From mboxrd@z Thu Jan  1 00:00:00 1970
From: Matthias Fischer <matthias.fischer@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH] squidguard 1.5-beta: Added switch for DNS Blacklist
Date: Sun, 22 Jan 2017 14:24:25 +0100
Message-ID: <20170122132425.1942-1-matthias.fischer@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============8856011203886053865=="
List-Id: <development.lists.ipfire.org>

--===============8856011203886053865==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

squidguard 1.5 has this feature, so I thought I could test this:

This patch adds the option to block against dns based blacklists.

For details see:
http://www.squidguard.org/Doc/extended.html

"Attention:
This feature requires squidGuard 1.5 or later or the dnsbl
patch for squidGuard 1.4 provided by INL - http://www.inl.fr/.
If you want to use external dns based blacklists such as black.uribl.com
for blocking you can use !dnsbl to dynamically check domain names against suc=
h services."

Example (squidGuard.conf):

...
acl {
	default {
		pass !dnsbl:your.preferred.blacklist.domain.com all
		redirect http://localhost/block.html
	}
}
...

"If you use !dnsbl without specifying a domain, black.uribl.com is used as de=
fault."

This is what I did for testing.

Discussion in german IPFire-Forum:
https://forum.ipfire.org/viewtopic.php?f=3D17&t=3D18083&sid=3D94b26f24a3d9789=
1af84286ed939e3bb

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
---
 html/cgi-bin/urlfilter.cgi | 15 +++++++++++++++
 langs/de/cgi-bin/de.pl     |  1 +
 langs/en/cgi-bin/en.pl     |  5 ++++-
 langs/es/cgi-bin/es.pl     |  1 +
 langs/fr/cgi-bin/fr.pl     |  1 +
 langs/it/cgi-bin/it.pl     |  1 +
 langs/nl/cgi-bin/nl.pl     |  1 +
 langs/pl/cgi-bin/pl.pl     |  1 +
 langs/ru/cgi-bin/ru.pl     |  1 +
 langs/tr/cgi-bin/tr.pl     |  1 +
 lfs/squidguard             |  2 +-
 11 files changed, 28 insertions(+), 2 deletions(-)

