From b826f027192c51b86684a06a572c0aca82cb0a58 Mon Sep 17 00:00:00 2001 From: Marcello Coutinho Date: Tue, 1 Nov 2011 01:47:50 -0200 Subject: pfBlocker - version 0.1.4 changes alias/lists/rules engine and gui --- config/pf-blocker/pfBlocker.widget.php | 64 ++- config/pf-blocker/pfblocker.inc | 602 +++++++++++++++------------- config/pf-blocker/pfblocker.php | 89 ++-- config/pf-blocker/pfblocker.xml | 128 +----- config/pf-blocker/pfblocker_lists.xml | 237 +++++++++++ config/pf-blocker/pfblocker_sync.xml | 6 + config/pf-blocker/pfblocker_topspammers.xml | 28 +- 7 files changed, 697 insertions(+), 457 deletions(-) create mode 100755 config/pf-blocker/pfblocker_lists.xml (limited to 'config/pf-blocker') diff --git a/config/pf-blocker/pfBlocker.widget.php b/config/pf-blocker/pfBlocker.widget.php index ec1d08a2..6830275a 100644 --- a/config/pf-blocker/pfBlocker.widget.php +++ b/config/pf-blocker/pfBlocker.widget.php @@ -33,49 +33,43 @@ echo ""; -$in=""; -$out=""; -$white=""; +$pfb_table=array(); +$out=""; +$in=""; +if (is_array($config['aliases']['alias'])) +foreach ($config['aliases']['alias'] as $cbalias){ + if (preg_match("/pfBlocker/",$cbalias['name'])){ + + if (file_exists('/var/db/aliastables/'.$cbalias['name'].'.txt')){ + preg_match("/(\d+)/",exec("/usr/bin/wc -l /var/db/aliastables/".$cbalias['name'].".txt"),$matches); + $pfb_table[$cbalias['name']]=array("count" => $matches[1], + "img"=> $out); + } + } + } $rules=$config['filter']['rule']; #echo "
";
 foreach($rules as $rule){
-	if ($rule['destination']['address'] == 'pfBlockerOutbound' && $out == ""){
-		#print_r($rule);
-		$out="";
-	}
-		
-	if ($rule['source']['address']== 'pfBlockerInbound' && $in == "")
-		$in="";
+	if (preg_match("/pfBlocker/",$rule['source']['address']))
+		$pfb_table[$rule['source']['address']]["img"]=$in;
 		
