From 3e334285ad161c5abdffc409854c4d690c2cab8d Mon Sep 17 00:00:00 2001 From: Tom Schaefer Date: Sat, 2 Oct 2010 04:25:46 -0400 Subject: countryblock 1.7 - added two pages, redo on gui --- config/countryblock/countryblock.inc | 4 + config/countryblock/countryblock.tmp | 169 ++++++++++++------------ config/countryblock/countryblock.xml | 10 ++ config/countryblock/countryblock_if.tmp | 10 +- config/countryblock/execute.sh | 30 +++-- config/countryblock/help.tmp | 145 +++++++++++++++++++++ config/countryblock/settings.tmp | 219 ++++++++++++++++++++++++++++++++ 7 files changed, 482 insertions(+), 105 deletions(-) create mode 100644 config/countryblock/help.tmp create mode 100644 config/countryblock/settings.tmp (limited to 'config') diff --git a/config/countryblock/countryblock.inc b/config/countryblock/countryblock.inc index 46429563..72d864fb 100644 --- a/config/countryblock/countryblock.inc +++ b/config/countryblock/countryblock.inc @@ -65,6 +65,10 @@ function php_install_command_cb() unlink_if_exists("/tmp/index.tmp"); exec("cp /tmp/firewall_shaper.tmp /usr/local/www/packages/countryblock/firewall_shaper.php"); unlink_if_exists("/tmp/firewall_shaper.tmp"); + exec("cp /tmp/help.tmp /usr/local/www/packages/countryblock/help.php"); + unlink_if_exists("/tmp/help.tmp"); + exec("cp /tmp/settings.tmp /usr/local/www/packages/countryblock/settings.php"); + unlink_if_exists("/tmp/settings.tmp"); //Get scripts exec("cp /tmp/countryblock.sh /usr/local/etc/rc.d/countryblock.sh"); unlink_if_exists("/tmp/countryblock.sh"); diff --git a/config/countryblock/countryblock.tmp b/config/countryblock/countryblock.tmp index 785329a2..2d05d061 100755 --- a/config/countryblock/countryblock.tmp +++ b/config/countryblock/countryblock.tmp @@ -1,5 +1,5 @@ 0) { $savemsg_cb = "Country Block settings have been saved/updated. "; conf_mount_ro(); } -?> - - - +?> -

Firewall: Country Block

+ + +

+ +

- \n"; } +elseif ($resultstop > '0') { +echo "\n"; +} else { echo "\n"; } -?> +?>Enable Country Block

+ + + + + + + + + + +

+ +

+

+ + + + + + + + + +

Main

+ "; - exec("touch OUTBOUND"); - } - else - { - $output2 = " and Outbound access is ALLOWED."; - exec("rm OUTBOUND"); - } - - if(isset($_POST['formlogging'])) - { - exec("touch logging"); - } - else - { - exec("rm logging"); - } - if(empty($aCountry)) { @@ -244,6 +253,7 @@ font-size: 90%; .arrowlistmenu ul li a:visited{ color: #A70303; + } .arrowlistmenu ul li a:hover{ /*hover state CSS*/ @@ -258,15 +268,11 @@ background-color: #F3F3F3; -Enable Country Block

+

- + @@ -283,7 +289,7 @@ background-color: #F3F3F3; ?>

-

Check the country that you would like to block completely. Currently +

Check the country that you would like to block completely. Currently - of 246 selected.
-
-
- Block outbound? -"; - } else { - echo ""; - } -?> - - select/unselect -
- Enable Logging? -"; - } else { - echo ""; - } -?> + of 246 selected.

+
@@ -2362,6 +2346,7 @@ ob_end_clean(); ob_start(); $results = exec("cat countries.txt | grep TM"); ob_end_clean(); + if ($results == 'TM') echo "

Turkmenistan

"; else @@ -2585,21 +2570,35 @@ ob_end_clean();

- -

Usage -
- Check the country that you would like to block completely. Choose if you want to block outbound access and if you want to log attempts. Click "Commit Countries" to store your settings.
- When your settings are stored select "Enable Country Block" and press save to enable to package.
- To run countryblock as a cron job use /usr/local/etc/rc.d/countryblock.sh
- To whitelist a CIDR range press and to specify interfaces press . By default all interfaces are selected.
- Warning! - Apply after every firewall change or state reset. Use at your own risk. +

