diff --git a/net/pfSense-pkg-pfBlockerNG/Makefile b/net/pfSense-pkg-pfBlockerNG/Makefile index 7ebac376dd12..97203588853e 100644 --- a/net/pfSense-pkg-pfBlockerNG/Makefile +++ b/net/pfSense-pkg-pfBlockerNG/Makefile @@ -1,7 +1,7 @@ # $FreeBSD$ PORTNAME= pfSense-pkg-pfBlockerNG -PORTVERSION= 2.0.1 +PORTVERSION= 2.0.2 CATEGORIES= net MASTER_SITES= # empty DISTFILES= # empty diff --git a/net/pfSense-pkg-pfBlockerNG/files/usr/local/pkg/pfblockerng.xml b/net/pfSense-pkg-pfBlockerNG/files/usr/local/pkg/pfblockerng.xml index c7f2c068539a..41bbdb8f7503 100644 --- a/net/pfSense-pkg-pfBlockerNG/files/usr/local/pkg/pfblockerng.xml +++ b/net/pfSense-pkg-pfBlockerNG/files/usr/local/pkg/pfblockerng.xml @@ -48,7 +48,7 @@ Describe your package requirements here Currently there are no FAQ items provided. pfblockerng - 2.0 + 2.0.2 pfBlockerNG: General Settings /usr/local/pkg/pfblockerng/pfblockerng.inc pfBlockerNG: Save General Settings @@ -214,23 +214,20 @@ Enable pfBlockerNG enable_cb + Enable/Disable checkbox - Enable/Disable]]> - - begin + Keep Settings pfb_keep + Keep settings checkbox - Note: - with 'Keep settings' enabled, pfBlockerNG will maintain run state - on Installation/Upgrade
If 'Keep Settings' is not 'enabled' on pkg Install/De-Install, all settings will be Wiped!

+ Note: - with 'Keep settings' enabled, pfBlockerNG will maintain run state + on Installation/Upgrade.
If 'Keep Settings' is not 'enabled' on pkg Install/De-Install, all settings will be Wiped!

Note: To clear all downloaded lists, uncheck these two checkboxes and 'Save'. re-check both boxes and run a 'Force Update']]> - + on - - - end CRON Settings @@ -240,8 +237,7 @@ Hour Interval pfb_interval Every hour
- Select the cron hour interval. The interval selected will be used with the start min/hour below.
- Ensure that all list 'Update settings' are within the selected interval/start hour settings.]]> + Select the Cron hour interval.]]> select @@ -261,7 +257,7 @@ Start Min pfb_min :00
- Select Cron Update Minute]]> + Select the Cron update minute.]]> select @@ -277,7 +273,7 @@ Start Hour pfb_hour 0
- Select the start hour]]> + Select the Cron start hour.]]> select @@ -312,7 +308,7 @@ Start Hour]]> pfb_dailystart - 0
This is used by the 'Daily/Weekly' scheduler only.]]> + 0
Select the 'Daily/Weekly' start hour.]]> select @@ -347,10 +343,10 @@ Enable De-Duplication enable_dup checkbox - Only for IPv4 Lists + Only used for IPv4 Deny Lists - Enable Aggregation of CIDRs + Enable CIDR Aggregation enable_agg checkbox Optimise CIDRs (not recommended for slow systems with large lists) @@ -358,33 +354,33 @@ Enable Suppression suppression - checkbox - - Country blocking lists cannot be suppressed.
This will also remove any RFC1918 addresses from all lists.

- Alerts can be suppressed using the '+' icon in the Alerts tab and IPs added to the 'pfBlockerNGSuppress' alias
+
+ Alerts can be suppressed using the '+' icon in the Alerts tab and IPs added to the 'pfBlockerNGSuppress' alias A blocked IP in a CIDR other than /32 or /24 will need a 'Whitelist alias' w/ list action: 'Permit Outbound' Firewall rule -
Do not use the pfBlockerNGSuppress Alias in a Firewall Rule. +

Do not use the pfBlockerNGSuppress Alias in a Firewall Rule. This alias is used during the cron download process only.]]> - + + checkbox Global Enable Logging enable_log checkbox - - This overrides any log settings in the Alias tabs.]]> + Firewall Rule logging - Enable Global logging to [ Status: System Logs: FIREWALL Log ] + This overrides any log settings in the Alias tabs. - Disable MaxMind Country database CRON updates + Disable MaxMind Updates database_cc checkbox - - This does not affect the MaxMind binary cron task]]> + This will disable the MaxMind monthly Country database Cron update. + This does not affect the MaxMind binary cron task. - Max daily download failure threshold + Download Failure Threshold skipfeed 0 (Disabled)
Select max daily download failure threshold via CRON. Clear widget 'failed downloads' to reset.]]> @@ -402,12 +398,12 @@ 0 - Restore previous download on failure + Restore on Failure restore_feed - checkbox - Enabled
+ Enabled
When 'selected', on a download failure, the previously downloaded list is restored.]]> - + + checkbox on @@ -497,15 +493,15 @@ Floating Rules enable_float checkbox - Enabled: Auto-rules will be generated in the 'Floating Rules' tab

- Disabled: Auto-rules will be generated in the selected Inbound/Outbound interfaces

+ Enabled: Auto-rules will be generated in the 'Floating Rules' tab
+ Disabled: Auto-rules will be generated in the selected Inbound/Outbound interfaces
Rules will be ordered by the selection below.]]> - + Rule Order pass_order - Default Order: | pfB_Block/Reject | All other Rules | (original format)

+ | pfB_Block/Reject | All other Rules | (original format)

Select The 'Order' of the Rules
 Selecting 'original format', sets pfBlockerNG rules at the top of the Firewall TAB.
 Selecting any other 'Order' will re-order all the rules to the format indicated!]]> @@ -536,10 +532,10 @@ Kill States killstates - checkbox - - Firewall states will be cleared.]]> + When 'Enabled', after a cron event or any 'Force' commands, any blocked IPs found in the + Firewall states will be cleared. + checkbox @@ -548,7 +544,6 @@ Credits credits - info pfBlockerNG Created in 2015 by BBcan177.