-	if ($rule['source']['address']== 'pfBlockerWL' && $white == "")
-		$white="";
-		
-	if ($rule['destination']['address']== 'pfBlockerWL' && $white == "")
-		$white="";
+	if (preg_match("/pfBlocker/",$rule['destination']['address']))
+		$pfb_table[$rule['destination']['address']]["img"]=$in;
 }
+print "
";
+#var_dump($pfb_table);
+#exit;
+	print "
"; + print ""; + print ""; -$in=($in != ""?$in:""); -$out=($out != ""?$out:""); -$white=($white != ""?$white:""); - -echo " "; -echo " "; -echo " "; -echo" "; -echo" "; -if (file_exists("/usr/local/pkg/pfb_in.txt")) { - $resultsIP = preg_match_all("/\//",file_get_contents("/usr/local/pkg/pfb_in.txt"),$matches); - echo " "; +foreach ($pfb_table as $alias => $values){ + print ""; + print ""; + print ""; } -if (file_exists("/usr/local/pkg/pfb_out.txt")) { - $resultsIP = preg_match_all("/\//",file_get_contents("/usr/local/pkg/pfb_out.txt"),$matches); - echo " "; -} -if (file_exists("/usr/local/pkg/pfb_w.txt")) { - $resultsIP = preg_match_all("/\//",file_get_contents("/usr/local/pkg/pfb_w.txt"),$matches); - echo " ";} - echo" "; echo"
AliasCIDRsStatus
pfBlockerInbound".$in."pfBlockerOutbound".$out."pfBlockerWL".$white."
". count($matches[0])." Networks".$alias ."".$values["count"]."".$values["img"]."
" . count($matches[0])." Networks" . count($matches[0])." Networks
"; +exit; ?> \ No newline at end of file diff --git a/config/pf-blocker/pfblocker.inc b/config/pf-blocker/pfblocker.inc index f9f6d951..ec017df8 100755 --- a/config/pf-blocker/pfblocker.inc +++ b/config/pf-blocker/pfblocker.inc @@ -72,9 +72,9 @@ function pfblocker_Range2CIDR($ip_min, $ip_max) { function sync_package_pfblocker() { global $config; + $pfblocker_enable=$config['installedpackages']['pfblocker']['config'][0]['enable_cb']; $pfblocker_config=$config['installedpackages']['pfblocker']['config'][0]; - $continents= array("Africa","Antartica","Asia","Europe","North America","Oceania","South America"); - + $table_limit =($config['system']['maximumtableentries']!= ""?$config['system']['maximumtableentries']:"100000"); #get local web gui configuration $web_local=($config['system']['webgui']['protocol'] != ""?$config['system']['webgui']['protocol']:"http"); $port = $config['system']['webgui']['port']; @@ -86,304 +86,355 @@ function sync_package_pfblocker() { } $web_local .= "://127.0.0.1:".$port.'/pfblocker.php'; - #get all selected countries - $countries=$config['installedpackages']['pfblockertopspammers']['config'][0]['countries'].","; - foreach ($continents as $continent){ - if (is_array($config['installedpackages']['pfblocker'.strtolower(preg_replace('/ /','',$continent))]['config'])) - $countries.=$config['installedpackages']['pfblocker'.strtolower(preg_replace('/ /','',$continent))]['config'][0]['countries'].","; - } - $cb_files = explode(",", $countries); - - $pfbdir='/usr/local/pkg/pfblocker'; - #check folders + $pfbdir='/usr/local/pkg/pfblocker'; + $pfb_alias_dir='/usr/local/pkg/pfblocker_aliases'; if (!is_dir($pfbdir)) mkdir ($pfbdir,0755); + if (!is_dir($pfb_alias_dir)) + mkdir ($pfb_alias_dir,0755); if (! is_dir('/var/db/aliastables/')) mkdir ('/var/db/aliastables/',0755); - - #get custom lists - $whitelist=pfb_text_area_decode($pfblocker_config['whitelist']); - $ips_in=""; - $ips_out=""; - foreach ($cb_files as $iso){ - if ($iso <> ""){ - if (file_exists($pfbdir.'/'.$iso.'.txt')) - switch ($pfblocker_config['countryblock']){ - case "inbound": - $ips_in.=file_get_contents($pfbdir.'/'.$iso.'.txt'); + + $continents= array( "Africa" => "pfBlockerAfrica", + "Antartica" => "pfBlockerAntartica", + "Asia" => "pfBlockerAsia", + "Europe" => "pfBlockerEurope", + "North America" => "pfBlockerNorthAmerica", + "Oceania" => "pfBlockerOceania", + "South America" => "pfBlockerSouthAmerica", + "Top Spammers" => "pfBlockerTopSpammers"); + + #create rules vars and arrays + $new_aliases=array(); + $permit_inbound=array(); + $permit_outbound=array(); + $deny_inbound=array(); + $deny_outbound=array(); + $aliases_list=array(); + #check if pfblocker is enabled or not. + $deny_action_inbound=($pfblocker_config['inbound_deny_action']!= ""?$pfblocker_config['inbound_deny_action']:"block"); + $deny_action_outbound=($pfblocker_config['outbound_deny_action']!= ""?$pfblocker_config['outbound_deny_action']:"reject"); + $base_rule= array( "id" => "", + "tag"=> "", + "tagged"=> "", + "max"=> "", + "max-src-nodes"=>"", + "max-src-conn"=> "", + "max-src-states"=>"", + "statetimeout"=>"", + "statetype"=>"keep state", + "os"=> ""); +############################################# +# Assign Countries # +############################################# + foreach ($continents as $continent => $pfb_alias){ + ${$continent}=""; + if (is_array($config['installedpackages']['pfblocker'.strtolower(preg_replace('/ /','',$continent))]['config'])){ + $continent_config=$config['installedpackages']['pfblocker'.strtolower(preg_replace('/ /','',$continent))]['config'][0]; + if ($continent_config['action'] != 'Disabled' && $continent_config['action'] != '' && $pfblocker_enable == "on") + foreach (explode(",", $continent_config['countries']) as $iso){ + #var_dump ($iso); + if ($iso <> "" && file_exists($pfbdir.'/'.$iso.'.txt')) + ${$continent} .= file_get_contents($pfbdir.'/'.$iso.'.txt'); + } + if($continent_config['countries'] != "" && $pfblocker_enable == "on"){ + #write alias file + file_put_contents($pfb_alias_dir.'/'.$pfb_alias.'.txt',${$continent},LOCK_EX); + #Create alias config + $new_aliases[]=array("name"=> $pfb_alias, + "url"=> $web_local.'?pfb='.$pfb_alias, + "updatefreq"=> "32", + "address"=>"", + "descr"=> "pfBlocker country list", + "type"=> "urltable", + "detail"=> "DO NOT EDIT THIS ALIAS"); + #force alias file update + if (file_exists($pfb_alias_dir.'/'.$pfb_alias.'.txt')) + file_put_contents($pfb_alias_dir.'/'.$pfb_alias.'.txt',${$continent}, LOCK_EX); + #Create rule if action permits + switch($continent_config['action']){ + case "Deny_Outbound": + $rule = $base_rule; + $rule["type"] = $deny_action_outbound; + $rule["descr"]= "pfBlocker Outbound rule"; + $rule["source"]=array("any"=>""); + $rule["destination"]= array("address"=> $pfb_alias); + if ($pfblocker_config['enable_log']) + $rule["log"]=""; + $deny_outbound[]=$rule; + break; + case "Deny_Inbound": + $rule = $base_rule; + $rule["type"] = $deny_action_inbound; + $rule["descr"]= "pfBlocker Inbound rule"; + $rule["source"]= array("address"=> $pfb_alias); + $rule["destination"]=array("any"=>""); + if ($pfblocker_config['enable_log']) + $rule["log"]=""; + $deny_inbound[]=$rule; break; - case "outbound": - $ips_out.=file_get_contents($pfbdir.'/'.$iso.'.txt'); + case "Permit_Outbound": + $rule = $base_rule; + $rule["type"] = "pass"; + $rule["descr"]= "pfBlocker Outbound rule"; + $rule["source"]=array("any"=>""); + $rule["destination"]= array("address"=> $pfb_alias); + if ($pfblocker_config['enable_log']) + $rule["log"]=""; + $permit_outbound[]=$rule; break; - case "both": - $ips_in.=file_get_contents($pfbdir.'/'.$iso.'.txt'); - $ips_out.=file_get_contents($pfbdir.'/'.$iso.'.txt'); + case "Permit_Inbound": + $rule = $base_rule; + $rule["type"] = "pass"; + $rule["descr"]= "pfBlocker Inbound rule"; + $rule["source"]= array("address"=> $pfb_alias); + $rule["destination"]=array("any"=>""); + if ($pfblocker_config['enable_log']) + $rule["log"]=""; + $permit_inbound[]=$rule; break; - case "whitelist": - $whitelist.=file_get_contents($pfbdir.'/'.$iso.'.txt'); - break; } + } } + #mark pfctl aliastable for cleanup + if (!in_array($pfb_alias, $aliases_list)) + $aliases_list[]=$pfb_alias; + } - #Assign IP range lists - foreach ($pfblocker_config['row'] as $row){ - $md5_url = md5($row['url']); - #print $row['action']."
"; - if (file_exists($pfbdir."/".$md5_url.".txt")){ - ${$row['action']}.= file_get_contents($pfbdir.'/'.$md5_url.'.txt'); - } - else{ - if ($row['format'] == "gz") - $url_list= gzfile($row['url']); - else - $url_list= file($row['url']); - #extract range lists - $new_file=""; - foreach ($url_list as $line){ - # CIDR format 192.168.0.0/16 - if (preg_match("/(\d+\.\d+\.\d+\.\d+\/\d+)/",$line,$matches)){ - ${$row['action']}.= $matches[1]."\n"; - $new_file.= $matches[1]."\n"; + ############################################# + # Assign lists # + ############################################# + #print "
";
+	if($config['installedpackages']['pfblockerlists']['config'] != "")
+		foreach($config['installedpackages']['pfblockerlists']['config'] as $list){
+		 $alias="pfBlocker".preg_replace("/\W/","",$list['aliasname']);
+		 #print $list['aliasname'].$list['action']." ".$alias." ".$row['url']."
";
