From aeb6a302be88cd1fbe104bd3736de8b152c58ba2 Mon Sep 17 00:00:00 2001 From: BBcan177 Date: Wed, 23 May 2018 10:03:31 -0400 Subject: [PATCH 1/8] Update pfblockerng_install.inc Remove extraneous log text --- .../files/usr/local/pkg/pfblockerng/pfblockerng_install.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/pfSense-pkg-pfBlockerNG-devel/files/usr/local/pkg/pfblockerng/pfblockerng_install.inc b/net/pfSense-pkg-pfBlockerNG-devel/files/usr/local/pkg/pfblockerng/pfblockerng_install.inc index 75ea7a73fc51..d20b2db5ef8a 100644 --- a/net/pfSense-pkg-pfBlockerNG-devel/files/usr/local/pkg/pfblockerng/pfblockerng_install.inc +++ b/net/pfSense-pkg-pfBlockerNG-devel/files/usr/local/pkg/pfblockerng/pfblockerng_install.inc @@ -168,7 +168,7 @@ pfb_filter_service(); update_status(" done.\n"); // Create DNSBL service and link required executables -update_status(" done.\nRemove any existing and create link for DNSBL lighttpd executable..."); +update_status("Remove any existing and create link for DNSBL lighttpd executable..."); unlink_if_exists('/usr/local/sbin/lighttpd_pfb'); link('/usr/local/sbin/lighttpd', '/usr/local/sbin/lighttpd_pfb'); From 0e32a1bd778d4d41f8f953cfef3ac9f2598e75f3 Mon Sep 17 00:00:00 2001 From: BBcan177 Date: Tue, 29 May 2018 23:47:30 -0400 Subject: [PATCH 2/8] pfSense-pkg-pfBlockerNG-devel - Fix Upgrade order - Ensure that General Tab -> new IP Tab settings are migrated before converting pfBlockerNGSuppress Alias - Improve logging messages --- .../pkg/pfblockerng/pfblockerng_install.inc | 44 ++++++++++++------- 1 file changed, 29 insertions(+), 15 deletions(-) diff --git a/net/pfSense-pkg-pfBlockerNG-devel/files/usr/local/pkg/pfblockerng/pfblockerng_install.inc b/net/pfSense-pkg-pfBlockerNG-devel/files/usr/local/pkg/pfblockerng/pfblockerng_install.inc index d20b2db5ef8a..b50512037372 100644 --- a/net/pfSense-pkg-pfBlockerNG-devel/files/usr/local/pkg/pfblockerng/pfblockerng_install.inc +++ b/net/pfSense-pkg-pfBlockerNG-devel/files/usr/local/pkg/pfblockerng/pfblockerng_install.inc @@ -423,7 +423,31 @@ if ($ufound) { update_status(" no changes required ... done.\n"); } +// Move General Tab 'IP settings' to new IP tab +update_status("Upgrading General Tab -> IP Tab settings..."); +if (!isset($config['installedpackages']['pfblockerngipsettings'])) { + $pfb['gconfig'] = &$config['installedpackages']['pfblockerng']['config'][0]; + $pfb['iconfig'] = &$config['installedpackages']['pfblockerngipsettings']['config'][0]; + + $settings = array( 'enable_dup', 'enable_agg', 'suppression', 'enable_log', 'maxmind_locale', 'database_cc', + 'inbound_interface', 'inbound_deny_action', 'outbound_interface', 'outbound_deny_action', + 'enable_float', 'pass_order', 'autorule_suffix', 'killstates' ); + + foreach ($settings as $setting) { + $pfb['iconfig'][$setting] = $pfb['gconfig'][$setting] ?: ''; + if (isset($pfb['gconfig'][$setting])) { + unset($pfb['gconfig'][$setting]); + } + } + update_status(" saving new changes ... done.\n"); +} +else { + update_status(" no changes required ... done.