Africa_cidr.txt + /usr/local/pkg/ + 0555 + + + http://www.countryipblocks.net/e_country_data/Antartica_cidr.txt + /usr/local/pkg/ + 0555 + + + http://www.countryipblocks.net/e_country_data/Asia_cidr.txt + /usr/local/pkg/ + 0555 + + + http://www.countryipblocks.net/e_country_data/Europe_cidr.txt + /usr/local/pkg/ + 0555 + + + http://www.countryipblocks.net/e_country_data/North_America_cidr.txt + /usr/local/pkg/ + 0555 + + + http://www.countryipblocks.net/e_country_data/Oceania_cidr.txt + /usr/local/pkg/ + 0555 + + + http://www.countryipblocks.net/e_country_data/South_America_cidr.txt + /usr/local/pkg/ + 0555 + + + + General + /pkg_edit.php?xml=countryblock.xml&id=0 + + + + Africa + /pkg_edit.php?xml=countryblock_Africa.xml&id=0 + + + + Antartica + /pkg_edit.php?xml=countryblock_Antartica.xml&id=0 + + + + Asia + /pkg_edit.php?xml=countryblock_Asia.xml&id=0 + + + + Europe + /pkg_edit.php?xml=countryblock_Europe.xml&id=0 + + + North America + /pkg_edit.php?xml=countryblock_NorthAmerica.xml&id=0 + + + Oceania + /pkg_edit.php?xml=countryblock_Oceania.xml&id=0 + + + South America + /pkg_edit.php?xml=countryblock_SouthAmerica.xml&id=0 + + + XMLRPC Sync + /pkg_edit.php?xml=countryblock_sync.xml&id=0 + + + + + Countryblock General Settings + listtopic + + + Enable Countryblock + enable_cb + checkbox + + + + Enable Logging + enable_log + checkbox + + + + Inbound FilterInterface(s) + inbound_interface + WAN
Select interface(s) that you do not want to block incoming traffic.
+ If you want to create custom inbound rules for blocked countries based on Countryblock firewall alias, leave this list empty.]]>
+ interfaces_selection + + wan + +
+ + Outbound Filter Interface(s) + outbound_interface + LAN
Select interface(s) that you do not want to send outgoing traffic.
+ If you want to create custom outbound rules for blocked countries based on Countryblock firewall alias, leave this list empty.]]>
+ interfaces_selection + + lan + +
+ + Whitelist + whitelist + + Example: 192.168.1.0/24]]> + textarea + 20 + 06 + base64 + + + Shortcut + listtopic + + + Top Spammers + topspammers + + + + select + + + + + + + + + + + + + 10 + + +
+ + countryblock_php_install_command(); + + + countryblock_php_deinstall_command(); + + + countryblock_validate_input($_POST, &$input_errors); + + + sync_package_countryblock(); + +
diff --git a/config/countryblock-dev/countryblock_sync.xml b/config/countryblock-dev/countryblock_sync.xml new file mode 100644 index 00000000..627272e5 --- /dev/null +++ b/config/countryblock-dev/countryblock_sync.xml @@ -0,0 +1,144 @@ + + + + + + + + Describe your package here + Describe your package requirements here + Currently there are no FAQ items provided. + countryblock_sync + 1.0 + Firewall: Countryblock + /usr/local/pkg/countryblock.inc + + Countryblock + Configure Countryblock +
Services
+ pkg_edit.php?xml=countryblock.xml&id=0 +
+ + countryblock + + + + General + /pkg_edit.php?xml=countryblock.xml&id=0 + + + Africa + /pkg_edit.php?xml=countryblock_Africa.xml&id=0 + + + + Antartica + /pkg_edit.php?xml=countryblock_Antartica.xml&id=0 + + + + Asia + /pkg_edit.php?xml=countryblock_Asia.xml&id=0 + + + + Europe + /pkg_edit.php?xml=countryblock_Europe.xml&id=0 + + + North America + /pkg_edit.php?xml=countryblock_NorthAmerica.xml&id=0 + + + Oceania + /pkg_edit.php?xml=countryblock_Oceania.xml&id=0 + + + South America + /pkg_edit.php?xml=countryblock_SouthAmerica.xml&id=0 + + + XMLRPC Sync + /pkg_edit.php?xml=countryblock_sync.xml&id=0 + + + + + + countryblock XMLRPC Sync + listtopic + + + Automatically sync countryblock configuration changes + synconchanges + pfSense will automatically sync changes to the hosts defined below. + checkbox + + + Remote Server + none + rowhelper + + + IP Address + ipaddress + IP Address of remote server + input + 20 + + + Password + password + Password for remote server. + password + 20 + + + + + + countryblock_php_install_command(); + + + countryblock_php_deinstall_command(); + + + countryblock_validate_input($_POST, &$input_errors); + + + sync_package_countryblock(); + +
diff --git a/pkg_config.8.xml b/pkg_config.8.xml index 9af06cd5..746a3bd4 100644 --- a/pkg_config.8.xml +++ b/pkg_config.8.xml @@ -58,6 +58,20 @@ tom@tomschaefer.org countryblock.xml + + Country Block DEV + + Block countries. You must remove Country Block before installing this package. + Firewall + http://forum.pfsense.org/index.php/topic,25732.0.html + http://pfsense.org/packages/config/countryblock-dev/countryblock.xml + http://files.pfsense.org/packages/8/All/ + 0.4.0 + Beta + 2.0 + tom@tomschaefer.org + countryblock.xml + IP-Blocklist diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64 index 886a2385..1301413c 100644 --- a/pkg_config.8.xml.amd64 +++ b/pkg_config.8.xml.amd64 @@ -132,6 +132,20 @@ tom@tomschaefer.org countryblock.xml + + Country Block DEV + + Block countries. You must remove Country Block before installing this package. + Firewall + http://forum.pfsense.org/index.php/topic,25732.0.html + http://pfsense.org/packages/config/countryblock-dev/countryblock.xml + http://files.pfsense.org/packages/amd64/8/All/ + 0.4.0 + Beta + 2.0 + tom@tomschaefer.org + countryblock.xml + IP-Blocklist -- cgit v1.2.3