+			if ($alias != "pfBlocker" && $list['action'] != "" && $list['action'] != 'Disabled' && $pfblocker_enable == "on"){
+			  #remove empty lists files if any
+			  if (is_array($list['row']))
+			  foreach ($list['row'] as $row){
+			  	#print $list['aliasname'].$list['action'].$list['cron']." ".$alias." ".$row['url']."$update_local
";
+				if ($row['url'] != ""){
+					$md5_url = md5($row['url']);
+					if (file_exists($pfbdir."/".$md5_url.".txt")){ 
+						${$alias}.= file_get_contents($pfbdir.'/'.$md5_url.'.txt');
+						}
+					else{
+						if ($row['format'] == "gz")
+							$url_list= gzfile($row['url']);
+						else
+							$url_list= file($row['url']);
+						#extract range lists
+						$new_file="";
+						if (is_array($url_list))
+						  foreach ($url_list as $line){
+							# CIDR format 192.168.0.0/16
+							if (preg_match("/(\d+\.\d+\.\d+\.\d+\/\d+)/",$line,$matches)){
+							${$alias}.= $matches[1]."\n";
+							$new_file.= $matches[1]."\n";
+							}
+							# Network range 192.168.0.0-192.168.0.254
+							if (preg_match("/(\d+\.\d+\.\d+\.\d+)-(\d+\.\d+\.\d+\.\d+)/",$line,$matches)){
+								$cidr= pfblocker_Range2CIDR($matches[1],$matches[2]);
+								if ($cidr != ""){
+									${$alias}.= $cidr."\n";
+									$new_file.= $cidr."\n";
+								}
+							}
+						}
+						if ($new_file != "")
+							file_put_contents($pfbdir.'/'.$md5_url.'.txt',$new_file, LOCK_EX);
+						}
+					}
 				}
-					
-				# Network range 192.168.0.0-192.168.0.254
-				if (preg_match("/(\d+\.\d+\.\d+\.\d+)-(\d+\.\d+\.\d+\.\d+)/",$line,$matches))
-					$cidr= pfblocker_Range2CIDR($matches[1],$matches[2]);
-					if ($cidr != ""){
-						${$row['action']}.= $cidr."\n";
-						$new_file.= $cidr."\n";
+				#check custom network list
+				if (pfb_text_area_decode($list['custom']) != "")
+					${$alias}.=pfb_text_area_decode($list['custom'])."\n";
+				#save alias file if not empty
+				if (${$alias} == ""){
+					if (file_exists($pfb_alias_dir.'/'.$alias.'.txt'))
+			  			unlink($pfb_alias_dir.'/'.$alias.'.txt');
 					}
+				else{
+					file_put_contents($pfb_alias_dir.'/'.$alias.'.txt',${$alias}, LOCK_EX);
+					#create alias
+					$new_aliases[]=array("name"=> $alias,
+					  		 	 "url"=> $web_local.'?pfb='.$alias,
+					  		 	 "updatefreq"=> "32",
+					  		 	 "address"=>"",
+					  		 	 "descr"=> "pfBlocker user list",
+					  		 	 "type"=> "urltable",
+					  		 	 "detail"=> "DO NOT EDIT THIS ALIAS");
+					#Create rule if action permits
+					switch($list['action']){
+						case "Deny_Outbound":
+							$rule = $base_rule;
+							$rule["type"] = $deny_action_outbound;
+							$rule["descr"]= "pfBlocker Outbound rule";
+							$rule["source"]=array("any"=>"");
+							$rule["destination"]= array("address"=> $alias);
+							if ($pfblocker_config['enable_log'])
+								$rule["log"]="";
+							$deny_outbound[]=$rule;					
+							break;
+						case "Deny_Inbound":
+							$rule = $base_rule;
+							$rule["type"] = $deny_action_inbound;
+							$rule["descr"]= "pfBlocker Inbound rule";
+							$rule["source"]= array("address"=> $alias);
+							$rule["destination"]=array("any"=>"");
+							if ($pfblocker_config['enable_log'])
+								$rule["log"]="";
+							$deny_inbound[]=$rule;					
+							break;
+						case "Permit_Outbound":
+							$rule = $base_rule;
+							$rule["type"] = "pass";
+							$rule["descr"]= "pfBlocker Outbound rule";
+							$rule["source"]=array("any"=>"");
+							$rule["destination"]= array("address"=> $alias);
+							if ($pfblocker_config['enable_log'])
+								$rule["log"]="";
+							$permit_outbound[]=$rule;					
+							break;
+						case "Permit_Inbound":
+							$rule = $base_rule;
+							$rule["type"] = "pass";
+							$rule["descr"]= "pfBlocker Inbound rule";
+							$rule["source"]= array("address"=> $alias);
+							$rule["destination"]=array("any"=>"");
+							if ($pfblocker_config['enable_log'])
+									$rule["log"]="";
+							$permit_inbound[]=$rule;					
+							break;
+						}
+				}
+			#mark pfctl aliastable for cleanup
+			if (!in_array($alias, $aliases_list)) 
+				$aliases_list[]=$alias;
+			}
+		else{
+			#unlink previous pfblocker alias list if any
+				if (file_exists($pfb_alias_dir.'/'.$alias.'.txt'))
+					unlink($pfb_alias_dir.'/'.$alias.'.txt');
 			}
-			if ($new_file != "")
-				file_put_contents($pfbdir.'/'.$md5_url.'.txt',$new_file, LOCK_EX);
-		}
-		#print $row['url']."
" .$md5_url.".txt
";
-		#var_dump(gzfile($row['url']));
-	}
-	
-	#create all country block lists based on gui
-	file_put_contents('/usr/local/pkg/pfb_in.txt',$ips_in, LOCK_EX);
-	
-	#create all country block lists based on gui
-	file_put_contents('/usr/local/pkg/pfb_out.txt',$ips_out, LOCK_EX);
-	
-	#write white_list to filesystem
-	file_put_contents('/usr/local/pkg/pfb_w.txt',$whitelist, LOCK_EX);
-
-	
-	#edit or assign alias "pfblockerInbound", "pfblockerOutbound" and "pfblockerWL" 
-	$aliases=$config['aliases']['alias'];
-	$new_aliases=array();
-	$pfBlockerInbound='/var/db/aliastables/pfBlockerInbound.txt';
-	if ($ips_in != "" && $config['installedpackages']['pfblocker']['config'][0]['enable_cb'] == "on"){
-		#create or reaply alias
-		$new_aliases[]=array("name"=> 'pfBlockerInbound',
-					  		 "url"=> $web_local.'?pfb=in',
-					  		 "updatefreq"=> "7",
-					  		 "address"=>"",
-					  		 "descr"=> "pfBlocker Inbound deny list",
-					  		 "type"=> "urltable",
-					  		 "detail"=> "DO NOT EDIT THIS ALIAS");
-		#force alias file update
-		if (file_exists($pfBlockerInbound))
-			file_put_contents($pfBlockerInbound,$ips_in, LOCK_EX);
-		}
-	else{
-		#remove previous aliastable if exist
-		if (file_exists($pfBlockerInbound))
-			unlink($pfBlockerInbound);
-	}
-	$pfBlockerOutbound='/var/db/aliastables/pfBlockerOutbound.txt';
-	if ($ips_out != "" && $config['installedpackages']['pfblocker']['config'][0]['enable_cb'] == "on"){
-		#create or reaply alias
-		$new_aliases[]=array("name"=> 'pfBlockerOutbound',
-					  		 "url"=> $web_local.'?pfb=out',
-					  		 "updatefreq"=> "7",
-					  		 "address"=>"",
-					  		 "descr"=> "pfBlocker Outbound deny list",
-					  		 "type"=> "urltable",
-					  		 "detail"=> "DO NOT EDIT THIS ALIAS");
-		#force alias file update
-		if (file_exists($pfBlockerOutbound))
-			file_put_contents($pfBlockerOutbound,$ips_out, LOCK_EX);
 		}
-	else{
-		#remove previous aliastable if exist
-		if (file_exists($pfBlockerOutbound))
-			unlink($pfBlockerOutbound);
-	}
-	
-	$pfblockerWL='/var/db/aliastables/pfBlockerWL.txt';
-	if ($whitelist != "" && $config['installedpackages']['pfblocker']['config'][0]['enable_cb'] == "on"){
-		#create or reaply alias
-		$new_aliases[]=array("name"=> 'pfBlockerWL',
-						  	 "url"=> $web_local.'?pfb=white',
-						  	 "updatefreq"=> "7",
-						  	 "address"=>"",
-						  	 "descr"=> "pfBlocker White list",
-						  	 "type"=> "urltable",
-						  	 "detail"=> "DO NOT EDIT THIS ALIAS");
-		#force alias file update
-		if (file_exists($pfblockerWL))
-			file_put_contents($pfblockerWL,$whitelist, LOCK_EX);
+		#update pfsense alias table
+		$aliases=$config['aliases']['alias'];
+		foreach($aliases as $cbalias){
+			if (preg_match("/pfBlocker/",$cbalias['name'])){
+				#mark pfctl aliastable for cleaning
+				if (!in_array($cbalias['name'], $aliases_list)) 
+						$aliases_list[]=$cbalias['name']; #mark aliastable for cleaning
+				#remove previous aliastable file if exist
+				$aliastablefile="/var/db/aliastables/".$cbalias['name'].".txt";
+				if (file_exists($aliastablefile))
+					unlink($aliastablefile);
+			}
+			else{
+				$new_aliases[]=	$cbalias;
+				if (file_exists($pfb_alias_dir.'/'.$alias.'.txt') && $message ==""){
+				preg_match("/(\d+)/",exec("/usr/bin/wc -l ".$pfb_alias_dir.'/'.$alias.'.txt'),$matches);
+				}
+				if (($matches[1] * 2.1)>= $table_limit )
+					#alias table too large
+    				$message= $alias .' alias table is too large. Reduce networks in list or increase "Firewall Maximum Table Entries" value to at least '. (int)($matches[1] * 2.1) .' in "system - advanced - Firewall/NAT".';
+			}
 		}
-	else{
-		#remove previous aliastable if exist
-		if (file_exists($pfblockerWL))
-			unlink($pfblockerWL);
-	}
+		#apply new alias table to xml
+		if ($message == "")
+			$config['aliases']['alias']=$new_aliases;
+		#exit;	
+	#############################################
+	#          Assign rules 					#
+	#############################################
+	#print "
";
+	#var_dump($permit_inbound);
+	#var_dump($permit_outbound);
+	#var_dump($deny_inbound);
+	#var_dump($deny_outbound);			
+	#var_dump($pfblocker_config['inbound_interface']);
+	#print count($deny_inbound) .count($deny_inbound);
 	
