From d3cb33d177db41fb0942eb05157e43e249ebf1b0 Mon Sep 17 00:00:00 2001 From: BBcan177 Date: Sun, 1 Feb 2015 16:08:27 -0500 Subject: pfBlockerNG - Relocated MaxMind Folder Changes - 1) Relocate MaxMind folder from /var/db to /usr/pbi Folder. Nano and Ramdisk Installations have the /var/db folder wiped on Reboot. 2) Add code to support MaxMind "Anonymous Proxy and Satellite Providers" to inc file. 3) Move $pfb_alias_lists_all below the conditional "IF" statements. 4) Improve Header Name Validation. 5) Install/De-install - Changes to support MaxMind "Anonymous Proxy and Satellite Providers" configuration. Delete previously used Folder location, and remove MaxMind Working files after Installation is completed. --- config/pfblockerng/pfblockerng.inc | 44 ++++++++++++++++++++++++++------------ 1 file changed, 30 insertions(+), 14 deletions(-) (limited to 'config') diff --git a/config/pfblockerng/pfblockerng.inc b/config/pfblockerng/pfblockerng.inc index 86052f6b..d612dbf1 100644 --- a/config/pfblockerng/pfblockerng.inc +++ b/config/pfblockerng/pfblockerng.inc @@ -56,12 +56,12 @@ function pfb_global() { $pfb['aliasdir'] = "{$g['vardb_path']}/aliastables"; $pfb['logdir'] = "{$g['varlog_path']}/pfblockerng"; $pfb['etdir'] = "{$pfb['dbdir']}/ET"; - $pfb['ccdir'] = "{$pfb['dbdir']}/cc"; $pfb['nativedir'] = "{$pfb['dbdir']}/native"; $pfb['denydir'] = "{$pfb['dbdir']}/deny"; $pfb['matchdir'] = "{$pfb['dbdir']}/match"; $pfb['permitdir'] = "{$pfb['dbdir']}/permit"; $pfb['origdir'] = "{$pfb['dbdir']}/original"; + $pfb['ccdir'] = "/usr/pbi/pfblockerng-" . php_uname("m") . "/share/GeoIP"; # Create Folders if not Exist. $folder_array = array ("{$pfb['dbdir']}","{$pfb['logdir']}","{$pfb['ccdir']}","{$pfb['origdir']}","{$pfb['nativedir']}","{$pfb['denydir']}","{$pfb['matchdir']}","{$pfb['permitdir']}","{$pfb['aliasdir']}"); @@ -457,14 +457,15 @@ function sync_package_pfblockerng($cron = "") { # Configure ARRAYS # ############################################# - $continents = array ( "Africa" => "pfB_Africa", - "Antartica" => "pfB_Antartica", - "Asia" => "pfB_Asia", - "Europe" => "pfB_Europe", - "North America" => "pfB_NAmerica", - "Oceania" => "pfB_Oceania", - "South America" => "pfB_SAmerica", - "Top Spammers" => "pfB_Top" + $continents = array ( "Africa" => "pfB_Africa", + "Antartica" => "pfB_Antartica", + "Asia" => "pfB_Asia", + "Europe" => "pfB_Europe", + "North America" => "pfB_NAmerica", + "Oceania" => "pfB_Oceania", + "South America" => "pfB_SAmerica", + "Top Spammers" => "pfB_Top", + "Proxy and Satellite" => "pfB_PS" ); #create rules vars and arrays @@ -1192,16 +1193,16 @@ function sync_package_pfblockerng($cron = "") { $log_tab = "\t\t"; } - # Collect Active Alias List (Used for pfctl Update when 'Reputation' is enabled. - $pfb_alias_lists_all[] = "{$alias}"; - // Empty Header Field Validation Check - if (empty($header_url)) { - $log = "\n [ {$row['url']} ] {$log_tab} Header Field cannot be Empty. *Skipping* \n"; + if (empty($header_url) || preg_match("/\W/",$header_url)) { + $log = "\n [ {$row['url']} ]\n ** TERMINATED - Header contains Blank/International/Special or Spaces\n"; pfb_logger("{$log}","2"); continue; } + # Collect Active Alias List (Used for pfctl Update when 'Reputation' is enabled. + $pfb_alias_lists_all[] = "{$alias}"; + if (file_exists($pfbfolder . '/' . $header_url . '.txt') && $pfb['reuse'] == "") { if ($row['state'] == "Hold") { $log = "\n[ {$header_url} ] {$log_tab} Static Hold [ NOW ]\n"; @@ -2330,12 +2331,19 @@ function pfblockerng_php_install_command() { global $config,$pfb; pfb_global(); + // Remove previously used CC folder location if exists + @rmdir_recursive("{$pfb['dbdir']}/cc"); + # Uncompress Country Code File and delete Archive after extraction. exec("cd /{$pfb['ccdir']}; /usr/bin/tar -jxvf {$pfb['ccdir']}/countrycodes.tar.bz2"); unlink_if_exists("{$pfb['ccdir']}/countrycodes.tar.bz2"); # Download MaxMind Files and Create Country Code files and Build Continent XML Files update_output_window(gettext("Downloading MaxMind Country Databases. This may take a minute...")); exec("/bin/sh /usr/local/pkg/pfblockerng/geoipupdate.sh all >> {$pfb['geolog']} 2>&1"); + + @rename("{$pfb['dbdir']}/GeoIP.dat", "{$pfb['ccdir']}/GeoIP.dat"); + @rename("{$pfb['dbdir']}/GeoIPv6.dat", "{$pfb['ccdir']}/GeoIPv6.dat"); + update_output_window(gettext("MaxMind Country Database downloads completed...")); update_output_window(gettext("Converting MaxMind Country Databases for pfBlockerNG. This may take a few minutes...")); pfblockerng_uc_countries(); @@ -2343,6 +2351,12 @@ function pfblockerng_php_install_command() { pfblockerng_get_countries(); update_output_window(gettext("Completed Creating pfBlockerNG Continenet XML Files...")); + // Remove Original Maxmind Database Files + @unlink_if_exists("{$pfb['dbdir']}/GeoIPCountryCSV.zip"); + @unlink_if_exists("{$pfb['dbdir']}/GeoIPCountryWhois.csv"); + @unlink_if_exists("{$pfb['dbdir']}/GeoIPv6.csv"); + @unlink_if_exists("{$pfb['dbdir']}/country_continent.csv"); + # Add Widget to Dashboard update_output_window(gettext("Adding pfBlockerNG Widget to Dashboard.")); if ($pfb['keep'] == "on" && !empty($pfb['widgets'])) { @@ -2407,6 +2421,8 @@ function pfblockerng_php_deinstall_command() { unset($config['installedpackages']['pfblockerngsouthamerica']); if (is_array($config['installedpackages']['pfblockerngtopspammers'])) unset($config['installedpackages']['pfblockerngtopspammers']); + if (is_array($config['installedpackages']['pfblockerngproxyandsatellite'])) + unset($config['installedpackages']['pfblockerngproxyandsatellite']); } # Remove Widget (code from Snort deinstall) -- cgit v1.2.3 From 44edf057a1a0a257a607fd49a64e1c130100c05d Mon Sep 17 00:00:00 2001 From: BBcan177 Date: Sun, 1 Feb 2015 16:19:03 -0500 Subject: pfBlockerNG - Mods to XML files for MaxMind Anon. Proxy/Satellite Providers Mods to XML files for MaxMind Anon. Proxy/Satellite and priv inc file. --- config/pfblockerng/pfblockerng.priv.inc | 1 + config/pfblockerng/pfblockerng.xml | 4 ++++ config/pfblockerng/pfblockerng_sync.xml | 4 ++++ config/pfblockerng/pfblockerng_top20.xml | 4 ++++ config/pfblockerng/pfblockerng_v4lists.xml | 4 ++++ config/pfblockerng/pfblockerng_v6lists.xml | 4 ++++ 6 files changed, 21 insertions(+) (limited to 'config') diff --git a/config/pfblockerng/pfblockerng.priv.inc b/config/pfblockerng/pfblockerng.priv.inc index 092c34ae..970ab25f 100644 --- a/config/pfblockerng/pfblockerng.priv.inc +++ b/config/pfblockerng/pfblockerng.priv.inc @@ -17,6 +17,7 @@ $priv_list['page-firewall-pfblockerng']['match'][] = "pkg_edit.php?xml=pfblocker $priv_list['page-firewall-pfblockerng']['match'][] = "pkg_edit.php?xml=pfblockerng/pfblockerng_NorthAmerica.xml*"; $priv_list['page-firewall-pfblockerng']['match'][] = "pkg_edit.php?xml=pfblockerng/pfblockerng_Oceania.xml*"; $priv_list['page-firewall-pfblockerng']['match'][] = "pkg_edit.php?xml=pfblockerng/pfblockerng_SouthAmerica.xml*"; +$priv_list['page-firewall-pfblockerng']['match'][] = "pkg_edit.php?xml=pfblockerng/pfblockerng_ProxyandSatellite.xml*"; $priv_list['page-firewall-pfblockerng']['match'][] = "pkg_edit.php?xml=pfblockerng/pfblockerng_sync.xml*"; $priv_list['page-firewall-pfblockerng']['match'][] = "pfblockerng/pfblockerng_update.php*"; $priv_list['page-firewall-pfblockerng']['match'][] = "pfblockerng/pfblockerng_alerts.php*"; diff --git a/config/pfblockerng/pfblockerng.xml b/config/pfblockerng/pfblockerng.xml index 9442bc7f..e2f4b508 100644 --- a/config/pfblockerng/pfblockerng.xml +++ b/config/pfblockerng/pfblockerng.xml @@ -198,6 +198,10 @@ S.A. /pkg_edit.php?xml=/pfblockerng/pfblockerng_SouthAmerica.xml&id=0 + + P.S. + /pkg_edit.php?xml=/pfblockerng/pfblockerng_ProxyandSatellite.xml&id=0 + Logs /pfblockerng/pfblockerng_log.php diff --git a/config/pfblockerng/pfblockerng_sync.xml b/config/pfblockerng/pfblockerng_sync.xml index 856af2f4..00186af8 100644 --- a/config/pfblockerng/pfblockerng_sync.xml +++ b/config/pfblockerng/pfblockerng_sync.xml @@ -111,6 +111,10 @@ S.A. /pkg_edit.php?xml=/pfblockerng/pfblockerng_SouthAmerica.xml&id=0 + + P.S. + /pkg_edit.php?xml=/pfblockerng/pfblockerng_ProxyandSatellite.xml&id=0 + Logs /pfblockerng/pfblockerng_log.php diff --git a/config/pfblockerng/pfblockerng_top20.xml b/config/pfblockerng/pfblockerng_top20.xml index 4974c488..ccaf68a0 100644 --- a/config/pfblockerng/pfblockerng_top20.xml +++ b/config/pfblockerng/pfblockerng_top20.xml @@ -112,6 +112,10 @@ S.A. /pkg_edit.php?xml=/pfblockerng/pfblockerng_SouthAmerica.xml&id=0 + + P.S. + /pkg_edit.php?xml=/pfblockerng/pfblockerng_ProxyandSatellite.xml&id=0 + Logs /pfblockerng/pfblockerng_log.php diff --git a/config/pfblockerng/pfblockerng_v4lists.xml b/config/pfblockerng/pfblockerng_v4lists.xml index ce92f4be..6df839ed 100644 --- a/config/pfblockerng/pfblockerng_v4lists.xml +++ b/config/pfblockerng/pfblockerng_v4lists.xml @@ -115,6 +115,10 @@ S.A. /pkg_edit.php?xml=/pfblockerng/pfblockerng_SouthAmerica.xml&id=0 + + P.S. + /pkg_edit.php?xml=/pfblockerng/pfblockerng_ProxyandSatellite.xml&id=0 + Logs /pfblockerng/pfblockerng_log.php diff --git a/config/pfblockerng/pfblockerng_v6lists.xml b/config/pfblockerng/pfblockerng_v6lists.xml index 6f507057..15d788cf 100644 --- a/config/pfblockerng/pfblockerng_v6lists.xml +++ b/config/pfblockerng/pfblockerng_v6lists.xml @@ -115,6 +115,10 @@ S.A. /pkg_edit.php?xml=/pfblockerng/pfblockerng_SouthAmerica.xml&id=0 + + P.S. + /pkg_edit.php?xml=/pfblockerng/pfblockerng_ProxyandSatellite.xml&id=0 + Logs /pfblockerng/pfblockerng_log.php -- cgit v1.2.3 From 1e2ca120d98ffebaeeb00e64c2101bb82b977d98 Mon Sep 17 00:00:00 2001 From: BBcan177 Date: Sun, 1 Feb 2015 16:24:13 -0500 Subject: pfBlockerNG - Mods to sh file for MaxMind Folder re-location --- config/pfblockerng/pfblockerng.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'config') diff --git a/config/pfblockerng/pfblockerng.sh b/config/pfblockerng/pfblockerng.sh index c09d52e1..cc11be6b 100644 --- a/config/pfblockerng/pfblockerng.sh +++ b/config/pfblockerng/pfblockerng.sh @@ -35,7 +35,7 @@ etblock=$(echo $8 | sed 's/,/, /g') etmatch=$(echo $9 | sed 's/,/, /g') # File Locations -pathgeoipdat=/var/db/pfblockerng/GeoIP.dat +pathgeoipdat=/usr/pbi/pfblockerng-$mtype/share/GeoIP/GeoIP.dat pfbsuppression=/var/db/pfblockerng/pfbsuppression.txt masterfile=/var/db/pfblockerng/masterfile mastercat=/var/db/pfblockerng/mastercat -- cgit v1.2.3 From a52ff8074498b7187f21b042505d1ef552d26bda Mon Sep 17 00:00:00 2001 From: BBcan177 Date: Sun, 1 Feb 2015 16:29:23 -0500 Subject: pfBlockerNG - Mods to Update file for MaxMind Anon. Proxy/Satellite 1) Mods for MaxMind Anonymous Proxy and Satellite Providers. 2) Add str_replace array to remove ") which will break the Auto Log Viewer from functioning. --- config/pfblockerng/pfblockerng_update.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'config') diff --git a/config/pfblockerng/pfblockerng_update.php b/config/pfblockerng/pfblockerng_update.php index dc0fab85..99480900 100644 --- a/config/pfblockerng/pfblockerng_update.php +++ b/config/pfblockerng/pfblockerng_update.php @@ -128,7 +128,7 @@ function pfb_cron_update($type) { while (!feof($f)) { $pfb_buffer = fread($f, 2048); - $pfb_output .= str_replace( "\r", "", $pfb_buffer); + $pfb_output .= str_replace( array ("\r", "\")"), "", $pfb_buffer); // Refresh on new lines only. This allows Scrolling. if ($lastpos != $lastpos_old) @@ -184,6 +184,7 @@ include_once("head.inc"); $tab_array[] = array(gettext("N.A."), false, "/pkg_edit.php?xml=/pfblockerng/pfblockerng_NorthAmerica.xml&id=0"); $tab_array[] = array(gettext("Oceania"), false, "/pkg_edit.php?xml=/pfblockerng/pfblockerng_Oceania.xml&id=0"); $tab_array[] = array(gettext("S.A."), false, "/pkg_edit.php?xml=/pfblockerng/pfblockerng_SouthAmerica.xml&id=0"); + $tab_array[] = array(gettext("P.S."), false, "/pkg_edit.php?xml=/pfblockerng/pfblockerng_ProxyandSatellite.xml&id=0"); $tab_array[] = array(gettext("Logs"), false, "/pfblockerng/pfblockerng_log.php"); $tab_array[] = array(gettext("Sync"), false, "/pkg_edit.php?xml=/pfblockerng/pfblockerng_sync.xml&id=0"); display_top_tabs($tab_array, true); @@ -378,7 +379,7 @@ if (isset($_POST['pfbview'])) { while (!feof($f)) { $pfb_buffer = fread($f, 4096); - $pfb_output .= str_replace( "\r", "", $pfb_buffer); + $pfb_output .= str_replace( array ("\r", "\")"), "", $pfb_buffer); // Refresh on new lines only. This allows scrolling. if ($lastpos != $lastpos_old) { -- cgit v1.2.3 From 25e6d04bef2df322007a4abfe4173e33af5f7085 Mon Sep 17 00:00:00 2001 From: BBcan177 Date: Sun, 1 Feb 2015 16:32:09 -0500 Subject: pfBlockerNG - Mods to Log file for MaxMind Anon. Proxy/Satellite 1) Mods for MaxMind Anonymous Proxy and Satellite Providers 2) Add Country Folder viewing capability. --- config/pfblockerng/pfblockerng_log.php | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'config') diff --git a/config/pfblockerng/pfblockerng_log.php b/config/pfblockerng/pfblockerng_log.php index 39f9eb06..74f513a2 100644 --- a/config/pfblockerng/pfblockerng_log.php +++ b/config/pfblockerng/pfblockerng_log.php @@ -144,6 +144,12 @@ $pfb_logtypes = array( 'defaultlogs' => array('name' => 'Log Files', 'logdir' => "{$pfb['etdir']}/", 'download' => TRUE, 'clear' => FALSE + ), + 'country' => array('name' => 'Country Files', + 'ext' => 'txt', + 'logdir' => "{$pfb['ccdir']}/", + 'download' => TRUE, + 'clear' => FALSE ) ); @@ -288,6 +294,7 @@ if ($savemsg) { $tab_array[] = array(gettext("N.A."), false, "/pkg_edit.php?xml=/pfblockerng/pfblockerng_NorthAmerica.xml&id=0"); $tab_array[] = array(gettext("Oceania"), false, "/pkg_edit.php?xml=/pfblockerng/pfblockerng_Oceania.xml&id=0"); $tab_array[] = array(gettext("S.A."), false, "/pkg_edit.php?xml=/pfblockerng/pfblockerng_SouthAmerica.xml&id=0"); + $tab_array[] = array(gettext("P.S."), false, "/pkg_edit.php?xml=/pfblockerng/pfblockerng_ProxyandSatellite.xml&id=0"); $tab_array[] = array(gettext("Logs"), true, "/pfblockerng/pfblockerng_log.php"); $tab_array[] = array(gettext("Sync"), false, "/pkg_edit.php?xml=/pfblockerng/pfblockerng_sync.xml&id=0"); display_top_tabs($tab_array, true); -- cgit v1.2.3 From 4b75e9e1aaea93e970c2073ce1eb669a7c5ffe7b Mon Sep 17 00:00:00 2001 From: BBcan177 Date: Sun, 1 Feb 2015 16:38:52 -0500 Subject: pfBlockerNG - Mods to Alerts File for MaxMind Anon. Proxy/Satellite 1) Mods for MaxMind Anonymous Proxy and Satellite Providers 2) Mods to MaxMind Dat file location from /var/db to /usr/pbi folders. --- config/pfblockerng/pfblockerng_alerts.php | 5 +- config/pfblockerng/pfblockerng_alerts.php.bak | 769 ++++++++++++++++++++++++++ 2 files changed, 772 insertions(+), 2 deletions(-) create mode 100644 config/pfblockerng/pfblockerng_alerts.php.bak (limited to 'config') diff --git a/config/pfblockerng/pfblockerng_alerts.php b/config/pfblockerng/pfblockerng_alerts.php index 541d1e03..7b84bca8 100644 --- a/config/pfblockerng/pfblockerng_alerts.php +++ b/config/pfblockerng/pfblockerng_alerts.php @@ -53,8 +53,8 @@ $pathgeoip6 = "/usr/pbi/pfblockerng-" . php_uname("m") . "/bin/geoiplookup6"; // Define File Locations $filter_logfile = "{$g['varlog_path']}/filter.log"; -$pathgeoipdat = "{$pfb['dbdir']}/GeoIP.dat"; -$pathgeoipdat6 = "{$pfb['dbdir']}/GeoIPv6.dat"; +$pathgeoipdat = "/usr/pbi/pfblockerng-" . php_uname("m") . "/share/GeoIP/GeoIP.dat"; +$pathgeoipdat6 = "/usr/pbi/pfblockerng-" . php_uname("m") . "/share/GeoIP/GeoIPv6.dat"; // Emerging Threats IQRisk Header Name Reference $pfb['et_header'] = TRUE; @@ -334,6 +334,7 @@ if ($savemsg) { $tab_array[] = array(gettext("N.A."), false, "/pkg_edit.php?xml=/pfblockerng/pfblockerng_NorthAmerica.xml&id=0"); $tab_array[] = array(gettext("Oceania"), false, "/pkg_edit.php?xml=/pfblockerng/pfblockerng_Oceania.xml&id=0"); $tab_array[] = array(gettext("S.A."), false, "/pkg_edit.php?xml=/pfblockerng/pfblockerng_SouthAmerica.xml&id=0"); + $tab_array[] = array(gettext("P.S."), false, "/pkg_edit.php?xml=/pfblockerng/pfblockerng_ProxyandSatellite.xml&id=0"); $tab_array[] = array(gettext("Logs"), false, "/pfblockerng/pfblockerng_log.php"); $tab_array[] = array(gettext("Sync"), false, "/pkg_edit.php?xml=/pfblockerng/pfblockerng_sync.xml&id=0"); display_top_tabs($tab_array, true); diff --git a/config/pfblockerng/pfblockerng_alerts.php.bak b/config/pfblockerng/pfblockerng_alerts.php.bak new file mode 100644 index 00000000..f4401bc9 --- /dev/null +++ b/config/pfblockerng/pfblockerng_alerts.php.bak @@ -0,0 +1,769 @@ += '2.2') { + preg_match ("/@(\d+)\(/",$result, $rule); + } else { + preg_match ("/@(\d+)\s/",$result, $rule); + } + + $id = $rule[1]; + # Create array of Rule Description and pfctl Rule Number + $rule_list['id'][] = $id; + $rule_list[$id]['name'] = $descr; + } +} + +// Add IP to the Suppression Alias +if (isset($_POST['addsuppress'])) { + $ip = ""; + if (isset($_POST['ip'])) { + $ip = $_POST['ip']; + $table = $_POST['table']; + $descr = $_POST['descr']; + $cidr = $_POST['cidr']; + + // If Description or CIDR field is empty, exit. + if (empty($descr) || empty($cidr)) { + header("Location: " . $_SERVER['PHP_SELF']); + exit; + } + + if (is_ipaddr($ip)) { + + $savemsg1 = "Host IP address {$ip}"; + if (is_ipaddrv4($ip)) { + $iptrim1 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '$1.