From 9bccbdf46d1ac7c8dc41612a1a6a5e1120fcf326 Mon Sep 17 00:00:00 2001 From: Marcello Coutinho Date: Fri, 11 Nov 2011 02:14:08 -0200 Subject: pfBlocker - version 0.1.4.5 is out with lists update frequency and widget rule package count --- config/pf-blocker/pfBlocker.widget.php | 40 +++++++++++++++++++++---- config/pf-blocker/pfblocker.inc | 53 ++++++++++++++++++++++++---------- config/pf-blocker/pfblocker.php | 43 +++++++++++++++++++++------ config/pf-blocker/pfblocker_lists.xml | 4 +-- 4 files changed, 109 insertions(+), 31 deletions(-) (limited to 'config/pf-blocker') diff --git a/config/pf-blocker/pfBlocker.widget.php b/config/pf-blocker/pfBlocker.widget.php index 53b39ad9..239bfb49 100644 --- a/config/pf-blocker/pfBlocker.widget.php +++ b/config/pf-blocker/pfBlocker.widget.php @@ -28,7 +28,7 @@ @require_once("guiconfig.inc"); @require_once("pfsense-utils.inc"); @require_once("functions.inc"); - +?>
"; @@ -47,6 +47,16 @@ foreach ($config['aliases']['alias'] as $cbalias){ } } } + +#check rule count +#(label, evaluations,packets total, bytes total, packets in, bytes in,packets out, bytes out) +$packets=exec("/sbin/pfctl -s labels",$debug); +foreach ($debug as $line){ + #USER_RULE: pfBlocker Outbound rule 1656 0 0 0 0 0 0 + if (preg_match("/USER_RULE: (\w+).*\s+\d+\s+(\d+)\s+\d+\s+\d+\s+\d+\s+\d+\s+\d+/",$line,$matches)) + ${$matches[1]}+=$matches[2]; +} + $rules=$config['filter']['rule']; #echo "
";
 foreach($rules as $rule){
@@ -61,14 +71,34 @@ print "
";
 #exit;
 	print "Alias";
 	print "CIDRs";
+	print "Packets";
 	print "Status";	
-
-
 foreach ($pfb_table as $alias => $values){
 	print "".$alias ."";
 	print "".$values["count"]."";
+	print "".${$alias}."";
 	print "".$values["img"]."";	
 }
 echo"  ";
-echo"";
-?>
\ No newline at end of file
+echo"
"; +?> + \ No newline at end of file diff --git a/config/pf-blocker/pfblocker.inc b/config/pf-blocker/pfblocker.inc index 53bf9366..c0ea4982 100755 --- a/config/pf-blocker/pfblocker.inc +++ b/config/pf-blocker/pfblocker.inc @@ -34,6 +34,7 @@ require_once("functions.inc"); require_once("pkg-utils.inc"); require_once("globals.inc"); require_once("filter.inc"); +require_once("services.inc"); function pfb_text_area_decode($text){ return preg_replace('/\r\n/', "\n",base64_decode($text)); @@ -169,7 +170,7 @@ function sync_package_pfblocker() { case "Deny_Outbound": $rule = $base_rule; $rule["type"] = $deny_action_outbound; - $rule["descr"]= "pfBlocker Outbound rule"; + $rule["descr"]= "$pfb_alias auto rule"; $rule["source"]=array("any"=>""); $rule["destination"]= array("address"=> $pfb_alias); if ($pfblocker_config['enable_log']) @@ -179,7 +180,7 @@ function sync_package_pfblocker() { case "Deny_Inbound": $rule = $base_rule; $rule["type"] = $deny_action_inbound; - $rule["descr"]= "pfBlocker Inbound rule"; + $rule["descr"]= "$pfb_alias auto rule"; $rule["source"]= array("address"=> $pfb_alias); $rule["destination"]=array("any"=>""); if ($pfblocker_config['enable_log']) @@ -189,7 +190,7 @@ function sync_package_pfblocker() { case "Permit_Outbound": $rule = $base_rule; $rule["type"] = "pass"; - $rule["descr"]= "pfBlocker Outbound rule"; + $rule["descr"]= "$pfb_alias auto rule"; $rule["source"]=array("any"=>""); $rule["destination"]= array("address"=> $pfb_alias); if ($pfblocker_config['enable_log']) @@ -199,7 +200,7 @@ function sync_package_pfblocker() { case "Permit_Inbound": $rule = $base_rule; $rule["type"] = "pass"; - $rule["descr"]= "pfBlocker Inbound rule"; + $rule["descr"]= "$pfb_alias auto rule"; $rule["source"]= array("address"=> $pfb_alias); $rule["destination"]=array("any"=>""); if ($pfblocker_config['enable_log']) @@ -291,7 +292,7 @@ function sync_package_pfblocker() { case "Deny_Outbound": $rule = $base_rule; $rule["type"] = $deny_action_outbound; - $rule["descr"]= "pfBlocker Outbound rule"; + $rule["descr"]= "$alias auto rule"; $rule["source"]=array("any"=>""); $rule["destination"]= array("address"=> $alias); if ($pfblocker_config['enable_log']) @@ -301,7 +302,7 @@ function sync_package_pfblocker() { case "Deny_Inbound": $rule = $base_rule; $rule["type"] = $deny_action_inbound; - $rule["descr"]= "pfBlocker Inbound rule"; + $rule["descr"]= "$alias auto rule"; $rule["source"]= array("address"=> $alias); $rule["destination"]=array("any"=>""); if ($pfblocker_config['enable_log']) @@ -311,7 +312,7 @@ function