-	if (is_array($aliases))
-	  foreach($aliases as $cbalias){
-		if (! preg_match("/pfBlocker.*list/",$cbalias['descr']))
-			$new_aliases[]=	$cbalias;
-	}
-	$config['aliases']['alias']=$new_aliases;
-	
-	# check pfBlocker filter options
-	$ifaces = $pfblocker_config['inbound_interface'];
-	if ($ifaces != "")
-      foreach (explode(",", $ifaces) as $i => $iface) {
-    	if ($whitelist != "" && $iface != ""){
-			${$iface}[0]=array("id" => "",
-					"type"=>"pass",
-					"tag"=>	"",
-					"interface" => $iface,
-					"tagged"=> "",
-					"max"=>	 "",
-					"max-src-nodes"=>"",
-					"max-src-conn"=> "",
-					"max-src-states"=>"",
-					"statetimeout"=>"",
-					"statetype"=>"keep state",
-					"os"=> "",
-					"source"=>array("address"=>"pfBlockerWL"),
-    				"destination"=>array("any"=>""),
-    				"descr"=>"pfBlocker Whitelist rule");
-
-			if ($pfblocker_config['enable_log'])
-				${$iface}[0]["log"]="";
-    	}
-		if ($ips_in != "" && $iface != ""){
-			$action=($pfblocker_config['inbound_deny_action']!= ""?$pfblocker_config['inbound_deny_action']:"block");
-			${$iface}[1]=array(	"id" => "",
-							"type"=>$action,
-							"tag"=>	"",
-							"interface" => $iface,
-							"tagged"=> "",
-							"max"=>	 "",
-							"max-src-nodes"=>"",
-							"max-src-conn"=> "",
-							"max-src-states"=>"",
-							"statetimeout"=>"",
-						    "statetype"=>"keep state",
-							"os"=> "",
-							"source"=>array("address"=>"pfBlockerInbound"),
-    						"destination"=>array("any"=>""),
-    						"descr"=>"pfBlocker Inbound deny rule");
-
-			if ($pfblocker_config['enable_log'])
-				${$iface}[1]["log"]="";
+	# Inbound filter options
+	$inbound_interface = $pfblocker_config['inbound_interface'];
+	if (count($deny_inbound) > 0 || count($permit_inbound) > 0){
+		if($inbound_interface == "")
+			$message="Unable to apply rules.Inbound Interface option not configured.";
+		 if ($inbound_interface == "lo0")
+			$message="Floating rules are not implemented in pfBlocker yet, choose Inbound Interface other than loopback or change action to Alias only.";
 		}
-	}
-	$ifaces = $pfblocker_config['outbound_interface'];
-	if ($ifaces != "")
-      foreach (explode(",", $ifaces) as $i => $iface) {
-    	if ($whitelist != "" && $iface != ""){
-			${$iface}[2]=array(	"id" => "",
-							"type"=>"pass",
-							"tag"=>	"",
-							"interface" => $iface,
-							"tagged"=> "",
-							"max"=>	 "",
-							"max-src-nodes"=>"",
-							"max-src-conn"=> "",
-							"max-src-states"=>"",
-							"statetimeout"=>"",
-							"statetype"=>"keep state",
-							"os"=> "",
-    						"source"=>array("any"=>""),
-    						"destination"=>array("address"=>"pfBlockerWL"),
-    						"descr"=>"pfBlocker Whitelist rule");
-		if ($pfblocker_config['enable_log'])
-				${$iface}[2]["log"]="";			
-    	}
-		if ($ips_out != "" && $iface != ""){
-			$action=($pfblocker_config['outbound_deny_action']!= ""?$pfblocker_config['outbound_deny_action']:"block");
-			${$iface}[3]= array("id" => "",
-							"type"=>$action,
-							"tag"=>	"",
-							"interface" => $iface,
-							"tagged"=> "",
-							"max"=>	 "",
-							"max-src-nodes"=>"",
-							"max-src-conn"=> "",
-							"max-src-states"=>"",
-							"statetimeout"=>"",
-							"statetype"=>"keep state",
-							"os"=> "",
-    						"source"=>array("any"=>""),
-    						"destination"=>array("address"=>"pfBlockerOutbound"),
-    						"descr"=>"pfBlocker Outbound deny rule");
-			if ($pfblocker_config['enable_log'])
-				${$iface}[3]["log"]="";
-			
+		
+	# Outbound filter options
+	$outbound_interface = $pfblocker_config['outbound_interface'];
+	if (count($deny_outbound) > 0 || count($permit_outbound) > 0){
+		if($outbound_interface == "")
+			$message="Unable to apply rules.Outbound Interface option not configured.";
+		 if ($outbound_interface == "lo0")
+			$message="Floating rules are not implemented in pfBlocker yet, choose Outbound Interface other than loopback or change action to Alias only.";
 		}
-
-	}
-	$last_iface="";
-	$rules=$config['filter']['rule'];
-	foreach ($rules as $rule){
-		if ($rule['interface'] <> $last_iface){
-			$last_iface = $rule['interface'];
-			#apply pfblocker rules if enabled
-			if ($config['installedpackages']['pfblocker']['config'][0]['enable_cb'] == "on" && is_array(${$rule['interface']}))
-				foreach (${$rule['interface']} as $cb_rules)
-					$new_rules[]=$cb_rules;
+		
+	if ($message == "")
+		{
+		$last_iface="";
+		$rules=$config['filter']['rule'];
+		$new_rules=array();
+		foreach ($rules as $rule){
+			if ($rule['interface'] <> $last_iface){
+				$last_iface = $rule['interface'];
+				#apply pfblocker rules if enabled
+				
+				#Inbound
+				if (preg_match("/$last_iface/",$inbound_interface)){
+					#permit rules
+					if (is_array($permit_inbound))
+						foreach ($permit_inbound as $cb_rules){
+							$cb_rules['interface']=$rule['interface'];
+							$new_rules[]=$cb_rules;	
+						}
+					#deny rules
+					if (is_array($deny_inbound))
+						foreach ($deny_inbound as $cb_rules){
+							$cb_rules['interface']=$rule['interface'];
+							$new_rules[]=$cb_rules;	
+						}
+				}
+				#Outbound
+				if (preg_match("/$last_iface/",$outbound_interface)){
+					#permit rules
+					if (is_array($permit_outbound))
+						foreach ($permit_outbound as $cb_rules){
+							$cb_rules['interface']=$rule['interface'];
+							$new_rules[]=$cb_rules;	
+						}
+					#deny rules
+					if (is_array($deny_outbound))
+						foreach ($deny_outbound as $cb_rules){
+							$cb_rules['interface']=$rule['interface'];
+							$new_rules[]=$cb_rules;	
+						}
+				}
+			}
+		  #include all rules that is not from pfBlocker
+		  if (!preg_match("/pfBlocker.*rule/",$rule['descr']) && $rule['interface'] != "")
+					$new_rules[]=$rule;
 		}
-		if (!preg_match("/pfBlocker.*rule/",$rule['descr']))
-			$new_rules[]=$rule;	
-	}
-	$config['filter']['rule']=$new_rules;
-
-	#check aliastable size
-	preg_match("/(\d+)/",exec("/usr/bin/wc -l /usr/local/pkg/pfb_in.txt"),$matches);
-	$count_ips_in = $matches[1];
-	preg_match("/(\d+)/",exec("/usr/bin/wc -l /usr/local/pkg/pfb_out.txt"),$matches);
-	$count_ips_out = $matches[1];
-	preg_match("/(\d+)/",exec("/usr/bin/wc -l /usr/local/pkg/pfb_w.txt"),$matches);
-	$count_ips_w = $matches[1];
-	
-	#get higher value
-	$max=$count_ips_in;
-	if ($max < $count_ips_out)
-		$max = $count_ips_out;
-	if ($max < $count_ips_w)
-		$max = $count_ips_w;
-	$sum=($count_ips_in + $count_ips_out + $count_ips_w);
-	#check table size client option
-	$table_limit =($config['system']['maximumtableentries']!= ""?$config['system']['maximumtableentries']:"100000");
+		$config['filter']['rule']=$new_rules;
+		}	
 