- +"; +?> + +

+

+ +
+ - - - -"; -?> - +

+

+

+

- -
- + + - - + diff --git a/config/countryblock/countryblock.xml b/config/countryblock/countryblock.xml index e86e665c..7b4cc8a6 100644 --- a/config/countryblock/countryblock.xml +++ b/config/countryblock/countryblock.xml @@ -139,6 +139,16 @@ 0755 http://www.pfsense.org/packages/config/countryblock/firewall_shaper.tmp + + /tmp/ + 0755 + http://www.pfsense.org/packages/config/countryblock/help.tmp + + + /tmp/ + 0755 + http://www.pfsense.org/packages/config/countryblock/settings.tmp + Variable One diff --git a/config/countryblock/countryblock_if.tmp b/config/countryblock/countryblock_if.tmp index 11a81414..d5e73800 100755 --- a/config/countryblock/countryblock_if.tmp +++ b/config/countryblock/countryblock_if.tmp @@ -29,7 +29,7 @@ POSSIBILITY OF SUCH DAMAGE. */ -$pgtitle = "Country Block - Interfaces"; +$pgtitle = "Firewall: Countryblock - Interfaces"; require("guiconfig.inc"); /* @@ -100,7 +100,7 @@ if ($_POST) { -$pgtitle = "CountryBlock Interfaces"; + include("head.inc"); @@ -117,7 +117,11 @@ include("head.inc"); diff --git a/config/countryblock/execute.sh b/config/countryblock/execute.sh index b70894e6..c51cf99e 100755 --- a/config/countryblock/execute.sh +++ b/config/countryblock/execute.sh @@ -10,9 +10,10 @@ export t=`grep -n 'User Aliases' /tmp/rules.debug |grep -o '[0-9]\{1,2\}'` i=$(($i+'1')) t=$(($t+'1')) -#echo $i -#echo $t - +#i = line where is +#t is where 'User Aliases' is +echo $i +echo $t rm /tmp/rules.debug.tmp @@ -42,21 +43,22 @@ while read line do a=$(($a+1)); echo $a; if [ "$a" = "$i" ]; then - for i in $(cat interfaces.txt); do echo "" >> /tmp/rules.debug.tmp echo "#countryblock" >> /tmp/rules.debug.tmp echo "table persist file '/usr/local/www/packages/countryblock/lists/countries.txt'" >> /tmp/rules.debug.tmp echo "table persist file '/usr/local/www/packages/countryblock/countries-white.txt'" >> /tmp/rules.debug.tmp - echo "pass quick from to $i label 'countryblock'" >> /tmp/rules.debug.tmp - echo "pass quick from $i to label 'countryblock'" >> /tmp/rules.debug.tmp - if [ -f logging ]; then - echo "block log quick from to $i label 'countryblock'" >> /tmp/rules.debug.tmp - else - echo "block quick from to $i label 'countryblock'" >> /tmp/rules.debug.tmp - fi - if [ -f OUTBOUND ]; then - echo "block quick from $i to label 'countryblock'" >> /tmp/rules.debug.tmp - fi + + for i in $(cat /usr/local/www/packages/countryblock/interfaces.txt); do + echo "pass quick from to $i label 'countryblock'" >> /tmp/rules.debug.tmp + echo "pass quick from $i to label 'countryblock'" >> /tmp/rules.debug.tmp + if [ -f logging ]; then + echo "block log quick from to $i label 'countryblock'" >> /tmp/rules.debug.tmp + else + echo "block quick from to $i label 'countryblock'" >> /tmp/rules.debug.tmp + fi + if [ -f OUTBOUND ]; then + echo "block quick from $i to label 'countryblock'" >> /tmp/rules.debug.tmp + fi done fi echo $line >> /tmp/rules.debug.tmp diff --git a/config/countryblock/help.tmp b/config/countryblock/help.tmp new file mode 100644 index 00000000..abfd9596 --- /dev/null +++ b/config/countryblock/help.tmp @@ -0,0 +1,145 @@ + + + + +

+ + + + + + + + +

+ +

+

+ + + + + + + + + + + + + +

Help

+ + + +Usage:

+Countries - Check the country that you would like to block completely.
+                   +Choose if you want to block outbound access and if you want to log attempts.
+                   +Click "Commit Countries" to store your settings. +

+Settings - +Click the setting you want and save
+                 +Block outbound blocks all outbound traffic. You will not be able to browse a website hosted in one of these countries.
+                 +Enable Logging will log all attempted traffic in/out to any of your selected countries. Logs show in the Firewall secion +

+Whitelist - +Add networks you don't want blocked and save
+                 +Add a CIDR Range and press + +

+Interfaces - +Select which interfaces to block on
+                    +All selected countries will be blocked from the interfaces you slected.
+                    +By Default all interfaces are selected.
+                    +It's highly recommended that you keep all interfaces selected +

+Cron Jobs - +Setup a cron job for countryblock
+                    +To run countryblock as a cron job use /usr/local/etc/rc.d/countryblock.sh
+                    +*Before the cron job will work, countryblock must be run via the webGUI atleast once +

+ +Warning! - Apply after every firewall change or state reset. Use at your own risk. + + + + + + + +

+

+

+
+ '0') echo "Running"; + else + echo "NOT running"; + + //Get Errors if exists + ob_start(); + $results = exec("tail -r errorOUT.txt"); + ob_end_clean(); + echo "
"; + echo $results; + echo ""; + + //Get IP Count + echo "
You are blocking "; + ob_start(); + $results = exec("pfctl -T show -t countryblock |grep -v -c Z"); + ob_end_clean(); + echo $results; + echo " Networks"; + ?> + +

+ +

+

+

+ + + + + diff --git a/config/countryblock/settings.tmp b/config/countryblock/settings.tmp new file mode 100644 index 00000000..117ff608 --- /dev/null +++ b/config/countryblock/settings.tmp @@ -0,0 +1,219 @@ + + + + +

+ + +

+ + + + + + + +

+ +

+

+ + + + + + + + + + + + + +

Settings

+ +"; + exec("touch OUTBOUND"); + } + else + { + $output2 = " and Outbound access is ALLOWED."; + exec("rm OUTBOUND"); + } + + if(isset($_POST['formlogging'])) + { + exec("touch logging"); + } + else + { + exec("rm logging"); + } + + + + + } +conf_mount_ro(); +?> + + + + + + + + + + + + +

+ + + + +

+

+

+
+ '0') echo "Running"; + else + echo "NOT running"; + + //Get Errors if exists + ob_start(); + $results = exec("tail -r errorOUT.txt"); + ob_end_clean(); + echo "
"; + echo $results; + echo ""; + + //Get IP Count + echo "
You are blocking "; + ob_start(); + $results = exec("pfctl -T show -t countryblock |grep -v -c Z"); + ob_end_clean(); + echo $results; + echo " Networks"; + ?> + +

+

+

+

+

+ + + + + -- cgit v1.2.3