diff options
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/inc/certs.inc | 8 | ||||
| -rw-r--r-- | etc/inc/config.console.inc | 2 | ||||
| -rw-r--r-- | etc/inc/dyndns.class | 2 | ||||
| -rw-r--r-- | etc/inc/filter.inc | 20 | ||||
| -rw-r--r-- | etc/inc/interfaces.inc | 39 | ||||
| -rwxr-xr-x | etc/inc/ipsec.auth-user.php | 14 | ||||
| -rw-r--r-- | etc/inc/ipsec.inc | 59 | ||||
| -rw-r--r-- | etc/inc/pfsense-utils.inc | 2 | ||||
| -rw-r--r-- | etc/inc/pkg-utils.inc | 1 | ||||
| -rw-r--r-- | etc/inc/priv/user.priv.inc | 2 | ||||
| -rw-r--r-- | etc/inc/service-utils.inc | 2 | ||||
| -rw-r--r-- | etc/inc/services.inc | 12 | ||||
| -rw-r--r-- | etc/inc/util.inc | 17 | ||||
| -rw-r--r-- | etc/inc/vpn.inc | 14 | ||||
| -rw-r--r-- | etc/inc/wizardapp.inc | 442 | ||||
| -rw-r--r-- | etc/phpshellsessions/gitsync | 2 | ||||
| -rwxr-xr-x | etc/rc.initial | 5 | ||||
| -rwxr-xr-x | etc/sshd | 2 | ||||
| -rw-r--r-- | etc/ssl/openssl.cnf | 33 |
19 files changed, 478 insertions, 200 deletions
diff --git a/etc/inc/certs.inc b/etc/inc/certs.inc index a1397b8..8df3e5d 100644 --- a/etc/inc/certs.inc +++ b/etc/inc/certs.inc @@ -293,6 +293,14 @@ function cert_create(& $cert, $caref, $keylen, $lifetime, $dn, $type="user", $di break; } + // in case of using Subject Alternative Names use other sections (with postfix '_san') + // pass subjectAltName over environment variable 'SAN' + if ($dn['subjectAltName']) { + putenv("SAN={$dn['subjectAltName']}"); // subjectAltName can be set _only_ via configuration file + $cert_type .= '_san'; + unset($dn['subjectAltName']); + } + $args = array( "x509_extensions" => $cert_type, "digest_alg" => $digest_alg, diff --git a/etc/inc/config.console.inc b/etc/inc/config.console.inc index 256486c..2d15dc2 100644 --- a/etc/inc/config.console.inc +++ b/etc/inc/config.console.inc @@ -85,7 +85,7 @@ EOD; $iflist = array(); } else { foreach ($iflist as $iface => $ifa) { - echo sprintf("% -6s%s %s %s\n", $iface, $ifa['mac'], + echo sprintf("% -7s%s %s %s\n", $iface, $ifa['mac'], $ifa['up'] ? " (up)" : "(down)", $ifa['dmesg']); } } diff --git a/etc/inc/dyndns.class b/etc/inc/dyndns.class index 73f55ad..2177360 100644 --- a/etc/inc/dyndns.class +++ b/etc/inc/dyndns.class @@ -620,7 +620,7 @@ $needsIP = TRUE; $dnsServer ='www.cloudflare.com'; $dnsHost = str_replace(' ','', $this->_dnsHost); - $URL = "https://{$dnsServer}/api.html?a=DIUP&email={$this->_dnsUser}&tkn={$this->_dnsPass}&ip={$this->dnsIP}&hosts={$dnsHost}"; + $URL = "https://{$dnsServer}/api.html?a=DIUP&email={$this->_dnsUser}&tkn={$this->_dnsPass}&ip={$this->_dnsIP}&hosts={$dnsHost}"; curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE); curl_setopt($ch, CURLOPT_URL, $URL); break; diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 711dae4..38680f7 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -506,7 +506,7 @@ function filter_generate_nested_alias($name, $alias, &$aliasnesting, &$aliasaddr else if(!isset($aliasnesting[$address])) $tmpline = filter_generate_nested_alias($name, $aliastable[$address], $aliasnesting, $aliasaddrnesting); } else if(!isset($aliasaddrnesting[$address])) { - if (!is_ipaddr($address) && !is_subnet($address) && !is_port($address) && is_hostname($address)) { + if (!is_ipaddr($address) && !is_subnet($address) && !is_port($address) && !is_portrange($address) && is_hostname($address)) { if (!isset($filterdns["{$address}{$name}"])) $filterdns["{$address}{$name}"] = "pf {$address} {$name}\n"; continue; @@ -1366,6 +1366,24 @@ function filter_nat_rules_automatic_tonathosts($with_descr = false) { if($oc['sa']) { $tonathosts[] = "{$oc['sa']}/{$oc['sn']}"; $descriptions[] = $oc['descr']; + if (isset($oc['vips']) && is_array($oc['vips'])) { + $if_subnets = array("{$oc['sa']}/{$oc['sn']}"); + foreach ($oc['vips'] as $vip) { + if (!is_ipaddrv4($vip['ip'])) + continue; + + foreach ($if_subnets as $subnet) + if (ip_in_subnet($vip['ip'], $subnet)) + continue 2; + + $network = gen_subnet($vip['ip'], $vip['sn']); + array_unshift($tonathosts, $network . '/' . $vip['sn']); + array_unshift($descriptions, "Virtual IP ({$oc['descr']})"); + $if_subnets[] = $network . '/' . $vip['sn']; + unset($network); + } + unset($if_subnets); + } } } diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc index f9b0da5..a51d8be 100644 --- a/etc/inc/interfaces.inc +++ b/etc/inc/interfaces.inc @@ -1242,10 +1242,7 @@ function interface_bring_down($interface = "wan", $destroy = false, $ifacecfg = } break; case "dhcp": - $pid = find_dhclient_process($realif); - if($pid) - posix_kill($pid, SIGTERM); - sleep(1); + kill_dhclient_process($realif); unlink_if_exists("{$g['varetc_path']}/dhclient_{$interface}.conf"); if(does_interface_exist("$realif")) { mwexec("/sbin/ifconfig " . escapeshellarg($realif) . " delete", true); @@ -2801,6 +2798,21 @@ function find_dhclient_process($interface) { return intval($pid); } +function kill_dhclient_process($interface) { + if (empty($interface) || !does_interface_exist($interface)) + return; + + $i = 0; + while ((($pid = find_dhclient_process($interface)) != 0) && ($i < 3)) { + /* 3rd time make it die for sure */ + $sig = ($i == 2 ? SIGKILL : SIGTERM); + posix_kill($pid, $sig); + sleep(1); + $i++; + } + unset($i); +} + function find_dhcp6c_process($interface) { global $g; @@ -3897,6 +3909,9 @@ EOD; else log_error(printf(gettext("Could not bring up %s interface in interface_dhcp_configure()"), $wanif)); + /* Make sure dhclient is not running */ + kill_dhclient_process($wanif); + /* fire up dhclient */ mwexec("/sbin/dhclient -c {$g['varetc_path']}/dhclient_{$interface}.conf {$wanif} > {$g['tmp_path']}/{$wanif}_output 2> {$g['tmp_path']}/{$wanif}_error_output"); @@ -4142,6 +4157,7 @@ function convert_friendly_interface_to_friendly_descr($interface) { break; case "enc0": case "ipsec": + case "IPsec": $ifdesc = "IPsec"; break; default: @@ -4175,14 +4191,11 @@ function convert_friendly_interface_to_friendly_descr($interface) { } function convert_real_interface_to_friendly_descr($interface) { - global $config; $ifdesc = convert_real_interface_to_friendly_interface_name("{$interface}"); - if ($ifdesc) { - $iflist = get_configured_interface_with_descr(false, true); - return $iflist[$ifdesc]; - } + if (!empty($ifdesc)) + return convert_friendly_interface_to_friendly_descr($ifdesc); return $interface; } @@ -4374,12 +4387,12 @@ function guess_interface_from_ip($ipaddress) { } if(is_ipaddrv4($ipaddress)) { /* create a route table we can search */ - exec("netstat -rnWf inet", $output, $ret); + exec("/usr/bin/netstat -rnWf inet", $output, $ret); foreach($output as $line) { if(preg_match("/^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+\/[0-9]+[ ]+link[#]/", $line)) { $fields = preg_split("/[ ]+/", $line); if(ip_in_subnet($ipaddress, $fields[0])) { - return $fields[6]; + return $fields[5]; } } } @@ -4387,12 +4400,12 @@ function guess_interface_from_ip($ipaddress) { /* FIXME: This works from cursory testing, regexp might need fine tuning */ if(is_ipaddrv6($ipaddress)) { /* create a route table we can search */ - exec("netstat -rnWf inet6", $output, $ret); + exec("/usr/bin/netstat -rnWf inet6", $output, $ret); foreach($output as $line) { if(preg_match("/[0-9a-f]+[:]+[0-9a-f]+[:]+[\/][0-9]+/", $line)) { $fields = preg_split("/[ ]+/", $line); if(ip_in_subnet($ipaddress, $fields[0])) { - return $fields[6]; + return $fields[5]; } } } diff --git a/etc/inc/ipsec.auth-user.php b/etc/inc/ipsec.auth-user.php index 7d114d4..1171735 100755 --- a/etc/inc/ipsec.auth-user.php +++ b/etc/inc/ipsec.auth-user.php @@ -35,7 +35,7 @@ pfSense_MODULE: openvpn */ /* - * racoon calls this script to authenticate a user + * ipsec calls this script to authenticate a user * based on a username and password. We lookup these * in our config.xml file and check the credentials. */ @@ -79,9 +79,9 @@ function getNasIP() } } /* setup syslog logging */ -openlog("racoon", LOG_ODELAY, LOG_AUTH); +openlog("charon", LOG_ODELAY, LOG_AUTH); -if (isset($_GET)) { +if (isset($_GET['username'])) { $authmodes = explode(",", $_GET['authcfg']); $username = $_GET['username']; $password = $_GET['password']; @@ -96,7 +96,7 @@ if (isset($_GET)) { if (!$username || !$password) { syslog(LOG_ERR, "invalid user authentication environment"); - if (isset($_GET)) { + if (isset($_GET['username'])) { echo "FAILED"; closelog(); return; @@ -110,7 +110,7 @@ $authenticated = false; if (($strictusercn === true) && ($common_name != $username)) { syslog(LOG_WARNING, "Username does not match certificate common name ({$username} != {$common_name}), access denied.\n"); - if (isset($_GET)) { + if (isset($_GET['username'])) { echo "FAILED"; closelog(); return; @@ -142,7 +142,7 @@ foreach ($authmodes as $authmode) { if ($authenticated == false) { syslog(LOG_WARNING, "user '{$username}' could not authenticate.\n"); - if (isset($_GET)) { + if (isset($_GET['username'])) { echo "FAILED"; closelog(); return; @@ -158,7 +158,7 @@ if (file_exists("/etc/inc/ipsec.attributes.php")) syslog(LOG_NOTICE, "user '{$username}' authenticated\n"); closelog(); -if (isset($_GET)) +if (isset($_GET['username'])) echo "OK"; else exit(0); diff --git a/etc/inc/ipsec.inc b/etc/inc/ipsec.inc index dd2f033..e03259b 100644 --- a/etc/inc/ipsec.inc +++ b/etc/inc/ipsec.inc @@ -485,7 +485,7 @@ function ipsec_smp_dump_status() { @file_put_contents("{$g['tmp_path']}/smp_status.xml", $response); unset($response, $sread); - $custom_listtags = array('ikesa', 'childsa', 'network'); + $custom_listtags = array('ikesa', 'childsa', 'network', 'auth'); $response = parse_xml_config("{$g['tmp_path']}/smp_status.xml", "message"); @unlink("{$g['tmp_path']}/smp_status.xml"); unset($custom_listtags); @@ -601,32 +601,21 @@ function ipsec_dump_sad() * Return dump of mobile user list */ function ipsec_dump_mobile() { - $command = "/usr/local/sbin/racoonctl show-users"; - $fd = @popen($command, "r"); - $mobile = array(); - if ($fd) { - while (!feof($fd)) { - $user = array(); - $line = chop(fgets($fd)); - if (!$line) - continue; - if ($line == "User|Source|Destination|CreatedOn|SPI") - continue; + global $g; - // jim|192.168.20.243:4500|192.168.20.5:24146|2012-05-25 09:54:39|989d10e1e2d4eca4:7243830d5fd2afe7 - $linea = explode("|", trim($line)); - $user['username'] = $linea[0]; - $user['local'] = $linea[1]; - $user['remote'] = $linea[2]; - $user['logintime'] = $linea[3]; - $user['spi'] = $linea[4]; - if (!empty($user['username'])) - $mobile[] = $user; - } - pclose($fd); + $_gb = exec("/usr/local/sbin/ipsec stroke leases > {$g['tmp_path']}/strongswan_leases.xml"); + + if (!file_exists("{$g['varrun_path']}/strongswan_leases.xml")) { + log_error(gettext("IPSec daemon seems to have issues or not running! Could not display mobile user stats!")); + return array(); } - return $mobile; + $custom_listtags = array('lease', 'pool'); + $response = parse_xml_config("{$g['tmp_path']}/strongswan_leases.xml", "leases"); + @unlink("{$g['tmp_path']}/strongswan_leases.xml"); + unset($custom_listtags, $_gb); + + return $response; } function ipsec_mobilekey_sort() { @@ -676,12 +665,6 @@ function ipsec_get_descr($ikeid) { return $descr; } -function ipsec_disconnect_mobile($username) { - if (empty($username)) - return false; - exec("/usr/local/sbin/racoonctl logout-user " . escapeshellarg($username)); -} - function ipsec_fixup_ip($ipaddr) { if (is_ipaddrv6($ipaddr) || is_subnetv6($ipaddr)) return Net_IPv6::compress(Net_IPv6::uncompress($ipaddr)); @@ -742,4 +725,20 @@ function ipsec_find_id(& $ph1ent, $side = "local", $rgmap = array()) { } return array($thisid_type, $thisid_data); } + +function ipsec_fixup_network($network) { + if (substr($network, -3) == '|/0') + $result = substr($network, 0, -3); + else { + $tmp = explode('|', $network); + if (isset($tmp[1])) + $result = $tmp[1]; + else + $result = $tmp[0]; + unset($tmp); + } + + return $result; +} + ?> diff --git a/etc/inc/pfsense-utils.inc b/etc/inc/pfsense-utils.inc index 5b5c1dc..3892ba6 100644 --- a/etc/inc/pfsense-utils.inc +++ b/etc/inc/pfsense-utils.inc @@ -1250,7 +1250,7 @@ function get_interface_info($ifdescr) { /* DHCP? -> see if dhclient is up */ case "dhcp": /* see if dhclient is up */ - if (find_dhclient_process($ifinfo['if']) <> "") + if (find_dhclient_process($ifinfo['if']) != 0) $ifinfo['dhcplink'] = "up"; else $ifinfo['dhcplink'] = "down"; diff --git a/etc/inc/pkg-utils.inc b/etc/inc/pkg-utils.inc index 417d6b3..923d130 100644 --- a/etc/inc/pkg-utils.inc +++ b/etc/inc/pkg-utils.inc @@ -293,6 +293,7 @@ function get_pkg_depends($pkg_name, $filetype = ".xml", $format = "files", $retu $depend_file = substr(strrchr($item['item']['0'], '/'),1); // Strip URLs down to filenames. $depend_name = substr(substr($depend_file,0,strpos($depend_file,".")