diff --git a/html/cgi-bin/urlfilter.cgi b/html/cgi-bin/urlfilter.cgi
index c3c327eec..ea4110916 100644
--- a/html/cgi-bin/urlfilter.cgi
+++ b/html/cgi-bin/urlfilter.cgi
@@ -136,6 +136,7 @@ $filtersettings{'MSG_TEXT_3'} =3D '';
 $filtersettings{'ENABLE_EXPR_LISTS'} =3D 'off';
 $filtersettings{'BLOCK_IP_ADDR'} =3D 'off';
 $filtersettings{'BLOCK_ALL'} =3D 'off';
+$filtersettings{'ENABLE_DNSBL'} =3D 'off';
 $filtersettings{'ENABLE_EMPTY_ADS'} =3D 'off';
 $filtersettings{'ENABLE_GLOBAL_WHITELIST'} =3D 'off';
 $filtersettings{'ENABLE_SAFESEARCH'} =3D 'off';
@@ -1051,6 +1052,9 @@ $checked{'BLOCK_IP_ADDR'}{$filtersettings{'BLOCK_IP_ADD=
R'}} =3D "checked=3D'checked'
 $checked{'BLOCK_ALL'}{'off'} =3D '';
 $checked{'BLOCK_ALL'}{'on'} =3D '';
 $checked{'BLOCK_ALL'}{$filtersettings{'BLOCK_ALL'}} =3D "checked=3D'checked'=
";
+$checked{'ENABLE_DNSBL'}{'off'} =3D '';
+$checked{'ENABLE_DNSBL'}{'on'} =3D '';
+$checked{'ENABLE_DNSBL'}{$filtersettings{'ENABLE_DNSBL'}} =3D "checked=3D'ch=
ecked'";
 $checked{'ENABLE_EMPTY_ADS'}{'off'} =3D '';
 $checked{'ENABLE_EMPTY_ADS'}{'on'} =3D '';
 $checked{'ENABLE_EMPTY_ADS'}{$filtersettings{'ENABLE_EMPTY_ADS'}} =3D "check=
ed=3D'checked'";
@@ -1479,21 +1483,26 @@ print <<END
 	<td class=3D'base'>$Lang::tr{'urlfilter username log'}:</td>
 	<td><input type=3D'checkbox' name=3D'ENABLE_USERNAME_LOG' $checked{'ENABLE_=
USERNAME_LOG'}{'on'} /></td>
 </tr>
+
 <tr>
 	<td class=3D'base'>$Lang::tr{'urlfilter empty ads'}:</td>
 	<td><input type=3D'checkbox' name=3D'ENABLE_EMPTY_ADS' $checked{'ENABLE_EMP=
TY_ADS'}{'on'} /></td>
 	<td class=3D'base'>$Lang::tr{'urlfilter category log'}:</td>
 	<td><input type=3D'checkbox' name=3D'ENABLE_CATEGORY_LOG' $checked{'ENABLE_=
CATEGORY_LOG'}{'on'} /></td>
 </tr>
+
 <tr>
 	<td class=3D'base'>$Lang::tr{'urlfilter block ip'}:</td>
 	<td><input type=3D'checkbox' name=3D'BLOCK_IP_ADDR' $checked{'BLOCK_IP_ADDR=
'}{'on'} /></td>
 </tr>
+
 <tr>
 	<td class=3D'base'>$Lang::tr{'urlfilter block all'}:</td>
 	<td><input type=3D'checkbox' name=3D'BLOCK_ALL' $checked{'BLOCK_ALL'}{'on'}=
 /></td>
 	<td class=3D'base'>$Lang::tr{'urlfilter whitelist always allowed'}:</td>
 	<td><input type=3D'checkbox' name=3D'ENABLE_GLOBAL_WHITELIST' $checked{'ENA=
BLE_GLOBAL_WHITELIST'}{'on'} /></td>
+	<td class=3D'base'>$Lang::tr{'urlfilter enable dnsbl'}:</td>
+	<td><input type=3D'checkbox' name=3D'ENABLE_DNSBL' $checked{'ENABLE_DNSBL'}=
{'on'} /></td>
 </tr>
 </table>
 <hr size=3D'1'>
@@ -2793,6 +2802,12 @@ sub writeconfigfile
 		{
 			$defaultrule .=3D "!in-addr ";
 		}
+
+		if ($filtersettings{'ENABLE_DNSBL'} eq 'on')
+		{
+			$defaultrule .=3D "!dnsbl ";
+		}
+
 		for ($i=3D0; $i<=3D@filtergroups; $i++) {
 			if ($filtersettings{@filtergroups[$i]} eq 'on')
 			{
diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl
index 261b92fe7..be95af57d 100644
--- a/langs/de/cgi-bin/de.pl
+++ b/langs/de/cgi-bin/de.pl
@@ -2444,6 +2444,7 @@
 'urlfilter enable custom blacklist' =3D> 'Angepasste Blacklist aktivieren',
 'urlfilter enable custom expression list' =3D> 'Angepasste Ausdrucksliste ak=
tivieren',
