Skip to content

O
OpnSense
Commit e8d34822 authored by Ad Schellevis's avatar Ad Schellevis Committed by Franco Fichtner
Browse files
Options

(firewall, aliases / geoip) move geoip dowload to download_alias_geoip in util.inc 

(cherry picked from commit 70d6a860)
parent 97294921
Hide whitespace changes
Inline Side-by-side
Showing with 45 additions and 30 deletions
src/etc/inc/filter.inc
View file @ e8d34822
...@@ -55,7 +55,16 @@ function alias_expand_urltable($name) { ...@@ -55,7 +55,16 @@ function alias_expand_urltable($name) {
if (preg_match("/urltable/i", $alias['type']) && ($alias['name'] == $name)) { if (preg_match("/urltable/i", $alias['type']) && ($alias['name'] == $name)) {
if (is_URL($alias["url"]) && file_exists($urltable_filename) && filesize($urltable_filename)) { if (is_URL($alias["url"]) && file_exists($urltable_filename) && filesize($urltable_filename)) {
return $urltable_filename; return $urltable_filename;
} else if (process_alias_urltable($name, $alias["url"], 0, true)) { } elseif (process_alias_urltable($name, $alias["url"], 0, true)) {
return $urltable_filename;
}
} elseif ($alias['type'] == 'geoip' && $alias['name'] == $name) {
if (!file_exists($urltable_filename) || filesize($urltable_filename) == 0) {
if (download_alias_geoip($alias)) {
return $urltable_filename;
}
} else {
// alias file found and not 0 bytes
return $urltable_filename; return $urltable_filename;
} }
} }
...@@ -589,7 +598,6 @@ function filter_generate_aliases(&$FilterIflist) ...@@ -589,7 +598,6 @@ function filter_generate_aliases(&$FilterIflist)
switch ($aliased['type']) { switch ($aliased['type']) {
case "host": case "host":
case "network": case "network":
case "geoip":
case "url": case "url":
$tableaddrs = "{$addrlist}{$extralias}"; $tableaddrs = "{$addrlist}{$extralias}";
if (empty($tableaddrs)) { if (empty($tableaddrs)) {
...@@ -625,6 +633,7 @@ function filter_generate_aliases(&$FilterIflist) ...@@ -625,6 +633,7 @@ function filter_generate_aliases(&$FilterIflist)
$aliases .= "{$aliased['name']} = \"<{$aliased['name']}>\"\n"; $aliases .= "{$aliased['name']} = \"<{$aliased['name']}>\"\n";
break; break;
case "urltable": case "urltable":
case "geoip":
$urlfn = alias_expand_urltable($aliased['name']); $urlfn = alias_expand_urltable($aliased['name']);
if ($urlfn) { if ($urlfn) {
$aliases .= "table <{$aliased['name']}> persist file \"{$urlfn}\"\n"; $aliases .= "table <{$aliased['name']}> persist file \"{$urlfn}\"\n";
......
src/etc/inc/util.inc
View file @ e8d34822
...@@ -1366,3 +1366,35 @@ function prefer_ipv4_or_ipv6() ...@@ -1366,3 +1366,35 @@ function prefer_ipv4_or_ipv6()
isset($config['system']['prefer_ipv4']) ? 'prefer_ipv4' : 'prefer_ipv6' isset($config['system']['prefer_ipv4']) ? 'prefer_ipv4' : 'prefer_ipv6'
); );
} }
/**
* download geoip and collect alias contents into /var/db/aliastables
* @param array $alias
*/
function download_alias_geoip($alias)
{
if ($alias['type'] == 'geoip') {
// create alias target directly if it doesn't exists (mfs)
if (!file_exists("/var/db/aliastables/")) {
mkdir("/var/db/aliastables");
}
// download the geoip database, first check if we haven't already done so the last day
if (!is_file('/usr/local/share/GeoIP/alias/NL-IPv4') || (time() - filemtime('/usr/local/share/GeoIP/alias/NL-IPv4')) > (86400 - 90)) {
log_error("{$argv[0]}: Download GeoIP database");
exec('/usr/local/opnsense/scripts/filter/download_geoip.py');
}
// concat geoip countries and save to alias file
$alias_content = "";