+1),0,-1); // Strip filename down to dependency name. if (($filetype != "all") && (!preg_match("/{$filetype}/i", $depend_file))) + if (($filetype != "all") && (strtolower(substr($depend_file, -strlen($filetype))) != strtolower($filetype))) continue; if ($item['prefix'] != "") $prefix = $item['prefix']; diff --git a/etc/inc/priv/user.priv.inc b/etc/inc/priv/user.priv.inc index 0b94688..5cd5680 100644 --- a/etc/inc/priv/user.priv.inc +++ b/etc/inc/priv/user.priv.inc @@ -10,7 +10,7 @@ $priv_list['page-help-all'] = array(); $priv_list['page-help-all']['name'] = "WebCfg - Help pages"; $priv_list['page-help-all']['descr'] = "Show all items on help menu"; $priv_list['page-help-all']['match'] = array(); -$priv_list['page-help-all']['match'][] = "*www.pfsense.org*"; +$priv_list['page-help-all']['match'][] = "*help.php"; $priv_list['page-dashboard-all'] = array(); $priv_list['page-dashboard-all']['name'] = "WebCfg - Dashboard (all)"; diff --git a/etc/inc/service-utils.inc b/etc/inc/service-utils.inc index 600682f..297a283 100644 --- a/etc/inc/service-utils.inc +++ b/etc/inc/service-utils.inc @@ -171,7 +171,7 @@ function is_pid_running($pidfile) { function is_dhcp_running($interface) { $status = find_dhclient_process($interface); - if($status <> "") + if($status != 0) return true; return false; } diff --git a/etc/inc/services.inc b/etc/inc/services.inc index b3c6d33..2f2fc83 100644 --- a/etc/inc/services.inc +++ b/etc/inc/services.inc @@ -893,6 +893,10 @@ EOD; if (!file_exists("{$g['dhcpd_chroot_path']}/var/db/dhcpd.leases")) @touch("{$g['dhcpd_chroot_path']}/var/db/dhcpd.leases"); + /* make sure there isn't a stale dhcpd.pid file, which can make dhcpd fail to start. */ + /* if we get here, dhcpd has been killed and is not started yet */ + unlink_if_exists("{$g['dhcpd_chroot_path']}{$g['varrun_path']}/dhcpd.pid"); + /* fire up dhcpd in a chroot */ if (count($dhcpdifs) > 0) { mwexec("/usr/local/sbin/dhcpd -user dhcpd -group _dhcp -chroot {$g['dhcpd_chroot_path']} -cf /etc/dhcpd.conf -pf {$g['varrun_path']}/dhcpd.pid " . @@ -1300,6 +1304,10 @@ EOD; if (!file_exists("{$g['dhcpd_chroot_path']}/var/db/dhcpd6.leases")) @touch("{$g['dhcpd_chroot_path']}/var/db/dhcpd6.leases"); + /* make sure there isn't a stale dhcpdv6.pid file, which may make dhcpdv6 fail to start. */ + /* if we get here, dhcpdv6 has been killed and is not started yet */ + unlink_if_exists("{$g['dhcpd_chroot_path']}{$g['varrun_path']}/dhcpdv6.pid"); + /* fire up dhcpd in a chroot */ if (count($dhcpdv6ifs) > 0) { mwexec("/usr/local/sbin/dhcpd -6 -user dhcpd -group _dhcp -chroot {$g['dhcpd_chroot_path']} -cf /etc/dhcpdv6.conf -pf {$g['varrun_path']}/dhcpdv6.pid " . @@ -1363,8 +1371,8 @@ EOD; fclose($igmpfl); unset($igmpconf); - /* NOTE: -d 4 means everything LOG_WARNING and smaller */ - mwexec("/usr/local/sbin/igmpproxy -d 4 -c {$g['tmp_path']}/igmpproxy.conf"); + /* NOTE: -d4 means everything LOG_WARNING and smaller */ + mwexec("/usr/local/sbin/igmpproxy -d4 -c {$g['tmp_path']}/igmpproxy.conf"); log_error(gettext("Started IGMP proxy service.")); return 0; diff --git a/etc/inc/util.inc b/etc/inc/util.inc index 402ef3e..e672970 100644 --- a/etc/inc/util.inc +++ b/etc/inc/util.inc @@ -677,15 +677,12 @@ function is_validaliasname($name) { /* returns true if $port is a valid TCP/UDP port */ function is_port($port) { - $tmpports = explode(":", $port); - foreach($tmpports as $tmpport) { - if (getservbyname($tmpport, "tcp") || getservbyname($tmpport, "udp")) - continue; - if (!ctype_digit($tmpport)) - return false; - else if ((intval($tmpport) < 1) || (intval($tmpport) > 65535)) - return false; - } + if (getservbyname($port, "tcp") || getservbyname($port, "udp")) + return true; + if (!ctype_digit($port)) + return false; + else if ((intval($port) < 1) || (intval($port) > 65535)) + return false; return true; } @@ -1255,7 +1252,7 @@ function alias_expand($name) { if (isset($aliastable[$name])) return "\${$name}"; - else if (is_ipaddr($name) || is_subnet($name) || is_port($name)) + else if (is_ipaddr($name) || is_subnet($name) || is_port($name) || is_portrange($name)) return "{$name}"; else return null; diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index 0a9ce06..6600f84 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -48,8 +48,8 @@ function vpn_ipsec_configure_loglevels($forconfig = false) $cfgtext = array(); foreach ($ipsec_loglevels as $lkey => $ldescr) { - if (!isset($config['ipsec']["ipsec_{$lkey}"])) - $forconfig ? $cfgtext[] = "{$lkey} = -1" : mwexec("/usr/local/sbin/ipsec stroke loglevel {$lkey} -1", false); + if (!isset($config['ipsec']["ipsec_{$lkey}"]) && !$forconfig) + mwexec("/usr/local/sbin/ipsec stroke loglevel {$lkey} -1", false); else if (is_numeric($config['ipsec']["ipsec_{$lkey}"]) && intval($config['ipsec']["ipsec_{$lkey}"]) >= 1 && intval($config['ipsec']["ipsec_{$lkey}"]) <= 5) $forconfig ? $cfgtext[] = "${lkey} = " . (intval($config['ipsec']["ipsec_{$lkey}"]) - 1) : @@ -279,6 +279,9 @@ charon { # number of worker threads in charon threads = 16 + ikesa_table_size = 32 + ikesa_table_segments = 4 + init_limit_half_open = 1000; # XXX: There is not much choice here really users win their security! i_dont_care_about_security_and_use_aggressive_mode_psk=yes @@ -586,8 +589,11 @@ EOD; if ($ph1ent['lifetime']) $ikelifeline = "ikelifetime = {$ph1ent['lifetime']}s"; - $authentication = ""; $rightsourceip = NULL; + if (!empty($a_client['pool_address'])) + $rightsourceip = "\trightsourceip = {$a_client['pool_address']}/{$a_client['pool_netbits']}\n"; + + $authentication = ""; switch ($ph1ent['authentication_method']) { case 'xauth_rsa_server': $authentication = "leftauth = pubkey\n\trightauth = pubkey"; @@ -596,8 +602,6 @@ EOD; case 'xauth_psk_server': $authentication = "leftauth = psk\n\trightauth = psk"; $authentication .= "\n\trightauth2 = xauth-generic"; - if (!empty($a_client['pool_address'])) - $rightsourceip = "\trightsourceip = {$a_client['pool_address']}/{$a_client['pool_netbits']}\n"; break; case 'pre_shared_key': $authentication = "leftauth = psk\n\trightauth = psk"; diff --git a/etc/inc/wizardapp.inc b/etc/inc/wizardapp.inc index aaf4d34..53bd7ac 100644 --- a/etc/inc/wizardapp.inc +++ b/etc/inc/wizardapp.inc @@ -31,16 +31,90 @@ $gamesplist = array(); -$gamesplist['arma2'] = array(); - /* ARMA 2 */ - $gamesplist['arma2'][] = array('arma2', 'udp', '2302', '2310', 'both'); - +/* Game Consoles and Game Clients */ + +$gamesplist['playstationconsoles'] = array(); + /* Playstation 3, Playstation 4 and PS Vita */ + $gamesplist['playstationconsoles'][] = array('PS-Network-TCP', 'tcp', '10040', '10060', 'both'); + $gamesplist['playstationconsoles'][] = array('PS-Network-UDP', 'udp', '50000', '60000', 'both'); + $gamesplist['playstationconsoles'][] = array('PS-Home-TCP-1', 'tcp', '3478', '3480', 'both'); + $gamesplist['playstationconsoles'][] = array('PS-Home-TCP-2', 'tcp', '8080', '8080', 'both'); + $gamesplist['playstationconsoles'][] = array('PS-TCP-1', 'tcp', '5223', '5223', 'both'); + $gamesplist['playstationconsoles'][] = array('PS-TCP-2', 'tcp', '10070', '10080', 