Based upon pfBlocker by Marcello Coutinho and Tom Schaefer.
@@ -556,17 +551,19 @@ MaxMind Inc. @ MaxMind.com. The database is automatically updated the first Tuesday of each month]]> + info Support - info - If you like this package, please support the developer @ BBCan177@gmail.com.]]> + If you like this package, please support the developer @ BBCan177@gmail.com + ]]> + info - Click to SAVE Settings and/or Rule edits.   Changes are applied via CRON or - 'Force Update']]> +
Click to SAVE Settings and/or Rule edits.   Changes are applied via CRON or + 'Force Update'
]]> listtopic @@ -592,4 +589,4 @@ sync_package_pfblockerng(); ]]> - \ No newline at end of file + diff --git a/net/pfSense-pkg-pfBlockerNG/files/usr/local/pkg/pfblockerng/pfblockerng.inc b/net/pfSense-pkg-pfBlockerNG/files/usr/local/pkg/pfblockerng/pfblockerng.inc index c08291dbd85b..36c92cb0e24c 100644 --- a/net/pfSense-pkg-pfBlockerNG/files/usr/local/pkg/pfblockerng/pfblockerng.inc +++ b/net/pfSense-pkg-pfBlockerNG/files/usr/local/pkg/pfblockerng/pfblockerng.inc @@ -48,13 +48,6 @@ require_once('/usr/local/pkg/pfblockerng/pfblockerng_extra.inc'); // 'include fu global $g, $config, $pfb; -$pfs_version = substr(trim(file_get_contents('/etc/version')), 0, 3); -if ($pfs_version == '2.2') { - $pfb['prefix'] = '/usr/pbi/pfblockerng-' . php_uname('m'); -} else { - $pfb['prefix'] = '/usr/local'; -} - // Folders $pfb['dbdir'] = "{$g['vardb_path']}/pfblockerng"; $pfb['aliasdir'] = "{$g['vardb_path']}/aliastables"; @@ -68,8 +61,8 @@ $pfb['origdir'] = "{$pfb['dbdir']}/original"; $pfb['dnsdir'] = "{$pfb['dbdir']}/dnsbl"; $pfb['dnsorigdir'] = "{$pfb['dbdir']}/dnsblorig"; $pfb['dnsalias'] = "{$pfb['dbdir']}/dnsblalias"; -$pfb['geoipshare'] = "{$pfb['prefix']}/share/GeoIP"; -$pfb['ccdir'] = "{$pfb['prefix']}/share/GeoIP/cc"; +$pfb['geoipshare'] = '/usr/local/share/GeoIP'; +$pfb['ccdir'] = '/usr/local/share/GeoIP/cc'; // Application Paths $pfb['grep'] = '/usr/bin/grep'; @@ -96,7 +89,7 @@ $pfb['dnsbl_info'] = "{$pfb['dbdir']}/dnsbl_info"; $pfb['dnsbl_conf'] = '/var/unbound/pfb_dnsbl_lighty.conf'; $pfb['dnsbl_cert'] = '/var/unbound/dnsbl_cert.pem'; $pfb['script'] = '/usr/local/pkg/pfblockerng/pfblockerng.sh'; -$pfb['aliasarchive'] = "{$pfb['prefix']}/etc/aliastables.tar.bz2"; +$pfb['aliasarchive'] = '/usr/local/etc/aliastables.tar.bz2'; // Unbound files and folders $pfb['dnsbl_file'] = '/var/unbound/pfb_dnsbl'; // Filename Extension not referenced @@ -198,8 +191,9 @@ function pfb_global() { $pfb['24hour'] = $pfb['config']['pfb_dailystart']; // Start hour of the 'Once a day' schedule $pfb['iplocal'] = $config['interfaces']['lan']['ipaddr']; // Lan IP address $pfb['dnsbl'] = $pfb['dnsblconfig']['pfb_dnsbl']; // Enabled state of DNSBL - $pfb['dnsbl_port'] = $pfb['dnsblconfig']['pfb_dnsport'] ?: ''; // Lighttpd web server http port setting - $pfb['dnsbl_port_ssl'] = $pfb['dnsblconfig']['pfb_dnsport_ssl']?: ''; // Lighttpd web server https port setting + $pfb['dnsbl_port'] = $pfb['dnsblconfig']['pfb_dnsport']; // Lighttpd web server http port setting + $pfb['dnsbl_port_ssl'] = $pfb['dnsblconfig']['pfb_dnsport_ssl']; // Lighttpd web server https port setting + $pfb['dnsbl_alexa'] = $pfb['dnsblconfig']['alexa_enable']; // Alexa whitelist // Restore previous download on failure (default to 'on') $pfb['restore'] = $pfb['config']['restore_feed'] != '' ? $pfb['config']['restore_feed'] : 'on'; @@ -890,11 +884,11 @@ function pfblockerng_alexa() { // Array of TLDs to include in Whitelist $pfb_include = array_flip(explode(',', $pfb['dnsbl_alexa_inc'])); - if (($handle = fopen("{$pfb['dbdir']}/top-1m.csv", 'r')) !== FALSE) { - $pfb_output = fopen("{$pfb['dbdir']}/pfbalexawhitelist.txt", 'w'); + if (($handle = @fopen("{$pfb['dbdir']}/top-1m.csv", 'r')) !== FALSE) { + $pfb_output = @fopen("{$pfb['dbdir']}/pfbalexawhitelist.txt", 'w'); for ($x=1; $x <= $pfb['dnsbl_alexa_cnt']; ++$x) { - $aline = fgetcsv($handle); + $aline = @fgetcsv($handle); // Collect Domain TLD $tld = array_pop(explode('.', $aline[1])); @@ -917,8 +911,8 @@ function pfblockerng_alexa() { $log = "\nAlexa conversion Failed. File: top-1m.csv, not found.\n"; pfb_logger("{$log}", 2); } - fclose($handle); - fclose($pfb_output); + @fclose($handle); + @fclose($pfb_output); } @@ -1126,7 +1120,7 @@ function pfb_download($list_url, $file_dwn, $pflex=FALSE, $header, $format, $log // Download using cURL else { - if (($fhandle = fopen("{$file_dwn}.raw", 'w')) !== FALSE) { + if (($fhandle = @fopen("{$file_dwn}.raw", 'w')) !== FALSE) { if (!($ch = curl_init($list_url))) { $log = "\nFailed to create cURL resource... Exiting...\n"; pfb_logger("{$log}", "{$logtype}"); @@ -1191,7 +1185,7 @@ function pfb_download($list_url, $file_dwn, $pflex=FALSE, $header, $format, $log } curl_close($ch); } - fclose($fhandle); + @fclose($fhandle); } } @@ -1210,17 +1204,17 @@ function pfb_download($list_url, $file_dwn, $pflex=FALSE, $header, $format, $log } else { pfb_logger('.', 1); - $pfb_output = fopen("{$file_dwn}.orig", 'w'); - if (($fhandle = gzopen("{$file_dwn}.raw", 'r')) !== FALSE) { - if (($fhandle = gzopen("{$file_dwn}.raw", 'r')) !== FALSE) { - while (($line = gzgets($fhandle, 1024)) !== FALSE) { + $pfb_output = @fopen("{$file_dwn}.orig", 'w'); + if (($fhandle = @gzopen("{$file_dwn}.raw", 'r')) !== FALSE) { + if (($fhandle = @gzopen("{$file_dwn}.raw", 'r')) !== FALSE) { + while (($line = @gzgets($fhandle, 1024)) !== FALSE) { fwrite($pfb_output, $line); } } $retval = 0; } - gzclose($fhandle); - fclose($pfb_output); + @gzclose($fhandle); + @fclose($pfb_output); } } elseif ($file_type == 'application/x-bzip2') { @@ -1661,7 +1655,7 @@ function pfb_livetail($logfile, $mode) { //file deleted or reset $lastpos = $len; } else { - $f = fopen("{$logfile}", 'rb+'); + $f = @fopen("{$logfile}", 'rb+'); if ($f === false) { break; } @@ -1682,11 +1676,11 @@ function pfb_livetail($logfile, $mode) { } $lastpos = ftell($f); - fclose($f); + @fclose($f); // Capture remaining output if ($mode != 'view' && strpos($pfb_output, 'UPDATE PROCESS ENDED') !== FALSE) { - $f = fopen($pfb['log'], 'rb'); + $f = @fopen($pfb['log'], 'rb'); fseek($f, $lastpos); $pfb_buffer = fread($f, 2048); $pfb_output .= str_replace( "\r", '', $pfb_buffer); @@ -1694,7 +1688,7 @@ function pfb_livetail($logfile, $mode) { clearstatcache(false, $pfb['log']); ob_flush(); flush(); - fclose($f); + @fclose($f); // Call log mgmt function pfb_log_mgmt(); @@ -1722,21 +1716,21 @@ function pfb_livetail($logfile, $mode) { if (!empty($pfb_query)) { // Increment DNSBL Alias counter - if (($handle = fopen("{$pfb['dnsbl_info']}", 'r')) !== FALSE) { + if (($handle = @fopen("{$pfb['dnsbl_info']}", 'r')) !== FALSE) { flock($handle, LOCK_EX); - $pfb_output = fopen("{$pfb['dnsbl_info']}.bk", 'w'); + $pfb_output = @fopen("{$pfb['dnsbl_info']}.bk", 'w'); flock($pfb_output, LOCK_EX); // Find line with corresponding DNSBL Aliasname - while (($line = fgetcsv($handle)) !== FALSE) { + while (($line = @fgetcsv($handle)) !== FALSE) { if ($line[0] == $pfb_query) { $line[3] += 1; } fputcsv($pfb_output, $line); } - fclose($pfb_output); - fclose($handle); + @fclose($pfb_output); + @fclose($handle); @rename ("{$pfb['dnsbl_info']}.bk", "{$pfb['dnsbl_info']}"); } } @@ -1753,7 +1747,7 @@ function pfb_livetail($logfile, $mode) { if ($tlen > $lastpos) { $tlen = $tlen - $lastpos; ftruncate($f, $tlen); - fclose($f); + @fclose($f); $lastpos = $tlen; } } @@ -1858,7 +1852,6 @@ function sync_package_pfblockerng($cron='') { $pfb['dnsbl_iface'] = $pfb['dnsblconfig']['dnsbl_interface']?: 'lan'; // VIP Local Interface setting $pfb['dnsbl_ip'] = $pfb['dnsblconfig']['action'] ?: 'Disabled'; // Enable/Disable IP blocking from DNSBL lists $pfb['dnsbl_rule'] = $pfb['dnsblconfig']['pfb_dnsbl_rule'] ?: 'Disabled'; // Auto create a Floating Pass Rule for other Lan subnets - $pfb['dnsbl_alexa'] = $pfb['dnsblconfig']['alexa_enable'] ?: 'Disabled'; // Enable Alexa whitelist $pfb['dnsbl_alexa_cnt'] = $pfb['dnsblconfig']['alexa_count'] ?: '1000'; // Alexa whitelist domain setting $pfb['dnsbl_alexa_inc'] = $pfb['dnsblconfig']['alexa_inclusion'] ?: ''; // Alexa TLDs inclusions for whitelisting @@ -2504,8 +2497,8 @@ function sync_package_pfblockerng($cron='') { $e_skip = $e_found = FALSE; // Variables for Easylists $fail_list = ''; $csvfail = $ipcount = $ip_cnt = 0; - if (($fhandle = fopen("{$file_dwn}.orig", 'r')) !== FALSE) { - while (($line = fgets($fhandle, 3072)) !== FALSE) { + if (($fhandle = @fopen("{$file_dwn}.orig", 'r')) !== FALSE) { + while (($line = @fgets($fhandle, 3072)) !== FALSE) { // On 'category match', parse EasyList feed if (isset($easylist)) { @@ -2745,7 +2738,7 @@ function sync_package_pfblockerng($cron='') { } } } - fclose($fhandle); + @fclose($fhandle); unset($csvline, $easylist); // Unset variables // Remove duplicates and save any IPs found in domain feed @@ -2827,16 +2820,16 @@ function sync_package_pfblockerng($cron='') { if ($pfb['aliasupdate']) { // Create master alias file - $pfb_output = fopen("{$pfb['dnsalias']}/{$alias}", 'w'); + $pfb_output = @fopen("{$pfb['dnsalias']}/{$alias}", 'w'); foreach ($lists_dnsbl_current as $clist) { - if (($handle = fopen("{$pfbfolder}/{$clist}.txt", 'r')) !== FALSE) { - while (($line = fgets($handle, 3072)) !== FALSE) { + if (($handle = @fopen("{$pfbfolder}/{$clist}.txt", 'r')) !== FALSE) { + while (($line = @fgets($handle, 3072)) !== FALSE) { fwrite($pfb_output, $line); } } - fclose($handle); + @fclose($handle); } - fclose($pfb_output); + @fclose($pfb_output); // Update domain alias statistics $dns_now = date('M d G:i', time()); @@ -2887,14 +2880,14 @@ function sync_package_pfblockerng($cron='') { } // Save alias statistics to file (Remove any feeds that are not referenced) - $handle = fopen("{$pfb['dnsbl_info']}", 'w'); + $handle = @fopen("{$pfb['dnsbl_info']}", 'w'); fwrite($handle, "# Keeping this file open in a file editor will interrupt DNSBL!\n"); foreach ($dnsbl_info as $alias) { if (in_array($alias[0], $alias_dnsbl_all)) { fputcsv($handle, $alias); } } - fclose($handle); + @fclose($handle); } // Create DNSBL firewall rules/alias if action permits @@ -2921,16 +2914,16 @@ function sync_package_pfblockerng($cron='') { $dnsbl_ip = glob("{$pfb['dnsdir']}/*.ip"); if (!empty($dnsbl_ip)) { if ($pfb['updateip'] || !file_exists("{$pfb['aliasdir']}/pfB_DNSBLIP.txt")) { - $pfb_ips = fopen("{$pfb['aliasdir']}/pfB_DNSBLIP.txt", 'w'); + $pfb_ips = @fopen("{$pfb['aliasdir']}/pfB_DNSBLIP.txt", 'w'); foreach ($dnsbl_ip as $d_ip) { - if (($handle = fopen("{$d_ip}", 'r')) !== FALSE) { - while (($line = fgets($handle, 1024)) !== FALSE) { + if (($handle = @fopen("{$d_ip}", 'r')) !== FALSE) { + while (($line = @fgets($handle, 1024)) !== FALSE) { fwrite($pfb_ips, $line); } } - fclose($handle); + @fclose($handle); } - fclose($pfb_ips); + @fclose($pfb_ips); } // Update DNSBL_IPs aliastable @@ -2967,16 +2960,16 @@ function sync_package_pfblockerng($cron='') { if ($pfb['domain_update']) { if (!empty($lists_dnsbl_all)) { pfb_logger("\n\n------------------------------------------\nAssembling database...", 1); - $pfb_output = fopen("{$pfb['dnsbl_file']}.raw", 'w'); + $pfb_output = @fopen("{$pfb['dnsbl_file']}.raw", 'w'); foreach ($lists_dnsbl_all as $current_list) { - if (($handle = fopen("{$pfb['dnsdir']}/{$current_list}.txt", 'r')) !== FALSE) { - while (($line = fgets($handle, 3072)) !== FALSE) { + if (($handle = @fopen("{$pfb['dnsdir']}/{$current_list}.txt", 'r')) !== FALSE) { + while (($line = @fgets($handle, 3072)) !== FALSE) { fwrite($pfb_output, $line); } } - fclose($handle); + @fclose($handle); } - fclose($pfb_output); + @fclose($pfb_output); // Perform sort and uniq on DNSBL database File. Validation of file required before use. exec("{$pfb['cat']} {$pfb['dnsbl_file']}.raw | /usr/bin/sort | /usr/bin/uniq > {$pfb['dnsbl_file']}.tmp && /bin/rm -f {$pfb['dnsbl_file']}.raw"); @@ -3409,8 +3402,8 @@ function sync_package_pfblockerng($cron='') { } } - if (($fhandle = fopen("{$file_dwn}.orig", 'r')) !== FALSE) { - while (($line = fgets($fhandle, 1024)) !== FALSE) { + if (($fhandle = @fopen("{$file_dwn}.orig", 'r')) !== FALSE) { + while (($line = @fgets($fhandle, 1024)) !== FALSE) { // Record original line for regex matching, if required. $oline = $line; @@ -3551,7 +3544,7 @@ function sync_package_pfblockerng($cron='') { pfb_logger("{$log}", 2); } } - fclose($fhandle); + @fclose($fhandle); pfb_logger("\n", 1); if (!$custom) { diff --git a/net/pfSense-pkg-pfBlockerNG/files/usr/local/pkg/pfblockerng/pfblockerng.sh b/net/pfSense-pkg-pfBlockerNG/files/usr/local/pkg/pfblockerng/pfblockerng.sh index ace6dbfe98de..bb139a96d3dc 100644 --- a/net/pfSense-pkg-pfBlockerNG/files/usr/local/pkg/pfblockerng/pfblockerng.sh +++ b/net/pfSense-pkg-pfBlockerNG/files/usr/local/pkg/pfblockerng/pfblockerng.sh @@ -13,21 +13,13 @@ # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. -pfs_version=$(/bin/cat /etc/version | /usr/bin/cut -c 1-3) -if [ "${pfs_version}" = '2.2' ]; then - mtype=$(/usr/bin/uname -m) - prefix="/usr/pbi/pfblockerng-${mtype}" -else - prefix='/usr/local' -fi - now=$(/bin/date +%m/%d/%y' '%T) # Application Locations -pathgrepcidr="${prefix}/bin/grepcidr" -pathaggregate="${prefix}/bin/aggregate" -pathmwhois="${prefix}/bin/mwhois" -pathgeoip="${prefix}/bin/geoiplookup" +pathgrepcidr="/usr/local/bin/grepcidr" +pathaggregate="/usr/local/bin/aggregate" +pathmwhois="/usr/local/bin/mwhois" +pathgeoip="/usr/local/bin/geoiplookup" pathgunzip=/usr/bin/gunzip pathhost=/usr/bin/host pathtar=/usr/bin/tar @@ -44,8 +36,8 @@ etblock="$(echo ${8} | sed 's/,/, /g')" etmatch="$(echo ${9} | sed 's/,/, /g')" # File Locations -aliasarchive="${prefix}/etc/aliastables.tar.bz2" -pathgeoipdat="${prefix}/share/GeoIP/GeoIP.dat" +aliasarchive="/usr/local/etc/aliastables.tar.bz2" +pathgeoipdat="/usr/local/share/GeoIP/GeoIP.dat" pfbsuppression=/var/db/pfblockerng/pfbsuppression.txt pfbalexa=/var/db/pfblockerng/pfbalexawhitelist.txt masterfile=/var/db/pfblockerng/masterfile @@ -978,4 +970,4 @@ case "${1}" in *) ;; esac -exitnow \ No newline at end of file +exitnow diff --git a/net/pfSense-pkg-pfBlockerNG/files/usr/local/pkg/pfblockerng/pfblockerng_dnsbl.xml b/net/pfSense-pkg-pfBlockerNG/files/usr/local/pkg/pfblockerng/pfblockerng_dnsbl.xml index 250d2e121325..edd6ca3d6489 100644 --- a/net/pfSense-pkg-pfBlockerNG/files/usr/local/pkg/pfblockerng/pfblockerng_dnsbl.xml +++ b/net/pfSense-pkg-pfBlockerNG/files/usr/local/pkg/pfblockerng/pfblockerng_dnsbl.xml @@ -147,9 +147,9 @@ Enable DNSBL pfb_dnsbl checkbox - + To Utilize, Unbound DNS Resolver must be enabled.]]> - + DNSBL Virtual IP @@ -170,7 +170,7 @@ input 3 - Enter a  single PORT  that is in the range of 1 - 65535

+ Enter a  single PORT  that is in the range of 1 - 65535
This Port must not be in use by any other process.]]> 8081 @@ -181,7 +181,7 @@ input 3 - Enter a  single PORT  that is in the range of 1 - 65535

+ Enter a  single PORT  that is in the range of 1 - 65535
This Port must not be in use by any other process.]]> 8443 @@ -225,7 +225,8 @@ List Action - Disabled

+ Disabled +
Select the Action for Firewall Rules when any DNSBL Feed contain IP addresses.

'Disabled' Rule: Disables selection and does nothing to selected Alias.

@@ -239,7 +240,7 @@ still allowing deliberate outgoing sessions to be created in the other direction. 'Alias' Rule:
'Alias' rules create an alias for the list (and do nothing else). - This enables a pfBlockerNG list to be used by name, in any firewall rule or pfSense function, as desired.]]> + This enables a pfBlockerNG list to be used by name, in any firewall rule or pfSense function, as desired.
]]> action select @@ -270,7 +271,7 @@ info - Note: In general, Auto-Rules are created as follows:
+ Note:  In general, Auto-Rules are created as follows:
    Inbound  - 'any' port, 'any' protocol and 'any' destination
    Outbound - 'any' port, 'any' protocol and 'any' destination address in the lists
Configuring the Adv. Inbound Rule settings, will allow for more customization of the Inbound Auto-Rules.
@@ -321,9 +322,9 @@ Invert autonot - Invert - Option to invert the sense of the match.
- ie - Not (!) Destination Address(es)]]> - + Invert - Option to invert the sense of the match.
+ ie - Not (!) Destination Address(es)]]> + checkbox @@ -351,8 +352,8 @@ Enable Alexa alexa_enable - Top 1 million sites list. - (Global 1 month average traffic ranking)

+ Top 1 million sites list. + (Global 1 month average traffic ranking)
Alexa can be used to whitelist the most popular domain names to avoid false positives. To use this feature, select the number of 'Top Domains' to whitelist. You can also 'include' which TLDs to whitelist.
@@ -365,7 +366,7 @@ The complete 'Top 1M list' can be downloaded from Here (Database is free to use.)
When enabled, this list will be automatically updated once per month along with the MaxMind Database.]]> - + checkbox @@ -594,4 +595,4 @@ sync_package_pfblockerng(); ]]> - \ No newline at end of file + diff --git a/net/pfSense-pkg-pfBlockerNG/files/usr/local/pkg/pfblockerng/pfblockerng_dnsbl_easylist.xml b/net/pfSense-pkg-pfBlockerNG/files/usr/local/pkg/pfblockerng/pfblockerng_dnsbl_easylist.xml index f416e7d8dd88..76045d76f996 100644 --- a/net/pfSense-pkg-pfBlockerNG/files/usr/local/pkg/pfblockerng/pfblockerng_dnsbl_easylist.xml +++ b/net/pfSense-pkg-pfBlockerNG/files/usr/local/pkg/pfblockerng/pfblockerng_dnsbl_easylist.xml @@ -141,7 +141,7 @@ 90 - EasyList Feeds]]> + EasyList Feeds rowhelper @@ -281,4 +281,4 @@ sync_package_pfblockerng(); ]]> - \ No newline at end of file + diff --git a/net/pfSense-pkg-pfBlockerNG/files/usr/local/pkg/pfblockerng/pfblockerng_dnsbl_lists.xml b/net/pfSense-pkg-pfBlockerNG/files/usr/local/pkg/pfblockerng/pfblockerng_dnsbl_lists.xml index e07ee0c1cae6..cfc207efe2c1 100644 --- a/net/pfSense-pkg-pfBlockerNG/files/usr/local/pkg/pfblockerng/pfblockerng_dnsbl_lists.xml +++ b/net/pfSense-pkg-pfBlockerNG/files/usr/local/pkg/pfblockerng/pfblockerng_dnsbl_lists.xml @@ -161,18 +161,18 @@ InfoLists info - 'Format': Select the Format type.