foreach (explode(' ', $alias['address']) as $country_code) {
if (strlen($country_code) == 2 && in_array($alias['proto'], array('IPv4', 'IPv6'))) {
$filename = "/usr/local/share/GeoIP/alias/".$country_code."-".$alias['proto'];
if (is_file($filename)) {
$alias_content .= file_get_contents($filename);
}
}
}
return file_put_contents('/var/db/aliastables/'.basename($alias['name']).'.txt', $alias_content);
} else {
return false;
}
}
src/etc/rc.update_urltables
View file @ e8d34822
...@@ -12,13 +12,11 @@ if (!isset($config['aliases']['alias'])) { ...@@ -12,13 +12,11 @@ if (!isset($config['aliases']['alias'])) {
// Gather list of urltable / geoip aliases // Gather list of urltable / geoip aliases
$todo = array(); $todo = array();
$download_geoip = false;
foreach ($config['aliases']['alias'] as $alias) { foreach ($config['aliases']['alias'] as $alias) {
if (preg_match('/urltable/i', $alias['type'])) { if (preg_match('/urltable/i', $alias['type'])) {
$todo[] = $alias; $todo[] = $alias;
} elseif ($alias['type'] == 'geoip') { } elseif ($alias['type'] == 'geoip') {
$todo[] = $alias; $todo[] = $alias;
$download_geoip = true;
} }
} }
...@@ -32,21 +30,6 @@ if (count($todo) > 0) { ...@@ -32,21 +30,6 @@ if (count($todo) > 0) {
sleep($wait); sleep($wait);
} }
// download geoip database
if ($download_geoip) {
// download the geoip database, first check if we haven't already done so the last day
if (!is_file('/usr/local/share/GeoIP/alias/NL-IPv4') || (time() - filemtime('/usr/local/share/GeoIP/alias/NL-IPv4')) > (86400 - 90)) {
log_error("{$argv[0]}: Download GeoIP database");
exec('/usr/local/opnsense/scripts/filter/download_geoip.py');
} else {
log_error("{$argv[0]}: GeoIP database doesn't need updating");
}
// create alias target directly if it doesn't exists (mfs)
if (!file_exists("/var/db/aliastables/")) {
mkdir("/var/db/aliastables");
}
}
log_error("{$argv[0]}: Starting URL table alias updates"); log_error("{$argv[0]}: Starting URL table alias updates");
$filter_reload = false; $filter_reload = false;
...@@ -66,17 +49,8 @@ if (count($todo) > 0) { ...@@ -66,17 +49,8 @@ if (count($todo) > 0) {
log_error("{$argv[0]}: ERROR: could not update {$alias['name']} content from {$alias['url']}"); log_error("{$argv[0]}: ERROR: could not update {$alias['name']} content from {$alias['url']}");
} }
} elseif ($alias['type'] == 'geoip') { } elseif ($alias['type'] == 'geoip') {
// concat geoip countries and load into pf table download_alias_geoip($alias);
$alias_content = ""; // load alias content
foreach (explode(' ', $alias['address']) as $country_code) {
if (strlen($country_code) == 2 && in_array($alias['proto'], array('IPv4', 'IPv6'))) {
$filename = "/usr/local/share/GeoIP/alias/".$country_code."-".$alias['proto'];
if (is_file($filename)) {
$alias_content .= file_get_contents($filename);
}
}
}
file_put_contents('/var/db/aliastables/'.basename($alias['name']).'.txt', $alias_content);
exec("/sbin/pfctl -t " . escapeshellarg($alias['name']) . " -T replace -f /var/db/aliastables/" . escapeshellarg($alias['name']) . ".txt 2>&1", $result); exec("/sbin/pfctl -t " . escapeshellarg($alias['name']) . " -T replace -f /var/db/aliastables/" . escapeshellarg($alias['name']) . ".txt 2>&1", $result);
log_error("{$argv[0]}: Updated {$alias['name']} content from geoip database: ". $result[count($result)-1]); log_error("{$argv[0]}: Updated {$alias['name']} content from geoip database: ". $result[count($result)-1]);
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Technounit-GROUP 2023