From a5f75afdd34f4d3938adc7acd924f06f3a7f3aef Mon Sep 17 00:00:00 2001 From: marcelloc Date: Sat, 29 Oct 2011 03:49:09 -0200 Subject: pfBlocker - include table-entries size validation check --- config/pf-blocker/pfblocker.inc | 43 ++++++++++++++++++++++++++++++++++++----- config/pf-blocker/pfblocker.php | 4 ++-- config/pf-blocker/pfblocker.xml | 4 +--- 3 files changed, 41 insertions(+), 10 deletions(-) (limited to 'config') diff --git a/config/pf-blocker/pfblocker.inc b/config/pf-blocker/pfblocker.inc index 578ed75d..1aa8a410 100755 --- a/config/pf-blocker/pfblocker.inc +++ b/config/pf-blocker/pfblocker.inc @@ -348,11 +348,44 @@ function sync_package_pfblocker() { } $config['filter']['rule']=$new_rules; - #save and apply all changes - write_config(); - filter_configure(); - - pfblocker_sync_on_changes(); + #check aliastable size + preg_match("/(\d+)/",exec("/usr/bin/wc -l /usr/local/pkg/pfb_in.txt"),$matches); + $count_ips_in = $matches[1]; + preg_match("/(\d+)/",exec("/usr/bin/wc -l /usr/local/pkg/pfb_out.txt"),$matches); + $count_ips_out = $matches[1]; + preg_match("/(\d+)/",exec("/usr/bin/wc -l /usr/local/pkg/pfb_w.txt"),$matches); + $count_ips_w = $matches[1]; + + #get higher value + $max=$count_ips_in; + if ($max < $count_ips_out) + $max = $count_ips_out; + if ($max < $count_ips_w) + $max = $count_ips_w; + $sum=($count_ips_in + $count_ips_out + $count_ips_w); + #check table size client option + $table_limit =($config['system']['maximumtableentries']!= ""?$config['system']['maximumtableentries']:"100000"); + + #check for possible table size erros + $error_message=""; + if ($count_ips_in >= $table_limit ) + $message='pfBlockerInbound alias table is too large. Reduce Inbound list or increase "Firewall Maximum Table Entries" value to at least '.($sum +1000).' in "system - advanced - Firewall/NAT".'; + if ($count_ips_out >= $table_limit ) + $message='pfBlockerOutbound alias table is too large. Reduce Outbound List or increase "Firewall Maximum Table Entries" value to at least '.($sum +1000).' in "system - advanced - Firewall/NAT".'; + if ($count_ips_w >= $table_limit ) + $message='pfBlockerWL alias table is too large. Reduce whitelist or increase "Firewall Maximum Table Entries" value to at least '.($sum +1000).' in "system - advanced - Firewall/NAT ".'; + + if ($message == ""){ + #save and apply all changes*/ + write_config(); + #load filter file after editing + filter_configure(); + pfblocker_sync_on_changes(); + } + else{ + log_error("[pfBlocker] ".$message); + file_notice("pfBlocker", $message, "pfblocker rule apply", ""); + } } function pfblocker_validate_input($post, &$input_errors) { diff --git a/config/pf-blocker/pfblocker.php b/config/pf-blocker/pfblocker.php index 4eb07634..f1dd85f5 100644 --- a/config/pf-blocker/pfblocker.php +++ b/config/pf-blocker/pfblocker.php @@ -52,8 +52,8 @@ foreach ($files as $cont => $file){ ${preg_replace("/\s/","",$matches[1])}=$matches[2]; } else{ - if (${$ISOcount}==0){ - ${$ISOCount}++; + if (${$ISOCode."c"}==""){ + ${$ISOCode."c"}="ok"; $options.= ''."\n"; } ${$ISOCode}.=$line."\n"; diff --git a/config/pf-blocker/pfblocker.xml b/config/pf-blocker/pfblocker.xml index c8a1facf..77a81e24 100755 --- a/config/pf-blocker/pfblocker.xml +++ b/config/pf-blocker/pfblocker.xml @@ -230,7 +230,7 @@ - + Update frequency update Never
@@ -238,14 +238,12 @@ select -
- none -- cgit v1.2.3