-	#check for possible table size erros
-	$error_message="";
-    if ($count_ips_in >= $table_limit )
-    	$message='pfBlockerInbound alias table is too large. Reduce Inbound list or increase "Firewall Maximum Table Entries" value to at least '.($sum +1000).' in "system - advanced - Firewall/NAT".';
-	if ($count_ips_out >= $table_limit )
-    	$message='pfBlockerOutbound alias table is too large. Reduce Outbound List or  increase "Firewall Maximum Table Entries" value to at least '.($sum +1000).' in "system - advanced - Firewall/NAT".';
-	if ($count_ips_w >= $table_limit )
-    	$message='pfBlockerWL alias table is too large. Reduce whitelist or increase "Firewall Maximum Table Entries" value to at least '.($sum +1000).' in "system - advanced - Firewall/NAT ".';
-    	
 	if ($message == ""){
-		#save and apply all changes*/
+		#save and apply all changes
 
+		# to be removed in final version
+		$aliases_list[]="pfBlockerInbound"; #remove previous version lists
+		$aliases_list[]="pfBlockerOutbound";#remove previous version lists
+		$aliases_list[]="pfBlockerWL";		#remove previous version lists
+		#exit;
 		#update pfctrl tables
-		$tables = array ('pfBlockerOutbound' => 'pfb_out.txt',
-				 'pfBlockerInbound'  => 'pfb_in.txt',
-				 'pfBlockerWL'  => 'pfb_w.txt');
-		foreach ($tables as $table => $pfb_file)
-			exec("/sbin/pfctl -t " . escapeshellarg($table) . " -T replace -f /usr/local/pkg/" . escapeshellarg($pfb_file) . " 2>&1", $result_pfb);
+		foreach ($aliases_list as $table)
+			exec("/sbin/pfctl -t " . escapeshellarg($table) . " -T kill 2>&1", $result_pfb);
 