$2.$3.0/24', $ip); + $iptrim2 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '$1.$2.$3.', $ip); + $iptrim3 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '$4', $ip); + + if ($cidr == "32") { + $pfb_pfctl = exec ("/sbin/pfctl -t {$table} -T show | grep {$iptrim1} 2>&1"); + + if ($pfb_pfctl == "") { + $savemsg2 = " : Removed /32 entry"; + exec ("/sbin/pfctl -t {$table} -T delete {$ip}"); + } else { + $savemsg2 = " : Removed /24 entry, added 254 addr"; + exec ("/sbin/pfctl -t {$table} -T delete {$iptrim1}"); + for ($add_ip=0; $add_ip <= 255; $add_ip++){ + if ($add_ip != $iptrim3) { + exec ("/sbin/pfctl -t {$table} -T add {$iptrim2}{$add_ip}"); + } + } + } + } else { + $cidr = 24; + $savemsg2 = " : Removed /24 entry"; + exec ("/sbin/pfctl -t {$table} -T delete {$iptrim1} 2>&1", $pfb_pfctl); + if (!preg_grep("/1\/1 addresses deleted/", $pfb_pfctl)) { + $savemsg2 = " : Removed all entries"; + // Remove 0-255 IP Address from Alias Table + for ($del_ip=0; $del_ip <= 255; $del_ip++){ + exec ("/sbin/pfctl -t {$table} -T delete {$iptrim2}{$del_ip}"); + } + } + } + } + + // Collect pfBlockerNGSuppress Alias Contents + $pfb_sup_list = array(); + $pfb_sup_array = array(); + $pfb['found'] = FALSE; + $pfb['update'] = FALSE; + if (is_array($config['aliases']['alias'])) { + foreach ($config['aliases']['alias'] as $alias) { + if ($alias['name'] == "pfBlockerNGSuppress") { + $data = $alias['address']; + $data2 = $alias['detail']; + $arr1 = explode(" ",$data); + $arr2 = explode("||",$data2); + + if (!empty($data)) { + $row = 0; + foreach ($arr1 as $host) { + $pfb_sup_list[] = $host; + $pfb_sup_array[$row]['host'] = $host; + $row++; + } + $row = 0; + foreach ($arr2 as $detail) { + $pfb_sup_array[$row]['detail'] = $detail; + $row++; + } + } + $pfb['found'] = TRUE; + } + } + } + + // Call Function to Create Suppression Alias if not found. + if (!$pfb['found']) + pfb_create_suppression_alias(); + + // Save New Suppress IP to pfBlockerNGSuppress Alias + if (in_array($ip . '/' . $cidr, $pfb_sup_list)) { + $savemsg = gettext("Host IP address {$ip} already exists in the pfBlockerNG Suppress Table."); + } else { + if (!$pfb['found'] && empty($pfb_sup_list)) { + $next_id = 0; + } else { + $next_id = count($pfb_sup_list); + } + $pfb_sup_array[$next_id]['host'] = $ip . '/' . $cidr; + $pfb_sup_array[$next_id]['detail'] = $descr; + + $address = ""; + $detail = ""; + foreach ($pfb_sup_array as $pfb_sup) { + $address .= $pfb_sup['host'] . " "; + $detail .= $pfb_sup['detail'] . "||"; + } + + // Find pfBlockerNGSuppress Array ID Number + if (is_array($config['aliases']['alias'])) { + $pfb_id = 0; + foreach ($config['aliases']['alias'] as $alias) { + if ($alias['name'] == "pfBlockerNGSuppress") { + break; + } + $pfb_id++; + } + } + + $config['aliases']['alias'][$pfb_id]['address'] = rtrim($address, " "); + $config['aliases']['alias'][$pfb_id]['detail'] = rtrim($detail, "||"); + $savemsg = gettext($savemsg1) . gettext($savemsg2) . gettext(" and added Host to the pfBlockerNG Suppress Table."); + $pfb['update'] = TRUE; + } + + if ($pfb['found'] || $pfb['update']) { + // Save all Changes to pfsense config file + write_config(); + } + } + } +} + +// Auto-Resolve Hostnames +if (isset($_REQUEST['getpfhostname'])) { + $getpfhostname = htmlspecialchars($_REQUEST['getpfhostname']); + $hostname = htmlspecialchars(gethostbyaddr($getpfhostname), ENT_QUOTES); + if ($hostname == $getpfhostname) { + $hostname = 'unknown'; + } + echo $hostname; + die; +} + + +// Host Resolve Function lookup +function getpfbhostname($type = 'src', $hostip, $countme = 0) { + $hostnames['src'] = ''; + $hostnames['dst'] = ''; + $hostnames[$type] = '
'; + return $hostnames; +} + + +// Determine if Alert Host 'Dest' is within the Local Lan IP Range. +function check_lan_dest($lan_ip,$lan_mask,$dest_ip,$dest_mask="32") { + $result = check_subnets_overlap($lan_ip, $lan_mask, $dest_ip, $dest_mask); + return $result; +} + + +$pgtitle = gettext("pfBlockerNG: Alerts"); +include_once("head.inc"); +?> + +
+ + + + +\n"; +if ($savemsg) { + print_info_box($savemsg); +} + +?> + + + + + + +
+ +
+ + + + + + + + + + $pfb['denydir'] . " " . $pfb['nativedir'], "Permit" => $pfb['permitdir'], "Match" => $pfb['matchdir']) as $type => $pfbfolder ): + switch($type) { + case "Deny": + $rtype = "block"; + $pfbentries = "{$pfbdenycnt}"; + break; + case "Permit": + $rtype = "pass"; + $pfbentries = "{$pfbpermitcnt}"; + break; + case "Match": + if ($pfb['pfsenseversion'] >= '2.2') { + $rtype = "unkn(%u)"; + } else { + $rtype = "unkn(11)"; + } + $pfbentries = "{$pfbmatchcnt}"; + break; + } + +?> +
  +   +   +
+ + ', ''); ?> + + ', ''); ?> + + ', ''); ?> + +   />  + +   />    +
+ +        + ', '');?> +
+ + + + + +
+ = '2.2'): ?> + +    + + +    + +    + + +
+ + + + + + + + + + + + + + + + + + + + + + + + += '2.2') { + $pfblines = exec("/usr/bin/grep -c ^ {$filter_logfile}"); + } else { + $pfblines = (exec("/usr/bin/grep -c ^ {$filter_logfile}") /2 ); + } + $fields_array = conv_log_filter($filter_logfile, $pfblines, $pfblines); + + $continents = array('pfB_Africa','pfB_Antartica','pfB_Asia','pfB_Europe','pfB_NAmerica','pfB_Oceania','pfB_SAmerica','pfB_Top'); + + $supp_ip_txt .= "Clicking this Suppression Icon, will immediately remove the Block.\n\nSuppressing a /32 CIDR is better than Suppressing the full /24"; + $supp_ip_txt .= " CIDR.\nThe Host will be added to the pfBlockerNG Suppress Alias Table.\n\nOnly 32 or 24 CIDR IPs can be Suppressed with the '+' Icon."; + $supp_ip_txt .= "\nTo manually add Host(s), edit the 'pfBlockerNGSuppress' Alias in the Alias Tab.\nManual entries will not remove existing Blocked Hosts"; + + // Array of all Local IPs for Alert Analysis + $pfb_local = array(); + + // Collect Gateway IP Addresses for Inbound/Outbound List matching + $int_gateway = get_interfaces_with_gateway(); + if (is_array($int_gateway)) { + foreach ($int_gateway as $gateway) { + $convert = get_interface_ip($gateway); + $pfb_local[] = $convert; + } + } + + // Collect Virtual IP Aliases for Inbound/Outbound List Matching + if (is_array($config['virtualip']['vip'])) { + foreach ($config['virtualip']['vip'] as $list) { + $pfb_local[] = $list['subnet']; + } + } + // Collect NAT IP Addresses for Inbound/Outbound List Matching + if (is_array($config['nat']['rule'])) { + foreach ($config['nat']['rule'] as $natent) { + $pfb_local[] = $natent['target']; + } + } + + // Collect 1:1 NAT IP Addresses for Inbound/Outbound List Matching + if(is_array($config['nat']['onetoone'])) { + foreach ($config['nat']['onetoone'] as $onetoone) { + $pfb_local[] = $onetoone['source']['address']; + } + } + + // Convert any 'Firewall Aliases' to IP Address Format + if (is_array($config['aliases']['alias'])) { + for ($cnt = 0; $cnt <= count($pfb_local); $cnt++) { + foreach ($config['aliases']['alias'] as $i=> $alias) { + if (isset($alias['name']) && isset($pfb_local[$cnt])) { + if ($alias['name'] == $pfb_local[$cnt]) { + $pfb_local[$cnt] = $alias['address']; + } + } + } + } + } + // Remove any Duplicate IPs + $pfb_local = array_unique($pfb_local); + + // Determine Lan IP Address and Mask + if (is_array($config['interfaces']['lan'])) { + $lan_ip = $config['interfaces']['lan']['ipaddr']; + $lan_mask = $config['interfaces']['lan']['subnet']; + } +} + +$counter = 0; +// Process Fields_array and generate Output +if (!empty($fields_array)) { + foreach ($fields_array as $fields) { + $rulenum = ""; + $alert_ip = ""; + $supp_ip = ""; + $pfb_query = ""; + + $rulenum = $fields['rulenum']; + if ($fields['act'] == $rtype && !empty($rule_list) && in_array($rulenum, $rule_list['id']) && $counter < $pfbentries) { + + // Skip Repeated Events + if (($fields['dstip'] . $fields['dstport']) == $previous_dstip || ($fields['srcip'] . $fields['srcport']) == $previous_srcip) { + continue; + } + + $proto = str_replace("TCP", "TCP-", $fields['proto']) . $fields['tcpflags']; + + // Cleanup Port Output + if ($fields['proto'] == "ICMP") { + $srcport = $fields['srcport']; + $dstport = $fields['dstport']; + } else { + $srcport = " :" . $fields['srcport']; + $dstport = " :" . $fields['dstport']; + } + + // Don't add Suppress Icon to Country Block Lines + if (in_array(substr($rule_list[$rulenum]['name'], 0, -3), $continents)) { + $pfb_query = "Country"; + } + + // Add DNS Resolve and Suppression Icons to External IPs only. GeoIP Code to External IPs only. + if (in_array($fields['dstip'], $pfb_local) || check_lan_dest($lan_ip,$lan_mask,$fields['dstip'],"32")) { + // Destination is Gateway/NAT/VIP + $rule = $rule_list[$rulenum]['name'] . "
(" . $rulenum .")"; + $host = $fields['srcip']; + + if (is_ipaddrv4($host)) { + $country = substr(exec("$pathgeoip -f $pathgeoipdat $host"),23,2); + } else { + $country = substr(exec("$pathgeoip6 -f $pathgeoipdat6 $host"),26,2); + } + + $alert_ip .= " "; + + if ($pfb_query != "Country" && $rtype == "block" && $pfb['supp'] == "on") { + $supp_ip .= ""; + } + + if ($pfb_query != "Country" && $rtype == "block" && $hostlookup == "on") { + $hostname = getpfbhostname('src', $fields['srcip'], $counter); + } else { + $hostname = ""; + } + + $src_icons = $alert_ip . " " . $supp_ip . " "; + $dst_icons = ""; + $scc = $country; + $dcc = ""; + } else { + // Outbound + $rule = $rule_list[$rulenum]['name'] . "
(" . $rulenum .")"; + $host = $fields['dstip']; + + if (is_ipaddrv4($host)) { + $country = substr(exec("$pathgeoip -f $pathgeoipdat $host"),23,2); + } else { + $country = substr(exec("$pathgeoip6 -f $pathgeoipdat6 $host"),26,2); + } + + $alert_ip .= " "; + + if ($pfb_query != "Country" && $rtype == "block" && $pfb['supp'] == "on") { + $supp_ip .= ""; + } + + if ($pfb_query != "Country" && $rtype == "block" && $hostlookup == "on") { + $hostname = getpfbhostname('dst', $fields['dstip'], $counter); + } else { + $hostname = ""; + } + + $src_icons = ""; + $dst_icons = $alert_ip . " " . $supp_ip . " "; + $scc = ""; + $dcc = $country; + } + + # IP Query Grep Exclusion + $pfb_ex1 = "grep -v 'pfB\_\|\_v6\.txt'"; + $pfb_ex2 = "grep -v 'pfB\_\|/32\|/24\|\_v6\.txt' | grep -m1 '/'"; + + // Find List which contains Blocked IP Host + if ($pfb_query == "Country") { + # Skip + } else { + // Search for exact IP Match + $host1 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '\'$1\.$2\.$3\.$4\'', $host); + $pfb_query = exec("grep -rHm1 {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/:.*//' -e 's/\..*/ /' | {$pfb_ex1}"); + // Search for IP in /24 CIDR + if (empty($pfb_query)) { + $host1 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '\'$1\.$2\.$3\.0/24\'', $host); + $pfb_query = exec("grep -rHm1 {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex1}"); + } + // Search for First Two IP Octets in CIDR Matches Only. Skip any pfB (Country Lists) or /32,/24 Addresses. + if (empty($pfb_query)) { + $host1 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '\'^$1\.$2\.\'', $host); + $pfb_query = exec("grep -rH {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex2}"); + } + // Search for First Two IP Octets in CIDR Matches Only (Subtract 1 from second Octet on each loop). + // Skip (Country Lists) or /32,/24 Addresses. + if (empty($pfb_query)) { + $host1 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '\'^$1\.', $host); + $host2 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '$2', $host); + for ($cnt = 1; $cnt <= 5; $cnt++) { + $host3 = $host2 - $cnt . '\''; + $pfb_query = exec("grep -rH {$host1}{$host3} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex2}"); + // Break out of loop if found. + if (!empty($pfb_query)) + $cnt = 6; + } + } + // Search for First Three Octets + if (empty($pfb_query)) { + $host1 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '\'^$1\.$2\.$3\.\'', $host); + $pfb_query = exec("grep -rH {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex2}"); + } + // Search for First Two Octets + if (empty($pfb_query)) { + $host1 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '\'^$1\.$2\.\'', $host); + $pfb_query = exec("grep -rH {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex2}"); + } + // Report Specific ET IQRisk Details + if ($pfb['et_header'] && preg_match("/{$et_header}/", $pfb_query)) { + $host1 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '\'$1\.$2\.$3\.$4\'', $host); + $pfb_query = exec("grep -Hm1 {$host1} {$pfb['etdir']}/* | sed -e 's/^.*[a-zA-Z]\///' -e 's/:.*//' -e 's/\..*/ /' -e 's/ET_/ET IPrep /' "); + if (empty($pfb_query)) { + $host1 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '\'$1.$2.$3.0/24\'', $host); + $pfb_query = exec("grep -rHm1 {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex1}"); + } + } + // Default to "No Match" if not found. + if (empty($pfb_query)) + $pfb_query = "No Match"; + } + + # Split List Column into Two lines. + unset ($pfb_match); + if ($pfb_query == "No Match") { + $pfb_match[1] = "{$pfb_query}"; + $pfb_match[2] = ""; + } else { + preg_match ("/(.*)\s(.*)/", $pfb_query, $pfb_match); + if ($pfb_match[1] == "") { + $pfb_match[1] = "{$pfb_query}"; + $pfb_match[2] = ""; + } + } + + // Print Alternating Line Shading + if ($pfb['pfsenseversion'] > '2.0') { + $alertRowEvenClass = "listMReven"; + $alertRowOddClass = "listMRodd"; + } else { + $alertRowEvenClass = "listr"; + $alertRowOddClass = "listr"; + } + + // Collect Details for Repeated Alert Comparison + $previous_srcip = $fields['srcip'] . $fields['srcport']; + $previous_dstip = $fields['dstip'] . $fields['dstport']; + $countrycode = trim($scc . $dcc); + + $alertRowClass = $counter % 2 ? $alertRowEvenClass : $alertRowOddClass; + echo " + + + + + + + + "; + $counter++; + if ($counter > 0 && $rtype == "block") { + $mycounter = $counter; + } + } + } +} +?> + +
{$fields['time']}{$fields['interface']}{$rule}{$proto}{$src_icons}{$fields['srcip']}{$srcport}
{$hostname['src']}		{$dst_icons}{$fields['dstip']}{$dstport}
{$hostname['dst']}		{$countrycode}{$pfb_match[1]}
{$pfb_match[2]}
+
+ +
+ + + + + + +
