function pfBlockerNG_get_counts() { global $config, $pfb; $pfb_table = array(); /* Alias Table Definitions - 'update' - Last Updated Timestamp 'rule' - Total number of Firewall rules per alias 'count' - Total Line Count per alias 'packets' - Total number of pf packets per alias */ exec("/sbin/pfctl -vvsTables | grep -A4 'pfB_'", $pfb_pfctl); if (!empty($pfb_pfctl)) { foreach ($pfb_pfctl as $line) { $line = trim(str_replace(array('[', ']'), '', $line)); if (substr($line, 0, 1) == '-') { $pfb_alias = trim(strstr($line, 'pfB', FALSE)); if (empty($pfb_alias)) { unset($pfb_alias); continue; } exec("/usr/bin/grep -cv '^1\\.1\\.1\\.1' {$pfb['aliasdir']}/{$pfb_alias}.txt", $match); $pfb_table[$pfb_alias] = array('count' => $match[1], 'img' => $pfb['down']); exec("ls -ld {$pfb['aliasdir']}/{$pfb_alias}.txt | awk '{ print \$6,\$7,\$8 }'", $update); $pfb_table[$pfb_alias]['update'] = $update[0]; $pfb_table[$pfb_alias]['rule'] = 0; unset($match, $update); continue; } if (isset($pfb_alias)) { if (substr($line, 0, 9) == 'Addresses') { $addr = trim(substr(strrchr($line, ':'), 1)); $pfb_table[$pfb_alias]['count'] = $addr; continue; } if (substr($line, 0, 11) == 'Evaluations') { $packets = trim(substr(strrchr($line, ':'), 1)); $pfb_table[$pfb_alias]['packets'] = $packets; unset($pfb_alias); } } } } else { // Error. No pf labels found. $pfb['pfctl'] = TRUE; } // Determine if firewall rules are defined if (is_array($config['filter']['rule'])) { foreach ($config['filter']['rule'] as $rule) { // Skip disabled rules if (isset($rule['disabled'])) { continue; } if (stripos($rule['source']['address'], "pfb_") !== FALSE) { $pfb_table[$rule['source']['address']]['img'] = $pfb['up']; $pfb_table[$rule['source']['address']]['rule'] += 1; } if (stripos($rule['destination']['address'], "pfb_") !== FALSE) { $pfb_table[$rule['destination']['address']]['img'] = $pfb['up']; $pfb_table[$rule['destination']['address']]['rule'] += 1; } } } // Collect packet fence rule numbers exec("/sbin/pfctl -vv -sr | grep 'pfB_'", $pfrules); if (!empty($pfrules)) { foreach ($pfrules as $result) { // Sample : @112(0) block return in log quick on em1 from any to <pfB_PRI1:160323> label "USER_RULE: pfB_PRI1" if (preg_match("/@(\\d+)\\(\\d+\\).*\\<(pfB_\\w+):\\d+\\>/", $result, $rule)) { $pfb_table[$rule[2]]['rules'] .= $rule[1] . '|'; } } } // Sort tables per sort customization if ($pfb['sortcolumn'] != "none") { if ($pfb['sortdir'] == "asc") { pfbsort($pfb_table, $pfb['sortcolumn'], TRUE); } else { pfbsort($pfb_table, $pfb['sortcolumn'], FALSE); } } return $pfb_table; }
function pfBlockerNG_get_counts() { global $config, $pfb; $pfb_table = $pfb_dtable = array(); /* Alias Table Definitions - 'update' - Last Updated Timestamp 'rule' - Total number of Firewall rules per alias 'count' - Total Line Count per alias 'packets' - Total number of pf packets per alias */ exec("{$pfb['pfctl']} -vvsTables | {$pfb['grep']} -A4 'pfB_'", $pfb_pfctl); if (!empty($pfb_pfctl)) { foreach ($pfb_pfctl as $line) { $line = trim(str_replace(array('[', ']'), '', $line)); if (substr($line, 0, 1) == '-') { $pfb_alias = trim(strstr($line, 'pfB', FALSE)); if (empty($pfb_alias)) { unset($pfb_alias); continue; } exec("{$pfb['grep']} -cv '^1\\.1\\.1\\.1\$' {$pfb['aliasdir']}/{$pfb_alias}.txt", $match); $pfb_table[$pfb_alias] = array('count' => $match[1], 'img' => $pfb['down']); exec("{$pfb['ls']} -ld {$pfb['aliasdir']}/{$pfb_alias}.txt | {$pfb['awk']} '{ print \$6,\$7,\$8 }'", $update); $pfb_table[$pfb_alias]['update'] = $update[0]; $pfb_table[$pfb_alias]['rule'] = 0; unset($match, $update); continue; } if (isset($pfb_alias)) { if (substr($line, 0, 9) == 'Addresses') { $addr = trim(substr(strrchr($line, ':'), 1)); $pfb_table[$pfb_alias]['count'] = $addr; continue; } if (substr($line, 0, 11) == 'Evaluations') { $packets = trim(substr(strrchr($line, ':'), 1)); $pfb_table[$pfb_alias]['packets'] = $packets; unset($pfb_alias); } } } } else { // Error. No pf labels found. $pfb['pfctlerr'] = TRUE; } // Determine if firewall rules are defined if (isset($config['filter']['rule'])) { foreach ($config['filter']['rule'] as $rule) { // Skip disabled rules if (isset($rule['disabled'])) { continue; } if (stripos($rule['source']['address'], 'pfb_') !== FALSE) { $pfb_table[$rule['source']['address']]['img'] = $pfb['up']; $pfb_table[$rule['source']['address']]['rule'] += 1; } if (stripos($rule['destination']['address'], 'pfb_') !== FALSE) { $pfb_table[$rule['destination']['address']]['img'] = $pfb['up']; $pfb_table[$rule['destination']['address']]['rule'] += 1; } } } // Collect packet fence rule numbers exec("{$pfb['pfctl']} -vv -sr | {$pfb['grep']} 'pfB_'", $pfrules); if (!empty($pfrules)) { foreach ($pfrules as $result) { // Sample : @112(0) block return in log quick on em1 from any to <pfB_PRI1:160323> label "USER_RULE: pfB_PRI1" $id = strstr($result, '(', FALSE); $id = ltrim(strstr($id, ')', TRUE), '('); $descr = ltrim(stristr($result, '<pfb_', FALSE), '<'); $descr = strstr($descr, ':', TRUE); if (!empty($id) && !empty($descr) && strpos($pfb_table[$descr]['rules'], $id) === FALSE) { $pfb_table[$descr]['rules'] .= $id . '|'; } } } // DNSBL collect statistics if ($pfb['enable'] == 'on' && $pfb['dnsbl'] == 'on' && file_exists("{$pfb['dnsbl_info']}")) { $dnsbl_info = array_map('str_getcsv', @file("{$pfb['dnsbl_info']}")); if (!empty($dnsbl_info)) { foreach ($dnsbl_info as $line) { if (substr($line[0], 0, 1) != '#') { if ($line[2] == 'disabled') { $pfb_dtable[$line[0]] = array('count' => 'disabled', 'img' => $pfb['down']); } else { $pfb_dtable[$line[0]] = array('count' => $line[2], 'img' => $pfb['up']); } $pfb_dtable[$line[0]]['update'] = "{$line[1]}"; $pfb_dtable[$line[0]]['packets'] = "{$line[3]}"; } } } } // Sort tables per sort customization if ($pfb['sortcolumn'] != 'none') { if ($pfb['sortdir'] == 'asc') { pfbsort($pfb_table, $pfb['sortcolumn'], FALSE); pfbsort($pfb_dtable, $pfb['sortcolumn'], FALSE); } else { pfbsort($pfb_table, $pfb['sortcolumn'], TRUE); pfbsort($pfb_dtable, $pfb['sortcolumn'], TRUE); } } $pfb_table = array_merge($pfb_table, $pfb_dtable); return $pfb_table; }