 'urlfilter enable custom whitelist' =3D> 'Angepasste Whitelist aktivieren',
+'urlfilter enable dnsbl' =3D> 'Aktiviere DNS Blacklist',
 'urlfilter enable expression lists' =3D> ' Aktiviere Ausdruckslisten',
 'urlfilter enable full backup' =3D> 'Komplette Blacklist einbeziehen',
 'urlfilter enable jpeg' =3D> 'Aktiviere Hintergrundbild',
diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index a04d994d6..44fa77fa3 100644
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -1246,7 +1246,6 @@
 'green interface' =3D> 'Green Interface',
 'grouptype' =3D> 'Grouptype:',
 'guaranteed bandwith' =3D> 'Guaranteed bandwith',
-'guardian' =3D> 'Guardian',
 'guest ok' =3D> 'allow guests to access',
 'gui settings' =3D> 'GUI Settings',
 'gz with key' =3D> 'Only an encrypted archive can be restored on this machin=
e.',
@@ -1404,6 +1403,7 @@
 'ip alias changed' =3D> 'External IP alias changed',
 'ip alias removed' =3D> 'External IP alias removed',
 'ip info' =3D> 'IP Information',
+'ip reputational info' =3D> 'IP Reputational Info:',
 'ipfire has now rebooted' =3D> 'IPFire is rebooting now.',
 'ipfire has now shutdown' =3D> 'IPFire is shutting down now.',
 'ipfire side' =3D> 'IPFire side:',
@@ -1453,6 +1453,7 @@
 'local subnet' =3D> 'Local subnet:',
 'local subnet is invalid' =3D> 'Local subnet is invalid.',
 'local vpn hostname/ip' =3D> 'Local VPN Hostname/IP',
+'localhost' =3D> 'Localhost',
 'localkey' =3D> 'Localkey',
 'localkeyfile' =3D> 'Localkeyfile',
 'log' =3D> 'Log',
@@ -1614,6 +1615,7 @@
 'mpfire songs' =3D> 'MPFire songlist',
 'mpfire webradio' =3D> 'MPFire Webradio',
 'mtu QoS' =3D> 'This does not change the global MTU, it only sets MTU for Qo=
S.',
+'multicast' =3D> 'Multicast',
 'my new share' =3D> 'My new share',
 'name' =3D> 'Name',
 'name is invalid' =3D> 'Name is invalid',
@@ -2487,6 +2489,7 @@
 'urlfilter enable custom blacklist' =3D> 'Enable custom blacklist',
 'urlfilter enable custom expression list' =3D> 'Enable custom expression lis=
t',
 'urlfilter enable custom whitelist' =3D> 'Enable custom whitelist',
+'urlfilter enable dnsbl' =3D> 'Enable DNS Blacklist',
 'urlfilter enable expression lists' =3D> 'Enable expression lists',
 'urlfilter enable full backup' =3D> 'Include complete blacklist',
 'urlfilter enable jpeg' =3D> 'Enable background image',
diff --git a/langs/es/cgi-bin/es.pl b/langs/es/cgi-bin/es.pl
index ede7b661d..027b8e953 100644
--- a/langs/es/cgi-bin/es.pl
+++ b/langs/es/cgi-bin/es.pl
@@ -1929,6 +1929,7 @@
 'urlfilter enable custom blacklist' =3D> 'Activar Lista Negra personalizada',
 'urlfilter enable custom expression list' =3D> 'Activar lista de frases pers=
onalizada',
 'urlfilter enable custom whitelist' =3D> 'Activar Lista Blanca personalizada=
',
+'urlfilter enable dnsbl' =3D> 'Activar DNS Blacklist',
 'urlfilter enable expression lists' =3D> 'Activar lista de frases',
 'urlfilter enable full backup' =3D> 'Incluir Lista Negra completa',
 'urlfilter enable jpeg' =3D> 'Activar imagen de fondo',
diff --git a/langs/fr/cgi-bin/fr.pl b/langs/fr/cgi-bin/fr.pl
index e896c9b2a..a75d68e32 100644
--- a/langs/fr/cgi-bin/fr.pl
+++ b/langs/fr/cgi-bin/fr.pl