+ + \ No newline at end of file -- cgit v1.2.3 From 208f74083534d47d3ac477b7ad60bea4768ff52e Mon Sep 17 00:00:00 2001 From: BBcan177 Date: Sun, 1 Feb 2015 17:16:57 -0500 Subject: pfBlockerNG - Mods to php file for MaxMind Anon. Proxy/Satellite 1) Improve/Condense the code to determine if a List needs to be Updated. 2) Condense the IPv4/V6 code for MaxMind Database Conversion into a single process and add the MaxMind Anon. Proxy and Satellite Providers capability. --- config/pfblockerng/pfblockerng.php | 524 +++++++++++++++---------------------- 1 file changed, 210 insertions(+), 314 deletions(-) (limited to 'config') diff --git a/config/pfblockerng/pfblockerng.php b/config/pfblockerng/pfblockerng.php index 20080aa4..1db36334 100644 --- a/config/pfblockerng/pfblockerng.php +++ b/config/pfblockerng/pfblockerng.php @@ -149,11 +149,12 @@ if ($uname['machine'] == "amd64") function pfb_update_check($header_url, $list_url, $url_format) { global $pfb; + $pfb['cron_update'] = FALSE; if ($url_format == "rsync" || $url_format == "html") { $log = "[ {$header_url} ]\n Skipping timestamp query\n"; pfb_logger("{$log}","1"); - return TRUE; + $pfb['cron_update'] = TRUE; } switch ($url_format) { @@ -195,14 +196,23 @@ function pfb_update_check($header_url, $list_url, $url_format) { $log = " Local timestamp: {$local_tds}\n"; pfb_logger("{$log}","1"); if ("{$remote_tds}" != "{$local_tds}") { - return TRUE; + $pfb['cron_update'] = TRUE; } else { $log = " Remote file unchanged. Download Terminated\n"; pfb_logger("{$log}","1"); - return FALSE; + $pfb['cron_update'] = FALSE; } } else { - return TRUE; + $pfb['cron_update'] = TRUE; + } + + if ($pfb['cron_update']) { + // Trigger CRON Process if Updates are Found. + $pfb['update_cron'] = TRUE; + + $log = " Updates Found\n"; + pfb_logger("{$log}","1"); + unlink_if_exists($pfbfolder . '/' . $header_url . '.txt'); } } @@ -233,6 +243,7 @@ if ($argv[1] == 'gc') { if ($argv[1] == 'cron') { $hour = date('H'); $dow = date('N'); + $pfb['update_cron'] = FALSE; # Start hour of the 'Once a day' Schedule $pfb['dailystart'] = $config['installedpackages']['pfblockerng']['config'][0]['pfb_dailystart']; @@ -344,101 +355,47 @@ if ($argv[1] == 'cron') { if (!file_exists($pfbfolder . '/' . $header_url . '.txt')) { $log = " Updates Found\n"; pfb_logger("{$log}","1"); - $updates++; + $pfb['update_cron'] = TRUE; continue; } switch ($list_cron) { case "01hour": - if (pfb_update_check($header_url, $list_url, $url_format)) { - $log = " Updates Found\n"; - pfb_logger("{$log}","1"); - unlink_if_exists($pfbfolder . '/' . $header_url . '.txt'); - $updates++; - } + pfb_update_check($header_url, $list_url, $url_format, $pfbfolder); break; case "02hours": - if (in_array($hour, $e_sch2)) { - if (pfb_update_check($header_url, $list_url, $url_format)) { - $log = " Updates Found\n"; - pfb_logger("{$log}","1"); - unlink_if_exists($pfbfolder . '/' . $header_url . '.txt'); - $updates++; - } - } + if (in_array($hour, $e_sch2)) + pfb_update_check($header_url, $list_url, $url_format, $pfbfolder); break; case "03hours": - if (in_array($hour, $e_sch3)) { - if (pfb_update_check($header_url, $list_url, $url_format)) { - $log = " Updates Found\n"; - pfb_logger("{$log}","1"); - unlink_if_exists($pfbfolder . '/' . $header_url . '.txt'); - $updates++; - } - } + if (in_array($hour, $e_sch3)) + pfb_update_check($header_url, $list_url, $url_format, $pfbfolder); break; case "04hours": - if (in_array($hour, $e_sch4)) { - if (pfb_update_check($header_url, $list_url, $url_format)) { - $log = " Updates Found\n"; - pfb_logger("{$log}","1"); - unlink_if_exists($pfbfolder . '/' . $header_url . '.txt'); - $updates++; - } - } + if (in_array($hour, $e_sch4)) + pfb_update_check($header_url, $list_url, $url_format, $pfbfolder); break; case "06hours": - if (in_array($hour, $e_sch6)) { - if (pfb_update_check($header_url, $list_url, $url_format)) { - $log = " Updates Found\n"; - pfb_logger("{$log}","1"); - unlink_if_exists($pfbfolder . '/' . $header_url . '.txt'); - $updates++; - } - } + if (in_array($hour, $e_sch6)) + pfb_update_check($header_url, $list_url, $url_format, $pfbfolder); break; case "08hours": - if (in_array($hour, $e_sch8)) { - if (pfb_update_check($header_url, $list_url, $url_format)) { - $log = " Updates Found\n"; - pfb_logger("{$log}","1"); - unlink_if_exists($pfbfolder . '/' . $header_url . '.txt'); - $updates++; - } - } + if (in_array($hour, $e_sch8)) + pfb_update_check($header_url, $list_url, $url_format, $pfbfolder); break; case "12hours": - if (in_array($hour, $e_sch12)) { - if (pfb_update_check($header_url, $list_url, $url_format)) { - $log = " Updates Found\n"; - pfb_logger("{$log}","1"); - unlink_if_exists($pfbfolder . '/' . $header_url . '.txt'); - $updates++; - } - } + if (in_array($hour, $e_sch12)) + pfb_update_check($header_url, $list_url, $url_format, $pfbfolder); break; case "EveryDay": - if ($hour == $pfb['dailystart']) { - if (pfb_update_check($header_url, $list_url, $url_format)) { - $log = " Updates Found\n"; - pfb_logger("{$log}","1"); - unlink_if_exists($pfbfolder . '/' . $header_url . '.txt'); - $updates++; - } - } + if ($hour == $pfb['dailystart']) + pfb_update_check($header_url, $list_url, $url_format, $pfbfolder); break; case "Weekly": - if ($hour == $pfb['dailystart'] && $dow == $header_dow) { - if (pfb_update_check($header_url, $list_url, $url_format)) { - $log = " Updates Found\n"; - pfb_logger("{$log}","1"); - unlink_if_exists($pfbfolder . '/' . $header_url . '.txt'); - $updates++; - } - } + if ($hour == $pfb['dailystart'] && $dow == $header_dow) + pfb_update_check($header_url, $list_url, $url_format, $pfbfolder); break; - default: { - } + default: break; } } @@ -448,7 +405,7 @@ if ($argv[1] == 'cron') { } } - if ($updates > 0) { + if ($pfb['update_cron']) { sync_package_pfblockerng("cron"); } else { $log = "\n No Updates required. \n\n"; @@ -465,14 +422,14 @@ if ($argv[1] == 'cron') { } +// Function to process the downloaded Maxmind Database and format into Continent txt files. function pfblockerng_uc_countries() { - global $g,$pfb; pfb_global(); - $maxmind_cont = "{$pfb['dbdir']}/country_continent.csv"; - $maxmind_cc4 = "{$pfb['dbdir']}/GeoIPCountryWhois.csv"; - $maxmind_cc6 = "{$pfb['dbdir']}/GeoIPv6.csv"; + $maxmind_cont = "{$pfb['dbdir']}/country_continent.csv"; + $maxmind_cc4 = "{$pfb['dbdir']}/GeoIPCountryWhois.csv"; + $maxmind_cc6 = "{$pfb['dbdir']}/GeoIPv6.csv"; # Create Folders if not Exist $folder_array = array ("{$pfb['dbdir']}","{$pfb['logdir']}","{$pfb['ccdir']}"); @@ -505,13 +462,12 @@ function pfblockerng_uc_countries() { $maxmind_ver .= "\nThese Timestamps should *match* \n"; @file_put_contents("{$pfb['logdir']}/maxmind_ver", $maxmind_ver); - // Collect ISO Codes for Each Continent - $log = "Processing Continent Data \n"; + $log = "Processing Continent Data\n"; print $log; pfb_logger("{$log}","3"); - $cont_array = array ( array($AF),array($AS),array($EU),array($NA),array($OC),array($SA)); + $cont_array = array ( array($AF),array($AS),array($EU),array($NA),array($OC),array($SA),array($AX)); if (($handle = fopen("{$maxmind_cont}",'r')) !== FALSE) { while (($cc = fgetcsv($handle)) !== FALSE) { @@ -560,244 +516,163 @@ function pfblockerng_uc_countries() { unset($cc); fclose($handle); - // Collect Country ISO Data IPv4 and Sort to Continent Array - $log = "Processing ISO IPv4 Continent/Country Data \n"; - print $log; - pfb_logger("{$log}","3"); + // Add Maxmind Anonymous Proxy and Satellite Providers to array + $cont_array[6]['continent'] = "Proxy and Satellite"; + $cont_array[6]['iso'] = "A1,A2"; + $cont_array[6]['file4'] = "{$pfb['ccdir']}/Proxy_Satellite_v4.txt"; + $cont_array[6]['file6'] = "{$pfb['ccdir']}/Proxy_Satellite_v6.txt"; - if (($handle = fopen("{$maxmind_cc4}",'r')) !== FALSE) { - while (($cc = fgetcsv($handle)) !== FALSE) { - - $ip1_key = $cc[0]; - $ip2_key = $cc[1]; - $var1_key = $cc[2]; - $var2_key = $cc[3]; - $cc_key = $cc[4]; - $country_key = $cc[5]; - $a_cidr = implode(",", ip_range_to_subnet_array_temp($cc[0],$cc[1])); - - $counter = 0; - foreach ($cont_array as $iso) { - if (preg_match("/\b$cc_key\b/", $iso['iso'])) { - $cont_array[$counter][$cc_key]['ip4'] .= $a_cidr . ","; - $cont_array[$counter][$cc_key]['country'] = $country_key; - continue; - } - $counter++; - } - } - } - unset($cc); - fclose($handle); + // Collect Country ISO data and sort to Continent arrays (IPv4 and IPv6) + foreach (array("4", "6") as $type) { + $log = "Processing ISO IPv{$type} Continent/Country Data\n"; + print $log; + pfb_logger("{$log}","3"); - // Build Continent IPv4 CIDR Files - $counter = 0; - foreach ($cont_array as $iso) { - $header = ""; - $pfb_file = ""; - $iso_key = ""; - $header .= "# Generated from MaxMind Inc. on: " . date("m/d/y G:i:s", time()) . "\n"; - $header .= "# Continent IPv4: " . $cont_array[$counter]['continent'] . "\n"; - $pfb_file = $cont_array[$counter]['file4']; - $iso_key = array_keys($iso); - foreach ($iso_key as $key) { - if (preg_match("/[A-Z]{2}/", $key)) { - $header .