\n"); +} + // Upgrade pfBlockerNGSuppress alias to IPv4 Suppression custom list +$ufound = FALSE; +update_status("Upgrading pfBlockerNGSuppress Alias -> IPv4 Suppression Customlist..."); if (!isset($config['installedpackages']['pfblockerngipsettings']['config'][0]['v4suppression'])) { $customlist = ''; @@ -448,27 +472,17 @@ if (!isset($config['installedpackages']['pfblockerngipsettings']['config'][0]['v } $config['installedpackages']['pfblockerngipsettings']['config'][0]['v4suppression'] = base64_encode($customlist) ?: ''; // unset($config['aliases']['alias'][$key]); + $ufound = TRUE; break; } } } } -// Move General Tab 'IP settings' to new IP tab -if (!isset($config['installedpackages']['pfblockerngipsettings'])) { - $pfb['gconfig'] = &$config['installedpackages']['pfblockerng']['config'][0]; - $pfb['iconfig'] = &$config['installedpackages']['pfblockerngipsettings']['config'][0]; - - $settings = array( 'enable_dup', 'enable_agg', 'suppression', 'enable_log', 'maxmind_locale', 'database_cc', - 'inbound_interface', 'inbound_deny_action', 'outbound_interface', 'outbound_deny_action', - 'enable_float', 'pass_order', 'autorule_suffix', 'killstates' ); - - foreach ($settings as $setting) { - $pfb['iconfig'][$setting] = $pfb['gconfig'][$setting] ?: ''; - if (isset($pfb['gconfig'][$setting])) { - unset($pfb['gconfig'][$setting]); - } - } +if ($ufound) { + update_status(" saving new changes ... done.\n"); +} else { + update_status(" no changes required ... done.\n"); } // Convert dnsbl_info CSV file to SQLite3 database format From be812edcccb4f904def536517a6e910fe340451d Mon Sep 17 00:00:00 2001 From: BBcan177 Date: Tue, 29 May 2018 23:54:15 -0400 Subject: [PATCH 3/8] Update pfblockerng_dnsbl.php - Remove debug code - Improve TLD Whitelist Help Text --- .../usr/local/www/pfblockerng/pfblockerng_dnsbl.php | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/net/pfSense-pkg-pfBlockerNG-devel/files/usr/local/www/pfblockerng/pfblockerng_dnsbl.php b/net/pfSense-pkg-pfBlockerNG-devel/files/usr/local/www/pfblockerng/pfblockerng_dnsbl.php index 32de8f9e3430..7bcb2b71f1bc 100644 --- a/net/pfSense-pkg-pfBlockerNG-devel/files/usr/local/www/pfblockerng/pfblockerng_dnsbl.php +++ b/net/pfSense-pkg-pfBlockerNG-devel/files/usr/local/www/pfblockerng/pfblockerng_dnsbl.php @@ -378,10 +378,7 @@ ->setHelp('This will create \'Floating\' Firewall permit rules to allow traffic from the Selected Interface(s) to access
' . 'the DNSBL VIP on the DNSBL Listening interface. (ICMP and Webserver ports only). This is only required for networks with multiple LAN Segments.'); -// Remove Localhost from Interface options -array_pop($interface_list); $int_size = count($interface_list) ?: '1'; - $group->add(new Form_Select( 'dnsbl_allow_int', NULL, @@ -899,12 +896,14 @@ $tld_whitelist_text = 'Enter each specific Domain and/or Sub-Domains to be Whitelisted. (Used in conjunction with TLD Blacklist only) 
- Enter one  Domain  per line, followed by  |x.x.x.x  - (IP Address for Domain or Sub-Domain)  
Examples:
+ Enter one  Domain per line
Examples:
    -
  • example.com|x.x.x.x
    • -
  • news.example.com|x.x.x.x   (Replace x.x.x.x with associated Domain/Sub-Domain IP Address.
    • +
  • example.com
    • +
  • example.com|x.x.x.x  (Replace x.x.x.x with associated Domain/Sub-Domain IP Address.
+ The First option above will collect the IP Address on each Cron run, + while the second option will define a Static IP Address.

+ You must Whitelist every Domain or Sub-Domain individually.
No Regex Entries and no leading/trailing \'dot\' allowed!
