""){
if (file_exists($pfbdir.'/'.$iso.'.txt'))
switch ($pfblocker_config['countryblock']){
case "inbound":
$ips_in.=file_get_contents($pfbdir.'/'.$iso.'.txt');
break;
case "outbound":
$ips_out.=file_get_contents($pfbdir.'/'.$iso.'.txt');
break;
case "both":
$ips_in.=file_get_contents($pfbdir.'/'.$iso.'.txt');
$ips_out.=file_get_contents($pfbdir.'/'.$iso.'.txt');
break;
case "whitelist":
$whitelist.=file_get_contents($pfbdir.'/'.$iso.'.txt');
break;
}
}
}
#Assign IP range lists
foreach ($pfblocker_config['row'] as $row){
$md5_url = md5($row['url']);
#print $row['action']."
";
if (file_exists($pfbdir."/".$md5_url.".txt")){
${$row['action']}.= file_get_contents($pfbdir.'/'.$md5_url.'.txt');
}
else{
if ($row['format'] == "gz")
$url_list= gzfile($row['url']);
else
$url_list= file_get_contents($row['url']);
#extract range lists
$new_file="";
foreach ($url_list as $line){
# CIDR format 192.168.0.0/16
if (preg_match("/(\d+\.\d+\.\d+\.\d+\/\d+)/",$line,$matches)){
${$row['action']}.= $matches[1]."\n";
$new_file.= $matches[1]."\n";
}
# Network range 192.168.0.0-192.168.0.254
if (preg_match("/(\d+\.\d+\.\d+\.\d+)-(\d+\.\d+\.\d+\.\d+)/",$line,$matches))
$cidr= pfblocker_Range2CIDR($matches[1],$matches[2]);
if ($cidr != ""){
${$row['action']}.= $cidr."\n";
$new_file.= $cidr."\n";
}
}
if ($new_file != "")
file_put_contents($pfbdir.'/'.$md5_url.'.txt',$new_file, LOCK_EX);
}
#print $row['url']."
" .$md5_url.".txt
";
#var_dump(gzfile($row['url']));
}
#create all country block lists based on gui
file_put_contents('/usr/local/pkg/pfb_in.txt',$ips_in, LOCK_EX);
#create all country block lists based on gui
file_put_contents('/usr/local/pkg/pfb_out.txt',$ips_out, LOCK_EX);
#write white_list to filesystem
file_put_contents('/usr/local/pkg/pfb_w.txt',$whitelist, LOCK_EX);
#edit or assign alias "pfblocker" and "pfblockerWL"
$aliases=$config['aliases']['alias'];
#print "
"; $new_aliases=array(); $pfBlockerInbound='/var/db/aliastables/pfBlockerInbound.txt'; if ($ips_in != ""){ #create or reaply alias $new_aliases[]=array("name"=> 'pfBlockerInbound', "url"=> $web_local.'?pfb=in', "updatefreq"=> "7", "address"=>"", "descr"=> "pfBlocker Inbound deny list", "type"=> "urltable", "detail"=> "DO NOT EDIT THIS ALIAS"); #force alias file update if (file_exists($pfBlockerInbound)) file_put_contents($pfBlockerInbound,$ips_in, LOCK_EX); } else{ #remove previous aliastable if exist if (file_exists($pfBlockerInbound)) unlink($pfBlockerInbound); } $pfBlockerOutbound='/var/db/aliastables/pfBlockerOutbound.txt'; if ($ips_out != ""){ #create or reaply alias $new_aliases[]=array("name"=> 'pfBlockerOutbound', "url"=> $web_local.'?pfb=out', "updatefreq"=> "7", "address"=>"", "descr"=> "pfBlocker Outbound deny list", "type"=> "urltable", "detail"=> "DO NOT EDIT THIS ALIAS"); #force alias file update if (file_exists($pfBlockerOutbound)) file_put_contents($pfBlockerOutbound,$ips_out, LOCK_EX); } else{ #remove previous aliastable if exist if (file_exists($pfBlockerOutbound)) unlink($pfBlockerOutbound); } $pfblockerWL='/var/db/aliastables/pfBlockerWL.txt'; if ($whitelist != ""){ #create or reaply alias $new_aliases[]=array("name"=> 'pfBlockerWL', "url"=> $web_local.'?pfb=white', "updatefreq"=> "7", "address"=>"", "descr"=> "pfBlocker White list", "type"=> "urltable", "detail"=> "DO NOT EDIT THIS ALIAS"); #force alias file update if (file_exists($pfblockerWL)) file_put_contents($pfblockerWL,$whitelist, LOCK_EX); } else{ #remove previous aliastable if exist if (file_exists($pfblockerWL)) unlink($pfblockerWL); } if (is_array($aliases)) foreach($aliases as $cbalias){ if (! preg_match("/pfBlocker.