= "# Country: " . $iso[$key]['country'] . "\n"; - $header .= "# ISO Code: " . $key . "\n"; - $header .= "# Total Networks: " . substr_count($iso[$key]['ip4'], ",") . "\n"; - $header .= str_replace(",", "\n", $iso[$key]['ip4']); - $iso[$key]['ip4'] = ""; - } + if ($type == "4") { + $maxmind_cc = "{$pfb['dbdir']}/GeoIPCountryWhois.csv"; + } else { + $maxmind_cc = "{$pfb['dbdir']}/GeoIPv6.csv"; } - $counter++; - @file_put_contents($pfb_file, $header, LOCK_EX); - } - - - // Collect Country ISO Data IPv6 and Sort to Continent Array - $log = "Processing ISO IPv6 Continent/Country Data \n"; - print $log; - pfb_logger("{$log}","3"); - - if (($handle = fopen("{$maxmind_cc6}",'r')) !== FALSE) { - while (($cc = fgetcsv($handle)) !== FALSE) { - - $ip1_key = $cc[0]; - $ip2_key = $cc[1]; - $var1_key = $cc[2]; - $var2_key = $cc[3]; - $cc_key = $cc[4]; - $country_key = $cc[5]; - $a_cidr = implode(",", ip_range_to_subnet_array_temp($cc[0],$cc[1])); - - $counter = 0; - foreach ($cont_array as $iso) { - if (preg_match("/\b$cc_key\b/", $iso['iso'])) { - $cont_array[$counter][$cc_key]['ip6'] .= $a_cidr . ","; - continue; + $iptype = "ip{$type}"; + $filetype = "file{$type}"; + + if (($handle = fopen("{$maxmind_cc}",'r')) !== FALSE) { + while (($cc = fgetcsv($handle)) !== FALSE) { + $cc_key = $cc[4]; + $country_key = $cc[5]; + $a_cidr = implode(",", ip_range_to_subnet_array_temp($cc[0],$cc[1])); + $counter = 0; + foreach ($cont_array as $iso) { + if (preg_match("/\b$cc_key\b/", $iso['iso'])) { + $cont_array[$counter][$cc_key][$iptype] .= $a_cidr . ","; + $cont_array[$counter][$cc_key]['country'] = $country_key; + continue; + } + $counter++; } - $counter++; } } - } - unset($cc); - fclose($handle); - - // Build Continent IPv6 Files - $counter = 0; - foreach ($cont_array as $iso) { - $header = ""; - $pfb_file = ""; - $iso_key = ""; - - $header .= "# Generated from MaxMind Inc. on: " . date("m/d/y G:i:s", time()) . "\n"; - $header .= "# Continent IPv6: " . $cont_array[$counter]['continent'] . "\n"; - $pfb_file = $cont_array[$counter]['file6']; - $iso_key = array_keys($iso); - foreach ($iso_key as $key) { - if (preg_match("/[A-Z]{2}/", $key)) { - $header .= "# Country: " . $iso[$key]['country'] . "\n"; - $header .= "# ISO Code: " . $key . "\n"; - $header .= "# Total Networks: " . substr_count($iso[$key]['ip6'], ",") . "\n"; - $header .= str_replace(",", "\n", $iso[$key]['ip6']); - $iso[$key]['ip6'] = ""; + unset($cc); + fclose($handle); + + // Build Continent Files + $counter = 0; + foreach ($cont_array as $iso) { + $header = ""; + $pfb_file = ""; + $iso_key = ""; + $header .= "# Generated from MaxMind Inc. on: " . date("m/d/y G:i:s", time()) . "\n"; + $header .= "# Continent IPv{$type}: " . $cont_array[$counter]['continent'] . "\n"; + $pfb_file = $cont_array[$counter][$filetype]; + $iso_key = array_keys($iso); + foreach ($iso_key as $key) { + if (preg_match("/[A-Z]{2}|A1|A2/", $key)) { + $header .= "# Country: " . $iso[$key]['country'] . "\n"; + $header .= "# ISO Code: " . $key . "\n"; + $header .= "# Total Networks: " . substr_count($iso[$key][$iptype], ",") . "\n"; + $header .= str_replace(",", "\n", $iso[$key][$iptype]); + $iso[$key][$iptype] = ""; + } } + $counter++; + @file_put_contents($pfb_file, $header, LOCK_EX); } - $counter++; - @file_put_contents($pfb_file, $header, LOCK_EX); } - unset($cont_array); } +// Function to process Continent txt files and create Country ISO files and to Generate GUI XML files. function pfblockerng_get_countries() { - global $g,$pfb; pfb_global(); - # These arrays are used to collect the '; - $roptions4[] = $Country . '-' . $ISOCode . ' ('. $total4 .') ' . ' ' . $ISOCode . ''; - - // Save ISO IPv4 Data - @file_put_contents($pfb['ccdir'] . '/' . $ISOCode . '_v4.txt',$pfb_v4,LOCK_EX); - - // Clear Variables and Restart Continent Collection process - $total4 = 0; - $pfb_v4 = ""; - $pfb['complete'] = FALSE; + foreach ($files as $cont => $file) { + // Process the following for IPv4 and IPv6 + foreach (array("4", "6") as $type) { + $log = "IPv{$type} " . $cont . "\n"; + print $log; + pfb_logger("{$log}","3"); + + if ($type == "6") + $file = preg_replace("/v4/", "v6", $file); + $convert = explode("\n", file_get_contents($file)); + $cont_name = preg_replace("/ /", "", $cont); + $cont_name_lower = strtolower($cont_name); + $active = array("$cont" => ''); + $lastkey = count ($convert) - 1; + $pfb['complete'] = FALSE; + $keycount = 1; + $total = 0; + + foreach ($convert as $line) { + if (preg_match("/#/",$line)) { + if ($pfb['complete']) { + ${'coptions' . $type}[] = $country . '-' . $isocode . ' ('. $total .') ' . ' ' . $isocode . ''; + ${'roptions' . $type}[] = $country . '-' . $isocode . ' ('. $total .') ' . ' ' . $isocode . ''; + + // Save ISO data + @file_put_contents($pfb['ccdir'] . '/' . $isocode . '_v' . $type . '.txt', $xml_data, LOCK_EX); + + // Clear variables and restart Continent collection process + unset($total, $xml_data); + $pfb['complete'] = FALSE; + } + if (preg_match("/Total Networks: 0/", $line)) { continue;} // Don't Display Countries with Null Data + if (preg_match("/Country:\s(.*)/",$line, $matches)) { $country = $matches[1];} + if (preg_match("/ISO Code:\s(.*)/",$line, $matches)) { $isocode = $matches[1];} + } + elseif (!preg_match("/#/",$line)) { + $total++; + if (!empty($line)) + $xml_data .= $line . "\n"; + $pfb['complete'] = TRUE; } - if (preg_match("/Country:\s(.*)/",$line, $matches)) { $Country = $matches[1];} - if (preg_match("/ISO Code:\s(.*)/",$line, $matches)) { $ISOCode = $matches[1];} - } elseif (!preg_match("/#/",$line)) { - $total4++; - if (!empty($line)) - $pfb_v4 .= $line . "\n"; - $pfb['complete'] = TRUE; - } - } - unset ($ips, $convert); - - // Sort IPv4 Countries Alphabetically and Build XML '; + ${'roptions' . $type}[] = $country . '-' . $isocode . ' ('. $total .') ' . ' ' . $isocode . ''; + @file_put_contents($pfb['ccdir'] . '/' . $isocode . '_v' . $type . '.txt', $xml_data, LOCK_EX); + unset($total, $xml_data); } - if (preg_match("/Country:\s(.*)/",$line, $matches)) { $Country = $matches[1];} - if (preg_match("/ISO Code:\s(.*)/",$line, $matches)) { $ISOCode = $matches[1];} - } elseif (!preg_match("/#/",$line)) { - $total6++; - if (!empty($line)) - $pfb_v6 .= $line . "\n"; - $pfb['complete'] = TRUE; + $keycount++; } - } - - // Sort IPv6 Countries Alphabetically for Continents Tab - sort($coptions6, SORT_STRING); - $ftotal6 = count($coptions6); - $count = 1; - $options6 = ""; - - foreach ($coptions6 as $option6) { - if ($count == 1) { $options6 .= "\t" . ' Africa @@ -920,6 +794,11 @@ $xml = <</pkg_edit.php?xml=/pfblockerng/pfblockerng_SouthAmerica.xml&id=0 {$active['South America']} + + P.S. + /pkg_edit.php?xml=/pfblockerng/pfblockerng_ProxyandSatellite.xml&id=0 + {$active['Proxy and Satellite']} + Logs /pfblockerng/pfblockerng_log.php @@ -950,11 +829,17 @@ $xml = << select - {$options4} + ${'options4'} - {$ftotal4} + ${'ftotal4'} + +EOF; + +// Skip IPv6 when Null data found +if (!empty (${'options6'})) { + $xml .= << IPv6
Countries]]> countries6 @@ -964,11 +849,16 @@ $xml = << select - {$options6} + ${'options6'} - {$ftotal6} + ${'ftotal6'} + +EOF; +} + +$xml .= << List Action Default : Disabled

