""){ if (file_exists($pfbdir.'/'.$iso.'.txt')) switch ($pfblocker_config['countryblock']){ case "inbound": $ips_in.=file_get_contents($pfbdir.'/'.$iso.'.txt'); break; case "outbound": $ips_out.=file_get_contents($pfbdir.'/'.$iso.'.txt'); break; case "both": $ips_in.=file_get_contents($pfbdir.'/'.$iso.'.txt'); $ips_out.=file_get_contents($pfbdir.'/'.$iso.'.txt'); break; case "whitelist": $whitelist.=file_get_contents($pfbdir.'/'.$iso.'.txt'); break; } } } #Assign IP range lists foreach ($pfblocker_config['row'] as $row){ $md5_url = md5($row['url']); #print $row['action']."
"; if (file_exists($pfbdir."/".$md5_url.".txt")){ ${$row['action']}.= file_get_contents($pfbdir.'/'.$md5_url.'.txt'); } else{ if ($row['format'] == "gz") $url_list= gzfile($row['url']); else $url_list= file_get_contents($row['url']); #extract range lists $new_file=""; foreach ($url_list as $line){ # CIDR format 192.168.0.0/16 if (preg_match("/(\d+\.\d+\.\d+\.\d+\/\d+)/",$line,$matches)){ ${$row['action']}.= $matches[1]."\n"; $new_file.= $matches[1]."\n"; } # Network range 192.168.0.0-192.168.0.254 if (preg_match("/(\d+\.\d+\.\d+\.\d+)-(\d+\.\d+\.\d+\.\d+)/",$line,$matches)) $cidr= pfblocker_Range2CIDR($matches[1],$matches[2]); if ($cidr != ""){ ${$row['action']}.= $cidr."\n"; $new_file.= $cidr."\n"; } } if ($new_file != "") file_put_contents($pfbdir.'/'.$md5_url.'.txt',$new_file, LOCK_EX); } #print $row['url']."
" .$md5_url.".txt
"; #var_dump(gzfile($row['url'])); } #create all country block lists based on gui file_put_contents('/usr/local/pkg/pfb_in.txt',$ips_in, LOCK_EX); #create all country block lists based on gui file_put_contents('/usr/local/pkg/pfb_out.txt',$ips_out, LOCK_EX); #write white_list to filesystem file_put_contents('/usr/local/pkg/pfb_w.txt',$whitelist, LOCK_EX); #edit or assign alias "pfblocker" and "pfblockerWL" $aliases=$config['aliases']['alias']; #print "
";
	$new_aliases=array();
	$pfBlockerInbound='/var/db/aliastables/pfBlockerInbound.txt';
	if ($ips_in != ""){
		#create or reaply alias
		$new_aliases[]=array("name"=> 'pfBlockerInbound',
					  		 "url"=> $web_local.'?pfb=in',
					  		 "updatefreq"=> "7",
					  		 "address"=>"",
					  		 "descr"=> "pfBlocker Inbound deny list",
					  		 "type"=> "urltable",
					  		 "detail"=> "DO NOT EDIT THIS ALIAS");
		#force alias file update
		if (file_exists($pfBlockerInbound))
			file_put_contents($pfBlockerInbound,$ips_in, LOCK_EX);
		}
	else{
		#remove previous aliastable if exist
		if (file_exists($pfBlockerInbound))
			unlink($pfBlockerInbound);
	}
	$pfBlockerOutbound='/var/db/aliastables/pfBlockerOutbound.txt';
	if ($ips_out != ""){
		#create or reaply alias
		$new_aliases[]=array("name"=> 'pfBlockerOutbound',
					  		 "url"=> $web_local.'?pfb=out',
					  		 "updatefreq"=> "7",
					  		 "address"=>"",
					  		 "descr"=> "pfBlocker Outbound deny list",
					  		 "type"=> "urltable",
					  		 "detail"=> "DO NOT EDIT THIS ALIAS");
		#force alias file update
		if (file_exists($pfBlockerOutbound))
			file_put_contents($pfBlockerOutbound,$ips_out, LOCK_EX);
		}
	else{
		#remove previous aliastable if exist
		if (file_exists($pfBlockerOutbound))
			unlink($pfBlockerOutbound);
	}
	