 		#write config
    		write_config();
@@ -485,6 +536,7 @@ function pfblocker_do_xmlrpc_sync($sync_to_ip, $password) {
 	/* xml will hold the sections to sync */
 	$xml = array();
 	$xml['pfblocker'] = $config['installedpackages']['pfblocker'];
+	$xml['pfblockerlists'] = $config['installedpackages']['pfblockerlists'];
 	$xml['pfblockertopspammers'] = $config['installedpackages']['pfblockertopspammers'];
 	$xml['pfblockerafrica'] = $config['installedpackages']['pfblockerafrica'];
 	$xml['pfblockerantartica'] = $config['installedpackages']['pfblockerantartica'];
diff --git a/config/pf-blocker/pfblocker.php b/config/pf-blocker/pfblocker.php
index f1dd85f5..b6c595ab 100644
--- a/config/pf-blocker/pfblocker.php
+++ b/config/pf-blocker/pfblocker.php
@@ -1,29 +1,27 @@
 ";
-		print $return;
+	$file='/usr/local/pkg/pfblocker_aliases/'.$pfb.'.txt';
+	if ($file)
+		$return= file_get_contents($file);
+	print $return;
 }
 
 # to be uncomented when this packages gets stable state
 #if($_SERVER['REMOTE_ADDR']== '127.0.0.1'){
-switch ($_REQUEST['pfb']){
-	case "in":
-		get_networks(1);
-	break;	
-	case "out":
-		get_networks(2);
-	break;
-	case "white":
-		get_networks(3);
-	break;
-}
+if (preg_match("/(\w+)/",$_REQUEST['pfb'],$matches))
+	get_networks($matches[1]);
 #}
+
+if ($argv[1]=='cron' && preg_match("/\d+/",$argv[2],$matches)){
+        #require_once("/etc/inc/util.inc");
+        #require_once("/etc/inc/functions.inc");
+        #require_once("/etc/inc/etpkg-utils.inc");
+        #require_once("/etc/inc/globals.inc");
+        #require_once("/etc/inc/filter.inc");
+        include "/usr/local/pkg/pfblocker.inc";
+        print "id".$argv[2];
+        sync_package_pfblocker($argv[2]);
+        }
 	
 function pfblocker_get_countries(){
 $files= array (	"Africa" => "/usr/local/pkg/Africa_cidr.txt",
@@ -123,6 +121,10 @@ $xml= <<General
 			/pkg_edit.php?xml=pfblocker.xml&id=0
 		
+		
+			Lists
+			/pkg.php?xml=pfblocker_lists.xml
+		
 		
 			Top Spammers
 			/pkg_edit.php?xml=pfblocker_topspammers.xml&id=0
@@ -166,22 +168,45 @@ $xml= <<
 	
 	
-			Continent {$cont}
-			listtopic
+		Continent {$cont}
+		listtopic
+	
+		
+		Countries
+		countries
+		
+		
+				Use CTRL + CLICK to unselect countries]]>
+		
+		select
+ 			
+			{$options}
+ 			
+			{$total}
+			
 		
 		
-			Countries
-			countries
-			
-			
-			
+		Action
+		action
+		Disabled

+						Select action for countries you have selected in {$cont}


+						Note: 
'Deny Inbound' - Will deny access from selected countries to your network.