@@ -1062,19 +952,23 @@ $xml = << EOF; - // Update Each Continent XML file. - @file_put_contents('/usr/local/pkg/pfblockerng/pfblockerng_'.$cont_name.'.xml',$xml,LOCK_EX); + // Update Each Continent XML file. + @file_put_contents('/usr/local/pkg/pfblockerng/pfblockerng_'.$cont_name.'.xml',$xml,LOCK_EX); - } // End foreach 'Six Continents' Update XML Process + // Unset Arrays + unset (${'options4'}, ${'options6'}, $xml); + } // End foreach 'Six Continents and Proxy/Satellite' Update XML Process // Sort Countries IPv4 Alphabetically and Build XML + + P.S. + /pkg_edit.php?xml=/pfblockerng/pfblockerng_ProxyandSatellite.xml&id=0 + Logs /pfblockerng/pfblockerng_log.php @@ -1558,22 +1454,22 @@ $xmlrep = << EOF; - # Unset Arrays - unset ($options4, $options6, $et_options); - $log = "Saving pfBlockerNG Reputation TAB \n"; print $log; pfb_logger("{$log}","3"); // Save pfBlockerng_reputation.xml file - @file_put_contents('/usr/local/pkg/pfblockerng/pfblockerng_reputation.xml',$xmlrep,LOCK_EX); + @file_put_contents('/usr/local/pkg/pfblockerng/pfblockerng_reputation.xml', $xmlrep, LOCK_EX); + $log = "\n Country Code - XML File Update completed.\n"; print $log; pfb_logger("{$log}","3"); - $now = date("m/d/y G.i:s", time()); $log = "Country Code Update Ended - [ NOW ]\n"; print "Country Code Update Ended - [ $now ]\n"; pfb_logger("{$log}","3"); + + // Unset Arrays + unset ($et_options, $xmlrep); } ?> \ No newline at end of file -- cgit v1.2.3 From fdba40ec9af70c3c5f44613ba7a761feb0eec9b6 Mon Sep 17 00:00:00 2001 From: BBcan177 Date: Sun, 1 Feb 2015 17:18:01 -0500 Subject: pfBlockerNG - Remove bak file added incorrectly Remove alerts bak file (Added Incorrectly) --- config/pfblockerng/pfblockerng_alerts.php.bak | 769 -------------------------- 1 file changed, 769 deletions(-) delete mode 100644 config/pfblockerng/pfblockerng_alerts.php.bak (limited to 'config') diff --git a/config/pfblockerng/pfblockerng_alerts.php.bak b/config/pfblockerng/pfblockerng_alerts.php.bak deleted file mode 100644 index f4401bc9..00000000 --- a/config/pfblockerng/pfblockerng_alerts.php.bak +++ /dev/null @@ -1,769 +0,0 @@ -= '2.2') { - preg_match ("/@(\d+)\(/",$result, $rule); - } else { - preg_match ("/@(\d+)\s/",$result, $rule); - } - - $id = $rule[1]; - # Create array of Rule Description and pfctl Rule Number - $rule_list['id'][] = $id; - $rule_list[$id]['name'] = $descr; - } -} - -// Add IP to the Suppression Alias -if (isset($_POST['addsuppress'])) { - $ip = ""; - if (isset($_POST['ip'])) { - $ip = $_POST['ip']; - $table = $_POST['table']; - $descr = $_POST['descr']; - $cidr = $_POST['cidr']; - - // If Description or CIDR field is empty, exit. - if (empty($descr) || empty($cidr)) { - header("Location: " . $_SERVER['PHP_SELF']); - exit; - } - - if (is_ipaddr($ip)) { - - $savemsg1 = "Host IP address {$ip}"; - if (is_ipaddrv4($ip)) { - $iptrim1 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '$1.$2.$3.0/24', $ip); - $iptrim2 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '$1.$2.$3.', $ip); - $iptrim3 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '$4', $ip); - - if ($cidr == "32") { - $pfb_pfctl = exec ("/sbin/pfctl -t {$table} -T show | grep {$iptrim1} 2>&1"); - - if ($pfb_pfctl == "") { - $savemsg2 = " : Removed /32 entry"; - exec ("/sbin/pfctl -t {$table} -T delete {$ip}"); - } else { - $savemsg2 = " : Removed /24 entry, added 254 addr"; - exec ("/sbin/pfctl -t {$table} -T delete {$iptrim1}"); - for ($add_ip=0; $add_ip <= 255; $add_ip++){ - if ($add_ip != $iptrim3) { - exec ("/sbin/pfctl -t {$table} -T add {$iptrim2}{$add_ip}"); - } - } - } - } else { - $cidr = 24; - $savemsg2 = " : Removed /24 entry"; - exec ("/sbin/pfctl -t {$table} -T delete {$iptrim1} 2>&1", $pfb_pfctl); - if (!preg_grep("/1\/1 addresses deleted/", $pfb_pfctl)) { - $savemsg2 = " : Removed all entries"; - // Remove 0-255 IP Address from Alias Table - for ($del_ip=0; $del_ip <= 255; $del_ip++){ - exec ("/sbin/pfctl -t {$table} -T delete {$iptrim2}{$del_ip}"); - } - } - } - } - - // Collect pfBlockerNGSuppress Alias Contents - $pfb_sup_list = array(); - $pfb_sup_array = array(); - $pfb['found'] = FALSE; - $pfb['update'] = FALSE; - if (is_array($config['aliases']['alias'])) { - foreach ($config['aliases']['alias'] as $alias) { - if ($alias['name'] == "pfBlockerNGSuppress") { - $data = $alias['address']; - $data2 = $alias['detail']; - $arr1 = explode(" ",$data); - $arr2 = explode("||",$data2); - - if (!empty($data)) { - $row = 0; - foreach ($arr1 as $host) { - $pfb_sup_list[] = $host; - $pfb_sup_array[$row]['host'] = $host; - $row++; - } - $row = 0; - foreach ($arr2 as $detail) { - $pfb_sup_array[$row]['detail'] = $detail; - $row++; - } - } - $pfb['found'] = TRUE; - } - } - } - - // Call Function to Create Suppression Alias if not found. - if (!$pfb['found']) - pfb_create_suppression_alias(); - - // Save New Suppress IP to pfBlockerNGSuppress Alias - if (in_array($ip . '/' . $cidr, $pfb_sup_list)) { - $savemsg = gettext("Host IP address {$ip} already exists in the pfBlockerNG Suppress Table."); - } else { - if (!$pfb['found'] && empty($pfb_sup_list)) { - $next_id = 0; - } else { - $next_id = count($pfb_sup_list); - } - $pfb_sup_array[$next_id]['host'] = $ip . '/' . $cidr; - $pfb_sup_array[$next_id]['detail'] = $descr; - - $address = ""; - $detail = ""; - foreach ($pfb_sup_array as $pfb_sup) { - $address .= $pfb_sup['host'] . " "; - $detail .= $pfb_sup['detail'] . "||"; - } - - // Find pfBlockerNGSuppress Array ID Number - if (is_array($config['aliases']['alias'])) { - $pfb_id = 0; - foreach ($config['aliases']['alias'] as $alias) { - if ($alias['name'] == "pfBlockerNGSuppress") { - break; - } - $pfb_id++; - } - } - - $config['aliases']['alias'][$pfb_id]['address'] = rtrim($address, " "); - $config['aliases']['alias'][$pfb_id]['detail'] = rtrim($detail, "||"); - $savemsg = gettext($savemsg1) . gettext($savemsg2) . gettext(" and added Host to the pfBlockerNG Suppress Table."); - $pfb['update'] = TRUE; - } - - if ($pfb['found'] || $pfb['update']) { - // Save all Changes to pfsense config file - write_config(); - } - } - } -} - -// Auto-Resolve Hostnames -if (isset($_REQUEST['getpfhostname'])) { - $getpfhostname = htmlspecialchars($_REQUEST['getpfhostname']); - $hostname = htmlspecialchars(gethostbyaddr($getpfhostname), ENT_QUOTES); - if ($hostname == $getpfhostname) { - $hostname = 'unknown'; - } - echo $hostname; - die; -} - - -// Host Resolve Function lookup -function getpfbhostname($type = 'src', $hostip, $countme = 0) { - $hostnames['src'] = ''; - $hostnames['dst'] = ''; - $hostnames[$type] = '
'; - return $hostnames; -} - - -// Determine if Alert Host 'Dest' is within the Local Lan IP Range. -function check_lan_dest($lan_ip,$lan_mask,$dest_ip,$dest_mask="32") { - $result = check_subnets_overlap($lan_ip, $lan_mask, $dest_ip, $dest_mask); - return $result; -} - - -$pgtitle = gettext("pfBlockerNG: Alerts"); -include_once("head.inc"); -?> - -
- - - - -\n"; -if ($savemsg) { - print_info_box($savemsg); -} - -?> - - - - - - -
- -
- - - - - - - - - - $pfb['denydir'] . " " . $pfb['nativedir'], "Permit" => $pfb['permitdir'], "Match" => $pfb['matchdir']) as $type => $pfbfolder ): - switch($type) { - case "Deny": - $rtype = "block"; - $pfbentries = "{$pfbdenycnt}"; - break; - case "Permit": - $rtype = "pass"; - $pfbentries = "{$pfbpermitcnt}"; - break; - case "Match": - if ($pfb['pfsenseversion'] >= '2.2') { - $rtype = "unkn(%u)"; - } else { - $rtype = "unkn(11)"; - } - $pfbentries = "{$pfbmatchcnt}"; - break; - } - -?> -
  -   -   -
- - ', ''); ?> - - ', ''); ?> - - ', ''); ?> - -   />  - -   />    -
- -        - ', '');?> -
- - - - - -
- = '2.2'): ?> - -    - - -    - -    - - -