	$pfblockerWL='/var/db/aliastables/pfBlockerWL.txt';
	if ($whitelist != ""){
		#create or reaply alias
		$new_aliases[]=array("name"=> 'pfBlockerWL',
						  	 "url"=> $web_local.'?pfb=white',
						  	 "updatefreq"=> "7",
						  	 "address"=>"",
						  	 "descr"=> "pfBlocker White list",
						  	 "type"=> "urltable",
						  	 "detail"=> "DO NOT EDIT THIS ALIAS");
		#force alias file update
		if (file_exists($pfblockerWL))
			file_put_contents($pfblockerWL,$whitelist, LOCK_EX);
		}
	else{
		#remove previous aliastable if exist
		if (file_exists($pfblockerWL))
			unlink($pfblockerWL);
	}
	
	if (is_array($aliases))
	  foreach($aliases as $cbalias){
		if (! preg_match("/pfBlocker.*list/",$cbalias['descr']))
			$new_aliases[]=	$cbalias;
	}
	$config['aliases']['alias']=$new_aliases;
	# check contryblock filter options
	$rules=$config['filter']['rule'];
	$ifaces = $pfblocker_config['inbound_interface'];
    foreach (explode(",", $ifaces) as $i => $iface) {
    	if (pfb_text_area_decode($pfblocker_config['whitelist']) != ""){
			${$iface}[0]=array("id" => "",
					"type"=>"pass",
					"tag"=>	"",
					"interface" => $iface,
					"tagged"=> "",
					"max"=>	 "",
					"max-src-nodes"=>"",
					"max-src-conn"=> "",
					"max-src-states"=>"",
					"statetimeout"=>"",
					"statetype"=>"keep state",
					"os"=> "",
					"source"=>array("address"=>"pfBlockerWL"),
    				"destination"=>array("any"=>""),
    				"descr"=>"pfBlocker Whitelist rule");

			if ($pfblocker_config['enable_log'])
				${$iface}[0]["log"]="";
    	}
		if ($ips_in != ""){
			${$iface}[1]=array(	"id" => "",
							"type"=>"block",
							"tag"=>	"",
							"interface" => $iface,
							"tagged"=> "",
							"max"=>	 "",
							"max-src-nodes"=>"",
							"max-src-conn"=> "",
							"max-src-states"=>"",
							"statetimeout"=>"",
						    "statetype"=>"keep state",
							"os"=> "",
							"source"=>array("address"=>"pfBlockerInbound"),
    						"destination"=>array("any"=>""),
    						"descr"=>"pfBlocker Inbound deny rule");

			if ($pfblocker_config['enable_log'])
				${$iface}[1]["log"]="";
		}
	}
	$ifaces = $pfblocker_config['outbound_interface'];
    foreach (explode(",", $ifaces) as $i => $iface) {
    	if (pfb_text_area_decode($pfblocker_config['whitelist']) != ""){
			${$iface}[2]=array(	"id" => "",
							"type"=>"pass",
							"tag"=>	"",
							"interface" => $iface,
							"tagged"=> "",
							"max"=>	 "",
							"max-src-nodes"=>"",
							"max-src-conn"=> "",
							"max-src-states"=>"",
							"statetimeout"=>"",
							"statetype"=>"keep state",
							"os"=> "",
    						"source"=>array("any"=>""),
    						"destination"=>array("address"=>"pfBlockerWL"),
    						"descr"=>"pfBlocker Whitelist rule");
		if ($pfblocker_config['enable_log'])
				${$iface}[2]["log"]="";			
    	}
		if ($ips_out != ""){
			${$iface}[3]= array("id" => "",
							"type"=>"block",
							"tag"=>	"",
							"interface" => $iface,
							"tagged"=> "",
							"max"=>	 "",
							"max-src-nodes"=>"",
							"max-src-conn"=> "",
							"max-src-states"=>"",
							"statetimeout"=>"",
							"statetype"=>"keep state",
							"os"=> "",
    						"source"=>array("any"=>""),
    						"destination"=>array("address"=>"pfBlockerOutbound"),
    						"descr"=>"pfBlocker Outbound deny rule");
			if ($pfblocker_config['enable_log'])
				${$iface}[3]["log"]="";
			