'both'); + $gamesplist['playstationconsoles'][] = array('PS-UDP-1', 'udp', '3478', '3479', 'both'); + $gamesplist['playstationconsoles'][] = array('PS-UDP-2', 'udp', '3658', '3658', 'both'); + $gamesplist['playstationconsoles'][] = array('PS-UDP-3', 'udp', '10070', '10070', 'both'); + $gamesplist['playstationconsoles'][] = array('PS-RemotePlay', 'tcp', '9293', '9293', 'both'); + +$gamesplist['wiiconsoles'] = array(); + /* XBox Consoles */ + $gamesplist['wiiconsoles'][] = array('Wii-Consoles-TCP-1', 'tcp', '6667', '6667', 'both'); + $gamesplist['wiiconsoles'][] = array('Wii-Consoles-TCP-2', 'tcp', '12400', '12400', 'both'); + $gamesplist['wiiconsoles'][] = array('Wii-Consoles-TCP-3', 'tcp', '28910', '28910', 'both'); + $gamesplist['wiiconsoles'][] = array('Wii-Consoles-TCP-4', 'tcp', '29900', '29901', 'both'); + $gamesplist['wiiconsoles'][] = array('Wii-Consoles-TCP-5', 'tcp', '29920', '29920', 'both'); + +$gamesplist['xboxconsoles'] = array(); + /* XBox Consoles */ + $gamesplist['xboxconsoles'][] = array('xbox-Consoles-UDP-1', 'udp', '88', '88', 'both'); + $gamesplist['xboxconsoles'][] = array('xbox-Consoles-UDP-2', 'udp', '3074', '3074', 'both'); + $gamesplist['xboxconsoles'][] = array('xbox-Consoles-TCP-1', 'tcp', '3074', '3074', 'both'); + $gamesplist['xboxconsoles'][] = array('xbox-Consoles-TCP-2', 'tcp', '3659', '3659', 'both'); + $gamesplist['xboxconsoles'][] = array('xbox-Consoles-TCP-3', 'tcp', '500', '500', 'both'); + $gamesplist['xboxconsoles'][] = array('xbox-Consoles-TCP-4', 'tcp', '3544', '3544', 'both'); + $gamesplist['xboxconsoles'][] = array('xbox-Consoles-TCP-5', 'tcp', '4500', '4500', 'both'); + $gamesplist['battlenet'] = array(); /* Blizzard Publishing games */ $gamesplist['battlenet'][] = array('Battle.NET-game1-tcp', 'tcp', '6112', '6119', 'both'); //diablo, diablo2, starcraft, warcraft 2, warcraft 3 $gamesplist['battlenet'][] = array('Battle.NET-game1-udp', 'udp', '6112', '6119', 'both'); //diablo, diablo2, starcraft, warcraft 2 $gamesplist['battlenet'][] = array('Battle.NET-diablo2', 'tcp', '4000', '4000', 'both'); //diablo2 $gamesplist['battlenet'][] = array('Battle.NET-game2', 'tcp', '1119', '1119', 'both'); //diablo3, starcraft 2 + $gamesplist['battlenet'][] = array('Battle.NET-game3', 'tcp', '3724', '3724', 'both'); //starcraft2 + +$gamesplist['eaorigin'] = array(); + /* EA Origin Client */ + $gamesplist['eaorigin'][] = array('EA-Origin-TCP-1', 'tcp', '1024', '1124', 'both'); + $gamesplist['eaorigin'][] = array('EA-Origin-TCP-2', 'tcp', '9960', '9969', 'both'); + $gamesplist['eaorigin'][] = array('EA-Origin-TCP-3', 'tcp', '18000', '18000', 'both'); + $gamesplist['eaorigin'][] = array('EA-Origin-TCP-4', 'tcp', '18120', '18120', 'both'); + $gamesplist['eaorigin'][] = array('EA-Origin-TCP-5', 'tcp', '18060', '18060', 'both'); + $gamesplist['eaorigin'][] = array('EA-Origin-TCP-6', 'tcp', '27900', '27900', 'both'); + $gamesplist['eaorigin'][] = array('EA-Origin-TCP-7', 'tcp', '28910', '28910', 'both'); + $gamesplist['eaorigin'][] = array('EA-Origin-TCP-8', 'tcp', '29900', '29900', 'both'); + $gamesplist['eaorigin'][] = array('EA-Origin-UDP-1', 'udp', '1024', '1124', 'both'); + $gamesplist['eaorigin'][] = array('EA-Origin-UDP-2', 'udp', '18000', '18000', 'both'); + $gamesplist['eaorigin'][] = array('EA-Origin-UDP-3', 'udp', '29900', '29900', 'both'); + +$gamesplist['steam'] = array(); + /* Steam Games */ + $gamesplist['steam'][] = array('Steam-game-udp', 'udp', '27000', '27030', 'both'); //america's army 3, cs:s, cs:go, HL2, COD: Black Ops, COD: Black Ops 2, Natural Selection 2 + $gamesplist['steam'][] = array('Steam-game-tcp', 'tcp', '27000', '27030', 'both'); //america's army 3, cs:s, cs:go, HL2, COD: Black Ops, COD: Black Ops 2, Natural Selection 2 + $gamesplist['steam'][] = array('Steam-hltv', 'udp', '27015', '27030', 'both'); + $gamesplist['steam'][] = array('Steam-1', 'udp', '4380', '4380', 'both'); + $gamesplist['steam'][] = array('Steam-2', 'udp', '1200', '1200', 'both'); + $gamesplist['steam'][] = array('Steam-voice', 'udp', '3478', '3480', 'both'); + +$gamesplist['gamesforwindowslive'] = array(); + /* Games for Windows Live */ + $gamesplist['gamesforwindowslive'][] = array('Games4WinLive-1', 'udp', '88', '88', 'both'); + $gamesplist['gamesforwindowslive'][] = array('Games4WinLive-2', 'udp', '3074', '3074', 'both'); + $gamesplist['gamesforwindowslive'][] = array('Games4WinLive-3', 'tcp', '3074', '3074', 'both'); + +/* Games */ + +$gamesplist['arma2'] = array(); + /* ARMA 2 */ + $gamesplist['arma2'][] = array('arma2', 'udp', '2302', '2310', 'both'); + +$gamesplist['arma3'] = array(); + /* ARMA 3 */ + $gamesplist['arma3'][] = array('arma3-game-traffic', 'udp', '2302', '2302', 'both'); + $gamesplist['arma3'][] = array('arma3-steam-query', 'udp', '2303', '2303', 'both'); + $gamesplist['arma3'][] = array('arma3-steam-port', 'udp', '2304', '2304', 'both'); + $gamesplist['arma3'][] = array('arma3-BattleEye-1', 'tcp', '2345', '2345', 'both'); + $gamesplist['arma3'][] = array('arma3-BattleEye-2', 'tcp', '2344', '2344', 'both'); + $gamesplist['arma3'][] = array('arma3-BattleEye-2', 'udp', '2344', '2344', 'both'); $gamesplist['battlefield2'] = array(); /* Battlefield 2 */ @@ -55,7 +129,7 @@ $gamesplist['battlefield2'] = array(); $gamesplist['battlefield2'][] = array('BF2-55123-55125', 'udp', '55123', '55125', 'both'); $gamesplist['battlefield3'] = array(); - /* Battlefield 3 */ + /* Battlefield 3 and Battlefield 4 */ $gamesplist['battlefield3'][] = array('BF3-1', 'tcp', '9988', '9988', 'both'); $gamesplist['battlefield3'][] = array('BF3-2', 'tcp', '20000', '20100', 'both'); $gamesplist['battlefield3'][] = array('BF3-3', 'tcp', '22990', '22990', 'both'); @@ -65,6 +139,9 @@ $gamesplist['battlefield3'] = array(); $gamesplist['battlefield3'][] = array('BF3-7', 'udp', '14000', '14016', 'both'); $gamesplist['battlefield3'][] = array('BF3-8', 'udp', '22990', '23006', 'both'); $gamesplist['battlefield3'][] = array('BF3-9', 'udp', '25200', '25300', 'both'); + $gamesplist['battlefield3'][] = array('BF3-PS-1', 'tcp', '10000', '10100', 'both'); + $gamesplist['battlefield3'][] = array('BF3-PS-2', 'tcp', '1935', '1935', 'both'); + $gamesplist['battlefieldbc2'] = array(); /* Battlefield Bad Company 2 */ @@ -99,6 +176,38 @@ $gamesplist['crysis2'] = array(); /* Crysis 2 */ $gamesplist['crysis2'][] = array('Crysis2', 'udp', '64100', '64100', 'both'); +$gamesplist['crysis3'] = array(); + /* Crysis 3 */ + $gamesplist['crysis3'][] = array('Crysis3-TCP-1', 'tcp', '9988', '9988', 'both'); + $gamesplist['crysis3'][] = array('Crysis3-TCP-2', 'tcp', '17502', '17502', 