- 'State': Select the run state.

+ 'Format': Select the Format type.
+ 'State': Select the run state.
'Source': -
  • 'Local File': http(s)://127.0.0.1/filename + Adaway)
    • +
  • 'Local File': http(s)://127.0.0.1/filename  or  /var/db/pfblockerng/filename
'Header/Label': This field must be unique. This names the file and is referenced in the widget.  (ie: hpHosts_ads, hpHosts_partial)

- AdBlock Easylists cannot be used in this Tab

]]> + AdBlock Easylists cannot be used in this Tab.]]> @@ -330,4 +330,4 @@ sync_package_pfblockerng(); ]]> - \ No newline at end of file + diff --git a/net/pfSense-pkg-pfBlockerNG/files/usr/local/pkg/pfblockerng/pfblockerng_install.inc b/net/pfSense-pkg-pfBlockerNG/files/usr/local/pkg/pfblockerng/pfblockerng_install.inc index 9c48b6472525..bb94b4908547 100644 --- a/net/pfSense-pkg-pfBlockerNG/files/usr/local/pkg/pfblockerng/pfblockerng_install.inc +++ b/net/pfSense-pkg-pfBlockerNG/files/usr/local/pkg/pfblockerng/pfblockerng_install.inc @@ -31,39 +31,17 @@ */ +require_once('pfsense-utils.inc'); require_once('/usr/local/pkg/pfblockerng/pfblockerng.inc'); require_once('/usr/local/www/pfblockerng/pfblockerng.php'); -global $config, $pfb, $static_output; +global $config, $pfb; +set_language($config['system']['language']); pfb_global(); -function update_static_output($text) { - global $static_output; - - $static_output .= "{$text}"; - update_output_window("{$static_output}"); - return; -} - // Set 'Install flag' to skip sync process during installations. $g['pfblockerng_install'] = true; -// Remove previous ccdir location files if exist -$old_ccfiles = glob('/usr/pbi/pfblockerng-' . php_uname('m') . '/share/GeoIP/*_v?.txt'); -if (!empty($old_ccfiles)) { - foreach ($old_ccfiles as $oldfile) { - unlink_if_exists("{$oldfile}"); - } -} - -$pfs_version = substr(trim(file_get_contents('/etc/version')), 0, 3); -if ($pfs_version == '2.2') { - $pfb['prefix'] = '/usr/pbi/pfblockerng-' . php_uname('m'); -} else { - $pfb['prefix'] = '/usr/local'; -} -$pfb['geoipshare'] = "{$pfb['prefix']}/share/GeoIP"; - $pfb['maxmind'][0]['url'] = 'http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz'; $pfb['maxmind'][0]['file_dwn'] = 'GeoIP.dat.gz'; $pfb['maxmind'][0]['file'] = 'GeoIP.dat'; @@ -82,20 +60,21 @@ $pfb['maxmind'][4]['file'] = 'GeoIPv6.csv'; // Only download MaxMind Database if files do not exist. $maxmind_verify = 0; +$pfb['geoipshare'] = '/usr/local/share/GeoIP'; if (!file_exists("{$pfb['geoipshare']}/{$pfb['maxmind'][0]['file']}") || !file_exists("{$pfb['geoipshare']}/{$pfb['maxmind'][1]['file']}") || !file_exists("{$pfb['geoipshare']}/{$pfb['maxmind'][2]['file']}") || !file_exists("{$pfb['geoipshare']}/{$pfb['maxmind'][3]['file']}") || !file_exists("{$pfb['geoipshare']}/{$pfb['maxmind'][4]['file']}")) { - update_static_output("\nDownloading MaxMind Country databases. This may take a minute...\n"); + update_status("\nDownloading MaxMind Country databases. This may take a minute...\n"); foreach ($pfb['maxmind'] as $feed) { $file_dwn = "{$pfb['geoipshare']}/{$feed['file_dwn']}"; - if (($fhandle = fopen("{$file_dwn}", 'w')) !== FALSE) { - update_static_output(" {$feed['file']}..."); + if (($fhandle = @fopen("{$file_dwn}", 'w')) !== FALSE) { + update_status(" {$feed['file']}..."); if (!($ch = curl_init("{$feed['url']}"))) { - update_static_output(" Failed to create cURL resource.\n"); + update_status(" Failed to create cURL resource.\n"); break; } @@ -116,7 +95,7 @@ if (!file_exists("{$pfb['geoipshare']}/{$pfb['maxmind'][0]['file']}") || } $curl_error = curl_errno($ch); - update_static_output(" cURL Error: {$curl_error}. ", 1); + update_status(" cURL Error: {$curl_error}. ", 1); } $http_status = curl_getinfo($ch, CURLINFO_HTTP_CODE); @@ -127,47 +106,47 @@ if (!file_exists("{$pfb['geoipshare']}/{$pfb['maxmind'][0]['file']}") || exec("/usr/bin/tar -xOf {$file_dwn} > {$pfb['geoipshare']}/{$feed['file']}"); unlink_if_exists("{$file_dwn}"); } - update_static_output(" done.\n"); + update_status(" done.\n"); $maxmind_verify += 1; } else { - update_static_output(" failed!\n"); + update_status(" failed!\n"); break; } } curl_close($ch); - fclose($fhandle); + @fclose($fhandle); } if ($maxmind_verify != 5) { - update_static_output(" MaxMind download failed!\nFetching MaxMind archive from pfSense package repo..."); + update_status(" MaxMind download failed!\nFetching MaxMind archive from pfSense package repo..."); // Fetch archived MaxMind database $url = 'https://packages.pfsense.org/packages/config/pfblockerng/countrycodes.tar.bz2'; exec("/usr/bin/fetch -o /tmp/countrycodes.tar.bz2 {$url}"); // Uncompress archived Country code file exec("/usr/bin/tar -jx -C {$pfb['ccdir']} -f /tmp/countrycodes.tar.bz2"); - update_static_output(" done.\n"); + update_status(" done.\n"); } else { - update_static_output("Downloading MaxMind Country databases... done.\n"); + update_status("Downloading MaxMind Country databases... done.\n"); } } else { - update_static_output("\nMaxMind Country databases previously downloaded.\n"); + update_status("\nMaxMind Country databases previously downloaded.\n"); } -update_static_output("Converting MaxMind Country databases for pfBlockerNG.\n This may take a few minutes..."); +update_status("Converting MaxMind Country databases for pfBlockerNG.\n This may take a few minutes..."); pfblockerng_uc_countries(); -update_static_output(" done.\nCreating pfBlockerNG Continent XML files..."); +update_status(" done.\nCreating pfBlockerNG Continent XML files..."); pfblockerng_get_countries(); if ($pfb['keep'] == 'on' && isset($pfb['widgets']) && strpos($pfb['widgets'], 'pfblockerng-container') !== FALSE) { - update_static_output(" done.\nRestoring previous pfBlockerNG Widget settings..."); + update_status(" done.\nRestoring previous pfBlockerNG Widget settings..."); // Restore previous widget setting if 'keep' is enabled. $config['widgets']['sequence'] = $pfb['widgets']; write_config('pfBlockerNG: Save widget'); } else { - update_static_output(" done.\nAdding pfBlockerNG Widget to the Dashboard..."); + update_status(" done.\nAdding pfBlockerNG Widget to the Dashboard..."); $widgets = $config['widgets']['sequence']; if (strpos($widgets, 'pfblockerng-container') === FALSE) { if (empty($widgets)) { @@ -179,18 +158,18 @@ if ($pfb['keep'] == 'on' && isset($pfb['widgets']) && strpos($pfb['widgets'], 'p } } -update_static_output(" done.\nRemove any existing and create link for DNSBL lighttpd executable..."); +update_status(" done.\nRemove any existing and create link for DNSBL lighttpd executable..."); unlink_if_exists('/usr/local/sbin/lighttpd_pfb'); link('/usr/local/sbin/lighttpd', '/usr/local/sbin/lighttpd_pfb'); -update_static_output(" done.\nCreating DNSBL web server start-up script..."); +update_status(" done.\nCreating DNSBL web server start-up script..."); $rc = array(); $rc['file'] = 'dnsbl.sh'; $rc['start'] = << \ No newline at end of file +?> diff --git a/net/pfSense-pkg-pfBlockerNG/files/usr/local/pkg/pfblockerng/pfblockerng_top20.xml b/net/pfSense-pkg-pfBlockerNG/files/usr/local/pkg/pfblockerng/pfblockerng_top20.xml index 6200a6a959d2..543b7fd3ff25 100644 --- a/net/pfSense-pkg-pfBlockerNG/files/usr/local/pkg/pfblockerng/pfblockerng_top20.xml +++ b/net/pfSense-pkg-pfBlockerNG/files/usr/local/pkg/pfblockerng/pfblockerng_top20.xml @@ -167,7 +167,7 @@ countries4
Top 20
Spammer Countries

-
Use CTRL + CLICK to select/unselect countries
]]> +
Use CTRL + CLICK to select/unselect countries
]]>
IPv4 Countries]]> select @@ -232,7 +232,8 @@ List Action - Default: Disabled

+ Default: Disabled +
Select the Action for Firewall Rules on lists you have selected.

'Disabled' Rules: Disables selection and does nothing to selected Alias.

@@ -264,7 +265,7 @@
  • 'Alias Native' lists are kept in their Native format without any modifications.
    • Note:
      When manually creating 'Alias' type firewall rules; Do not add (pfB_) to the start of the rule description, use (pfb_) (Lowercase prefix). Manually created 'Alias' rules with 'pfB_' in the - description will be auto-removed by package when 'Auto' rules are defined.
    ]]> + description will be auto-removed by package when 'Auto' rules are defined.
    ]]>     action select @@ -282,6 +283,7 @@ +     @@ -302,7 +304,7 @@ info - Note: In general, Auto-Rules are created as follows:
    + Note:  In general, Auto-Rules are created as follows:
      Inbound  - 'any' port, 'any' protocol and 'any' destination
      Outbound - 'any' port, 'any' protocol and 'any' destination address in the lists
    Configuring the Adv. Inbound Rule settings, will allow for more customization of the Inbound Auto-Rules.
    @@ -353,9 +355,9 @@ Invert autonot - Invert - Option to invert the sense of the match.
    - ie - Not (!) Destination Address(es)]]> -     + Invert - Option to invert the sense of the match.
    + ie - Not (!) Destination Address(es)]]> +     checkbox @@ -394,4 +396,4 @@ sync_package_pfblockerng(); ]]> - \ No newline at end of file + diff --git a/net/pfSense-pkg-pfBlockerNG/files/usr/local/pkg/pfblockerng/pfblockerng_v4lists.xml b/net/pfSense-pkg-pfBlockerNG/files/usr/local/pkg/pfblockerng/pfblockerng_v4lists.xml index 24c8b2791566..c47ec560c16e 100644 --- a/net/pfSense-pkg-pfBlockerNG/files/usr/local/pkg/pfblockerng/pfblockerng_v4lists.xml +++ b/net/pfSense-pkg-pfBlockerNG/files/usr/local/pkg/pfblockerng/pfblockerng_v4lists.xml @@ -162,25 +162,25 @@     info - 'Format': Select the Format type.

    - 'State': Select the run state.

    + 'Format': Select the Format type.
    + 'State': Select the run state.
    'Source': -
    • 'Local File': http(s)://127.0.0.1/filename -  or  /var/db/pfblockerng/filename
    -
    • 'Country code': /usr/pbi/pfblockerng-amd64/share/GeoIP/cc/US_v4.txt -  (Change 'US' to required code)
    -
    • 'Whois': Domain name or AS (ie: facebook.com or AS13414) + Spamhaus Drop)
      • +
    • 'Local File': http(s)://127.0.0.1/filename +  or  /var/db/pfblockerng/filename
      • +
    • 'Country code': /usr/local/share/GeoIP/cc/US_v4.txt +  (Change 'US' to required code)
      • +
    • 'Whois': Domain name or AS (ie: facebook.com or AS13414)  (Click for ASN Lookup)
    'Header/Label': This field must be unique. This names the file and is referenced in the widget. -  (ie: Spamhaus_drop, Spamhaus_edrop)

    ]]> +  (ie: Spamhaus_drop, Spamhaus_edrop)]]>     - IPv4 Lists]]> + 'Format': Select the file format that URL will retrieve.
    • 'auto' - Default parser
    • 'regex' - 'Regex' style parsing (ie: html Lists)
      • @@ -237,7 +237,8 @@ List Action - Default: Disabled

      + Disabled +
      Select the Action for Firewall Rules on lists you have selected.

      'Disabled' Rules: Disables selection and does nothing to selected Alias.

      @@ -263,13 +264,13 @@ 'Alias' Rules:
      'Alias' rules create an alias for the list (and do nothing else). This enables a pfBlockerNG list to be used by name, in any firewall rule or pfSense function, as desired. -
      • Options - Alias Deny,  Alias Permit,  Alias Match,  Alias Native

        • -
      • 'Alias Deny' can use De-Duplication and Reputation Processes if configured.

        • -
      • 'Alias Permit' and 'Alias Match' will be saved in the Same folder as the other Permit/Match Auto-Rules

        • +
        • Options - Alias Deny,  Alias Permit,  Alias Match,  Alias Native
          • +
        • 'Alias Deny' can use De-Duplication and Reputation Processes if configured.
          • +
        • 'Alias Permit' and 'Alias Match' will be saved in the Same folder as the other Permit/Match Auto-Rules
        • 'Alias Native' lists are kept in their Native format without any modifications.
        Note:
          When manually creating 'Alias' type firewall rules; Do not add (pfB_) to the start of the rule description, use (pfb_) (Lowercase prefix). Manually created 'Alias' rules with 'pfB_' in the - description will be auto-removed by package when 'Auto' rules are defined.
        ]]> + description will be auto-removed by package when 'Auto' rules are defined.
      ]]>       action select @@ -358,7 +359,7 @@       info - Note:  In general, Auto-Rules are created as follows:
      + Note:  In general, Auto-Rules are created as follows:
        Inbound  - 'any' port, 'any' protocol and 'any' destination
        Outbound - 'any' port, 'any' protocol and 'any' destination address in the lists
      Configuring the Adv. Inbound Rule settings, will allow for more customization of the Inbound Auto-Rules.
      @@ -370,20 +371,17 @@ Enable Custom Port checkbox aliasports - begin       Define Alias aliasports - Click Here to add/edit Aliases - Do not manually enter port numbers.
      Do not use 'pfB_' in the Port Alias name.]]> -       21 aliases port - - + Click Here to add/edit Aliases + Do not manually enter port numbers.
      Do not use 'pfB_' in the Port Alias name.]]> +       end       @@ -409,9 +407,9 @@ Invert autonot - Invert - Option to invert the sense of the match.
      - ie - Not (!) Destination Address(es)]]> -       + Invert - Option to invert the sense of the match.
      + ie - Not (!) Destination Address(es)]]> +       checkbox @@ -438,37 +436,37 @@       info - Note:  Custom List can be used in ONE of two ways:
      + Note:  Custom List can be used in ONE of two ways:
        1. IPv4 addresses entered directly into the custom list, as per the required format.
        2. Domain names or AS numbers, which will be converted into their respective IPv4 addresses.
      ]]>       whois_convert - DO NOT mix IPs with Domains/ASs in this custom list.]]> - + Enable Domain/AS checkbox Custom Address(es) custom -
      - Format IPv4:

      - Network ranges: 172.16.1.0-172.16.1.255
      + + Format IPv4: +
        Network ranges: 172.16.1.0-172.16.1.255
        IP Address: 172.16.1.10
        CIDR: 172.16.1.0/24

        RFC 1918 addresses may be used in a custom list.
        You may use "#" after any IP/CIDR/Range to add comments. ie: x.x.x.x # Safe IP Address

        If you select the Domain/AS checkbox above, the custom list can only - be used for Domain names/AS's.