sync_package_pfblocker() { case "Permit_Outbound": $rule = $base_rule; $rule["type"] = "pass"; - $rule["descr"]= "pfBlocker Outbound rule"; + $rule["descr"]= "$alias auto rule"; $rule["source"]=array("any"=>""); $rule["destination"]= array("address"=> $alias); if ($pfblocker_config['enable_log']) @@ -321,7 +322,7 @@ function sync_package_pfblocker() { case "Permit_Inbound": $rule = $base_rule; $rule["type"] = "pass"; - $rule["descr"]= "pfBlocker Inbound rule"; + $rule["descr"]= "$alias auto rule"; $rule["source"]= array("address"=> $alias); $rule["destination"]=array("any"=>""); if ($pfblocker_config['enable_log']) @@ -440,10 +441,29 @@ function sync_package_pfblocker() { } $config['filter']['rule']=$new_rules; } - + if ($message == ""){ - #save and apply all changes - + #check cron + $cron_found=0; + if (is_array($config['cron']['item'])){ + $new_cron=array(); + foreach($config['cron']['item'] as $cron){ + if ($cron["command"] == "/usr/local/www/pfblocker.php cron") + $cron_found=1; + $new_cron['item'][]=$cron; + } + if ($cron_found == 0){ + $new_cron['item'][]=array( "minute" => "0", + "hour" => "*", + "mday" => "*", + "month" => "*", + "wday" => "*", + "who" => "root", + "command"=> "/usr/local/www/pfblocker.php cron"); + $config['cron']=$new_cron; + } + } + # to be removed in final version $aliases_list[]="pfBlockerInbound"; #remove previous version lists $aliases_list[]="pfBlockerOutbound";#remove previous version lists @@ -452,11 +472,15 @@ function sync_package_pfblocker() { #update pfctrl tables foreach ($aliases_list as $table) exec("/sbin/pfctl -t " . escapeshellarg($table) . " -T kill 2>&1", $result_pfb); - + #write config write_config(); - #load filter file after editing + #update cron + if ($cron_found == 0) + configure_cron(); + + #load filter file after editing filter_configure(); #sync config @@ -471,11 +495,10 @@ function sync_package_pfblocker() { } function pfblocker_validate_input($post, &$input_errors) { + global $config; foreach ($post as $key => $value) { if (empty($value)) continue; - if($key == "greet_time" && !preg_match("/(\d+),(\d+)(s|m|h|w)/",$value)) - $input_errors[] = "Wrong greet time sintax."; if($key == "message_size_limit" && !is_numeric($value)) $input_errors[] = "Message size limit must be numeric."; if($key == "process_limit" && !is_numeric($value)) diff --git a/config/pf-blocker/pfblocker.php b/config/pf-blocker/pfblocker.php index d6803b49..e6fcd75e 100644 --- a/config/pf-blocker/pfblocker.php +++ b/config/pf-blocker/pfblocker.php @@ -12,16 +12,41 @@ if (preg_match("/(\w+)/",$_REQUEST['pfb'],$matches)) get_networks($matches[1]); #} -if ($argv[1]=='cron' && preg_match("/\d+/",$argv[2],$matches)){ - #require_once("/etc/inc/util.inc"); - #require_once("/etc/inc/functions.inc"); - #require_once("/etc/inc/etpkg-utils.inc"); - #require_once("/etc/inc/globals.inc"); - #require_once("/etc/inc/filter.inc"); +if ($argv[1]=='cron'){ + require_once("/etc/inc/util.inc"); + require_once("/etc/inc/functions.inc"); + require_once("/etc/inc/pkg-utils.inc"); + require_once("/etc/inc/globals.inc"); + require_once("/etc/inc/filter.inc"); + $hour=date('H'); + $pfbdir='/usr/local/pkg/pfblocker'; + $updates=0; + $cron=array('01hour' => 1, + '04hours' => 4, + '12hours' => 12, + 'EveryDay' => 23); + + if($config['installedpackages']['pfblockerlists']['config'] != "") + foreach($config['installedpackages']['pfblockerlists']['config'] as $list){ + if (is_array($list['row'])) + foreach ($list['row'] as $row){ + if ($row['url'] != "" && $hour > 0 ){ + $md5_url = md5($row['url']); + $update_hour=(array_key_exists($list['cron'], $cron)?$cron[$list['cron']]:25); + if($row['url'] && ($hour%$update_hour == 0)){ + print $update_hour." ".$pfbdir.'/'.$md5_url.'.txt'."\n"; + unlink_if_exists($pfbdir.'/'.$md5_url.'.txt'); + $updates++; + } + } + } + } + + if ($updates > 0){ include "/usr/local/pkg/pfblocker.inc"; - print "id".$argv[2]; - sync_package_pfblocker($argv[2]); - } + sync_package_pfblocker(); + } + } function pfblocker_get_countries(){ $files= array ( "Africa" => "/usr/local/pkg/Africa_cidr.txt", diff --git a/config/pf-blocker/pfblocker_lists.xml b/config/pf-blocker/pfblocker_lists.xml index 08574783..0d327165 100755 --- a/config/pf-blocker/pfblocker_lists.xml +++ b/config/pf-blocker/pfblocker_lists.xml @@ -201,10 +201,10 @@ select + - - + -- cgit v1.2.3