You may use "#" after any Domain/Sub-Domain to add comments. IE: (example.com|x.x.x.x # TLD Whitelist)
From f229c980d1d65f2e649ec0fa495459fcf0c7ed18 Mon Sep 17 00:00:00 2001 From: BBcan177 Date: Tue, 29 May 2018 23:56:36 -0400 Subject: [PATCH 4/8] Update pfblockerng.widget.php - Fix an SQLite3 error message (Call to a member function fetchArray() on boolean) --- .../usr/local/www/widgets/widgets/pfblockerng.widget.php | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/net/pfSense-pkg-pfBlockerNG-devel/files/usr/local/www/widgets/widgets/pfblockerng.widget.php b/net/pfSense-pkg-pfBlockerNG-devel/files/usr/local/www/widgets/widgets/pfblockerng.widget.php index 678d1bc995e0..8cb1c1ac24a4 100644 --- a/net/pfSense-pkg-pfBlockerNG-devel/files/usr/local/www/widgets/widgets/pfblockerng.widget.php +++ b/net/pfSense-pkg-pfBlockerNG-devel/files/usr/local/www/widgets/widgets/pfblockerng.widget.php @@ -546,9 +546,11 @@ function pfBlockerNG_get_header($mode='') { if ($db_handle) { $result = $db_handle->query("SELECT * FROM resolver WHERE row = 0;"); - while ($qstats = $result->fetchArray(SQLITE3_ASSOC)) { - $pfb_found = TRUE; - $resolver[] = $qstats; + if ($result) { + while ($qstats = $result->fetchArray(SQLITE3_ASSOC)) { + $pfb_found = TRUE; + $resolver[] = $qstats; + } } // Create new row From 8dc77e7aa7eb4c1d23d4a7a15cc98352dda4b513 Mon Sep 17 00:00:00 2001 From: BBcan177 Date: Tue, 29 May 2018 23:59:42 -0400 Subject: [PATCH 5/8] Update pfblockerng_ip.php - Improve Error message --- .../files/usr/local/www/pfblockerng/pfblockerng_ip.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/pfSense-pkg-pfBlockerNG-devel/files/usr/local/www/pfblockerng/pfblockerng_ip.php b/net/pfSense-pkg-pfBlockerNG-devel/files/usr/local/www/pfblockerng/pfblockerng_ip.php index fb5066fbaaed..17047404087b 100644 --- a/net/pfSense-pkg-pfBlockerNG-devel/files/usr/local/www/pfblockerng/pfblockerng_ip.php +++ b/net/pfSense-pkg-pfBlockerNG-devel/files/usr/local/www/pfblockerng/pfblockerng_ip.php @@ -98,11 +98,11 @@ $mask = strstr($host[0], '/', FALSE); if ($mask != '/32' && $mask != '/24') { - $input_errors[] = "Invalid mask [ {$host[0]} ]. Mask must be defined as /32 or /24 only."; + $input_errors[] = "IPv4 Suppression: Invalid mask [ {$host[0]} ]. Mask must be defined as /32 or /24 only."; } if (!is_subnetv4($host[0])) { - $input_errors[] = "Invalid IPv4 subnet address defined [ {$host[0]} ]"; + $input_errors[] = "IPv4 Suppression: Invalid IPv4 subnet address defined [ {$host[0]} ]"; } } } From 8904067ecf12745921490bff2cec82c8a06262b9 Mon Sep 17 00:00:00 2001 From: BBcan177 Date: Wed, 30 May 2018 00:06:28 -0400 Subject: [PATCH 6/8] Update pfblockerng_log.php - Add TOP1M Whitelist final list to Log Viewer --- .../files/usr/local/www/pfblockerng/pfblockerng_log.php | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/net/pfSense-pkg-pfBlockerNG-devel/files/usr/local/www/pfblockerng/pfblockerng_log.php b/net/pfSense-pkg-pfBlockerNG-devel/files/usr/local/www/pfblockerng/pfblockerng_log.php index 2e4d6dbfe5f0..0679b9d980a6 100644 --- a/net/pfSense-pkg-pfBlockerNG-devel/files/usr/local/www/pfblockerng/pfblockerng_log.php +++ b/net/pfSense-pkg-pfBlockerNG-devel/files/usr/local/www/pfblockerng/pfblockerng_log.php @@ -163,6 +163,12 @@ function getlogs($logdir, $log_extentions = array('log')) { 'logdir' => '/usr/local/pkg/pfblockerng/', 'download' => TRUE, 'clear' => FALSE + ), + 'top1m' => array('name' => 'TOP1M Whitelist', + 'ext' => array('pfbalexawhitelist.txt'), + 'logdir' => "{$pfb['dbdir']}/", + 'download' => TRUE, + 'clear' => TRUE ) ); From e872c10087aa108c926289939f7460b088b4dc5a Mon Sep 17 00:00:00 2001 From: BBcan177 Date: Thu, 31 May 2018 22:32:59 -0400 Subject: [PATCH 7/8] Update pfblockerng.inc - Fix logging on manual user-defined pfBlockerNG rules as the Tracker ID prefix doesn't start with '1770*' - Fix an SQLite3 error message (Call to a member function fetchArray() on boolean) --- .../usr/local/pkg/pfblockerng/pfblockerng.inc | 88 +++++++++++++------ 1 file changed, 62 insertions(+), 26 deletions(-) diff --git a/net/pfSense-pkg-pfBlockerNG-devel/files/usr/local/pkg/pfblockerng/pfblockerng.inc b/net/pfSense-pkg-pfBlockerNG-devel/files/usr/local/pkg/pfblockerng/pfblockerng.inc index e65cecf7e873..1a5cc7f52d5f 100644 --- a/net/pfSense-pkg-pfBlockerNG-devel/files/usr/local/pkg/pfblockerng/pfblockerng.inc +++ b/net/pfSense-pkg-pfBlockerNG-devel/files/usr/local/pkg/pfblockerng/pfblockerng.inc @@ -2826,26 +2826,40 @@ function pfb_aliastables($mode) { } -// Collect pfBlockerNG rule names and tracker ids +// Collect pfBlockerNG rule names and Tracker IDs function pfb_filterrules() { global $pfb; - $rule_list = array(); - exec("{$pfb['pfctl']} -vv -sr | {$pfb['grep']} 'pfB_'", $results); + $rule_list = array(); + $rule_list['other'] = array(); + + exec("{$pfb['pfctl']} -vvsr 2>&1", $results); if (!empty($results)) { foreach ($results as $result) { + if (substr($result, 0, 1) == '@') { + + $r = explode(')', $result, 2); + $id = ltrim(strstr($r[0], '(', FALSE), '('); + + // Find rule descriptions and type for pfBlockerNG Tracker IDs + if (strpos($r[1], ' prepare($db_update); $stmt->bindValue(':domain', $domain, SQLITE3_TEXT); $result = $stmt->execute(); - if ($result) { $dnsbl_cache = $result->fetchArray(SQLITE3_ASSOC); } @@ -3987,8 +4021,10 @@ function pfb_daemon_queries() { $db_handle = pfb_open_sqlite(3, 'Resolver collect queries'); if ($db_handle) { $result = $db_handle->query("SELECT * FROM resolver WHERE row = 0;"); - while ($stats = $result->fetchArray(SQLITE3_ASSOC)) { - $pfb_found = TRUE; + if ($result) { + while ($stats = $result->fetchArray(SQLITE3_ASSOC)) { + $pfb_found = TRUE; + } } // Create new row From 80bc620ed86e0638917ea399dcbf57a02d443496 Mon Sep 17 00:00:00 2001 From: BBcan177 Date: Thu, 31 May 2018 22:49:38 -0400 Subject: [PATCH 8/8] Bump pfSense-pkg-pfBlockerNG-devel -> 2,2.1 --- net/pfSense-pkg-pfBlockerNG-devel/Makefile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/net/pfSense-pkg-pfBlockerNG-devel/Makefile b/net/pfSense-pkg-pfBlockerNG-devel/Makefile index 461637717d60..c751ef3c0d4e 100644 --- a/net/pfSense-pkg-pfBlockerNG-devel/Makefile +++ b/net/pfSense-pkg-pfBlockerNG-devel/Makefile @@ -1,8 +1,7 @@ # $FreeBSD$ PORTNAME= pfSense-pkg-pfBlockerNG-devel -PORTVERSION= 2.1.2 -PORTREVISION= 2 +PORTVERSION= 2.2.1 CATEGORIES= net MASTER_SITES= # empty DISTFILES= # empty