'both'); + $gamesplist['crysis3'][] = array('Crysis3-TCP-3', 'tcp', '25650', '25780', 'both'); + $gamesplist['crysis3'][] = array('Crysis3-TCP-4', 'tcp', '42127', '42127', 'both'); + $gamesplist['crysis3'][] = array('Crysis3-TCP-5', 'tcp', '64100', '64110', 'both'); + $gamesplist['crysis3'][] = array('Crysis3-UDP-1', 'udp', '3659', '3659', 'both'); + $gamesplist['crysis3'][] = array('Crysis3-UDP-2', 'udp', '10000', '10100', 'both'); + $gamesplist['crysis3'][] = array('Crysis3-UDP-3', 'udp', '25650', '25780', 'both'); + $gamesplist['crysis3'][] = array('Crysis3-UDP-4', 'udp', '64100', '64110', 'both'); + +$gamesplist['deadspace2'] = array(); + /* Dead Space 2 */ + $gamesplist['deadspace2'][] = array('DeadSpace2-TCP-1', 'tcp', '28910', '28910', 'both'); + $gamesplist['deadspace2'][] = array('DeadSpace2-TCP-2', 'tcp', '29900', '29901', 'both'); + $gamesplist['deadspace2'][] = array('DeadSpace2-UDP-1', 'udp', '8088', '28088', 'both'); + +$gamesplist['deadspace3'] = array(); + /* Dead Space 3 */ + $gamesplist['deadspace3'][] = array('DeadSpace3-TCP-1', 'tcp', '1024', '1124', 'both'); + $gamesplist['deadspace3'][] = array('DeadSpace3-TCP-2', 'tcp', '9960', '9969', 'both'); + $gamesplist['deadspace3'][] = array('DeadSpace3-TCP-3', 'tcp', '18000', '18000', 'both'); + $gamesplist['deadspace3'][] = array('DeadSpace3-TCP-4', 'tcp', '18120', '18120', 'both'); + $gamesplist['deadspace3'][] = array('DeadSpace3-TCP-5', 'tcp', '18060', '18060', 'both'); + $gamesplist['deadspace3'][] = array('DeadSpace3-TCP-6', 'tcp', '27900', '27900', 'both'); + $gamesplist['deadspace3'][] = array('DeadSpace3-TCP-7', 'tcp', '28910', '28910', 'both'); + $gamesplist['deadspace3'][] = array('DeadSpace3-TCP-8', 'tcp', '29900', '29900', 'both'); + $gamesplist['deadspace3'][] = array('DeadSpace3-UDP-1', 'udp', '1024', '1124', 'both'); + $gamesplist['deadspace3'][] = array('DeadSpace3-UDP-2', 'udp', '18000', '18000', 'both'); + $gamesplist['deadspace3'][] = array('DeadSpace3-UDP-3', 'udp', '29900', '29900', 'both'); + $gamesplist['deltaforce'] = array(); /* delta force */ $gamesplist['deltaforce'][] = array('Delta1', 'udp', '17478', '17488', 'both'); @@ -115,6 +224,22 @@ $gamesplist['doom3'] = array(); $gamesplist['doom3'][] = array('DOOM3-1', 'udp', '27650', '27650', 'both'); $gamesplist['doom3'][] = array('DOOM3-2', 'udp', '27666', '27666', 'both'); +$gamesplist['dragonage2'] = array(); + /* Dragon Age 2 */ + $gamesplist['dragonage2'][] = array('DragonAge2-TCP-1', 'tcp', '8000', '8000', 'both'); + $gamesplist['dragonage2'][] = array('DragonAge2-TCP-2', 'tcp', '12025', '12025', 'both'); + $gamesplist['dragonage2'][] = array('DragonAge2-TCP-3', 'tcp', '15101', '15325', 'both'); + $gamesplist['dragonage2'][] = array('DragonAge2-TCP-4', 'tcp', '18081', '18081', 'both'); + $gamesplist['dragonage2'][] = array('DragonAge2-TCP-5', 'tcp', '42127', '42127', 'both'); + $gamesplist['dragonage2'][] = array('DragonAge2-UDP-1', 'udp', '1900', '1900', 'both'); + $gamesplist['dragonage2'][] = array('DragonAge2-UDP-2', 'udp', '5355', '5355', 'both'); + $gamesplist['dragonage2'][] = array('DragonAge2-UDP-3', 'udp', '8001', '8001', 'both'); + +$gamesplist['empireearth'] = array(); + /* empire earth */ + $gamesplist['empireearth'][] = array('EmpireEarth-1', 'tcp', '33335', '33336', 'both'); + $gamesplist['empireearth'][] = array('EmpireEarth-2', 'udp', '33334', '33334', 'both'); + $gamesplist['eveonline'] = array(); /* EVE Online */ $gamesplist['eveonline'][] = array('EVEOnline-tcp', 'tcp', '26000', '26000', 'both'); @@ -122,11 +247,6 @@ $gamesplist['eveonline'] = array(); $gamesplist['eveonline'][] = array('EVEOnline-alternate-tcp', 'tcp', '3724', '3724', 'both'); $gamesplist['eveonline'][] = array('EVEOnline-alternate-udp', 'udp', '3724', '3724', 'both'); -$gamesplist['empireearth'] = array(); - /* empire earth */ - $gamesplist['empireearth'][] = array('EmpireEarth-1', 'tcp', '33335', '33336', 'both'); - $gamesplist['empireearth'][] = array('EmpireEarth-2', 'udp', '33334', '33334', 'both'); - $gamesplist['everquest'] = array(); /* everquest */ $gamesplist['everquest'][] = array('Everquest-1', 'tcp', '1024', '6000', 'both'); @@ -167,12 +287,6 @@ $gamesplist['halflife'] = array(); $gamesplist['halflife'][] = array('HL-2', 'udp', '27650', '27650', 'both'); $gamesplist['halflife'][] = array('HL-3', 'udp', '27666', '27666', 'both'); -$gamesplist['halo2'] = array(); - /* Halo2 + XBOX Live */ - $gamesplist['halo2'][] = array('Halo2-1', 'udp', '88', '88', 'both'); - $gamesplist['halo2'][] = array('Halo2-2', 'udp', '3074', '3074', 'both'); - $gamesplist['halo2'][] = array('Halo2-3', 'tcp', '3074', '3074', 'both'); - $gamesplist['leagueoflegends'] = array(); /* League of Legends */ $gamesplist['leagueoflegends'][] = array('LeagueofLegends-1', 'udp', '5000', '5500', 'both'); @@ -185,6 +299,11 @@ $gamesplist['lineage2'] = array(); $gamesplist['lineage2'][] = array('Lineage2-2106', 'tcp', '2106', '2106', 'both'); $gamesplist['lineage2'][] = array('Lineage2-7777', 'tcp', '7777', '7777', 'both'); +$gamesplist['masseffect3'] = array(); + /* MassEffect 3 */ + $gamesplist['masseffect3'][] = array('MassEffect3-UDP-1', 'udp', '5659', '5659', 'both'); + $gamesplist['masseffect3'][] = array('MassEffect3-UDP-1', 'udp', '6000', '6000', 'both'); + $gamesplist['mechwarrioronline'] = array(); /* MechWarrior: Online */ $gamesplist['mechwarrioronline'][] = array('MechWarriorOnline-tcp1', 'tcp', '45461', '45461', 'both'); @@ -198,7 +317,7 @@ $gamesplist['minecraft'] = array(); $gamesplist['operationflashpoint-dr'] = array(); /* Operation Flashpoint: Dragon Rising */ - $gamesplist['operationflashpoint-dr'][] = array('operationflashpoint-dr-game', 'udp', '9105', '9105', 'both'); + $gamesplist['operationflashpoint-dr'][] = array('OperationFlashpoint-DR', 'udp', '9105', '9105', 'both'); $gamesplist['planetside'] = array(); /* PlanetSide */ @@ -212,28 +331,18 @@ $gamesplist['planetside2'] = array(); /* PlanetSide 2 */ $gamesplist['planetside2'][] = array('PlanetSide2-game', 'udp', '20040', '20199', 'both'); $gamesplist['planetside2'][] = array('PlanetSide2-voice', 'udp', '5062', '5062', 'both'); - -$gamesplist['playstation3'] = array(); - /* PlayStation 2 */ - $gamesplist['playstation3'][] = array('PS3-pshome1', 'tcp', '3478', '3480', 'both'); - $gamesplist['playstation3'][] = array('PS3-pshome2', 'tcp', '8080', '8080', 'both'); - $gamesplist['playstation3'][] = array('PS3-tcp1', 'tcp', '5223', '5223', 'both'); - $gamesplist['playstation3'][] = array('PS3-tcp2', 'tcp', '10070', '10080', 'both'); - $gamesplist['playstation3'][] = array('PS3-udp1', 'udp', '3478', '3479', 