		}

	}
	$last_iface="";
	foreach ($rules as $rule){
		if ($rule['interface'] <> $last_iface){
			$last_iface = $rule['interface'];
			#apply pfblocker rules if enabled
			if ($config['installedpackages']['pfblocker']['config'][0]['enable_cb'] == "on" && is_array(${$rule['interface']}))
				foreach (${$rule['interface']} as $cb_rules)
					$new_rules[]=$cb_rules;
		}
		if (!preg_match("/pfBlocker.*rule/",$rule['descr']))
			$new_rules[]=$rule;	
	}
	$config['filter']['rule']=$new_rules;

	#save and apply all changes
	write_config();
	filter_configure();
		
	pfblocker_sync_on_changes();
}

function pfblocker_validate_input($post, &$input_errors) {
	foreach ($post as $key => $value) {
		if (empty($value))
			continue;
		if($key == "greet_time" && !preg_match("/(\d+),(\d+)(s|m|h|w)/",$value))
				$input_errors[] = "Wrong greet time sintax.";			
		if($key == "message_size_limit" && !is_numeric($value))
				$input_errors[] = "Message size limit must be numeric.";
		if($key == "process_limit" && !is_numeric($value))
				$input_errors[] = "Process limit must be numeric.";	
		if($key == "freq" && (!preg_match("/^\d+(h|m|d)$/",$value) || $value == 0))
				$input_errors[] = "A valid number with a time reference is required for the field 'Frequency'";
		if (substr($key, 0, 2) == "dc" && !is_hostname($value))
				$input_errors[] = "{$value} is not a valid host name.";
		if (substr($key, 0, 6) == "domain" && is_numeric(substr($key, 6))) {
			if (!is_domain($value))
				$input_errors[] = "{$value} is not a valid domain name.";
		} else if (substr($key, 0, 12) == "mailserverip" && is_numeric(substr($key, 12))) {
			if (empty($post['domain' . substr($key, 12)]))
				$input_errors[] = "Domain for {$value} cannot be blank.";
			if (!is_ipaddr($value) && !is_hostname($value))
				$input_errors[] = "{$value} is not a valid IP address or host name.";
		}
	}
}

function pfblocker_php_install_command() {
	include_once '/usr/local/www/pfblocker.php';
	pfblocker_get_countries();
	sync_package_pfblocker();
}

function pfblocker_php_deinstall_command() {
	global $config;
	$config['installedpackages']['pfblocker']['config'][0]['enable_cb']="";
	write_config();
	sync_package_pfblocker();
}

/* Uses XMLRPC to synchronize the changes to a remote node */
function pfblocker_sync_on_changes() {
	global $config, $g;
	log_error("[pfblocker] pfblocker_xmlrpc_sync.php is starting.");
	$synconchanges = $config['installedpackages']['pfblockersync']['config'][0]['synconchanges'];	
	if(!$synconchanges) 
		return;
	foreach ($config['installedpackages']['pfblockersync']['config'] as $rs ){
		foreach($rs['row'] as $sh){
		$sync_to_ip = $sh['ipaddress'];
		$password   = $sh['password'];
		if($password && $sync_to_ip)
			pfblocker_do_xmlrpc_sync($sync_to_ip, $password);
		}
	}
	log_error("[pfblocker] pfblocker_xmlrpc_sync.php is ending.");
}

/* Do the actual XMLRPC sync */
function pfblocker_do_xmlrpc_sync($sync_to_ip, $password) {
	global $config, $g;

	if(!$password)
		return;

	if(!$sync_to_ip)
		return;