*list/",$cbalias['descr'])) $new_aliases[]= $cbalias; } $config['aliases']['alias']=$new_aliases; # check contryblock filter options $rules=$config['filter']['rule']; $ifaces = $pfblocker_config['inbound_interface']; foreach (explode(",", $ifaces) as $i => $iface) { if (pfb_text_area_decode($pfblocker_config['whitelist']) != ""){ ${$iface}[0]=array("id" => "", "type"=>"pass", "tag"=> "", "interface" => $iface, "tagged"=> "", "max"=> "", "max-src-nodes"=>"", "max-src-conn"=> "", "max-src-states"=>"", "statetimeout"=>"", "statetype"=>"keep state", "os"=> "", "source"=>array("address"=>"pfBlockerWL"), "destination"=>array("any"=>""), "descr"=>"pfBlocker Whitelist rule"); if ($pfblocker_config['enable_log']) ${$iface}[0]["log"]=""; } if ($ips_in != ""){ ${$iface}[1]=array( "id" => "", "type"=>"block", "tag"=> "", "interface" => $iface, "tagged"=> "", "max"=> "", "max-src-nodes"=>"", "max-src-conn"=> "", "max-src-states"=>"", "statetimeout"=>"", "statetype"=>"keep state", "os"=> "", "source"=>array("address"=>"pfBlockerInbound"), "destination"=>array("any"=>""), "descr"=>"pfBlocker Inbound deny rule"); if ($pfblocker_config['enable_log']) ${$iface}[1]["log"]=""; } } $ifaces = $pfblocker_config['outbound_interface']; foreach (explode(",", $ifaces) as $i => $iface) { if (pfb_text_area_decode($pfblocker_config['whitelist']) != ""){ ${$iface}[2]=array( "id" => "", "type"=>"pass", "tag"=> "", "interface" => $iface, "tagged"=> "", "max"=> "", "max-src-nodes"=>"", "max-src-conn"=> "", "max-src-states"=>"", "statetimeout"=>"", "statetype"=>"keep state", "os"=> "", "source"=>array("any"=>""), "destination"=>array("address"=>"pfBlockerWL"), "descr"=>"pfBlocker Whitelist rule"); if ($pfblocker_config['enable_log']) ${$iface}[2]["log"]=""; } if ($ips_out != ""){ ${$iface}[3]= array("id" => "", "type"=>"block", "tag"=> "", "interface" => $iface, "tagged"=> "", "max"=> "", "max-src-nodes"=>"", "max-src-conn"=> "", "max-src-states"=>"", "statetimeout"=>"", "statetype"=>"keep state", "os"=> "", "source"=>array("any"=>""), "destination"=>array("address"=>"pfBlockerOutbound"), "descr"=>"pfBlocker Outbound deny rule"); if ($pfblocker_config['enable_log']) ${$iface}[3]["log"]=""; } } $last_iface=""; foreach ($rules as $rule){ if ($rule['interface'] <> $last_iface){ $last_iface = $rule['interface']; #apply pfblocker rules if enabled if ($config['installedpackages']['pfblocker']['config'][0]['enable_cb'] == "on" && is_array(${$rule['interface']})) foreach (${$rule['interface']} as $cb_rules) $new_rules[]=$cb_rules; } if (!preg_match("/pfBlocker.*rule/",$rule['descr'])) $new_rules[]=$rule; } $config['filter']['rule']=$new_rules; #save and apply all changes write_config(); filter_configure(); pfblocker_sync_on_changes(); } function pfblocker_validate_input($post, &$input_errors) { foreach ($post as $key => $value) { if (empty($value)) continue; if($key == "greet_time" && !preg_match("/(\d+),(\d+)(s|m|h|w)/",$value)) $input_errors[] = "Wrong greet time sintax."; if($key == "message_size_limit" && !is_numeric($value)) $input_errors[] = "Message size limit must be numeric."; if($key == "process_limit" && !is_numeric($value)) $input_errors[] = "Process limit must be numeric."; if($key == "freq" && (!preg_match("/^\d+(h|m|d)$/",$value) || $value == 0)) $input_errors[] = "A valid number with a time reference is required for the field 'Frequency'"; if (substr($key, 0, 2) == "dc" && !is_hostname($value)) $input_errors[] = "{$value} is not a valid host name."; if (substr($key, 0, 6) == "domain" && is_numeric(substr($key, 6))) { if (!is_domain($value)) $input_errors[] = "{$value} is not a valid domain name."; } else if (substr($key, 0, 12) == "mailserverip" && is_numeric(substr($key, 12))) { if (empty($post['domain' . substr($key, 12)])) $input_errors[] = "Domain for {$value} cannot be blank."; if (!is_ipaddr($value) && !is_hostname($value)) $input_errors[] = "{$value} is not a valid IP address or host name."; } } } function pfblocker_php_install_command() { include_once '/usr/local/www/pfblocker.php'; pfblocker_get_countries(); sync_package_pfblocker(); } function pfblocker_php_deinstall_command() { global $config; $config['installedpackages']['pfblocker']['config'][0]['enable_cb']=""; write_config(); sync_package_pfblocker(); } /* Uses XMLRPC to synchronize the changes to a remote node */ function pfblocker_sync_on_changes() { global $config, $g; log_error("[pfblocker] pfblocker_xmlrpc_sync.php is starting."); $synconchanges = $config['installedpackages']['pfblockersync']['config'][0]['synconchanges']; if(!