+								'Deny Outbound' - Will deny access from your users to countries you selected to block

+								'Permit Inbound' - Will allow access from selected countries to your network.

+								'Permit Outbound' - Will allow access from your users to countries you selected to block

+								'Alias Only' - Will create alias {$cont} with selected countries to help custom rule assignments.

+								'Disabled' - Will just keep selection and do nothing to selected countries.
]]>
 	    	select
  				
-				{$options}
- 				
-				{$total}
-				
-			
+				
+ 				
+				
+				
+				
+							
+				
+			
+		
 	
 		pfblocker_php_install_command();
 	
@@ -201,4 +226,4 @@ EOF;
 }
 	
 }
-?>
\ No newline at end of file
+?>
diff --git a/config/pf-blocker/pfblocker.xml b/config/pf-blocker/pfblocker.xml
index 77a81e24..eef4c882 100755
--- a/config/pf-blocker/pfblocker.xml
+++ b/config/pf-blocker/pfblocker.xml
@@ -50,7 +50,7 @@
 		pfBlocker
 		Configure pfblocker
 		
Firewall

-		pkg_edit.php?xml=pfblocker.xml&id=0
+		pkg_edit.php?xml=pfblocker.xml
 	
 	
 		http://www.pfsense.org/packages/config/pf-blocker/pfblocker.inc
@@ -72,6 +72,11 @@
 		/usr/local/pkg/
 		0755
 	
+	
+		http://www.pfsense.org/packages/config/pf-blocker/pfblocker_lists.xml
+		/usr/local/pkg/
+		0755
+	
 	
 		http://www.pfsense.org/packages/config/pf-blocker/pfblocker_sync.xml
 		/usr/local/pkg/
@@ -113,6 +118,11 @@
 			/pkg_edit.php?xml=pfblocker.xml&id=0
 			
 		
+		
+			Lists
+			/pkg.php?xml=pfblocker_lists.xml
+		
+
 		
 			Top Spammers
 			/pkg_edit.php?xml=pfblocker_topspammers.xml&id=0
@@ -169,8 +179,7 @@
 		
 			Inbound Interface(s)
 			inbound_interface
-			WAN
Select interface(s) that you want to block incoming traffic.

-								If you want to create custom inbound rules for blocked countries based on pfBlocker firewall alias, leave this list empty.]]>
+			WAN
Select interface(s) that you want to block incoming traffic.]]>
 			interfaces_selection
 			
 			
@@ -189,8 +198,7 @@
 		
 			Outbound Interface(s)
 			outbound_interface
-			LAN or none.
Select interface(s) that you do not want to send outgoing traffic.

-								If you want to create custom outbound rules for blocked countries based on pfBlocker firewall alias, leave this list empty.]]>
+			LAN or none.
Select interface(s) that you do not want to send outgoing traffic.]]>
 			interfaces_selection
 			
 			
@@ -206,115 +214,7 @@
 				
 				
 			
-	
-		
-			Network ranges / CIDR lists
-			listtopic
-		
-	
-			
-			Country Action
-			countryblock
-			Block Inbound

-							Select action for countries you have selected


-							Note: 
'Deny Inbound' traffic will deny access from selected countries to your network.

-									'Deny Outgoing' traffic will deny access from your users to countries you selected to block

-									'Whitelist' will allow access from and to selected countries to your network.

-									'None' will not apply rules to selected countries.]]>
-	    	select
- 				
-				
-				
-				
-				
-				
-				
-			
-			
-			Update frequency
-			update
-			Never

-							Select how often pfsense will download List files]]>
-	    	select
- 				
- 				
-				
-				
-				
-				
-				
-			
-		
-			
-			none
-			
-								  ON url field, add direct link to list (Example: Ads,
-																	Spyware,
-																	Proxies )
 
-									Compressed lists must be in gz format.

-									File must have only one network per line and could follows PeerBlock syntax	or this below:

-									Network ranges: 172.16.1.0-172.16.1.255

-									CIDR: 172.16.1.0/24
-								   ]]>
-			rowhelper
-			
-			
-			List Action
-			action
-	    	select
- 				
-				
-				
-				
-				
-				
-			
-			
-			Format
-			format
-	    	select
- 				
-				
-				
-				
-					
-			
-				Url
-				url
-				input
-				55
-			
-			
-		
-		
-			List info help
-			list_info
-			
-								  ON url field, add direct link to list (Example: Ads,
-																	Spyware,
-																	Proxies )
 
-									Compressed lists must be in gz format.
	
-									File must have only one network per line and could follows PeerBlock syntax	or this below:

-									Network ranges: 172.16.1.0-172.16.1.255

-									CIDR: 172.16.1.0/24
-								   ]]>
-			checkbox
-			
-		
-		
-			Custom list
-			listtopic
-		
-		
-			Whitelist
-			whitelist
-				
-								  Example: 192.168.1.0/24]]>
-			textarea
-			50
-			06
-			base64
-		
+
 	
 	
 		pfblocker_php_install_command();
diff --git a/config/pf-blocker/pfblocker_lists.xml b/config/pf-blocker/pfblocker_lists.xml
new file mode 100755
index 00000000..08574783
--- /dev/null
+++ b/config/pf-blocker/pfblocker_lists.xml
@@ -0,0 +1,237 @@
+
+
+
+
+        
+        
+    Copyright (C) 2011 Marcello Coutinho
+    
+    All rights reserved.                                                      
+*/
+/* ========================================================================== */
+/*
+    Redistribution and use in source and binary forms, with or without
+    modification, are permitted provided that the following conditions are met:
+
+     1. Redistributions of source code must retain the above copyright notice,
+        this list of conditions and the following disclaimer.
+
+     2. Redistributions in binary form must reproduce the above copyright
+        notice, this list of conditions and the following disclaimer in the
+        documentation and/or other materials provided with the distribution.
+
+    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+    POSSIBILITY OF SUCH DAMAGE.
+                                                                              */
+/* ========================================================================== */
+        ]]>
+        
+    Describe your package here
+    Describe your package requirements here
+    Currently there are no FAQ items provided.
+	pfblockerlists
+	1.0
+	Firewall: pfBlocker
+	/usr/local/pkg/pfblocker.inc
+	
+		pfBlocker 
+		
+		
Firewall