        - Format Domain/AS:

        - One 'Domain' or 'AS' per line.
        + be used for Domain names/AS's.
      + Format Domain/AS: +
        One 'Domain' or 'AS' per line.
        Domains and/or ASs can be used in the same list.

        Conversion of Domains/ASs utilize Team CYMRU and the RADb whois registry.
        - Configure the 'update frequency', so that it does not abuse these free services.]]> + Configure the 'update frequency', so that it does not abuse these free services.
      ]]>       textarea 50 @@ -506,4 +504,4 @@ sync_package_pfblockerng(); ]]> - \ No newline at end of file + diff --git a/net/pfSense-pkg-pfBlockerNG/files/usr/local/pkg/pfblockerng/pfblockerng_v6lists.xml b/net/pfSense-pkg-pfBlockerNG/files/usr/local/pkg/pfblockerng/pfblockerng_v6lists.xml index bc4c6bfa8ba7..d976dd626a17 100644 --- a/net/pfSense-pkg-pfBlockerNG/files/usr/local/pkg/pfblockerng/pfblockerng_v6lists.xml +++ b/net/pfSense-pkg-pfBlockerNG/files/usr/local/pkg/pfblockerng/pfblockerng_v6lists.xml @@ -161,23 +161,23 @@       info - 'Format': Select the Format type.

      - 'State': Select the run state.

      + 'Format': Select the Format type.
      + 'State': Select the run state.
      'Source': -
      • 'Local File': http(s)://127.0.0.1/filename -  or  /var/db/pfblockerng/filename
      -
      • 'Country code': /usr/pbi/pfblockerng-amd64/share/GeoIP/cc/US_v6.txt -  (Change 'US' to required code)
      -
      • 'Whois': Domain name or AS (ie: facebook.com or AS13414) +  (ie: Blocklist.de)
        • +
      • 'Local File': http(s)://127.0.0.1/filename +  or  /var/db/pfblockerng/filename
        • +
      • 'Country code': /usr/local/share/GeoIP/cc/US_v6.txt +  (Change 'US' to required code)
        • +
      • 'Whois': Domain name or AS (ie: facebook.com or AS13414)  (Click for ASN Lookup)
      'Header/Label': This field must be unique. This names the file and is referenced in the widget. -  (ie: Spamhaus_drop, Spamhaus_edrop)

      ]]> +  (ie: Spamhaus_drop, Spamhaus_edrop)]]>       - IPv6 Lists]]> + IPv6 'Format': Select the file format that URL will retrieve.
      • 'auto' - Default parser
      • 'regex' - 'Regex' style parsing (ie: html Lists)
        • @@ -231,7 +231,8 @@ List Action - Default: Disabled

        + Default: Disabled +
        Select the Action for Firewall Rules on lists you have selected.

        'Disabled' Rules: Disables selection and does nothing to selected Alias.

        @@ -257,13 +258,13 @@ 'Alias' Rules:
        'Alias' rules create an alias for the list (and do nothing else). This enables a pfBlockerNG list to be used by name, in any firewall rule or pfSense function, as desired. -
        • Options - Alias Deny,  Alias Permit,  Alias Match,  Alias Native

          • -
        • 'Alias Deny' can use De-Duplication and Reputation Processes if configured.

          • -
        • 'Alias Permit' and 'Alias Match' will be saved in the Same folder as the other Permit/Match Auto-Rules

          • +
          • Options - Alias Deny,  Alias Permit,  Alias Match,  Alias Native
            • +
          • 'Alias Deny' can use De-Duplication and Reputation Processes if configured.
            • +
          • 'Alias Permit' and 'Alias Match' will be saved in the Same folder as the other Permit/Match Auto-Rules
          • 'Alias Native' lists are kept in their Native format without any modifications.
          Note:
            When manually creating 'Alias' type firewall rules; Do not add (pfB_) to the start of the rule description, use (pfb_) (Lowercase prefix). Manually created 'Alias' rules with 'pfB_' in the - description will be auto-removed by package when 'Auto' rules are defined.
          ]]> + description will be auto-removed by package when 'Auto' rules are defined.
        ]]>         action select @@ -352,7 +353,7 @@         info - Note:  In general, Auto-Rules are created as follows:
        + Note:  In general, Auto-Rules are created as follows:
          Inbound  - 'any' port, 'any' protocol and 'any' destination
          Outbound - 'any' port, 'any' protocol and 'any' destination address in the lists
        Configuring the Adv. Inbound Rule settings, will allow for more customization of the Inbound Auto-Rules.
        @@ -403,9 +404,9 @@ Invert autonot - Invert - Option to invert the sense of the match.
        - ie - Not (!) Destination Address(es)]]> -         + Invert - Option to invert the sense of the match.
        + ie - Not (!) Destination Address(es)]]> +         checkbox @@ -432,26 +433,26 @@         info - Note:  Custom List can be used in ONE of two ways:
        + Note:  Custom List can be used in ONE of two ways:
          1. IPv6 addresses entered directly into the custom list, as per the required format.
          2. Domain names or AS numbers, which will be converted into their respective IPv6 addresses.
        ]]>         whois_convert - DO NOT mix IPs with Domains/ASs in this custom list.]]> - + Enable Domain/AS checkbox Custom Address(es) custom -
        - Format IPv6:

        + + Format IPv6: - Source of Regex and format descriptions: SpriteLink
        +
          Source of Regex and format descriptions: SpriteLink
          fe80:0000:0000:0000:0204:61ff:fe9d:f156 // full form of IPv6
          fe80:0:0:0:204:61ff:fe9d:f156 // drop leading zeroes
          fe80::204:61ff:fe9d:f156 // collapse multiple zeroes to :: in the IPv6 address
          @@ -469,13 +470,13 @@ Private IPv6 addresses may be used in a custom list.
          You may use "#" after any IP/CIDR/Range to add comments. ie: x::x:x:x:x # Safe IP Address

          If you select the Domain/AS checkbox above, the custom list can only - be used for Domain names/AS's.

          - Format Domain/AS:

          - One 'Domain' or 'AS' per line.
          + be used for Domain names/AS's.
        + Format Domain/AS: +
          One 'Domain' or 'AS' per line.
          Domains and/or ASs can be used in the same list.

          Conversion of Domains/ASs utilize Team CYMRU and the RADb whois registry.
          - Configure the 'update frequency', so that it does not abuse these free services.]]> + Configure the 'update frequency', so that it does not abuse these free services.
        ]]>         textarea 50 @@ -513,4 +514,4 @@ sync_package_pfblockerng(); ]]> - \ No newline at end of file + diff --git a/net/pfSense-pkg-pfBlockerNG/files/usr/local/share/pfSense-pkg-pfBlockerNG/info.xml b/net/pfSense-pkg-pfBlockerNG/files/usr/local/share/pfSense-pkg-pfBlockerNG/info.xml index 327873838b11..97047d25e9e9 100644 --- a/net/pfSense-pkg-pfBlockerNG/files/usr/local/share/pfSense-pkg-pfBlockerNG/info.xml +++ b/net/pfSense-pkg-pfBlockerNG/files/usr/local/share/pfSense-pkg-pfBlockerNG/info.xml @@ -10,20 +10,11 @@ Advanced Integration for Proofpoint ET IQRisk IP Reputation Threat Sources.<br /> Domain Name (DNSBL) blocking via Unbound DNS Resolver.]]> Security - https://forum.pfsense.org/index.php?topic=86212.0 - https://packages.pfsense.org/packages/config/pfblockerng/pfblockerng.xml - 2.0.1 + https://forum.pfsense.org/index.php?topic=102470.0 + 2.0.2 RELEASE - 2.2 + 2.3 BBCan177@gmail.com pfblockerng.xml - bin/geoiplookup:net/GeoIP bin/grepcidr:net-mgmt/grepcidr bin/aggregate:net-mgmt/aggregate bin/mwhois:net/whois - net - pfblockerng-1.6.6-##ARCH##.pbi - - net/GeoIP - net-mgmt/grepcidr net-mgmt/aggregate net/whois - pfblockerng - diff --git a/net/pfSense-pkg-pfBlockerNG/files/usr/local/www/pfblockerng/pfblockerng.php b/net/pfSense-pkg-pfBlockerNG/files/usr/local/www/pfblockerng/pfblockerng.php index d71fdff869e0..abf88c451e6b 100644 --- a/net/pfSense-pkg-pfBlockerNG/files/usr/local/www/pfblockerng/pfblockerng.php +++ b/net/pfSense-pkg-pfBlockerNG/files/usr/local/www/pfblockerng/pfblockerng.php @@ -108,7 +108,7 @@ } // Skip Alexa update, if disabled - if ($pfb['dnsbl_alexa'] == 'Disabled') { + if ($pfb['dnsbl_alexa'] != 'on') { unset($pfb['extras'][5]); } @@ -450,8 +450,8 @@ function pfblockerng_uc_countries() { pfb_logger("{$log}", 3); $cont_array = array(); - if (($handle = fopen("{$maxmind_cont}", 'r')) !== FALSE) { - while (($cc = fgetcsv($handle)) !== FALSE) { + if (($handle = @fopen("{$maxmind_cont}", 'r')) !== FALSE) { + while (($cc = @fgetcsv($handle)) !== FALSE) { $cc_key = $cc[0]; $cont_key = $cc[1]; @@ -496,7 +496,7 @@ function pfblockerng_uc_countries() { } } unset($cc); - fclose($handle); + @fclose($handle); // Add Maxmind Anonymous Proxy and Satellite Providers to array $cont_array[6]['continent'] = 'Proxy and Satellite'; @@ -522,8 +522,8 @@ function pfblockerng_uc_countries() { $iptype = "ip{$type}"; $filetype = "file{$type}"; - if (($handle = fopen("{$maxmind_cc}", 'r')) !== FALSE) { - while (($cc = fgetcsv($handle)) !== FALSE) { + if (($handle = @fopen("{$maxmind_cc}", 'r')) !== FALSE) { + while (($cc = @fgetcsv($handle)) !== FALSE) { $cc_key = $cc[4]; $country_key = $cc[5]; $a_cidr = implode(',', ip_range_to_subnet_array_temp($cc[0], $cc[1])); @@ -537,7 +537,7 @@ function pfblockerng_uc_countries() { } } unset($cc); - fclose($handle); + @fclose($handle); // Build Continent files foreach ($cont_array as $key => $iso) { @@ -846,7 +846,7 @@ function pfblockerng_get_countries() { countries4
        Countries

        -
        Use CTRL + CLICK to select/unselect countries
        ]]> +
        Use CTRL + CLICK to select/unselect countries
        ]]>         select @@ -897,7 +897,8 @@ function pfblockerng_get_countries() { $xml .= << List Action - Default: Disabled

        + Default: Disabled +
        Select the Action for Firewall Rules on lists you have selected.

        'Disabled' Rules: Disables selection and does nothing to selected Alias.

        @@ -929,7 +930,7 @@ interfaces. Typical uses of 'Deny' rules are:
      • 'Alias Native' lists are kept in their Native format without any modifications.
      Note:
        When manually creating 'Alias' type firewall rules; Do not add (pfB_) to the start of the rule description, use (pfb_) (Lowercase prefix). Manually created 'Alias' rules with 'pfB_' in the - description will be auto-removed by package when 'Auto' rules are defined.
      ]]> + description will be auto-removed by package when 'Auto' rules are defined.
    ]]>     action select @@ -969,7 +970,7 @@ interfaces. Typical uses of 'Deny' rules are:
     info - Note: In general, Auto-Rules are created as follows:
    + Note:  In general, Auto-Rules are created as follows:
      Inbound  - 'any' port, 'any' protocol and 'any' destination
      Outbound - 'any' port, 'any' protocol and 'any' destination address in the lists
    Configuring the Adv. Inbound Rule settings, will allow for more customization of the Inbound Auto-Rules.
    @@ -1020,9 +1021,9 @@ interfaces. Typical uses of 'Deny' rules are:
    Invert autonot - Invert - Option to invert the sense of the match.
    - ie - Not (!) Destination Address(es)]]> -     + Invert - Option to invert the sense of the match.
    + ie - Not (!) Destination Address(es)]]> +     checkbox @@ -1362,7 +1363,7 @@ interfaces. Typical uses of 'Deny' rules are:
    ccexclude Exclude from the Reputation Process.
    - Use CTRL + CLICK to select/unselect countries]]> + Use CTRL + CLICK to select/unselect countries]]>     select @@ -1405,7 +1406,7 @@ interfaces. Typical uses of 'Deny' rules are:
    etblock - Use CTRL + CLICK to select/unselect Categories + Use CTRL + CLICK to select/unselect Categories

    Any Changes will take effect at the Next Scheduled CRON Task]]>     select @@ -1454,7 +1455,7 @@ interfaces. Typical uses of 'Deny' rules are:
    etmatch - Use CTRL + CLICK to select/unselect Categories + Use CTRL + CLICK to select/unselect Categories

