diff options
-rw-r--r-- | etc/inc/filter.inc | 7 | ||||
-rw-r--r-- | etc/inc/pfsense-utils.inc | 15 | ||||
-rw-r--r-- | etc/inc/util.inc | 2 | ||||
-rwxr-xr-x | etc/rc.update_urltables | 15 | ||||
-rwxr-xr-x | usr/local/www/firewall_aliases_edit.php | 34 | ||||
-rwxr-xr-x | usr/local/www/firewall_nat_edit.php | 2 | ||||
-rwxr-xr-x | usr/local/www/firewall_nat_out_edit.php | 2 | ||||
-rwxr-xr-x | usr/local/www/firewall_rules_edit.php | 2 | ||||
-rwxr-xr-x | usr/local/www/guiconfig.inc | 13 | ||||
-rwxr-xr-x | usr/local/www/load_balancer_pool_edit.php | 2 | ||||
-rwxr-xr-x | usr/local/www/load_balancer_virtual_server_edit.php | 2 |
11 files changed, 74 insertions, 22 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index da59a6a..c562be2 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -634,7 +634,14 @@ function filter_generate_aliases() { $aliases .= "{$aliased['name']} = \"<{$aliased['name']}>\"\n"; } break; + case "urltable_ports": + // TODO: Change it when pf supports tables with ports + $urlfn = alias_expand_urltable($aliased['name']); + if ($urlfn) + $aliases .= "{$aliased['name']} = \"{ " . preg_replace("/\n/", " ", file_get_contents($urlfn)) . " }\"\n"; + break; case "port": + case "url_ports": $aliases .= "{$aliased['name']} = \"{ {$addrlist} }\"\n"; break; default: diff --git a/etc/inc/pfsense-utils.inc b/etc/inc/pfsense-utils.inc index 26fe109..c22de25 100644 --- a/etc/inc/pfsense-utils.inc +++ b/etc/inc/pfsense-utils.inc @@ -2041,6 +2041,8 @@ function pfs_version_compare($cur_time, $cur_text, $remote) { return $v; } function process_alias_urltable($name, $url, $freq, $forceupdate=false) { + global $config; + $urltable_prefix = "/var/db/aliastables/"; $urltable_filename = $urltable_prefix . $name . ".txt"; @@ -2060,11 +2062,14 @@ function process_alias_urltable($name, $url, $freq, $forceupdate=false) { // Try to fetch the URL supplied conf_mount_rw(); unlink_if_exists($urltable_filename . ".tmp"); - // Use fetch to grab data since these may be large files, we don't want to process them through PHP if we can help it. - mwexec("/usr/bin/fetch -T 5 -q -o " . escapeshellarg($urltable_filename . ".tmp") . " " . escapeshellarg($url)); - // Remove comments. Might need some grep-fu to only allow lines that look like IPs/subnets - if (file_exists($urltable_filename . ".tmp")) { - mwexec("/usr/bin/sed 's/\;.*//g' ". escapeshellarg($urltable_filename . ".tmp") . "| /usr/bin/egrep -v '^[[:space:]]*$|^#' > " . escapeshellarg($urltable_filename)); + $verify_ssl = isset($config['system']['checkaliasesurlcert']); + if (download_file($url, $urltable_filename . ".tmp", $verify_ssl)) { + mwexec("/usr/bin/sed -E 's/\;.*//g; /^[[:space:]]*($|#)/d' ". escapeshellarg($urltable_filename . ".tmp") . " > " . escapeshellarg($urltable_filename)); + if (alias_get_type($name) == "urltable_ports") { + $ports = explode("\n", file_get_contents($urltable_filename)); + $ports = group_ports($ports); + file_put_contents($urltable_filename, implode("\n", $ports)); + } unlink_if_exists($urltable_filename . ".tmp"); } else mwexec("/usr/bin/touch {$urltable_filename}"); diff --git a/etc/inc/util.inc b/etc/inc/util.inc index 0d81865..e13edfe 100644 --- a/etc/inc/util.inc +++ b/etc/inc/util.inc @@ -1217,7 +1217,7 @@ function alias_expand_urltable($name) { if (is_array($config['aliases']['alias'])) { foreach ($config['aliases']['alias'] as $alias) { - if (($alias['type'] == 'urltable') && ($alias['name'] == $name)) { + if (preg_match("/urltable/i", $alias['type']) && ($alias['name'] == $name)) { if (is_URL($alias["url"]) && file_exists($urltable_filename) && filesize($urltable_filename)) return $urltable_filename; else if (process_alias_urltable($name, $alias["url"], 0, true)) diff --git a/etc/rc.update_urltables b/etc/rc.update_urltables index fcb60d3..89d4542 100755 --- a/etc/rc.update_urltables +++ b/etc/rc.update_urltables @@ -12,8 +12,9 @@ if (!is_array($config['aliases']['alias'])) { // Gather list of urltable aliases $todo = array(); foreach ($config['aliases']['alias'] as $alias) { - if ($alias['type'] == 'urltable') { + if (preg_match('/urltable/i', $alias['type'])) { $tmp = array(); + $tmp['type'] = $alias['type']; $tmp['name'] = $alias['name']; $tmp['url'] = $alias['url']; $tmp['freq'] = $alias['updatefreq']; @@ -33,11 +34,16 @@ if (count($todo) > 0) { log_error("{$argv[0]}: Starting URL table alias updates"); + $filter_reload = false; foreach ($todo as $t) { $r = process_alias_urltable($t['name'], $t['url'], $t['freq']); if ($r == 1) { $result = ""; - exec("/sbin/pfctl -t " . escapeshellarg($t['name']) . " -T replace -f /var/db/aliastables/" . escapeshellarg($t['name']) . ".txt 2>&1", $result); + // TODO: Change it when pf supports tables with ports + if ($t['type'] == "urltable") + exec("/sbin/pfctl -t " . escapeshellarg($t['name']) . " -T replace -f /var/db/aliastables/" . escapeshellarg($t['name']) . ".txt 2>&1", $result); + else + $filter_reload = true; log_error("{$argv[0]}: Updated {$t['name']} content from {$t['url']}: {$result[0]}"); } elseif ($r == -1) { log_error("{$argv[0]}: {$t['name']} does not need updated."); @@ -45,5 +51,8 @@ if (count($todo) > 0) { log_error("{$argv[0]}: ERROR: could not update {$t['name']} content from {$t['url']}"); } } + + if ($filter_reload) + send_event("filter reload"); } -?>
\ No newline at end of file +?> diff --git a/usr/local/www/firewall_aliases_edit.php b/usr/local/www/firewall_aliases_edit.php index daec627..1b0a194 100755 --- a/usr/local/www/firewall_aliases_edit.php +++ b/usr/local/www/firewall_aliases_edit.php @@ -106,7 +106,7 @@ if (isset($id) && $a_aliases[$id]) { if($ifdesc == $pconfig['descr']) $input_errors[] = sprintf(gettext("Sorry, an interface is already named %s."), $pconfig['descr']); - if($a_aliases[$id]['type'] == "urltable") { + if(preg_match("/urltable/i", $a_aliases[$id]['type'])) { $pconfig['address'] = $a_aliases[$id]['url']; $pconfig['updatefreq'] = $a_aliases[$id]['updatefreq']; } @@ -165,7 +165,7 @@ if ($_POST) { $final_address_details = array(); $alias['name'] = $_POST['name']; - if ($_POST['type'] == "urltable") { + if (preg_match("/urltable/i", $_POST['type'])) { $address = ""; $isfirst = 0; @@ -269,7 +269,7 @@ if ($_POST) { if (!alias_same_type($_POST["address{$x}"], $_POST['type'])) // But alias type network can include alias type urltable. Feature#1603. if (!($_POST['type'] == 'network' && - alias_get_type($_POST["address{$x}"]) == 'urltable')) + preg_match("/urltable/i", alias_get_type($_POST["address{$x}"])))) $wrongaliases .= " " . $_POST["address{$x}"]; } else if ($_POST['type'] == "port") { if (!is_port($_POST["address{$x}"])) @@ -464,6 +464,14 @@ function typesel_change() { eval(comd); } break; + case 6: /* urltable_ports */ + var cmd; + newrows = totalrows; + for(i=0; i<newrows; i++) { + comd = 'document.iform.address_subnet' + i + '.disabled = 0;'; + eval(comd); + } + break; } } @@ -486,7 +494,8 @@ $ports_str = gettext("Port(s)"); $port_str = gettext("Port"); $url_str = gettext("URL (IPs)"); $url_ports_str = gettext("URL (Ports)"); -$urltable_str = gettext("URL Table"); +$urltable_str = gettext("URL Table (IPs)"); +$urltable_ports_str = gettext("URL Table (Ports)"); $update_freq_str = gettext("Update Freq."); $networks_help = gettext("Networks are specified in CIDR format. Select the CIDR mask that pertains to each entry. /32 specifies a single IPv4 host, /128 specifies a single IPv6 host, /24 specifies 255.255.255.0, /64 specifies a normal IPv6 network, etc. Hostnames (FQDNs) may also be specified, using a /32 mask for IPv4 or /128 for IPv6. You may also enter an IP range such as 192.168.1.1-192.168.1.254 and a list of CIDR networks will be derived to fill the range."); @@ -495,6 +504,7 @@ $ports_help = gettext("Enter as many ports as you wish. Port ranges can be expr $url_help = sprintf(gettext("Enter as many URLs as you wish. After saving %s will download the URL and import the items into the alias. Use only with small sets of IP addresses (less than 