jullrich / dshieldpfsense Goto Github PK

After upgrading to PFSense 2.5.0 I get this error in my system.log after running dshieldpfsense.php

PHP ERROR: Type: 64, File: /root/bin/dshieldpfsense.php, Line: 88, Message: require_once(): Failed opening required 'filter_log.inc' (include_path='.:/etc/inc:/etc/inc/web:/usr/local/www:/usr/local/captiveportal:/usr/local/pkg:/usr/local/www/classes:/usr/local/www/classes/Form:/usr/local/share/pear:/usr/local/share/openssl_x509_crl/')

Please advice how to solve this.

pfsense use Binary Circular Logs (clog) and reading /var/log/filter.log directly can generate binary errors.

For futher development, it could be interesting to fork pfsense-mailreport package and develop a proper package

dshield.php contains the following code for sending a report in pfSense 2.4 and later :

                //pfsense 2.4
                if(send_smtp_message_24()) {
                log_error(sprintf(gettext("%d lines sent to DShield OK"), $linecnt));
                        print "send $linecnt lines to DShield OK\n";
                }
...
function send_smtp_message_24() {
...
        if (PEAR::isError($mail)) {
                $err_msg = sprintf(gettext(
                    'Could not send the message to %1$s -- Error: %2$s'),
                    $toaddr, $mail->getMessage());
                print $err_msg;
                log_error($err_msg);
                return($err_msg);
        }
    
        return;

That is, on failure send_smtp_message_24() will print and log an error message and return that and the calling code will then print and log a message about the number of lines sent to DShield, which seems like a bug.

One approach is to move the code that logs and prints the number of lines sent inside send_smtp_message_24(), like what's done in send_smtp_message_23(). Alternatively, the check in the calling code should be that send_smtp_message_24 returns a null string.

I made the following changes required to get the script to run error free:

Replaced "split" with "preg_split" on lines 33 & 34:

$interfaces=preg_split(',',$config['interfaces']);
$authorized_source_ip=preg_split(',',$config['authorized_source_ip']);

However, when the script is run the pfsense System Log reports:

/root/bin/dshield.php: no new lines added to log since last run OK.....

Even though there are new rejected packets in the log. This is preventing email to be sent to dshield or any CC: address.

Additional question, please clarify the purpose of a new dshield.ini item:

#prevent auto ban ...
authorized_source_ip="172.16.0.60,10.0.0.100"

I'm getting the following error after running ./dshieldpfsense.php:

PHP Fatal error: Uncaught TypeError: Cannot access offset of type string on string in /root/bin/dshieldpfsense.php:156
Stack trace:
#0 {main}
thrown in /root/bin/dshieldpfsense.php on line 156

Configuration settings such as 'ccaddr' are ignored in dshield.php because the $config array gets overwritten when processing the functions.inc include. One solution is to rename the array in the script (eg, $config -> $dshield_config) for those settings intended to be defined in dshield.ini.

Note, though, that notification settings (eg, $config['notifications']['smtp']['ipaddress']) are defined not in dshield.ini but in /cf/conf/config.xml and thus should not be renamed.

I hit the same issue reported by @gderf about a fatal error using the latest copy of dshieldpfsense.php in pfSense 2.7.0 CE, but on pfSense Plus 23.05.

I find it useful to ignore selected IP addresses and ports from my submitted reports. The Linux iptables client supports that but the pfSense variant does not.

The files sasl.inc and smtp.inc are not in the 2.4.3 build, so the includes at lines 87 and 88 fail. They were deprecated and have since been removed in the 2.4 trunk. (see https://www.netgate.com/blog/2-4-pre-alpha-snapshots-now-available.html). With these two files commented out, it does appear to allow the script to work however without the smtp submission.

In addition, the isset on lines 75, and 79 do not appear to work (passed the check wether or not they should.)

pfSense 2.4 was released. Unfortunately the script silently stopped working on 2.4