	$xmlrpc_sync_neighbor = $sync_to_ip;
    if($config['system']['webgui']['protocol'] != "") {
		$synchronizetoip = $config['system']['webgui']['protocol'];
		$synchronizetoip .= "://";
    }
    $port = $config['system']['webgui']['port'];
    /* if port is empty lets rely on the protocol selection */
    if($port == "") {
		if($config['system']['webgui']['protocol'] == "http") 
			$port = "80";
		else 
			$port = "443";
    }
	$synchronizetoip .= $sync_to_ip;

	/* xml will hold the sections to sync */
	$xml = array();
	$xml['pfblocker'] = $config['installedpackages']['pfblocker'];
	$xml['pfblockertopspammers'] = $config['installedpackages']['pfblockertopspammers'];
	$xml['pfblockerafrica'] = $config['installedpackages']['pfblockerafrica'];
	$xml['pfblockerantartica'] = $config['installedpackages']['pfblockerantartica'];
	$xml['pfblockerasia'] = $config['installedpackages']['pfblockerasia'];
	$xml['pfblockereurope'] = $config['installedpackages']['pfblockereurope'];
	$xml['pfblockernorthamerica'] = $config['installedpackages']['pfblockernorthamerica'];
	$xml['pfblockeroceania'] = $config['installedpackages']['pfblockeroceania'];
	$xml['pfblockersouthamerica'] = $config['installedpackages']['pfblockersouthamerica'];
	/* assemble xmlrpc payload */
	$params = array(
		XML_RPC_encode($password),
		XML_RPC_encode($xml)
	);

	/* set a few variables needed for sync code borrowed from filter.inc */
	$url = $synchronizetoip;
	log_error("Beginning pfblocker XMLRPC sync to {$url}:{$port}.");
	$method = 'pfsense.merge_installedpackages_section_xmlrpc';
	$msg = new XML_RPC_Message($method, $params);
	$cli = new XML_RPC_Client('/xmlrpc.php', $url, $port);
	$cli->setCredentials('admin', $password);
	if($g['debug'])
		$cli->setDebug(1);
	/* send our XMLRPC message and timeout after 250 seconds */
	$resp = $cli->send($msg, "250");
	if(!$resp) {
		$error = "A communications error occurred while attempting pfblocker XMLRPC sync with {$url}:{$port}.";
		log_error($error);
		file_notice("sync_settings", $error, "pfblocker Settings Sync", "");
	} elseif($resp->faultCode()) {
		$cli->setDebug(1);
		$resp = $cli->send($msg, "250");
		$error = "An error code was received while attempting pfblocker XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
		log_error($error);
		file_notice("sync_settings", $error, "pfblocker Settings Sync", "");
	} else {
		log_error("pfblocker XMLRPC sync successfully completed with {$url}:{$port}.");
	}
	
	/* tell pfblocker to reload our settings on the destionation sync host. */
	$method = 'pfsense.exec_php';
	$execcmd  = "require_once('/usr/local/pkg/pfblocker.inc');\n";
	$execcmd .= "sync_package_pfblocker();";
	
	/* assemble xmlrpc payload */
	$params = array(
		XML_RPC_encode($password),
		XML_RPC_encode($execcmd)
	);

	log_error("pfblocker XMLRPC reload data {$url}:{$port}.");
	$msg = new XML_RPC_Message($method, $params);
	$cli = new XML_RPC_Client('/xmlrpc.php', $url, $port);
	$cli->setCredentials('admin', $password);
	$resp = $cli->send($msg, "250");
	if(!$resp) {
		$error = "A communications error occurred while attempting pfblocker XMLRPC sync with {$url}:{$port} (pfsense.exec_php).";
		log_error($error);
		file_notice("sync_settings", $error, "pfblocker Settings Sync", "");
	} elseif($resp->faultCode()) {
		$cli->setDebug(1);
		$resp = $cli->send($msg, "250");
		$error = "An error code was received while attempting pfblocker XMLRPC exec with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
		log_error($error);
		file_notice("sync_settings", $error, "pfblocker Settings Sync", "");
	} else {
		log_error("pfblocker XMLRPC reload data success with {$url}:{$port} (pfsense.exec_php).");
	}

}

?>