    Any Changes will take effect at the Next Scheduled CRON Task]]>     select @@ -1547,4 +1548,4 @@ interfaces. Typical uses of 'Deny' rules are:
    // Unset arrays unset ($roptions4, $et_options, $xmlrep); } -?> \ No newline at end of file +?> diff --git a/net/pfSense-pkg-pfBlockerNG/files/usr/local/www/pfblockerng/pfblockerng_alerts.php b/net/pfSense-pkg-pfBlockerNG/files/usr/local/www/pfblockerng/pfblockerng_alerts.php index 79cd0d62d1be..531febc64adc 100644 --- a/net/pfSense-pkg-pfBlockerNG/files/usr/local/www/pfblockerng/pfblockerng_alerts.php +++ b/net/pfSense-pkg-pfBlockerNG/files/usr/local/www/pfblockerng/pfblockerng_alerts.php @@ -47,8 +47,8 @@ pfb_global(); // Application paths -$pathgeoip = "{$pfb['prefix']}/bin/geoiplookup"; -$pathgeoip6 = "{$pfb['prefix']}/bin/geoiplookup6"; +$pathgeoip = '/usr/local/bin/geoiplookup'; +$pathgeoip6 = '/usr/local/bin/geoiplookup6'; // Define file locations $filter_logfile = "{$g['varlog_path']}/filter.log"; @@ -74,8 +74,11 @@ } // Alerts tab customizations -$aglobal_array = array('pfbdenycnt' => 25, 'pfbpermitcnt' => 5, 'pfbmatchcnt' => 5, 'pfbdnscnt' => 5, 'alertrefresh' => 'on', 'hostlookup' => 'on'); +$aglobal_array = array('pfbdenycnt' => 25, 'pfbpermitcnt' => 5, 'pfbmatchcnt' => 5, 'pfbdnscnt' => 5); $pfb['aglobal'] = &$config['installedpackages']['pfblockerngglobal']; + +$alertrefresh = $pfb['aglobal']['alertrefresh'] != '' ? $pfb['aglobal']['alertrefresh'] : 'on'; +$hostlookup = $pfb['aglobal']['hostlookup'] != '' ? $pfb['aglobal']['hostlookup'] : 'on'; foreach ($aglobal_array as $type => $value) { ${"$type"} = $pfb['aglobal'][$type] != '' ? $pfb['aglobal'][$type] : $value; } @@ -84,8 +87,6 @@ if (isset($_POST['save'])) { $pfb['aglobal']['alertrefresh'] = htmlspecialchars($_POST['alertrefresh']) ?: 'off'; $pfb['aglobal']['hostlookup'] = htmlspecialchars($_POST['hostlookup']) ?: 'off'; - unset($aglobal_array['alertrefresh'], $aglobal_array['hostlookup']); - foreach ($aglobal_array as $type => $value) { if (ctype_digit(htmlspecialchars($_POST[$type]))) { $pfb['aglobal'][$type] = htmlspecialchars($_POST[$type]); @@ -133,13 +134,13 @@ } } -if (isset($_POST['filterlogentries_clear'])) { +if ($_POST['filterlogentries_clear']) { $pfb['filterlogentries'] = FALSE; $filterfieldsarray = array(); } // Add IP to the suppression alias -if (isset($_POST['addsuppress'])) { +if ($_POST['addsuppress']) { if (isset($_POST['ip'])) { $ip = htmlspecialchars($_POST['ip']); $table = htmlspecialchars($_POST['table']); @@ -247,7 +248,7 @@ } // Add domain to the suppression list -if (isset($_POST['addsuppressdom'])) { +if ($_POST['addsuppressdom']) { $domain = htmlspecialchars($_POST['domain']); $domainparse = str_replace('.', '\.', $domain); $pfb['dsupp'] = &$config['installedpackages']['pfblockerngdnsblsettings']['config'][0]['suppression']; @@ -641,203 +642,233 @@ function conv_log_filter_lite($logfile, $nentries, $tail, $pfbdenycnt, $pfbpermi return $fields_array; } } - - -$pgtitle = gettext('pfBlockerNG: Alerts'); +$pgtitle = array(gettext("pfBlockerNG"), gettext("Alerts")); include_once('head.inc'); -?> - -
    - - - - - -\n"; + print ("\n"); } else { - echo "\n"; + print ("\n"); } } + if ($savemsg) { print_info_box($savemsg); } -$skipcount = $counter = $resolvecounter = 0; ?> - +
    - - - -
    - + +
    - - - - - - - - - - - - "> - - - - "> - - - - - "{$pfb['denydir']}/* {$pfb['nativedir']}/*", +
      -   -   -
    - - ', ''); ?> - - - ', ''); ?> - - - ', ''); ?> - - ', ''); ?> - - />  - - />  -
    - -   - ', '');?> -
    - " - onclick="enable_showFilter();" /> -   -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -     		-
    -
    -     		-
    -
    -     		-
    -
    -
    -
    -
    -     		-
    -
    -     		-
    -
    -     		-
    -
    -     		-   -
    -
    -
    -     		-   -
    -   -
    -
    ', '');?>  - -