'both'); - $gamesplist['playstation3'][] = array('PS3-udp2', 'udp', '3658', '3658', 'both'); - $gamesplist['playstation3'][] = array('PS3-udp3', 'udp', '10070', '10070', 'both'); - $gamesplist['playstation3'][] = array('PS3-remoteplay', 'tcp', '9293', '9293', 'both'); - + + $gamesplist['quakeiii'] = array(); /* quake3 */ - $gamesplist['quakeiii'][] = array('quakeiii', 'udp', '27910', '27919', 'both'); + $gamesplist['quakeiii'][] = array('Quake3', 'udp', '27910', '27919', 'both'); $gamesplist['quakeiv'] = array(); /* quake4 */ - $gamesplist['quakeiv'][] = array('quakeiv-server-udp', 'udp', '27650', '27650', 'both'); - $gamesplist['quakeiv'][] = array('quakeiv-server-tcp', 'tcp', '27650', '27650', 'both'); - $gamesplist['quakeiv'][] = array('quakeiv-client-udp', 'udp', '28004', '28004', 'both'); - $gamesplist['quakeiv'][] = array('quakeiv-client-tcp', 'tcp', '28004', '28004', 'both'); + $gamesplist['quakeiv'][] = array('QuakeIV-server-udp', 'udp', '27650', '27650', 'both'); + $gamesplist['quakeiv'][] = array('QuakeIV-server-tcp', 'tcp', '27650', '27650', 'both'); + $gamesplist['quakeiv'][] = array('QuakeIV-client-udp', 'udp', '28004', '28004', 'both'); + $gamesplist['quakeiv'][] = array('QuakeIV-client-tcp', 'tcp', '28004', '28004', 'both'); $gamesplist['starwarstor'] = array(); /* quake3 */ @@ -241,17 +350,6 @@ $gamesplist['starwarstor'] = array(); $gamesplist['starwarstor'][] = array('StarWarsTOR-2', 'tcp', '12000', '12999', 'both'); $gamesplist['starwarstor'][] = array('StarWarsTOR-2', 'tcp', '20000', '30000', 'both'); -$gamesplist['steam'] = array(); - /* Steam Games */ - $gamesplist['steam'][] = array('steam-game-udp', 'udp', '27000', '27030', 'both'); //america's army 3, cs:s, cs:go, HL2, COD: Black Ops, COD: Black Ops 2, Natural Selection 2 - $gamesplist['steam'][] = array('steam-game-tcp', 'tcp', '27000', '27030', 'both'); //america's army 3, cs:s, cs:go, HL2, COD: Black Ops, COD: Black Ops 2, Natural Selection 2 - $gamesplist['steam'][] = array('steam-hltv', 'udp', '27015', '27030', 'both'); - $gamesplist['steam'][] = array('steam-1', 'udp', '4380', '4380', 'both'); - $gamesplist['steam'][] = array('steam-2', 'udp', '1200', '1200', 'both'); - $gamesplist['steam'][] = array('steam-voice', 'udp', '3478', '3480', 'both'); - //NOTE: steam downloads, probably don't want this in the game que - //$gamesplist['steam'][] = array('steam-downloads', 'tcp', '27014', '27050', 'both'); - $gamesplist['tigerwoods2004ps2'] = array(); /* tiger woods 2004 ps2 */ $gamesplist['tigerwoods2004ps2'][] = array('TigerWoods2004-Player', 'udp', '3658', '3658', 'both'); @@ -260,8 +358,8 @@ $gamesplist['tigerwoods2004ps2'] = array(); $gamesplist['tribesascend'] = array(); /* Tribes Ascend */ - $gamesplist['tribesascend'][] = array('tribesascend-tcp', 'tcp', '9000', '9001', 'both'); - $gamesplist['tribesascend'][] = array('tribesascend-udp', 'udp', '9002', '9999', 'both'); + $gamesplist['tribesascend'][] = array('TribesAscend-tcp', 'tcp', '9000', '9001', 'both'); + $gamesplist['tribesascend'][] = array('TribesAscend-udp', 'udp', '9002', '9999', 'both'); $gamesplist['unrealtournament'] = array(); /* Unreal Tournament */ @@ -279,13 +377,6 @@ $gamesplist['wow'] = array(); $gamesplist['wow'][] = array('WoW-voice', 'udp', '1119', '1119', 'both'); $gamesplist['wow'][] = array('WoW-voice', 'udp', '3724', '3724', 'both'); -$gamesplist['xbox360'] = array(); - /* XBox360 and Games for Windows Live*/ - $gamesplist['xbox360'][] = array('xbox360-1', 'udp', '88', '88', 'both'); - $gamesplist['xbox360'][] = array('xbox360-2', 'udp', '3074', '3074', 'both'); - $gamesplist['xbox360'][] = array('xbox360-3', 'tcp', '3074', '3074', 'both'); - - $voiplist = array(); /* asterisk server / same as vonage */ @@ -357,111 +448,216 @@ $p2plist = array(); $othersplist = array(); /* Unlike other areas we are posting the queue H or L or BLANK */ + /* Remote Service / Terminal emulation */ + + $othersplist['appleremotedesktop'] = array(); + /* apple remote desktop */ + $othersplist['appleremotedesktop'][] = array('AppleRemoteDesktop1', 'tcp', '3283', '3283', 'both'); + $othersplist['appleremotedesktop'][] = array('AppleRemoteDesktop2', 'tcp', '5900', '5900', 'both'); + $othersplist['appleremotedesktop'][] = array('AppleRemoteDesktop3', 'udp', '3283', '3283', 'both'); + $othersplist['appleremotedesktop'][] = array('AppleRemoteDesktop4', 'udp', '5900', '5900', 'both'); + $othersplist['msrdp'] = array(); /* MSRDP */ $othersplist['msrdp'][] = array('MSRDP', 'tcp', '3389', '3389', 'both'); + + $othersplist['pcanywhere'] = array(); + /* symantec pc anywhere */ + $othersplist['pcanywhere'][] = array('PCAnywhere-1', 'tcp', '5631', '5631', 'both'); + $othersplist['pcanywhere'][] = array('PCAnywhere-2', 'udp', '5632', '5632', 'both'); + + $othersplist['vnc'] = array(); + /* virtual network control */ + $othersplist['vnc'][] = array('VNC', 'tcp', '5900', '5930', 'both'); + + /* Messanger Clients */ + + $othersplist['aolinstantmessenger'] = array(); + /* AIM */ + $othersplist['aolinstantmessenger'][] = array('AIM', 'tcp', '5190', '5190', 'both'); + + $othersplist['facetime'] = array(); + /* Facetime */ + $othersplist['facetime'][] = array('Facetime-UDP-1', 'udp', '3478', '3479', 'both'); + $othersplist['facetime'][] = array('Facetime-TCP-1', 'tcp', '16384', '16387', 'both'); + $othersplist['facetime'][] = array('Facetime-TCP-2', 'tcp', '16393', '16402', 'both'); + + $othersplist['googlehangouts'] = array(); + /* Google Hangouts */ + $othersplist['googlehangouts'][] = array('GoogleHangouts-UDP', 'udp', '19302', '19309', 'both'); + $othersplist['googlehangouts'][] = array('GoogleHangouts-TCP', 'tcp', '19305', '19309', 'both'); + + $othersplist['icq'] = array(); + /* icq */ + $othersplist['icq'][] = array('ICQ1', 'tcp', '5190', '5190', 'both'); + $othersplist['icq'][] = array('ICQ2', 'udp', '5190', '5190', 'both'); + + $othersplist['irc'] = array(); + /* internet relay chat */ + $othersplist['irc'][] = array('IRC', 'tcp', '6667', '6670', 'both'); + + $othersplist['jabber'] = array(); + /* jabber */ + $othersplist['jabber'][] = array('IRC', 'tcp', '5222', '5222', 'both'); + $othersplist['jabber'][] = array('IRC', 'tcp', '5223', '5223', 'both'); + $othersplist['jabber'][] = array('IRC', 'tcp', '5269', '5269', 'both'); + + $othersplist['msnmessenger'] = array(); + /* msn messenger */ + $othersplist['msnmessenger'][] = array('MSN1', 'tcp', '1863', '1863', 'both'); + $othersplist['msnmessenger'][] = array('MSN2', 'tcp', '6891', '6900', 'both'); + $othersplist['msnmessenger'][] = array('MSN3', 'tcp', '6901', '6901', 