3000)."), $g['product_name']); $url_ports_help = sprintf(gettext("Enter as many URLs as you wish. After saving %s will download the URL and import the items into the alias. Use only with small sets of Ports (less than 3000)."), $g['product_name']); $urltable_help = sprintf(gettext("Enter a single URL containing a large number of IPs and/or Subnets. After saving %s will download the URL and create a table file containing these addresses. This will work with large numbers of addresses (30,000+) or small numbers."), $g['product_name']); +$urltable_ports_help = sprintf(gettext("Enter a single URL containing a list of Port numbers and/or Port ranges. After saving %s will download the URL."), $g['product_name']); $openvpn_str = gettext("Username"); $openvpn_user_str = gettext("OpenVPN Users"); @@ -561,6 +571,19 @@ function update_box_type() { document.getElementById ("threecolumn").style.display = 'none'; document.getElementById ("itemhelp").firstChild.data = "{$urltable_help}"; document.getElementById ("addrowbutton").style.display = 'none'; + } else if(selected == '{$urltable_ports_str}') { + if ((typeof(totalrows) == "undefined") || (totalrows < 1)) { + addRowTo('maintable', 'formfldalias'); + typesel_change(); + add_alias_control(this); + } + document.getElementById ("addressnetworkport").firstChild.data = "{$url_str}"; + document.getElementById ("onecolumn").firstChild.data = "{$url_str}"; + document.getElementById ("twocolumn").firstChild.data = "{$update_freq_str}"; + document.getElementById ("threecolumn").firstChild.data = ""; + document.getElementById ("threecolumn").style.display = 'none'; + document.getElementById ("itemhelp").firstChild.data = "{$urltable_ports_help}"; + document.getElementById ("addrowbutton").style.display = 'none'; } } //]]> @@ -655,7 +678,8 @@ if (empty($tab)) { <!--<option value="openvpn" <?php if ($pconfig['type'] == "openvpn") echo "selected=\"selected\""; ?>><?=gettext("OpenVPN Users"); ?></option> --> <option value="url" <?php if ($pconfig['type'] == "url") echo "selected=\"selected\""; ?>><?=gettext("URL (IPs)");?></option> <option value="url_ports" <?php if ($pconfig['type'] == "url_ports") echo "selected=\"selected\""; ?>><?=gettext("URL (Ports)");?></option> - <option value="urltable" <?php if ($pconfig['type'] == "urltable") echo "selected=\"selected\""; ?>><?=gettext("URL Table"); ?></option> + <option value="urltable" <?php if ($pconfig['type'] == "urltable") echo "selected=\"selected\""; ?>><?=gettext("URL Table (IPs)"); ?></option> + <option value="urltable_ports" <?php if ($pconfig['type'] == "urltable_ports") echo "selected=\"selected\""; ?>><?=gettext("URL Table (Ports)"); ?></option> </select> </td> </tr> diff --git a/usr/local/www/firewall_nat_edit.php b/usr/local/www/firewall_nat_edit.php index 26e4a35..a9399f8 100755 --- a/usr/local/www/firewall_nat_edit.php +++ b/usr/local/www/firewall_nat_edit.php @@ -912,7 +912,7 @@ $has_updated_time = (isset($a_nat[$id]['updated']) && is_array($a_nat[$id]['upda <script type="text/javascript"> //<![CDATA[ var addressarray = <?= json_encode(get_alias_list(array("host", "network", "openvpn", "urltable"))) ?>; - var customarray = <?= json_encode(get_alias_list(array("port", "url_ports"))) ?>; + var customarray = <?= json_encode(get_alias_list(array("port", "url_ports", "urltable_ports"))) ?>; var oTextbox1 = new AutoSuggestControl(document.getElementById("localip"), new StateSuggestions(addressarray)); var oTextbox2 = new AutoSuggestControl(document.getElementById("src"), new StateSuggestions(addressarray)); diff --git a/usr/local/www/firewall_nat_out_edit.php b/usr/local/www/firewall_nat_out_edit.php index d375deb..46139c9 100755 --- a/usr/local/www/firewall_nat_out_edit.php +++ b/usr/local/www/firewall_nat_out_edit.php @@ -720,7 +720,7 @@ $has_updated_time = (isset($a_out[$id]['updated']) && is_array($a_out[$id]['upda poolopts_change(); var addressarray = <?= json_encode(get_alias_list(array("host", "network", "openvpn", "urltable"))) ?