    -
    -
    " title="" /> -  " title="" /> -  " onclick="enable_hideFilter();" - title="" />
    -
    -
    +addInput(new Form_StaticText( + NULL, + '' + . 'Firewall Alias ' + . 'Firewall Rules ' + . 'Firewall Logs' +)); +$form->add($section); + +$section = new Form_Section('Alert Settings', 'alertsettings', COLLAPSIBLE|SEC_CLOSED); +$form->add($section); + +// Build 'Alert Settings' group section +$group = new Form_Group('Alert Settings'); +$group->add(new Form_Input( + 'pfbdenycnt', + 'Deny', + 'number', + $pfbdenycnt, + [min => 0, max => 1000] +))->setHelp('Deny')->setAttribute('title', 'Enter number of \'Deny\' log entries to view. Set to \'0\' to disable'); + +$group->add(new Form_Input( + 'pfbdnscnt', + 'DNSBL', + 'number', + $pfbdnscnt, + [min => 0, max => 1000] +))->setHelp('DNSBL')->setAttribute('title', 'Enter number of \'DNSBL\' log entries to view. Set to \'0\' to disable'); + +$group->add(new Form_Input( + 'pfbpermitcnt', + 'Permit', + 'number', + $pfbpermitcnt, + [min => 0, max => 1000] +))->setHelp('Permit')->setAttribute('title', 'Enter number of \'Permit\' log entries to view. Set to \'0\' to disable'); + +$group->add(new Form_Input( + 'pfbmatchcnt', + 'Match', + 'number', + $pfbmatchcnt, + [min => 0, max => 1000] +))->setHelp('Match')->setAttribute('title', 'Enter number of \'Match\' log entries to view. Set to \'0\' to disable'); + +$group->add(new Form_Checkbox( + 'alertrefresh', + 'Auto-Refresh', + 'on', + $alertrefresh == 'on' ? true:false, + 'on' +))->setHelp('Auto-Refresh')->setAttribute('title', 'Select to \'Auto-Refresh\' page every 60 seconds.'); + +$group->add(new Form_Checkbox( + 'hostlookup', + 'Auto-Resolve', + 'on', + $hostlookup == 'on' ? true:false, + 'on' +))->setHelp('Auto-Resolve')->setAttribute('title', 'Select to \'Auto-Resolve\' Hosts.'); + +$group->add(new Form_Button( + 'save', + 'Save' +))->removeClass('btn-primary')->addClass('btn-primary btn-xs')->setAttribute('title', 'Save Alert settings'); +$section->add($group); + +// Build 'Alert Filter' group section +$filterstatus = SEC_CLOSED; +if ($pfb['filterlogentries']) { + $filterstatus = SEC_OPEN; +} +$section = new Form_Section('Alert filter', 'alertfilter', COLLAPSIBLE|$filterstatus); +$form->add($section); + +$group = new Form_Group(NULL); +$group->add(new Form_Input( + 'filterlogentries_date', + 'Date', + 'text', + $filterfieldsarray[99] +))->setAttribute('title', 'Enter filter \'Date\'.'); + +$group->add(new Form_Input( + 'filterlogentries_srcip', + 'Source IP Address', + 'text', + $filterfieldsarray[7] +))->setAttribute('title', 'Enter filter \'Source IP Address\'.'); + +$group->add(new Form_Input( + 'filterlogentries_srcport', + 'Source Port', + 'number', + $filterfieldsarray[9] +))->setAttribute('title', 'Enter filter \'Source Port\'.'); + +$group->add(new Form_Input( + 'filterlogentries_int', + 'Interface', + 'text', + $filterfieldsarray[2] +))->setAttribute('title', 'Enter filter \'Interface\'.'); +$section->add($group); + +$group = new Form_Group(NULL); +$group->add(new Form_Input( + 'filterlogentries_rule', + 'Rule Number Only', + 'text', + $filterfieldsarray[0] +))->setAttribute('title', 'Enter filter \'Rule Number\' only.'); + +$group->add(new Form_Input( + 'filterlogentries_dstip', + 'Dest. IP/Domain Name', + 'text', + $filterfieldsarray[8] +))->setAttribute('title', 'Enter filter \'Destination IP Address/Domain Name\'.'); + +$group->add(new Form_Input( + 'filterlogentries_dstport', + 'Destination Port', + 'number', + $filterfieldsarray[10] +))->setAttribute('title', 'Enter filter \'Destination Port\'.'); + +$group->add(new Form_Input( + 'filterlogentries_proto', + 'Protocol', + 'number', + $filterfieldsarray[6] +))->setAttribute('title', 'Enter filter \'Protocol\'.'); +$section->add($group); + +if ($pfb['dnsbl'] == 'on') { + $section->addInput(new Form_Input( + 'filterlogentries_dnsbl', + '', + 'text', + $filterfieldsarray[90], + ['placeholder' => 'DNSBL URL'] + ))->setAttribute('title', 'Enter filter \'DNSBL URL\'.'); +} + +$group = new Form_Group(NULL); +$group->add(new Form_StaticText( + NULL, + '
    ' + . '
    Regex Style Matching Only! Regular Expression Help link. ' + . 'Precede with exclamation (!) as first character to exclude match.)
    ' + . '
    Example: ( ^80$ - Match Port 80, ^80$|^8080$ - Match both port 80 & 8080 )
    ' + . '
    ' +)); +$section->add($group); + +$group = new Form_Group(NULL); +$group->add(new Form_Button( + 'filterlogentries_submit', + 'Apply Filter' +))->removeClass('btn-primary')->addClass('btn-primary btn-xs'); + +$group->add(new Form_Button( + 'filterlogentries_clear', + 'Clear Filter' +))->removeClass('btn-primary')->addClass('btn-primary btn-xs'); +$section->add($group); + +$form->addGlobal(new Form_Input('domain', 'domain', 'hidden', '')); +$form->addGlobal(new Form_Input('table', 'table', 'hidden', '')); +$form->addGlobal(new Form_Input('descr', 'descr', 'hidden', '')); +$form->addGlobal(new Form_Input('cidr', 'cidr', 'hidden', '')); +$form->addGlobal(new Form_Input('ip', 'ip', 'hidden', '')); +$form->addGlobal(new Form_Input('addsuppress', 'addsuppress', 'hidden', '')); +$form->addGlobal(new Form_Input('addsuppressdom', 'addsuppressdom', 'hidden', '')); +print($form); + +$skipcount = $counter = $resolvecounter = 0; +// Create three output windows 'Deny', 'DNSBL', 'Permit' and 'Match'--> +foreach (array ( 'Deny' => "{$pfb['denydir']}/* {$pfb['nativedir']}/*", 'DNSBL' => "{$pfb['dnsdir']}", 'Permit' => "{$pfb['permitdir']}/* {$pfb['nativedir']}/*", 'Match' => "{$pfb['matchdir']}/* {$pfb['nativedir']}/*" ) as $type => $pfbfolder ): @@ -864,49 +895,35 @@ class="formbtns" value="" onclick="enable_hideFilter();" $skipcount++; continue; } - - // Print alternating line shading - $alertRowEvenClass = "style='background-color: #D8D8D8;'"; - $alertRowOddClass = "style='background-color: #E8E8E8;'"; ?> - - - - - -
    - -
    - +
    +
    +
    +
    +
    +
    +
    - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + " onclick="enable_hideFilter();" $pdomain = "{$line[2]}{$line[3]}"; } } - fclose($handle); + @fclose($handle); if (!empty($final)) { $dns_array = array_slice(array_reverse($final), 0, $pfbentries); @@ -966,8 +983,7 @@ class="formbtns" value="" onclick="enable_hideFilter();" // Add 'https' icon to Domains as required. $pfb_https = ''; if (strpos($aline[4], 'https://') !== FALSE || strpos($aline[4], 'Not available for HTTPS alerts') !== FALSE) { - $pfb_https = ""; + $pfb_https = ' '; } // If alerts filtering is selected, process filters as required. @@ -993,23 +1009,17 @@ class="formbtns" value="" onclick="enable_hideFilter();" $pfb_alias = substr($pfb_alias, 0, 24) . '...'; } - // Print alternating line shading - $alertRowClass = $counter % 2 ? $alertRowEvenClass : $alertRowOddClass; - - $alert_dom = " "; + $alert_dom = ''; // Collect existing suppression list $dnssupp_ex = collectsuppression(); if (!in_array($pfbalertdnsbl[8], $dnssupp_ex)) { - $supp_dom = " "; + $supp_dom = ''; } else { - $supp_dom = " "; + $supp_dom = ' '; } // Truncate long URLs @@ -1019,14 +1029,15 @@ class="formbtns" value="" onclick="enable_hideFilter();" $pfbalertdnsbl[90] = substr(str_replace(array('?', '-'), '', $pfbalertdnsbl[90]), 0, 69) . '...'; } - echo " - - - - - "; + print (" + + + + + + "); $counter++; } } @@ -1034,31 +1045,21 @@ class="formbtns" value="" onclick="enable_hideFilter();" if ($type != 'DNSBL') { ?> - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + " onclick="enable_hideFilter();" $rule = "{$rule_list[$rulenum]['name']}
    ({$rulenum})"; $host = $fields[7]; - $alert_ip = " "; + $alert_ip = ''; if ($pfb_query != 'Country' && $rtype == 'block' && $pfb['supp'] == 'on') { - $supp_ip = ""; + $supp_ip = ''; } if ($rtype == 'block' && $hostlookup == 'on') { @@ -1111,9 +1110,9 @@ class="formbtns" value="" onclick="enable_hideFilter();" } else { $hostname = ''; } - - $src_icons_1 = "{$alert_ip} {$supp_ip} "; - $src_icons_2 = "{$alert_ip} "; + + $src_icons_1 = "{$alert_ip} {$supp_ip}"; + $src_icons_2 = "{$alert_ip}"; $dst_icons_1 = ''; $dst_icons_2 = ''; @@ -1122,14 +1121,12 @@ class="formbtns" value="" onclick="enable_hideFilter();" $rule = "{$rule_list[$rulenum]['name']}
    ({$rulenum})"; $host = $fields[8]; - $alert_ip = " "; + $alert_ip = ''; if ($pfb_query != 'Country' && $rtype == 'block' && $pfb['supp'] == 'on') { - $supp_ip = ""; + $supp_ip = ''; } if ($rtype == 'block' && $hostlookup == 'on') { @@ -1141,7 +1138,7 @@ class="formbtns" value="" onclick="enable_hideFilter();" $src_icons_1 = ''; $src_icons_2 = ''; $dst_icons_1 = "{$alert_ip} {$supp_ip} "; - $dst_icons_2 = "{$alert_ip} "; + $dst_icons_2 = "{$alert_ip}"; } // Determine Country code of host @@ -1204,20 +1201,17 @@ class="formbtns" value="" onclick="enable_hideFilter();" $pfb_match[1] = substr($pfb_match[1], 0, 16) . '...'; } - // Print alternating line shading - $alertRowClass = $counter % 2 ? $alertRowEvenClass : $alertRowOddClass; - echo " - - - - - - - - "; + print (" + + + + + + + + + + "); $counter++; if ($rtype == 'block') { $resolvecounter = $counter; @@ -1225,90 +1219,91 @@ class="formbtns" value="" onclick="enable_hideFilter();" } } } -?> - - - - Found {$counter} Alert Entries {$msg}"); + print (""); $counter = 0; $msg = ''; - ?> - -
    {$pfbalertdnsbl[99]}{$pfbalertdnsbl[1]}{$pfbalertdnsbl[7]} - {$alert_dom} {$supp_dom}{$pfbalertdnsbl[8]} {$pfb_https}
       {$pfbalertdnsbl[90]}    		 - {$pfb_query}
    {$pfb_alias}
    {$pfbalertdnsbl[99]}{$pfbalertdnsbl[1]}{$pfbalertdnsbl[7]}{$alert_dom} {$supp_dom}{$pfbalertdnsbl[8]} {$pfb_https} +
      {$pfbalertdnsbl[90]}    		{$pfb_query} +
    {$pfb_alias}
    {$fields[99]}{$fields[2]}{$rule}{$fields[6]}{$src_icons}{$fields[97]}{$srcport}
    - {$hostname['src']}    		{$dst_icons}{$fields[98]}{$dstport}
    - {$hostname['dst']}    		{$country} - {$pfb_match[1]}
    {$pfb_match[2]}
    {$fields[99]}{$fields[2]}{$rule}{$fields[6]}{$src_icons}{$fields[97]}{$srcport}
    {$hostname['src']}    		{$dst_icons}{$fields[98]}{$dstport}
    {$hostname['dst']}    		{$country}{$pfb_match[1]}
    {$pfb_match[2]}
    Found {$counter} Alert Entries {$msg}
    -
    - - -
    - +?> + + + + + + - -
    - - \ No newline at end of file diff --git a/net/pfSense-pkg-pfBlockerNG/files/usr/local/www/pfblockerng/pfblockerng_log.php b/net/pfSense-pkg-pfBlockerNG/files/usr/local/www/pfblockerng/pfblockerng_log.php index 9d8230383275..a97a71d086bb 100644 --- a/net/pfSense-pkg-pfBlockerNG/files/usr/local/www/pfblockerng/pfblockerng_log.php +++ b/net/pfSense-pkg-pfBlockerNG/files/usr/local/www/pfblockerng/pfblockerng_log.php @@ -21,7 +21,7 @@ Copyright (c) 2015 Bill Meeks All rights reserved. - Javascript and Integration modifications by J. Nieuwenhuizen + Javascript and Integration modifications by J. Nieuwenhuizen and J. Van Breedam Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: @@ -77,10 +77,7 @@ function getlogs($logdir, $log_extentions = array('log')) { } } - // Sort the filename asort($log_filenames); - - // Done return $log_filenames; } @@ -88,7 +85,8 @@ function getlogs($logdir, $log_extentions = array('log')) { name => Displayname of the type ext => Log extentions (array for multiple extentions) logdir => Log directory - clear => Add clear button (TRUE/FALSE) */ + clear => Add clear button (TRUE/FALSE) + download=> Add download button (TRUE/FALSE) */ $pfb_logtypes = array( 'defaultlogs' => array('name' => 'Log Files', 'logdir' => "{$pfb['logdir']}/", @@ -174,271 +172,288 @@ function getlogs($logdir, $log_extentions = array('log')) { ) ); -// Check logtypes -$logtypeid = 'defaultlogs'; -if (isset($_POST['logtype'])) { - $logtypeid = htmlspecialchars($_POST['logtype']); -} elseif (isset($_GET['logtype'])) { - $logtypeid = htmlspecialchars($_GET['logtype']); +$pconfig = array(); +if ($_POST) { + $pconfig = $_POST; } -// Check if POST has been set -if (isset($_POST['file'])) { +// Send logfile to screen +if ($_REQUEST['ajax']) { clearstatcache(); - $pfb_logfilename = htmlspecialchars($_POST['file']); - $pfb_ext = pathinfo($pfb_logfilename, PATHINFO_EXTENSION); + $pfb_logfilename = htmlspecialchars($_REQUEST['file']); // Load log - if ($_POST['action'] == 'load') { - if (!is_file($pfb_logfilename)) { - echo "|3|" . gettext('Log file is empty or does not exist') . ".|"; + if ($_REQUEST['action'] == 'load') { + if (!$pfb_logfilename) { + print ("|3|" . gettext('Log file is empty or does not exist') . ".|"); } else { - $data = file_get_contents($pfb_logfilename); + $data = @file_get_contents($pfb_logfilename); if ($data === false) { - echo "|1|" . gettext('Failed to read log file') . ".|"; + print ("|1|" . gettext('Failed to read log file') . ".|"); } else { $data = base64_encode($data); - echo "|0|" . $pfb_logfilename . "|" . $data . "|"; + print ("|0|" . $pfb_logfilename . "|" . $data . "|"); } } exit; } } -if (isset($_POST['logFile'])) { - $s_logfile = htmlspecialchars($_POST['logFile']); +// Download/Clear logfile +if ($pconfig['logFile'] && ($pconfig['download'] || $pconfig['clear'])) { + $s_logfile = $pconfig['logFile']; // Clear selected file - if (isset($_POST['clear'])) { + if ($pconfig['clear']) { unlink_if_exists($s_logfile); } // Download log - if (isset($_POST['download'])) { + if ($pconfig['download']) { if (file_exists($s_logfile)) { - ob_start(); //important or other posts will fail + session_cache_limiter('public'); + $fd = @fopen($s_logfile, "rb"); + header("Content-Type: application/octet-stream"); + header("Content-Length: " . filesize($s_logfile)); + header("Content-Disposition: attachment; filename=\"" . + trim(htmlentities(basename($s_logfile))) . "\""); if (isset($_SERVER['HTTPS'])) { header('Pragma: '); header('Cache-Control: '); } else { - header('Pragma: private'); - header('Cache-Control: private, must-revalidate'); + header("Pragma: private"); + header("Cache-Control: private, must-revalidate"); } - header('Content-Type: application/octet-stream'); - header('Content-length: ' . filesize($s_logfile)); - header('Content-disposition: attachment; filename = ' . basename($s_logfile)); - ob_end_clean(); //important or other post will fail - readfile($s_logfile); + @fpassthru($fd); + @fclose($fd); } } } else { $s_logfile = ''; } -$pgtitle = gettext('pfBlockerNG: Log Browser'); +$pgtitle = array(gettext('pfBlockerNG'), gettext('Log Browser')); include_once('head.inc'); -?> - - - + + + + +
    + +
    + - +} -"); -if ($savemsg) { - print_info_box($savemsg); +$section->addInput(new Form_Select( + 'logFile', + 'Log/File selection:', + $pconfig['logFile'], + $options +))->setHelp('Choose which log/file you want to view.'); +$form->add($section); + + +// Add appropriate buttons for logfile +$logbtns = '  '; +if ($downloadable) { + $logbtns .= ' '; +} +if ($clearable) { + $logbtns .= ' '; } -?> - - - - - - - -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - - - - - - -
      -   -   -
    - -
    - -
    - - - - - - - -
    - - - - -
    -
    - - - - - - -
    -
    - -
    -
    -
    -
    -
    - +$section = new Form_Section('Log/File Contents'); +$section->addInput(new Form_StaticText( + NULL, + '' + . '' +)); +$form->add($section); + + +$section = new Form_Section('Log'); +$section->addInput(new Form_Textarea( + 'fileContent', + NULL, + '' +))->removeClass('form-control')->addClass('row-fluid col-sm-12')->setAttribute('rows', '30')->setAttribute('wrap', 'off') + ->setAttribute('style', 'background:#fafafa;'); +$form->add($section); + +$form->addGlobal(new Form_Input('download', 'download', 'hidden', '')); +$form->addGlobal(new Form_Input('clear', 'clear', 'hidden', '')); + +$form->addGlobal(new Form_Input('action', 'action', 'hidden', '')); +$form->addGlobal(new Form_Input('load', 'load', 'hidden', '')); +$form->addGlobal(new Form_Input('file', 'file', 'hidden', '')); + +$form->addGlobal(new Form_Input('fileStatus', 'fileStatus', 'hidden', '')); +$form->addGlobal(new Form_Input('fileStatusBox', 'fileStatusBox', 'hidden', '')); +$form->addGlobal(new Form_Input('filePathBox', 'filePathBox', 'hidden', '')); +$form->addGlobal(new Form_Input('fbTarget', 'fbTarget', 'hidden', '')); +$form->addGlobal(new Form_Input('fileRefreshBtn', 'fileRefreshBtn', 'hidden', '')); + +print($form); +?> - - - - - - \ No newline at end of file + diff --git a/net/pfSense-pkg-pfBlockerNG/files/usr/local/www/pfblockerng/pfblockerng_threats.php b/net/pfSense-pkg-pfBlockerNG/files/usr/local/www/pfblockerng/pfblockerng_threats.php index d02d100f72e6..46bc899ad687 100644 --- a/net/pfSense-pkg-pfBlockerNG/files/usr/local/www/pfblockerng/pfblockerng_threats.php +++ b/net/pfSense-pkg-pfBlockerNG/files/usr/local/www/pfblockerng/pfblockerng_threats.php @@ -36,107 +36,167 @@ if (isset($_REQUEST['host'])) { $host = htmlspecialchars($_REQUEST['host']); } - if (isset($_REQUEST['domain'])) { $domain = htmlspecialchars($_REQUEST['domain']); } include('head.inc'); -include('fbegin.inc'); ?> - - -
    - - - - - - - - - - - - - - - - - - - - -
    -

    -
    -

    - - - - -
    - -
    - -
    - -
    - -
    - -
    - -
    - -
    - -
    - -
    - -
    - -
    - -
    - -
    - -
    -

    - -

    - -
    - -
    - -
    - -
    - -
    - - - - -
    - -
    - -
    - -
    - - - -

    +
    +
    +

    +
    +
    +


    NOTE: The following links are to external services, so their reliability cannot be guaranteed + It is also recommended to open these links in a different Browser

    +
    +
    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    Threat Lookups +
    +
    +
    +
    +
    +
    +
    +
    +
    +
    +
    +
    +
    +
    +
    Mail Server Lookups +
    +
    +
    +
    +
    Domain Lookups +
    +
    +
    +
    +
    - - +
    - - - \ No newline at end of file + diff --git a/net/pfSense-pkg-pfBlockerNG/files/usr/local/www/pfblockerng/pfblockerng_update.php b/net/pfSense-pkg-pfBlockerNG/files/usr/local/www/pfblockerng/pfblockerng_update.php index fe04ada9751b..dce926f5bfc5 100644 --- a/net/pfSense-pkg-pfBlockerNG/files/usr/local/www/pfblockerng/pfblockerng_update.php +++ b/net/pfSense-pkg-pfBlockerNG/files/usr/local/www/pfblockerng/pfblockerng_update.php @@ -52,24 +52,25 @@ // Collect pfBlockerNG log file and post live output to terminal window. function pfbupdate_output($text) { $text = str_replace("\n", "\\n", $text); - echo "\n"; + print ("\n"); /* ensure that contents are written out */ ob_flush(); } + // Post status message to terminal window. function pfbupdate_status($status) { $status = str_replace("\n", "\\n", $status); - echo "\n"; + print ("\n"); /* ensure that contents are written out */ ob_flush(); } @@ -83,6 +84,7 @@ function pfb_cron_update($type) { exec('/bin/ps -wx', $result_cron); if (preg_grep("/pfblockerng[.]php\s+?(cron|update)/", $result_cron)) { pfbupdate_status(gettext("Force {$type} Terminated - Failed due to Active Running Task. Click 'View' for running process")); + header('Location: pfblockerng_update.php'); exit; } @@ -94,10 +96,8 @@ function pfb_cron_update($type) { if ($type == 'update') { pfbupdate_status(gettext('Running Force Update Task')); } elseif ($type == 'reload') { - $reload_type = htmlspecialchars($_POST['rmode']); - pfbupdate_status(gettext("Running Force Reload Task - {$reload_type}")); - - switch ($reload_type) { + pfbupdate_status(gettext("Running Force Reload Task - {$pfb['rmode']}")); + switch ($pfb['rmode']) { case 'IP': $type = 'updateip'; break; @@ -118,258 +118,384 @@ function pfb_cron_update($type) { install_cron_job('pfblockerng.php cron', false); // Execute PHP process in the background - mwexec_bg("/usr/local/bin/php-cgi /usr/local/www/pfblockerng/pfblockerng.php {$type} >> {$pfb['log']} 2>&1"); + mwexec_bg("/usr/local/bin/php /usr/local/www/pfblockerng/pfblockerng.php {$type} >> {$pfb['log']} 2>&1"); // Execute Live Tail function pfb_livetail($pfb['log'], 'force'); } - -$pgtitle = gettext('pfBlockerNG: Update'); +$pgtitle = array(gettext('pfBlockerNG'), gettext('Update')); include_once('head.inc'); -include_once('fbegin.inc'); -?> - -
    - - - - -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
      -   -   -
    -
    - $line) { - if ($key == 0) { - $cron_hour_begin = $line; - } - if (($line * 3600) + ($pfb['min'] * 60) > $currentdaysec) { - $cron_hour_next = $line; - break; - } - } - } - // Roll over to the first cron hour setting - if (empty($cron_hour_next)) { - $cron_hour_next = $cron_hour_begin; - } - } - - $cron_seconds_next = ($cron_hour_next * 3600) + ($pfb['min'] * 60); - if ($currentdaysec < $cron_seconds_next) { - // The next cron job is ahead of us in the day - $sec_remain = $cron_seconds_next - $currentdaysec; - } else { - // The next cron job is tomorrow - $sec_remain = (24*60*60) + $cron_seconds_next - $currentdaysec; - } - - // Ensure hour:min:sec variables are two digit - $pfb['min'] = str_pad($pfb['min'], 2, '0', STR_PAD_LEFT); - $sec_final = str_pad(($sec_remain % 60), 2, '0', STR_PAD_LEFT); - $min_remain = str_pad(floor($sec_remain / 60), 2, '0', STR_PAD_LEFT); - $min_final = str_pad(($min_remain % 60), 2, '0', STR_PAD_LEFT); - $hour_final = str_pad(floor($min_remain / 60), 2, '0', STR_PAD_LEFT); - $cron_hour_next = str_pad($cron_hour_next, 2, '0', STR_PAD_LEFT); - - $cronreal = "{$cron_hour_next}:{$pfb['min']}"; - $nextcron = "{$hour_final}:{$min_final}:{$sec_final}"; - } - - if (empty($pfb['enable']) || empty($cron_hour_next)) { - $cronreal = ' [ Disabled ]'; - $nextcron = '--'; - } - - echo "NEXT Scheduled CRON Event will run at  {$cronreal}  with -  {$nextcron}  time remaining."; - - // Query for any active pfBlockerNG CRON jobs - exec('/bin/ps -wax', $result_cron); - if (preg_grep("/pfblockerng[.]php\s+?(cron|update)/", $result_cron)) { - echo "   - Active pfBlockerNG CRON Job  "; - echo ""; - } - echo "
    Refresh to update current Status and time remaining"; - ?> -
    "); ?>
    - - " . gettext("** AVOID ** ") . " " . "" . - gettext("Running these Options - when CRON is expected to RUN!") . gettext("