'both'); + $othersplist['msnmessenger'][] = array('MSN4', 'udp', '6901', '6901', 'both'); + + $othersplist['teamspeak'] = array(); + /* teamspeak */ + $othersplist['teamspeak'][] = array('TeamSpeak-1', 'tcp', '14534', '14534', 'both'); + $othersplist['teamspeak'][] = array('TeamSpeak-2', 'tcp', '51234', '51234', 'both'); + $othersplist['teamspeak'][] = array('TeamSpeak-3', 'udp', '8767', '8768', 'both'); + + $othersplist['teamspeak3'] = array(); + /* teamspeak 3 */ + $othersplist['teamspeak3'][] = array('TeamSpeak3-FileTransfer', 'tcp', '30033', '30033', 'both'); + $othersplist['teamspeak3'][] = array('TeamSpeak3-ServerQuery', 'tcp', '10011', '10011', 'both'); + $othersplist['teamspeak3'][] = array('TeamSpeak3-Voice', 'udp', '9987', '9987', 'both'); + $othersplist['teamspeak3'][] = array('TeamSpeak3-TSDNS', 'tcp', '41144', '41144', 'both'); + + $othersplist['ventrilo'] = array(); + /* ventrilo */ + $othersplist['ventrilo'][] = array('Ventrilo-TCP', 'tcp', '3784', '3784', 'both'); + $othersplist['ventrilo'][] = array('Ventrilo-UDP', 'udp', '3784', '3784', 'both'); + $othersplist['ventrilo'][] = array('Ventrilo-Voice', 'udp', '6100', '6100', 'both'); + + /* VPN */ + $othersplist['pptp'] = array(); /* PPTP */ $othersplist['pptp'][] = array('PPTP', 'tcp', '1723', '1723', 'both'); $othersplist['pptp'][] = array('PPTPGRE', 'gre', '', '', 'both'); + $othersplist['ipsec'] = array(); /* IPSEC */ $othersplist['ipsec'][] = array('IPSEC', 'udp', '500', '500', 'both'); $othersplist['ipsec'][] = array('IPSEC', 'ah', '', '', 'both'); $othersplist['ipsec'][] = array('IPSEC', 'esp', '', '', 'both'); + + /* Multimedia/Streaming */ + + $othersplist['itunesradio'] = array(); + /* Apple iTunes Radio Stream */ + $othersplist['itunesradio'][] = array('iTunesRadio', 'tcp', '42000', '42999', 'both'); + $othersplist['streamingmp3'] = array(); /* streaming mp3 media aka shoutcast */ $othersplist['streamingmp3'][] = array('STREAMINGMP3', 'tcp', '8000', '8100', 'both'); - $othersplist['irc'] = array(); - /* internet relay chat */ - $othersplist['irc'][] = array('IRC', 'tcp', '6667', '6670', 'both'); - $othersplist['jabber'] = array(); - /* jabber */ - $othersplist['jabber'][] = array('IRC', 'tcp', '5222', '5222', 'both'); - $othersplist['jabber'][] = array('IRC', 'tcp', '5223', '5223', 'both'); - $othersplist['jabber'][] = array('IRC', 'tcp', '5269', '5269', 'both'); - $othersplist['dns'] = array(); - /* domain name system */ - $othersplist['dns'][] = array('DNS1', 'tcp', '53', '53', 'both'); - $othersplist['dns'][] = array('DNS2', 'udp', '53', '53', 'both'); + + $othersplist['rtsp'] = array(); + /* realtime streaming protocol */ + $othersplist['rtsp'][] = array('RTSP1', 'tcp', '554', '554', 'both'); + + /* Web */ + $othersplist['http'] = array(); /* HTTP aka Web Traffic */ $othersplist['http'][] = array('HTTP', 'tcp', '80', '80', 'both'); $othersplist['http'][] = array('HTTPS', 'tcp', '443', '443', 'both'); - $othersplist['smtp'] = array(); - /* Secure shell traffic */ - $othersplist['smtp'][] = array('SMTP', 'tcp', '25', '25', 'both'); - $othersplist['pop3'] = array(); - /* Post Office Protocol - POP3 */ - $othersplist['pop3'][] = array('POP3', 'tcp', '110', '110', 'both'); - $othersplist['icmp'] = array(); - /* ICMP */ - $othersplist['icmp'][] = array('ICMP', 'icmp', '', '', 'both'); + + /* Mail */ + $othersplist['imap'] = array(); /* IMAP */ $othersplist['imap'][] = array('IMAP', 'tcp', '143', '143', 'both'); - $othersplist['smb'] = array(); - /* Microsoft SMB and friends */ - $othersplist['smb'][] = array('SMB1', 'tcp', '445', '445', 'both'); - $othersplist['smb'][] = array('SMB2', 'tcp', '137-139', '137-139', 'both'); - $othersplist['rtsp'] = array(); - /* realtime streaming protocol */ - $othersplist['rtsp'][] = array('RTSP1', 'tcp', '554', '554', 'both'); - $othersplist['snmp'] = array(); - /* Simple network management protocol */ - $othersplist['snmp'][] = array('SNMP', 'tcp', '161', '161', 'both'); - $othersplist['snmp'][] = array('SNMP2', 'udp', '161', '161', 'both'); - $othersplist['vnc'] = array(); - /* virtual network control */ - $othersplist['vnc'][] = array('VNC', 'tcp', '5900', '5930', 'both'); - $othersplist['appleremotedesktop'] = array(); - /* apple remote desktop */ - $othersplist['appleremotedesktop'][] = array('AppleRemoteDesktop1', 'tcp', '3283', '3283', 'both'); - $othersplist['appleremotedesktop'][] = array('AppleRemoteDesktop2', 'tcp', '5900', '5900', 'both'); - $othersplist['appleremotedesktop'][] = array('AppleRemoteDesktop3', 'udp', '3283', '3283', 'both'); - $othersplist['appleremotedesktop'][] = array('AppleRemoteDesktop4', 'udp', '5900', '5900', 'both'); - $othersplist['icq'] = array(); - /* icq */ - $othersplist['icq'][] = array('ICQ1', 'tcp', '5190', '5190', 'both'); - $othersplist['icq'][] = array('ICQ2', 'udp', '5190', '5190', 'both'); + $othersplist['imap'][] = array('IMAP-Secure', 'tcp', '993', '993', 'both'); + $othersplist['lotusnotes'] = array(); /* lotus notes */ $othersplist['lotusnotes'][] = array('LotusNotes1', 'tcp', '1352', '1352', 'both'); $othersplist['lotusnotes'][] = array('LotusNotes2', 'udp', '1352', '1352', 'both'); - $othersplist['aolinstantmessenger'] = array(); - /* AIM */ - $othersplist['aolinstantmessenger'][] = array('AIM', 'tcp', '5190', '5190', 'both'); - $othersplist['msnmessenger'] = array(); - /* msn messenger */ - $othersplist['msnmessenger'][] = array('MSN1', 'tcp', '1863', '1863', 'both'); - $othersplist['msnmessenger'][] = array('MSN2', 'tcp', '6891', '6900', 'both'); - $othersplist['msnmessenger'][] = array('MSN3', 'tcp', '6901', '6901', 'both'); - $othersplist['msnmessenger'][] = array('MSN4', 'udp', '6901', '6901', 'both'); + + $othersplist['pop3'] = array(); + /* Post Office Protocol - POP3 */ + $othersplist['pop3'][] = array('POP3', 'tcp', '110', '110', 'both'); + $othersplist['pop3'][] = array('POP3-Secure', 'tcp', '995', '995', 'both'); + + $othersplist['smtp'] = array(); + /* SMTP */ + $othersplist['smtp'][] = array('SMTP', 'tcp', '25', '25', 'both'); + $othersplist['smtp'][] = array('SMTP-Secure-1', 'tcp', '465', '465', 'both'); + $othersplist['smtp'][] = array('SMTP-Secure-2', 'tcp', '587', '587', 'both'); + + /* Game Downloader */ + + //NOTE: Battle.net-Downloader runs on this port range. Don't want that up with the game que. + $othersplist['battlenetdownloader'] = array(); + $othersplist['battlenetdownloader'][] = array('Battle.NET-Downloader', 'tcp', '6881', '6999', 'both'); + + //NOTE: steam downloads, probably don't want this in the game que + $othersplist['steamdownloader'] = array(); + $othersplist['steamdownloader'][] = array('Steam-Downloader', 