- - - - - - - - - - - - - - - - - - - - - - - - -= '2.2') { - $pfblines = exec("/usr/bin/grep -c ^ {$filter_logfile}"); - } else { - $pfblines = (exec("/usr/bin/grep -c ^ {$filter_logfile}") /2 ); - } - $fields_array = conv_log_filter($filter_logfile, $pfblines, $pfblines); - - $continents = array('pfB_Africa','pfB_Antartica','pfB_Asia','pfB_Europe','pfB_NAmerica','pfB_Oceania','pfB_SAmerica','pfB_Top'); - - $supp_ip_txt .= "Clicking this Suppression Icon, will immediately remove the Block.\n\nSuppressing a /32 CIDR is better than Suppressing the full /24"; - $supp_ip_txt .= " CIDR.\nThe Host will be added to the pfBlockerNG Suppress Alias Table.\n\nOnly 32 or 24 CIDR IPs can be Suppressed with the '+' Icon."; - $supp_ip_txt .= "\nTo manually add Host(s), edit the 'pfBlockerNGSuppress' Alias in the Alias Tab.\nManual entries will not remove existing Blocked Hosts"; - - // Array of all Local IPs for Alert Analysis - $pfb_local = array(); - - // Collect Gateway IP Addresses for Inbound/Outbound List matching - $int_gateway = get_interfaces_with_gateway(); - if (is_array($int_gateway)) { - foreach ($int_gateway as $gateway) { - $convert = get_interface_ip($gateway); - $pfb_local[] = $convert; - } - } - - // Collect Virtual IP Aliases for Inbound/Outbound List Matching - if (is_array($config['virtualip']['vip'])) { - foreach ($config['virtualip']['vip'] as $list) { - $pfb_local[] = $list['subnet']; - } - } - // Collect NAT IP Addresses for Inbound/Outbound List Matching - if (is_array($config['nat']['rule'])) { - foreach ($config['nat']['rule'] as $natent) { - $pfb_local[] = $natent['target']; - } - } - - // Collect 1:1 NAT IP Addresses for Inbound/Outbound List Matching - if(is_array($config['nat']['onetoone'])) { - foreach ($config['nat']['onetoone'] as $onetoone) { - $pfb_local[] = $onetoone['source']['address']; - } - } - - // Convert any 'Firewall Aliases' to IP Address Format - if (is_array($config['aliases']['alias'])) { - for ($cnt = 0; $cnt <= count($pfb_local); $cnt++) { - foreach ($config['aliases']['alias'] as $i=> $alias) { - if (isset($alias['name']) && isset($pfb_local[$cnt])) { - if ($alias['name'] == $pfb_local[$cnt]) { - $pfb_local[$cnt] = $alias['address']; - } - } - } - } - } - // Remove any Duplicate IPs - $pfb_local = array_unique($pfb_local); - - // Determine Lan IP Address and Mask - if (is_array($config['interfaces']['lan'])) { - $lan_ip = $config['interfaces']['lan']['ipaddr']; - $lan_mask = $config['interfaces']['lan']['subnet']; - } -} - -$counter = 0; -// Process Fields_array and generate Output -if (!empty($fields_array)) { - foreach ($fields_array as $fields) { - $rulenum = ""; - $alert_ip = ""; - $supp_ip = ""; - $pfb_query = ""; - - $rulenum = $fields['rulenum']; - if ($fields['act'] == $rtype && !empty($rule_list) && in_array($rulenum, $rule_list['id']) && $counter < $pfbentries) { - - // Skip Repeated Events - if (($fields['dstip'] . $fields['dstport']) == $previous_dstip || ($fields['srcip'] . $fields['srcport']) == $previous_srcip) { - continue; - } - - $proto = str_replace("TCP", "TCP-", $fields['proto']) . $fields['tcpflags']; - - // Cleanup Port Output - if ($fields['proto'] == "ICMP") { - $srcport = $fields['srcport']; - $dstport = $fields['dstport']; - } else { - $srcport = " :" . $fields['srcport']; - $dstport = " :" . $fields['dstport']; - } - - // Don't add Suppress Icon to Country Block Lines - if (in_array(substr($rule_list[$rulenum]['name'], 0, -3), $continents)) { - $pfb_query = "Country"; - } - - // Add DNS Resolve and Suppression Icons to External IPs only. GeoIP Code to External IPs only. - if (in_array($fields['dstip'], $pfb_local) || check_lan_dest($lan_ip,$lan_mask,$fields['dstip'],"32")) { - // Destination is Gateway/NAT/VIP - $rule = $rule_list[$rulenum]['name'] . "
(" . $rulenum .")"; - $host = $fields['srcip']; - - if (is_ipaddrv4($host)) { - $country = substr(exec("$pathgeoip -f $pathgeoipdat $host"),23,2); - } else { - $country = substr(exec("$pathgeoip6 -f $pathgeoipdat6 $host"),26,2); - } - - $alert_ip .= " "; - - if ($pfb_query != "Country" && $rtype == "block" && $pfb['supp'] == "on") { - $supp_ip .= ""; - } - - if ($pfb_query != "Country" && $rtype == "block" && $hostlookup == "on") { - $hostname = getpfbhostname('src', $fields['srcip'], $counter); - } else { - $hostname = ""; - } - - $src_icons = $alert_ip . " " . $supp_ip . " "; - $dst_icons = ""; - $scc = $country; - $dcc = ""; - } else { - // Outbound - $rule = $rule_list[$rulenum]['name'] . "
(" . $rulenum .")"; - $host = $fields['dstip']; - - if (is_ipaddrv4($host)) { - $country = substr(exec("$pathgeoip -f $pathgeoipdat $host"),23,2); - } else { - $country = substr(exec("$pathgeoip6 -f $pathgeoipdat6 $host"),26,2); - } - - $alert_ip .= " "; - - if ($pfb_query != "Country" && $rtype == "block" && $pfb['supp'] == "on") { - $supp_ip .= ""; - } - - if ($pfb_query != "Country" && $rtype == "block" && $hostlookup == "on") { - $hostname = getpfbhostname('dst', $fields['dstip'], $counter); - } else { - $hostname = ""; - } - - $src_icons = ""; - $dst_icons = $alert_ip . " " . $supp_ip . " "; - $scc = ""; - $dcc = $country; - } - - # IP Query Grep Exclusion - $pfb_ex1 = "grep -v 'pfB\_\|\_v6\.txt'"; - $pfb_ex2 = "grep -v 'pfB\_\|/32\|/24\|\_v6\.txt' | grep -m1 '/'"; - - // Find List which contains Blocked IP Host - if ($pfb_query == "Country") { - # Skip - } else { - // Search for exact IP Match - $host1 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '\'$1\.$2\.$3\.$4\'', $host); - $pfb_query = exec("grep -rHm1 {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/:.*//' -e 's/\..*/ /' | {$pfb_ex1}"); - // Search for IP in /24 CIDR - if (empty($pfb_query)) { - $host1 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '\'$1\.$2\.$3\.0/24\'', $host); - $pfb_query = exec("grep -rHm1 {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex1}"); - } - // Search for First Two IP Octets in CIDR Matches Only. Skip any pfB (Country Lists) or /32,/24 Addresses. - if (empty($pfb_query)) { - $host1 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '\'^$1\.$2\.\'', $host); - $pfb_query = exec("grep -rH {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex2}"); - } - // Search for First Two IP Octets in CIDR Matches Only (Subtract 1 from second Octet on each loop). - // Skip (Country Lists) or /32,/24 Addresses. - if (empty($pfb_query)) { - $host1 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '\'^$1\.', $host); - $host2 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '$2', $host); - for ($cnt = 1; $cnt <= 5; $cnt++) { - $host3 = $host2 - $cnt . '\''; - $pfb_query = exec("grep -rH {$host1}{$host3} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex2}"); - // Break out of loop if found. - if (!empty($pfb_query)) - $cnt = 6; - } - } - // Search for First Three Octets - if (empty($pfb_query)) { - $host1 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '\'^$1\.$2\.$3\.\'', $host); - $pfb_query = exec("grep -rH {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex2}"); - } - // Search for First Two Octets - if (empty($pfb_query)) { - $host1 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '\'^$1\.$2\.\'', $host); - $pfb_query = exec("grep -rH {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex2}"); - } - // Report Specific ET IQRisk Details - if ($pfb['et_header'] && preg_match("/{$et_header}/", $pfb_query)) { - $host1 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '\'$1\.$2\.$3\.$4\'', $host); - $pfb_query = exec("grep -Hm1 {$host1} {$pfb['etdir']}/* | sed -e 's/^.*[a-zA-Z]\///' -e 's/:.*//' -e 's/\..*/ /' -e 's/ET_/ET IPrep /' "); - if (empty($pfb_query)) { - $host1 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '\'$1.$2.$3.0/24\'', $host); - $pfb_query = exec("grep -rHm1 {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex1}"); - } - } - // Default to "No Match" if not found. - if (empty($pfb_query)) - $pfb_query = "No Match"; - } - - # Split List Column into Two lines. - unset ($pfb_match); - if ($pfb_query == "No Match") { - $pfb_match[1] = "{$pfb_query}"; - $pfb_match[2] = ""; - } else { - preg_match ("/(.*)\s(.*)/", $pfb_query, $pfb_match); - if ($pfb_match[1] == "") { - $pfb_match[1] = "{$pfb_query}"; - $pfb_match[2] = ""; - } - } - - // Print Alternating Line Shading - if ($pfb['pfsenseversion'] > '2.0') { - $alertRowEvenClass = "listMReven"; - $alertRowOddClass = "listMRodd"; - } else { - $alertRowEvenClass = "listr"; - $alertRowOddClass = "listr"; - } - - // Collect Details for Repeated Alert Comparison - $previous_srcip = $fields['srcip'] . $fields['srcport']; - $previous_dstip = $fields['dstip'] . $fields['dstport']; - $countrycode = trim($scc . $dcc); - - $alertRowClass = $counter % 2 ? $alertRowEvenClass : $alertRowOddClass; - echo " - - - - - - - - "; - $counter++; - if ($counter > 0 && $rtype == "block") { - $mycounter = $counter; - } - } - } -} -?> - -
{$fields['time']}{$fields['interface']}{$rule}{$proto}{$src_icons}{$fields['srcip']}{$srcport}
{$hostname['src']}		{$dst_icons}{$fields['dstip']}{$dstport}
{$hostname['dst']}		{$countrycode}{$pfb_match[1]}
{$pfb_match[2]}
-
- -
- - - - - - -
- - \ No newline at end of file -- cgit v1.2.3