+		pfblocker_lists.xml
+	
+
+		
+			General
+			/pkg_edit.php?xml=pfblocker.xml&id=0
+		
+		
+			Lists
+			/pkg.php?xml=pfblocker_lists.xml
+			
+		
+
+		
+			Top Spammers
+			/pkg_edit.php?xml=pfblocker_topspammers.xml&id=0
+		
+	
+		
+			Africa
+			/pkg_edit.php?xml=pfblocker_Africa.xml&id=0
+			
+		
+		
+			Asia
+			/pkg_edit.php?xml=pfblocker_Asia.xml&id=0
+			
+		
+		
+			Europe
+			/pkg_edit.php?xml=pfblocker_Europe.xml&id=0
+		
+		
+			North America
+			/pkg_edit.php?xml=pfblocker_NorthAmerica.xml&id=0
+		
+		
+			Oceania
+			/pkg_edit.php?xml=pfblocker_Oceania.xml&id=0
+		
+		
+			South America
+			/pkg_edit.php?xml=pfblocker_SouthAmerica.xml&id=0
+		
+		
+			XMLRPC Sync
+			/pkg_edit.php?xml=pfblocker_sync.xml&id=0
+		
+
+	
+		
+			Alias
+			aliasname
+			
+		
+			Description
+			description
+			
+
+		
+			Action
+			action
+		
+				
+			Update Frequency
+			cron
+		
+	
+	
+		
+			Network ranges / CIDR lists
+			listtopic
+	
+			
+			Alias Name
+			aliasname
+				
+								  Example: Badguys

+								  Do not include pfBlocker name, it's done by package.

+								  International, special or space caracters will be ignored in pfsense alias name.
]]>
+			input
+			20
+			
+			
+			List Description
+			description
+			input
+			90
+			
+		
+			
+			none
+			
+								  'Url or local file' - Add direct link to list (Example: Ads,
+																	Spyware,
+																	Proxies )
 
+									
Note: 

+									Compressed lists must be in gz format.

+									Downloaded or local file must have only one network per line and could follows PeerBlock syntax	or this below:

+									Network ranges: 172.16.1.0-172.16.1.255

+									IP Address: 172.16.1.10

+									CIDR: 172.16.1.0/24
+								   ]]>
+			rowhelper
+			
+			
+			Format
+			format
+	    	select
+ 				
+				
+				
+				
+				
+			
+				Url or localfile
+				url
+				input
+				75
+			
+			
+		
+			
+			List Action
+		Deny Inbound

+						Select action for network on lists you have selected.


+						Note: 
'Deny Inbound' - Will deny access from selected countries to your network.

+								'Deny Outbound' - Will deny access from your users to countries you selected to block

+								'Permit Inbound' - Will allow access from selected countries to your network.

+								'Permit Outbound' - Will allow access from your users to countries you selected to block

+								'Alias Only' - Will create an alias with selected countries to help custom rule assignments.

+								'Disabled' - Will just keep selection and do nothing to selected countries.
]]>
+			action
+	    	select
+ 				
+				
+				
+				
+				
+							
+				
+				
+			
+			
+			Update frequency
+			cron
+			Never

+							Select how often pfsense will download List files]]>
+	    	select
+ 				
+ 				
+				
+				
+				
+				
+				
+		
+			
+			Custom list
+			listtopic
+		
+		
+			CIDR
+			custom
+				
+								  Example: 192.168.1.0/24]]>
+			textarea
+			50
+			10
+			base64
+		
+		
+	
+		pfblocker_php_install_command();
+	
+	
+		pfblocker_php_deinstall_command();
+	
+	
+		pfblocker_validate_input($_POST, &$input_errors);
+		
+	
+		sync_package_pfblocker();
+		
+
\ No newline at end of file
diff --git a/config/pf-blocker/pfblocker_sync.xml b/config/pf-blocker/pfblocker_sync.xml
index 43cca1f9..41e5403c 100644
--- a/config/pf-blocker/pfblocker_sync.xml
+++ b/config/pf-blocker/pfblocker_sync.xml
@@ -56,10 +56,16 @@
 			General
 			/pkg_edit.php?xml=pfblocker.xml&id=0
 		
+		
+			Lists
+			/pkg.php?xml=pfblocker_lists.xml
+		
+
 		
 			Top Spammers
 			/pkg_edit.php?xml=pfblocker_topspammers.xml&id=0
 		
+	
 		
 			Africa
 			/pkg_edit.php?xml=pfblocker_Africa.xml&id=0
diff --git a/config/pf-blocker/pfblocker_topspammers.xml b/config/pf-blocker/pfblocker_topspammers.xml
index dcb02524..f6bf8664 100644
--- a/config/pf-blocker/pfblocker_topspammers.xml
+++ b/config/pf-blocker/pfblocker_topspammers.xml
@@ -57,6 +57,10 @@
 			General
 			/pkg_edit.php?xml=pfblocker.xml&id=0
 		
+		
+			Lists
+			/pkg.php?xml=pfblocker_lists.xml
+		
 		
 			Top Spammers
 			/pkg_edit.php?xml=pfblocker_topspammers.xml&id=0
@@ -102,7 +106,8 @@
 			Top Spammers
 			countries
 			
-			
+			
+					Use CTRL + CLICK to unselect countries]]>
 			
 	    	select
  				
@@ -120,6 +125,27 @@
 				10
 				
 		
+				
+		Action
+		action
+		Deny Inbound

+						Select action for countries you have selected.


+						Note: 
'Deny Inbound' - Will deny access from selected countries to your network.

+								'Deny Outbound' - Will deny access from your users to countries you selected to block

+								'Permit Inbound' - Will allow access from selected countries to your network.

+								'Permit Outbound' - Will allow access from your users to countries you selected to block

+								'Alias Only' - Will create alias pfBlockerTopSpammers with selected countries to help custom rule assignments.
+								'Disabled' - Will just keep selection and do nothing to selected countries.
]]>
+	    	select
+ 				
+				
+				
+				
+				
+							
+				
+				
+			
 	
 	
 		pfblocker_php_install_command();
-- 
cgit v1.2.3