'tcp', '27014', '27050', 'both'); + + /* Miscellaneous */ + + $othersplist['apns'] = array(); + /* Apple Push Notification Service */ + $othersplist['apns'][] = array('APNS', 'tcp', '5223', '5223', 'both'); + $othersplist['apns'][] = array('APNS', 'tcp', '2195', '2196', 'both'); + + $othersplist['applemobilesync'] = array(); + /* Apple Mobile Sync */ + $othersplist['applemobilesync'][] = array('AppleMobileSync', 'tcp', '2336', '2336', 'both'); + + $othersplist['crashplan'] = array(); + /* crashplan */ + $othersplist['crashplan'][] = array('CrashPlan-1', 'tcp', '4282', '4282', 'both'); + $othersplist['crashplan'][] = array('CrashPlan-2', 'tcp', '4285', '4285', 'both'); + + $othersplist['cvsup'] = array(); + /* cvs */ + $othersplist['cvsup'][] = array('cvsup', 'tcp', '5999', '5999', 'both'); + + $othersplist['dns'] = array(); + /* domain name system */ + $othersplist['dns'][] = array('DNS1', 'tcp', '53', '53', 'both'); + $othersplist['dns'][] = array('DNS2', 'udp', '53', '53', 'both'); + + $othersplist['git'] = array(); + /* GIT */ + $othersplist['git'][] = array('git', 'tcp', '9418', '9418', 'both'); + + $othersplist['hbci'] = array(); + /* HBCI */ + $othersplist['hbci'][] = array('HBCI', 'tcp', '3000', '3000', 'both'); + + $othersplist['icmp'] = array(); + /* ICMP */ + $othersplist['icmp'][] = array('ICMP', 'icmp', '', '', 'both'); + $othersplist['mysqlserver'] = array(); /* mysql server */ $othersplist['mysqlserver'][] = array('MySQL1', 'tcp', '3306', '3306', 'both'); + $othersplist['nntp'] = array(); /* nntp */ $othersplist['nntp'][] = array('NNTP1', 'tcp', '119', '119', 'both'); $othersplist['nntp'][] = array('NNTP2', 'udp', '119', '119', 'both'); - $othersplist['pcanywhere'] = array(); - /* symantec pc anywhere */ - $othersplist['pcanywhere'][] = array('pcany1', 'tcp', '5631', '5631', 'both'); - $othersplist['pcanywhere'][] = array('pcany2', 'udp', '5632', '5632', 'both'); - $othersplist['teamspeak'] = array(); - /* teamspeak */ - $othersplist['teamspeak'][] = array('teamspeak1', 'tcp', '14534', '14534', 'both'); - $othersplist['teamspeak'][] = array('teamspeak2', 'tcp', '51234', '51234', 'both'); - $othersplist['teamspeak'][] = array('teamspeak3', 'udp', '8767', '8768', 'both'); - $othersplist['cvsup'] = array(); - /* cvs */ - $othersplist['cvsup'][] = array('cvsup', 'tcp', '5999', '5999', 'both'); - $othersplist['hbci'] = array(); - /* HBCI */ - $othersplist['hbci'][] = array('HBCI', 'tcp', '3000', '3000', 'both'); + $othersplist['slingbox'] = array(); + /* slingbox */ $othersplist['slingbox'][] = array('Slingbox1', 'tcp', '5001', '5001', 'both'); $othersplist['slingbox'][] = array('Slingbox2', 'udp', '5001', '5001', 'both'); + $othersplist['smb'] = array(); + /* Microsoft SMB and friends */ + $othersplist['smb'][] = array('SMB1', 'tcp', '445', '445', 'both'); + $othersplist['smb'][] = array('SMB2', 'tcp', '137-139', '137-139', 'both'); + + $othersplist['snmp'] = array(); + /* Simple network management protocol */ + $othersplist['snmp'][] = array('SNMP', 'tcp', '161', '161', 'both'); + $othersplist['snmp'][] = array('SNMP2', 'udp', '161', '161', 'both'); + + $othersplist['subversion'] = array(); + /* subversion */ + $othersplist['subversion'][] = array('subversion', 'tcp', '3690', '3690', 'both'); ?> diff --git a/etc/phpshellsessions/gitsync b/etc/phpshellsessions/gitsync index e943ffa..0d6ac07 100644 --- a/etc/phpshellsessions/gitsync +++ b/etc/phpshellsessions/gitsync @@ -249,7 +249,7 @@ if($branch == "RESTORE" && $g['platform'] == "pfSense") { if($nobackup == false) { echo "===> Backing up current pfSense information...\n"; echo "===> Please wait... "; - exec("tar czPf /root/cvssync_backup.tgz --exclude /root --exclude /dev --exclude /var/db/racoon/racoon.sock --exclude /tmp --exclude /var/run --exclude /var/empty /"); + exec("tar czPf /root/cvssync_backup.tgz --exclude /root --exclude /dev --exclude /tmp --exclude /var/run --exclude /var/empty /"); $size = filesize("/root/cvssync_backup.tgz"); echo "{$size} bytes.\n\n"; sleep(5); diff --git a/etc/rc.initial b/etc/rc.initial index 03d9131..2277280 100755 --- a/etc/rc.initial +++ b/etc/rc.initial @@ -61,9 +61,8 @@ fi product=`grep product_name /etc/inc/globals.inc | cut -d'"' -f4` hidebanner=`grep hidebanner /etc/inc/globals.inc | cut -d'"' -f4` -# Check to see if SSH is listening. -SSHD=`/usr/bin/sockstat -4l | grep "*.22" | wc -l` -if [ "$SSHD" -gt 0 ]; then +# Check to see if SSH is running. +if pgrep -q -a -F /var/run/sshd.pid sshd >/dev/null 2>&1; then sshd_option="14) Disable Secure Shell (sshd)"; else sshd_option="14) Enable Secure Shell (sshd)"; @@ -120,6 +120,8 @@ $sshconf .= "Protocol 2\n"; /* Run the server on another port if we have one defined */ $sshconf .= "Port $sshport\n"; + /* Hide FreeBSD version */ + $sshconf .= "VersionAddendum \n"; /* Apply package SSHDCond settings if config file exists */ if (file_exists("/etc/sshd_extra")) { diff --git a/etc/ssl/openssl.cnf b/etc/ssl/openssl.cnf index 08b3758..5f612fb 100644 --- a/etc/ssl/openssl.cnf +++ b/etc/ssl/openssl.cnf @@ -9,6 +9,10 @@ HOME = . RANDFILE = $ENV::HOME/.rnd +# default SAN value if $ENV::SAN is not defined +# +SAN = + # Extra OBJECT IDENTIFIER info: #oid_file = $ENV::HOME/.oid oid_section = new_oids @@ -212,6 +216,15 @@ authorityKeyIdentifier=keyid,issuer:always #nsCaPolicyUrl #nsSslServerName +[ usr_cert_san ] + +# copy of [ usr_cert ] plus nonempty Subject Alternative Names +basicConstraints=CA:FALSE +nsComment = "OpenSSL Generated User Certificate" +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer:always +subjectAltName=$ENV::SAN + [ server ] # Make a cert with nsCertType=server @@ -223,6 +236,18 @@ authorityKeyIdentifier=keyid,issuer:always extendedKeyUsage=serverAuth keyUsage = digitalSignature, keyEncipherment +[ server_san ] + +# copy of [ server ] plus nonempty Subject Alternative Names +basicConstraints=CA:FALSE +nsCertType = server +nsComment = "OpenSSL Generated Server Certificate" +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer:always +extendedKeyUsage=serverAuth +keyUsage = digitalSignature, keyEncipherment +subjectAltName=$ENV::SAN + [ v3_req ] # Extensions to add to a certificate request @@ -267,6 +292,14 @@ basicConstraints = CA:true # You can even override a supported extension: # basicConstraints= critical, DER:30:03:01:01:FF +[ v3_ca_san ] + +# copy of [ v3_ca ] plus nonempty Subject Alternative Names +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid:always,issuer:always +basicConstraints = CA:true +subjectAltName=$ENV::SAN + [ crl_ext ] # CRL extensions. |