    ") . - "" . gettext("Force Update") . "" . gettext(" will download any new Alias/Lists.") . - gettext("
    ") . "" . gettext("Force Cron") . "" . - gettext(" will download any Alias/Lists that are within the Frequency Setting (due for Update).") . gettext("
    ") . - "" . gettext("Force Reload") . "" . - gettext(" will reload all Lists using the existing Downloaded files.") . - gettext(" This is useful when Lists are out of 'sync' or Reputation changes were made.") ;?>
    -
    - - " /> - " /> - " />  - /> - - -
    "); ?>
    - - "/> - "/> - " . gettext(' pfBlockerNG ') . "" . - gettext(" Log.   (Select 'End View' to terminate the viewer.)"); ?>

    -
    - - -
    - - -
    -
    +$pconfig = array(); +if ($_POST) { + $pconfig = $_POST; +} +if ($input_errors) { + print_input_errors($input_errors); +} +if ($savemsg) { + print_info_box($savemsg, 'success'); +} + +?> + + + + +
    + +
    $line) { + if ($key == 0) { + $cron_hour_begin = $line; + } + if (($line * 3600) + ($pfb['min'] * 60) > $currentdaysec) { + $cron_hour_next = $line; + break; + } + } + } + // Roll over to the first cron hour setting + if (empty($cron_hour_next)) { + $cron_hour_next = $cron_hour_begin; + } + } + + $cron_seconds_next = ($cron_hour_next * 3600) + ($pfb['min'] * 60); + if ($currentdaysec < $cron_seconds_next) { + // The next cron job is ahead of us in the day + $sec_remain = $cron_seconds_next - $currentdaysec; + } else { + // The next cron job is tomorrow + $sec_remain = (24*60*60) + $cron_seconds_next - $currentdaysec; + } -// Execute the viewer output window -if (isset($_POST['pfbview'])) { - pfbupdate_status(gettext("Log Viewing in progress. ** Press 'END VIEW' to Exit ** ")); - pfb_livetail($pfb['log'], 'view'); + // Ensure hour:min:sec variables are two digit + $pfb['min'] = str_pad($pfb['min'], 2, '0', STR_PAD_LEFT); + $sec_final = str_pad(($sec_remain % 60), 2, '0', STR_PAD_LEFT); + $min_remain = str_pad(floor($sec_remain / 60), 2, '0', STR_PAD_LEFT); + $min_final = str_pad(($min_remain % 60), 2, '0', STR_PAD_LEFT); + $hour_final = str_pad(floor($min_remain / 60), 2, '0', STR_PAD_LEFT); + $cron_hour_next = str_pad($cron_hour_next, 2, '0', STR_PAD_LEFT); + + $cronreal = "{$cron_hour_next}:{$pfb['min']}"; + $nextcron = "{$hour_final}:{$min_final}:{$sec_final}"; } -// End the viewer output Window -if (isset($_POST['pfbviewcancel'])) { - clearstatcache(false, $pfb['log']); - ob_flush(); - flush(); - fclose("{$pfb['log']}"); +if (empty($pfb['enable']) || empty($cron_hour_next)) { + $cronreal = ' [ Disabled ]'; + $nextcron = '--'; } -// Execute a Force Update -if (isset($_POST['pfbupdate']) && $pfb['enable'] == 'on') { - pfb_cron_update(update); +$status = 'NEXT Scheduled CRON Event will run at'; +$status .= " {$cronreal} with {$nextcron}"; +$status .= '  time remaining.'; + +// Query for any active pfBlockerNG CRON jobs +exec('/bin/ps -wax', $result_cron); +if (preg_grep("/pfblockerng[.]php\s+?(cron|update)/", $result_cron)) { + $status .= '  '; + $status .= 'Active pfBlockerNG CRON JOB'; + $status .= ''; +} +$status .= '
    Refresh to update current Status and time remaining.'; + +$options = '
    '; +$options .= '
    Update:
    will download any new Alias/Lists.
    '; +$options .= '
    Cron:
    will download any Alias/Lists that are within the Frequency Setting (due for Update).
    '; +$options .= '
    Reload:
    will reload all Lists using the existing Downloaded files.
    '; +$options .= ' This is useful when Lists are out of sync or Reputation changes were made.
    '; +$options .= '
    '; + +// Create Form +$form = new Form(false); + +$section = new Form_Section('Update Settings'); +$section->addInput(new Form_StaticText( + NULL, + '' + . 'Firewall Alias ' + . 'Firewall Rules ' + . 'Firewall Logs' +)); + +// Build Status section +$section->addInput(new Form_StaticText( + 'Status', + $status +)); +$form->add($section); + +// Build Options section +$group = new Form_Group('Force Options'); +$group->add(new Form_StaticText( + NULL, + '** AVOID **  Running these Force options - when CRON is expected to RUN!' +)); + +$section->add($group)->setHelp('
    ' . $options . '
    '); + +$group = new Form_Group('Select \'Force\' option'); +$group->add(new Form_Checkbox( + 'pfbupdate', + 'pfbupdate', + 'Update', + 'on', + 'on' +))->displayAsRadio()->setAttribute('title', 'Force Update: IP & DNSBL.')->setWidth(1); + +$group->add(new Form_Checkbox( + 'pfbcron', + 'pfbcron', + 'Cron', + '', + 'on' +))->displayAsRadio()->setAttribute('title', 'Force Cron: IP & DNSBL.')->setWidth(1); + +$group->add(new Form_Checkbox( + 'pfbreload', + 'pfbreload', + 'Reload', + '', + 'on' +))->displayAsRadio()->setAttribute('title', 'Force Reload: IP & DNSBL.')->setWidth(1); +$section->add($group); + + +// Build 'Force Options' group section +$group = new Form_Group('Select \'Reload\' option'); +$group->add(new Form_Checkbox( + 'pfball', + 'pfball', + 'All', + 'on', + 'All' +))->displayAsRadio()->setAttribute('title', 'Reload: IP & DNSBL.')->setWidth(1); + +$group->add(new Form_Checkbox( + 'pfbip', + 'pfbip', + 'IP', + '', + 'IP' +))->displayAsRadio()->setAttribute('title', 'Reload: IP only.')->setWidth(1); + +$group->add(new Form_Checkbox( + 'pfbdnsbl', + 'pfbdnsbl', + 'DNSBL', + '', + 'DNSBL' +))->displayAsRadio()->setAttribute('title', 'Reload: DNSBL only.')->setWidth(2); +$section->add($group); + + +$group = new Form_Group(NULL); +$btn_run = new Form_Button( + 'run', + 'Run' +); + +$btn_run->removeClass('btn-primary')->addClass('btn-primary btn-xs'); +$group->add(new Form_StaticText( + NULL, + $btn_run +)); + +// Alternate view/end view button text +if (!isset($pconfig['log_view'])) { + $pconfig['log_view'] = 'View'; +} elseif($pconfig['log_view'] == 'View') { + $pconfig['log_view'] = 'End View' ; +} else { + $pconfig['log_view'] = 'View'; } -// Execute a CRON command to update any lists within the frequency settings -if (isset($_POST['pfbcron']) && $pfb['enable'] == 'on') { - pfb_cron_update(cron); +// Alternate view/end view title text +$btn_logview_title = 'Click to End Log View'; +if ($pconfig['log_view'] == 'View') { + $btn_logview_title = 'Click to View a running Cron Update.'; } -// Execute a reload of all aliases and lists -if (isset($_POST['pfbreload']) && $pfb['enable'] == 'on') { - // Set 'Reuse' flag for reload process - $config['installedpackages']['pfblockerng']['config'][0]['pfb_reuse'] = 'on'; - write_config('pfBlockerNG: Executing Force Reload'); - pfb_cron_update(reload); +$btn_logview = new Form_Button( + 'log_view', + $pconfig['log_view'] +); +$btn_logview->removeClass('btn-primary')->addClass('btn-primary btn-xs')->setAttribute('title', $btn_logview_title); +$group->add(new Form_StaticText( + NULL, + $btn_logview +)); +$section->add($group); + +// Build 'textarea' windows +$section = new Form_Section('Log'); +$section->addInput(new Form_Textarea( + pfb_status, + NULL, + 'Log Viewer Standby' +))->removeClass('form-control')->addClass('row-fluid col-sm-12')->setAttribute('rows', '1')->setAttribute('wrap', 'off') + ->setAttribute('style', 'background:#fafafa;'); + +$section->addInput(new Form_Textarea( + pfb_output, + NULL, + NULL +))->removeClass('form-control')->addClass('row-fluid col-sm-12')->setAttribute('rows', '30')->setAttribute('wrap', 'off') + ->setAttribute('style', 'background:#fafafa;'); +$form->add($section); +print($form); + +// Execute the viewer output window +if (isset($pconfig['log_view'])) { + if ($pconfig['log_view'] !== 'View') { + pfbupdate_status(gettext("Log Viewing in progress. ** Press 'END VIEW' to Exit ** ")); + pfb_livetail($pfb['log'], 'view'); + } else { + // End the viewer output Window + clearstatcache(false, $pfb['log']); + ob_flush(); + flush(); + @fclose("{$pfb['log']}"); + } } +if ($pfb['enable'] == 'on' && isset($pconfig['run'])) { + // Execute a reload of all aliases and lists + if ($pconfig['pfbupdate'] == 'on') { + pfb_cron_update(update); + } elseif ($pconfig['pfbcron'] == 'on') { + pfb_cron_update(cron); + } elseif ($pconfig['pfbreload'] == 'on') { + // Determine which reload type to run. + if (isset($pconfig['pfbdnsbl'])) { + $pfb['rmode'] = 'DNSBL'; + } elseif (isset($pconfig['pfbip'])) { + $pfb['rmode'] = 'IP'; + } else { + $pfb['rmode'] = 'All'; + } + + $config['installedpackages']['pfblockerng']['config'][0]['pfb_reuse'] = 'on'; + write_config('pfBlockerNG: Executing Force Reload'); + pfb_cron_update(reload); + } +} ?> -
    - - \ No newline at end of file + + + diff --git a/net/pfSense-pkg-pfBlockerNG/files/usr/local/www/pfblockerng/www/index.php b/net/pfSense-pkg-pfBlockerNG/files/usr/local/www/pfblockerng/www/index.php index 804932d2c026..6955318bca4e 100644 --- a/net/pfSense-pkg-pfBlockerNG/files/usr/local/www/pfblockerng/www/index.php +++ b/net/pfSense-pkg-pfBlockerNG/files/usr/local/www/pfblockerng/www/index.php @@ -29,22 +29,22 @@ if (!empty($pfb_query)) { // Increment DNSBL Alias Counter $dnsbl_info = '/var/db/pfblockerng/dnsbl_info'; - if (($handle = fopen("{$dnsbl_info}", 'r')) !== FALSE) { + if (($handle = @fopen("{$dnsbl_info}", 'r')) !== FALSE) { flock($handle, LOCK_EX); - $pfb_output = fopen("{$dnsbl_info}.bk", 'w'); + $pfb_output = @fopen("{$dnsbl_info}.bk", 'w'); flock($pfb_output, LOCK_EX); // Find line with corresponding DNSBL Aliasname - while (($line = fgetcsv($handle)) !== FALSE) { + while (($line = @fgetcsv($handle)) !== FALSE) { if ($line[0] == $pfb_query) { $line[3] += 1; } - fputcsv($pfb_output, $line); + @fputcsv($pfb_output, $line); } - fclose($pfb_output); - fclose($handle); + @fclose($pfb_output); + @fclose($handle); @rename("{$dnsbl_info}.bk", "{$dnsbl_info}"); } } -?> \ No newline at end of file +?> diff --git a/net/pfSense-pkg-pfBlockerNG/files/usr/local/www/widgets/include/widget-pfblockerng.inc b/net/pfSense-pkg-pfBlockerNG/files/usr/local/www/widgets/include/widget-pfblockerng.inc index 1b3c7c2be5e0..b5b14c4f1513 100644 --- a/net/pfSense-pkg-pfBlockerNG/files/usr/local/www/widgets/include/widget-pfblockerng.inc +++ b/net/pfSense-pkg-pfBlockerNG/files/usr/local/www/widgets/include/widget-pfblockerng.inc @@ -1,7 +1,7 @@ pfBlockerNG'; +$pfblockerng_title_link = 'pfblockerng/pfblockerng_alerts.php'; -?> \ No newline at end of file +?> diff --git a/net/pfSense-pkg-pfBlockerNG/files/usr/local/www/widgets/javascript/pfblockerng.js b/net/pfSense-pkg-pfBlockerNG/files/usr/local/www/widgets/javascript/pfblockerng.js index e1c1ca20b5e4..d977bd94ae56 100644 --- a/net/pfSense-pkg-pfBlockerNG/files/usr/local/www/widgets/javascript/pfblockerng.js +++ b/net/pfSense-pkg-pfBlockerNG/files/usr/local/www/widgets/javascript/pfblockerng.js @@ -1,9 +1,7 @@ -/* pfBlockerNG update engine */ - -// Part of pfBlockerNG by BBCan177@gmail.com (c) 2015 -// -// Javascript and Integration modifications by J. Nieuwenhuizen - +/* pfBlockerNG update engine + * Part of pfBlockerNG by BBCan177@gmail.com (c) 2015 + * Javascript and Integration modifications by J. Nieuwenhuizen and J. Van Breedam + */ var pfBlockerNGtimer; @@ -11,7 +9,6 @@ function pfBlockerNG_fetch_new_rules_callback(callback_data) { var data_split; var new_data_to_add = Array(); var data = callback_data; - data_split = data.split("\n"); // Loop through rows and generate replacement HTML @@ -20,53 +17,25 @@ function pfBlockerNG_fetch_new_rules_callback(callback_data) { row_split = data_split[x].split("||"); if (row_split.length > 3) { var line = ''; - line = '' + row_split[0] + ''; - line += '' + row_split[1] + ''; - line += '' + row_split[2] + ''; - line += '' + row_split[3] + ''; - line += '' + row_split[4] + ''; + line = '' + row_split[0] + ''; + line += '' + row_split[1] + ''; + line += '' + row_split[2] + ''; + line += '' + row_split[3] + ''; + line += '' + row_split[4] + ''; new_data_to_add[new_data_to_add.length] = line; } } if (new_data_to_add.length > 0) { - pfBlockerNG_update_div_rows(new_data_to_add); + var tbody = jQuery('#pfbNG-entries'); + tbody.html('' + new_data_to_add + ''); + $('body').popover({ selector: '[data-popover]', trigger: 'click hover', placement: 'right', delay: {show: 50, hide: 400}}); } } } - -function pfBlockerNG_update_div_rows(data) { - var rows = jQuery('#pfbNG-entries>tr'); - - // Number of rows to move by - var move = rows.length + data.length; - if (move < 0) - move = 0; - - for (var i = rows.length - 1; i >= move; i--) { - jQuery(rows[i]).html(jQuery(rows[i - move]).html()); - } - - var tbody = jQuery('#pfbNG-entries'); - for (var i = data.length - 1; i >= 0; i--) { - if (i < rows.length) { - jQuery(rows[i]).html(data[i]); - } else { - jQuery(tbody).prepend('' + data[i] + ''); - } - } - - // Add the even/odd class to each of the rows now - // they have all been added. - rows = jQuery('#pfbNG-entries>tr'); - for (var i = 0; i < rows.length; i++) { - rows[i].className = i % 2 == 0 ? 'listMRodd' : 'listMReven'; - } -} - - function fetch_new_pfBlockerNGcounts() { - jQuery.ajax('/widgets/widgets/pfblockerng.widget.php?getNewCounts=' + new Date().getTime(), { + $.ajax({ + url: '/widgets/widgets/pfblockerng.widget.php?getNewCounts=' + new Date().getTime(), type: 'GET', dataType: 'text', success: function(data) { @@ -76,4 +45,4 @@ function fetch_new_pfBlockerNGcounts() { } /* start local AJAX engine */ -pfBlockerNGtimer = setInterval('fetch_new_pfBlockerNGcounts()', pfBlockerNGupdateDelay); \ No newline at end of file +pfBlockerNGtimer = setInterval('fetch_new_pfBlockerNGcounts()', pfBlockerNGupdateDelay); diff --git a/net/pfSense-pkg-pfBlockerNG/files/usr/local/www/widgets/widgets/pfblockerng.widget.php b/net/pfSense-pkg-pfBlockerNG/files/usr/local/www/widgets/widgets/pfblockerng.widget.php index c70bd05b52ee..993078a3cd9a 100644 --- a/net/pfSense-pkg-pfBlockerNG/files/usr/local/www/widgets/widgets/pfblockerng.widget.php +++ b/net/pfSense-pkg-pfBlockerNG/files/usr/local/www/widgets/widgets/pfblockerng.widget.php @@ -15,7 +15,7 @@ Copyright (c) 2015 Electric Sheep Fencing, LLC. All rights reserved. Copyright (c) 2015 Bill Meeks - Javascript and Integration modifications by J. Nieuwenhuizen + Javascript and Integration modifications by J. Nieuwenhuizen and J. Van Breedam Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: @@ -48,15 +48,9 @@ pfb_global(); // Image source definition -$pfb['down'] = ""; -$pfb['up'] = ""; -$pfb['err'] = ""; - -// Alternating line shading -$pfb['RowOddClass'] = "style='background-color: #FFFFFF;'"; -$pfb['RowEvenClass'] = "style='background-color: #F0F0F0;'"; -$pfb['RowEvenClass2'] = "style='background-color: #D0D0D0;'"; -$pfb['ColClass'] = 'listMRr'; +$pfb['down'] = ''; +$pfb['up'] = ''; +$pfb['err'] = ''; // Widget customizations $wglobal_array = array('popup' => 'off', 'sortcolumn' => 'none', 'sortdir' => 'asc', 'maxfails' => 3, 'maxpivot' => 200); @@ -79,13 +73,15 @@ } write_config('pfBlockerNG: Saved Widget customizations via Dashboard'); - header('Location: ../../index.php'); + header("Location: /"); + exit(0); } // Ackwnowlege failed downloads -if (isset($_POST['pfblockerngack'])) { +if ($_POST['pfblockerngack']) { exec("{$pfb['sed']} -i '' 's/FAIL/Fail/g' {$pfb['errlog']}"); - header('Location: ../../index.php'); + header("Location: /"); + exit(0); } // Called by Ajax to update table contents @@ -95,19 +91,20 @@ } // Reset DNSBL Alias packet counters -if (isset($_POST['pfblockerngdnsblclear'])) { +if ($_POST['pfblockerngdnsblclear']) { $dnsbl_info = array_map('str_getcsv', @file("{$pfb['dnsbl_info']}")); if (!empty ($dnsbl_info)) { - $handle = fopen("{$pfb['dnsbl_info']}", 'w'); + $handle = @fopen("{$pfb['dnsbl_info']}", 'w'); foreach ($dnsbl_info as $line) { if (substr($line[0], 0, 1) != '#') { $line[3] = '0'; } fputcsv($handle, $line); } - fclose ($handle); + @fclose ($handle); } - header('Location: ../../index.php'); + header("Location: /"); + exit(0); } // Sort widget table according to user configuration @@ -154,7 +151,8 @@ function pfBlockerNG_get_counts() { /* Alias Table Definitions - 'update' - Last Updated Timestamp 'rule' - Total number of Firewall rules per alias 'count' - Total Line Count per alias - 'packets' - Total number of pf packets per alias */ + 'packets' - Total number of pf packets per alias + 'id' - Alias key value */ exec("{$pfb['pfctl']} -vvsTables | {$pfb['grep']} -A4 'pfB_'", $pfb_pfctl); if (!empty($pfb_pfctl)) { @@ -228,6 +226,15 @@ function pfBlockerNG_get_counts() { } } + // Collect pfB Alias ID for popup + if (isset($config['aliases']['alias'])) { + foreach ($config['aliases']['alias'] as $key => $alias) { + if (isset($pfb_table[$alias['name']])) { + $pfb_table[$alias['name']]['id'] = $key; + } + } + } + // DNSBL collect statistics if ($pfb['enable'] == 'on' && $pfb['dnsbl'] == 'on' && file_exists ("{$pfb['dnsbl_info']}")) { $dnsbl_info = array_map('str_getcsv', @file("{$pfb['dnsbl_info']}")); @@ -269,13 +276,15 @@ function pfBlockerNG_get_table($mode='') { if (!empty($pfb_table)) { foreach ($pfb_table as $pfb_alias => $values) { if (strpos($pfb_alias, 'DNSBL_') !== FALSE) { - $alias_span = $alias_span_end = ''; $packets = $values['packets']; $dnsbl = TRUE; } else { // Add firewall rules count associated with alias - $values['img'] = $values['img'] . "({$values['rule']})"; - + $values['img'] = $values['img'] . ''; + if ($values['rule'] > 0) { + $values['img'] .= "  ({$values['rule']})"; + } + // If packet fence errors found, display error. if ($pfb['pfctlerr']) { $values['img'] = $pfb['err']; @@ -283,12 +292,9 @@ function pfBlockerNG_get_table($mode='') { // Alias table popup if ($values['count'] > 0 && $pfb['popup'] == 'on') { - $alias_popup = rule_popup($pfb_alias, '', '', ''); - $alias_span = $alias_popup['src']; - $alias_span_end = $alias_popup['src_end']; - } - else { - $alias_span = $alias_span_end = ''; + $pfb_alias = "{$pfb_alias}"; } // Packet column pivot to Alerts Tab @@ -300,8 +306,8 @@ function pfBlockerNG_get_table($mode='') { $aentries = $values['packets']; } - $packets = "{$values['packets']}"; } else { $packets = $values['packets']; @@ -309,23 +315,15 @@ function pfBlockerNG_get_table($mode='') { } if ($mode == 'js') { - echo $response = "{$alias_span}{$pfb_alias}{$alias_span_end}||{$values['count']}||{$packets}||{$values['update']}||{$values['img']}\n"; + print $response = "{$pfb_alias}||{$values['count']}||{$packets}||{$values['update']}||{$values['img']}\n"; } else { - // Print darker shading for DNSBL - if ($dnsbl) { - $RowClass = $dcounter % 2 ? $pfb['RowEvenClass2'] : $pfb['RowOddClass']; - $dcounter++; - } else { - $RowClass = $counter % 2 ? $pfb['RowEvenClass'] : $pfb['RowOddClass']; - $counter++; - } - echo (" - {$alias_span}{$pfb_alias}{$alias_span_end} - {$values['count']} - {$packets} - {$values['update']} - {$values['img']} + print (" + {$pfb_alias} + {$values['count']} + {$packets} + {$values['update']} + {$values['img']} "); } } @@ -334,33 +332,33 @@ function pfBlockerNG_get_table($mode='') { // Status indicator if pfBlockerNG is enabled/disabled if ($pfb['enable'] == 'on') { - $mode = 'pass'; + $mode = 'text-success'; $pfb_msg = 'pfBlockerNG is Active.'; if ($pfb['config']['enable_dup'] == 'on') { // Check Masterfile Database Sanity $db_sanity = exec("{$pfb['grep']} 'Sanity check' {$pfb['logdir']}/pfblockerng.log | {$pfb['grep']} -o 'PASSED' | tail -1"); if ($db_sanity != 'PASSED') { - $mode = 'reject'; + $mode = 'text-warning'; $pfb_msg = 'pfBlockerNG deDuplication is out of sync. Perform a Force Reload to correct.'; } } } else { - $mode = 'block'; + $mode = ''; $pfb_msg = 'pfBlockerNG is Disabled.'; } -$pfb_status = "/themes/{$g['theme']}/images/icons/icon_{$mode}.gif"; +$pfb_status = "fa fa-check-circle {$mode}"; // Status indicator if DNSBL is actively running if ($pfb['dnsbl'] == 'on' && $pfb['unbound_state'] == 'on' && $pfb['enable'] == 'on' && strpos(file_get_contents("{$pfb['dnsbldir']}/unbound.conf"), 'pfb_dnsbl') !== FALSE) { - $mode = 'pass'; + $mode = 'text-success'; $dnsbl_msg = 'DNSBL is Active.'; } else { - $mode = 'block'; + $mode = ''; $dnsbl_msg = 'DNSBL is Disabled.'; } -$dnsbl_status = "/themes/{$g['theme']}/images/icons/icon_{$mode}.gif"; +$dnsbl_status = "fa fa-check-circle {$mode}"; // Collect total IP/Cidr counts $dcount = exec("{$pfb['cat']} {$pfb['denydir']}/*.txt | {$pfb['grep']} -cv '^#\|^$\|^1\.1\.1\.1$'"); @@ -378,174 +376,226 @@ function pfBlockerNG_get_table($mode='') { // Collect any failed downloads exec("{$pfb['grep']} 'FAIL' {$pfb['errlog']} | {$pfb['grep']} $(date +%m/%d/%y)", $results); -$results = array_reverse($results); +$results = array_reverse($results); +$entries = count($results); ?> - - - - - -
    - + + + + + + +
      + $pfb['maxfails'] && $entries > $pfb['maxfails']) { + // To many errors stop displaying + print (($entries - $pfb['maxfails']) . gettext(' more error(s)...')); + break; + } + if ($counter == 1) { + print ("
    1. {$result} 
      2. "); + } else { + print ("
    2. {$result}
      3. "); + } + $counter++; + } +?> +
    + + +