$synconchanges) return; foreach ($config['installedpackages']['pfblockersync']['config'] as $rs ){ foreach($rs['row'] as $sh){ $sync_to_ip = $sh['ipaddress']; $password = $sh['password']; if($password && $sync_to_ip) pfblocker_do_xmlrpc_sync($sync_to_ip, $password); } } log_error("[pfblocker] pfblocker_xmlrpc_sync.php is ending."); } /* Do the actual XMLRPC sync */ function pfblocker_do_xmlrpc_sync($sync_to_ip, $password) { global $config, $g; if(!$password) return; if(!$sync_to_ip) return; $xmlrpc_sync_neighbor = $sync_to_ip; if($config['system']['webgui']['protocol'] != "") { $synchronizetoip = $config['system']['webgui']['protocol']; $synchronizetoip .= "://"; } $port = $config['system']['webgui']['port']; /* if port is empty lets rely on the protocol selection */ if($port == "") { if($config['system']['webgui']['protocol'] == "http") $port = "80"; else $port = "443"; } $synchronizetoip .= $sync_to_ip; /* xml will hold the sections to sync */ $xml = array(); $xml['pfblocker'] = $config['installedpackages']['pfblocker']; $xml['pfblockertopspammers'] = $config['installedpackages']['pfblockertopspammers']; $xml['pfblockerafrica'] = $config['installedpackages']['pfblockerafrica']; $xml['pfblockerantartica'] = $config['installedpackages']['pfblockerantartica']; $xml['pfblockerasia'] = $config['installedpackages']['pfblockerasia']; $xml['pfblockereurope'] = $config['installedpackages']['pfblockereurope']; $xml['pfblockernorthamerica'] = $config['installedpackages']['pfblockernorthamerica']; $xml['pfblockeroceania'] = $config['installedpackages']['pfblockeroceania']; $xml['pfblockersouthamerica'] = $config['installedpackages']['pfblockersouthamerica']; /* assemble xmlrpc payload */ $params = array( XML_RPC_encode($password), XML_RPC_encode($xml) ); /* set a few variables needed for sync code borrowed from filter.inc */ $url = $synchronizetoip; log_error("Beginning pfblocker XMLRPC sync to {$url}:{$port}."); $method = 'pfsense.merge_installedpackages_section_xmlrpc'; $msg = new XML_RPC_Message($method, $params); $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); $cli->setCredentials('admin', $password); if($g['debug']) $cli->setDebug(1); /* send our XMLRPC message and timeout after 250 seconds */ $resp = $cli->send($msg, "250"); if(!$resp) { $error = "A communications error occurred while attempting pfblocker XMLRPC sync with {$url}:{$port}."; log_error($error); file_notice("sync_settings", $error, "pfblocker Settings Sync", ""); } elseif($resp->faultCode()) { $cli->setDebug(1); $resp = $cli->send($msg, "250"); $error = "An error code was received while attempting pfblocker XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); log_error($error); file_notice("sync_settings", $error, "pfblocker Settings Sync", ""); } else { log_error("pfblocker XMLRPC sync successfully completed with {$url}:{$port}."); } /* tell pfblocker to reload our settings on the destionation sync host. */ $method = 'pfsense.exec_php'; $execcmd = "require_once('/usr/local/pkg/pfblocker.inc');\n"; $execcmd .= "sync_package_pfblocker();"; /* assemble xmlrpc payload */ $params = array( XML_RPC_encode($password), XML_RPC_encode($execcmd) ); log_error("pfblocker XMLRPC reload data {$url}:{$port}."); $msg = new XML_RPC_Message($method, $params); $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); $cli->setCredentials('admin', $password); $resp = $cli->send($msg, "250"); if(!$resp) { $error = "A communications error occurred while attempting pfblocker XMLRPC sync with {$url}:{$port} (pfsense.exec_php)."; log_error($error); file_notice("sync_settings", $error, "pfblocker Settings Sync", ""); } elseif($resp->faultCode()) { $cli->setDebug(1); $resp = $cli->send($msg, "250"); $error = "An error code was received while attempting pfblocker XMLRPC exec with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); log_error($error); file_notice("sync_settings", $error, "pfblocker Settings Sync", ""); } else { log_error("pfblocker XMLRPC reload data success with {$url}:{$port} (pfsense.exec_php)."); } } ?>