>; - var customarray = <?= json_encode(get_alias_list(array("port", "url_ports"))) ?>; + var customarray = <?= json_encode(get_alias_list(array("port", "url_ports", "urltable_ports"))) ?>; var oTextbox1 = new AutoSuggestControl(document.getElementById("source"), new StateSuggestions(addressarray)); var oTextbox2 = new AutoSuggestControl(document.getElementById("sourceport"), new StateSuggestions(customarray)); diff --git a/usr/local/www/firewall_rules_edit.php b/usr/local/www/firewall_rules_edit.php index d2d3333..25b3e9d 100755 --- a/usr/local/www/firewall_rules_edit.php +++ b/usr/local/www/firewall_rules_edit.php @@ -1629,7 +1629,7 @@ $has_updated_time = (isset($a_filter[$id]['updated']) && is_array($a_filter[$id] <?php endif; ?> var addressarray = <?= json_encode(get_alias_list(array("host", "network", "openvpn", "urltable"))) ?>; - var customarray = <?= json_encode(get_alias_list(array("port", "url_ports"))) ?>; + var customarray = <?= json_encode(get_alias_list(array("port", "url_ports", "urltable_ports"))) ?>; var oTextbox1 = new AutoSuggestControl(document.getElementById("src"), new StateSuggestions(addressarray)); var oTextbox2 = new AutoSuggestControl(document.getElementById("srcbeginport_cust"), new StateSuggestions(customarray)); diff --git a/usr/local/www/guiconfig.inc b/usr/local/www/guiconfig.inc index 0da6d1e..f88572b 100755 --- a/usr/local/www/guiconfig.inc +++ b/usr/local/www/guiconfig.inc @@ -1030,9 +1030,16 @@ function alias_info_popup($alias_id){ $alias_name=$config['aliases']['alias'][$alias_id]; $alias_objects_with_details = "<table width=\"100%\" border=\"0\" cellpadding=\"2\" cellspacing=\"0\" summary=\"alias info popup\">"; if ($alias_name['url']) { - exec("/sbin/pfctl -t {$alias_name['name']} -T show | wc -l", $total_entries); - $counter=preg_replace("/\D/","",$total_entries[0]); - exec("/sbin/pfctl -t {$alias_name['name']} -T show | head -10002", $alias_addresses); + // TODO: Change it when pf supports tables with ports + if ($alias_name['type'] == "urltable") { + exec("/sbin/pfctl -t {$alias_name['name']} -T show | wc -l", $total_entries); + $counter=preg_replace("/\D/","",$total_entries[0]); + exec("/sbin/pfctl -t {$alias_name['name']} -T show | head -10002", $alias_addresses); + } else { + $urlfn = alias_expand_urltable($alias_name['name']); + $alias_addresses = explode("\n", file_get_contents($urlfn)); + $counter = count($alias_addresses); + } $alias_objects_with_details .= "<tr><td colspan=\"3\" $close_title class=\"vncell\">{$alias_name['url']}</td></tr>"; $x=0; foreach ($alias_addresses as $alias_ports_address ) { diff --git a/usr/local/www/load_balancer_pool_edit.php b/usr/local/www/load_balancer_pool_edit.php index 5164de1..3eced6b 100755 --- a/usr/local/www/load_balancer_pool_edit.php +++ b/usr/local/www/load_balancer_pool_edit.php @@ -215,7 +215,7 @@ function clearcombo(){ </div> <script type="text/javascript"> //<![CDATA[ - var addressarray = <?= json_encode(get_alias_list(array("port", "url_ports"))) ?>; + var addressarray = <?= json_encode(get_alias_list(array("port", "url_ports", "urltable_ports"))) ?>; var oTextbox1 = new AutoSuggestControl(document.getElementById("port"), new StateSuggestions(addressarray)); //]]> </script> diff --git a/usr/local/www/load_balancer_virtual_server_edit.php b/usr/local/www/load_balancer_virtual_server_edit.php index 3cdc9b5..4b68b6e 100755 --- a/usr/local/www/load_balancer_virtual_server_edit.php +++ b/usr/local/www/load_balancer_virtual_server_edit.php @@ -186,7 +186,7 @@ include("head.inc"); <br><?=gettext("You may also specify a port alias listed in Firewall -> Aliases here."); ?> <script type="text/javascript"> //<![CDATA[ - var port_aliases = <?= json_encode(get_alias_list(array("port", "url_ports"))) ?>; + var port_aliases = <?= json_encode(get_alias_list(array("port", "url_ports", "urltable_ports"))) ?>; var oTextbox2 = new AutoSuggestControl(document.getElementById("port"), new StateSuggestions(port_aliases)); //]]> </script> |