    MaxMind: {$maxver}"?>

    + + + +
    + + + + + + + + + - + + + + + - + - - - - - + - + +
      - - + + + - {$dcount}"); ?> + {$dcount}")?> + - {$pcount}"); ?> + {$pcount}")?> + - {$mcount}"); ?> + {$mcount}")?> - - {$ncount}"); ?> - - - {$pfbsupp_cnt}"); ?> + + + {$ncount}")?> - - - " alt="" />  - - - - - "/> - + + + {$pfbsupp_cnt}")?> + "> +   +
      + + + - {$scount}  "); ?> + {$scount}")?> -
    - - "/> -
    -  MaxMind: {$maxver}"; ?> + + ">
    -
    - - - - $pfb['maxfails'] && $entries > $pfb['maxfails']) { - // To many errors stop displaying - echo("'); - break; - } - echo(""); - $counter++; - } -} -?> - +
    " . ($entries - $pfb['maxfails']) . ' more error(s)...
    {$result}
    + + + + + + + + + + + + +
     
    - - - - - - - - - - - - - - - - -
    + + + +
    +
    + +
    +
    + +
    + +
    +
    +
    + +
    + +
    +
    +
    + +
    + +
    +
    +
    + +
    + +
    +
    +
    + +
    + + +
    +
    +
    +
    + +
    +
    +
    \ No newline at end of file + diff --git a/net/pfSense-pkg-pfBlockerNG/pkg-descr b/net/pfSense-pkg-pfBlockerNG/pkg-descr index ba673617293e..91aff6b57e92 100644 --- a/net/pfSense-pkg-pfBlockerNG/pkg-descr +++ b/net/pfSense-pkg-pfBlockerNG/pkg-descr @@ -1,11 +1,9 @@ pfBlockerNG is the Next Generation of pfBlocker.
    - Manage IPv4/v6 List Sources into 'Deny, Permit or Match' - formats.
    Country Blocking Database by MaxMind Inc. - (GeoLite Free version).
    De-Duplication, - Suppression, and Reputation enhancements.
    - Provision to download from diverse List formats.
    - Advanced Integration for Proofpoint ET IQRisk IP - Reputation Threat Sources.
    Domain Name (DNSBL) - blocking via Unbound DNS Resolver. +Manage IPv4/v6 List Sources into 'Deny, Permit or Match' formats.
    +Country Blocking Database by MaxMind Inc. (GeoLite Free version).
    +De-Duplication, Suppression, and Reputation enhancements.
    +Provision to download from diverse List formats.
    +Advanced Integration for Proofpoint ET IQRisk IP Reputation Threat Sources.
    +Domain Name (DNSBL) blocking via Unbound DNS Resolver. -WWW: https://forum.pfsense.org/index.php?topic=86212.0 +WWW: https://forum.pfsense.org/index.php?topic=102470.0