diff options
| author | jim-p <jim@pingle.org> | 2010-04-21 17:03:45 -0400 |
|---|---|---|
| committer | jim-p <jim@pingle.org> | 2010-04-21 17:03:45 -0400 |
| commit | c7de8be425e6061bedd63bfc2294d990ff576bc2 (patch) | |
| tree | aa7c774a07376d33aab185b28f8a3b4ce283f564 /etc/inc/pfsense-utils.inc | |
| parent | 74e861e30bb58eb1513bb806e04a471cda1578ec (diff) | |
| download | pfsense-c7de8be425e6061bedd63bfc2294d990ff576bc2.zip pfsense-c7de8be425e6061bedd63bfc2294d990ff576bc2.tar.gz | |
Add a new alias type, urltable, which downloads a file of IP/CIDR addresses and loads them into a pf persist table instead of importing the addresses directly into a traditional alias. This allows for using huge tables of addresses that would otherwise break the GUI and/or fail to load into pf. Part of ticket #512
Diffstat (limited to 'etc/inc/pfsense-utils.inc')
| -rw-r--r-- | etc/inc/pfsense-utils.inc | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/etc/inc/pfsense-utils.inc b/etc/inc/pfsense-utils.inc index 007a27e..b21ec6f 100644 --- a/etc/inc/pfsense-utils.inc +++ b/etc/inc/pfsense-utils.inc @@ -1877,5 +1877,42 @@ function pfs_version_compare($cur_time, $cur_text, $remote) { } return $v; } +function process_alias_urltable($name, $url, $freq, $forceupdate=false) { + $urltable_prefix = "/var/db/aliastables/"; + $urltable_filename = $urltable_prefix . $name . ".txt"; + + // Make the aliases directory if it doesn't exist + if (!file_exists($urltable_prefix)) { + mkdir($urltable_prefix); + } elseif (!is_dir($urltable_prefix)) { + unlink($urltable_prefix); + mkdir($urltable_prefix); + } + + // If the file doesn't exist or is older than update_freq days, fetch a new copy. + if (!file_exists($urltable_filename) + || ((time() - filemtime($urltable_filename)) > ($freq * 86400)) + || $forceupdate) { + + // Try to fetch the URL supplied + conf_mount_rw(); + unlink_if_exists($urltable_filename . ".tmp"); + // Use fetch to grab data since these may be large files, we don't want to process them through PHP if we can help it. + mwexec("/usr/bin/fetch -q -o " . escapeshellarg($urltable_filename . ".tmp") . " " . escapeshellarg($url)); + // Remove comments. Might need some grep-fu to only allow lines that look like IPs/subnets + mwexec("/usr/bin/grep -v '^#' " . escapeshellarg($urltable_filename . ".tmp") . " > " . escapeshellarg($urltable_filename)); + unlink_if_exists($urltable_filename . ".tmp"); + conf_mount_ro(); + if (filesize($urltable_filename)) { + return true; + } else { + // If it's unfetchable or an empty file, bail + return false; + } + } else { + // File exists, and it doesn't need updated. + return -1; + } +} ?> |