@@ -1933,6 +1933,7 @@
 'urlfilter enable custom blacklist' =3D> 'Activer Blackliste perso',
 'urlfilter enable custom expression list' =3D> 'Activer liste de expression =
perso',
 'urlfilter enable custom whitelist' =3D> 'Activer liste blanche perso',
+'urlfilter enable dnsbl' =3D> 'Activer DNS Blacklist',
 'urlfilter enable expression lists' =3D> 'Activer liste de mots cl=C3=A9s pe=
rso',
 'urlfilter enable full backup' =3D> 'Inclure Blackliste complete',
 'urlfilter enable jpeg' =3D> 'Activer image d\'arri=C3=A8re plan',
diff --git a/langs/it/cgi-bin/it.pl b/langs/it/cgi-bin/it.pl
index b039cdbe0..cfb4722b8 100644
--- a/langs/it/cgi-bin/it.pl
+++ b/langs/it/cgi-bin/it.pl
@@ -2400,6 +2400,7 @@
 'urlfilter empty ads' =3D> 'Blocca "ADS" con finestra vuota',
 'urlfilter empty repository' =3D> 'Local file repository is empty',
 'urlfilter enable automatic blacklist update' =3D> 'Attiva aggiornamento aut=
omatico',
+'urlfilter enable dnsbl' =3D> 'Attiva DNS Blacklist',
 'urlfilter enable custom blacklist' =3D> 'Abilito blacklist Personalizata',
 'urlfilter enable custom expression list' =3D> 'Abilito Espressione Personal=
izata',
 'urlfilter enable custom whitelist' =3D> 'Abilito whitelist Personalizata',
diff --git a/langs/nl/cgi-bin/nl.pl b/langs/nl/cgi-bin/nl.pl
index 49c0cced6..4defa5f13 100644
--- a/langs/nl/cgi-bin/nl.pl
+++ b/langs/nl/cgi-bin/nl.pl
@@ -2348,6 +2348,7 @@
 'urlfilter enable custom blacklist' =3D> 'Inschakelen eigen zwarte lijst',
 'urlfilter enable custom expression list' =3D> 'Inschakelen eigen expressiel=
ijst',
 'urlfilter enable custom whitelist' =3D> 'Inschakelen eigen witte lijst',
+'urlfilter enable dnsbl' =3D> 'Inschakelen DNS Blacklist',
 'urlfilter enable expression lists' =3D> 'Inschakelen eigen expressielijst',
 'urlfilter enable full backup' =3D> 'Inclusief complete zwarte lijst',
 'urlfilter enable jpeg' =3D> 'Inschakelen achtergrondafbeelding',
diff --git a/langs/pl/cgi-bin/pl.pl b/langs/pl/cgi-bin/pl.pl
index e2f9da5c0..d3d95fd47 100644
--- a/langs/pl/cgi-bin/pl.pl
+++ b/langs/pl/cgi-bin/pl.pl
@@ -1942,6 +1942,7 @@
 'urlfilter enable custom blacklist' =3D> 'W=C5=82=C4=85cz w=C5=82asn=C4=85 c=
zarn=C4=85 list=C4=99',
 'urlfilter enable custom expression list' =3D> 'W=C5=82=C4=85cz w=C5=82asn=
=C4=85 list=C4=99 wyra=C5=BCe=C5=84',
 'urlfilter enable custom whitelist' =3D> 'W=C5=82=C4=85cz w=C5=82asn=C4=85 b=
ia=C5=82=C4=85 list=C4=99',
+'urlfilter enable dnsbl' =3D> 'Aktywuy DNS Blacklist',
 'urlfilter enable expression lists' =3D> 'W=C5=82=C4=85cz list=C4=99 wyra=C5=
=BCe=C5=84',
 'urlfilter enable full backup' =3D> 'Do=C5=82=C4=85cz kompletn=C4=85 czarn=
=C4=85 list=C4=99',
 'urlfilter enable jpeg' =3D> 'W=C5=82=C4=85cz obraz t=C5=82a',
diff --git a/langs/ru/cgi-bin/ru.pl b/langs/ru/cgi-bin/ru.pl
index 4b0edb582..5acddc015 100644
--- a/langs/ru/cgi-bin/ru.pl
+++ b/langs/ru/cgi-bin/ru.pl
@@ -1934,6 +1934,7 @@
 'urlfilter empty ads' =3D> '=D0=91=D0=BB=D0=BE=D0=BA=D0=B8=D1=80=D0=BE=D0=B2=
=D0=B0=D1=82=D1=8C =D1=80=D0=B5=D0=BA=D0=BB=D0=B0=D0=BC=D1=83 =D1=81 =D0=BF=
=D1=83=D1=81=D1=82=D1=8B=D0=BC=D0=B8 =D0=BE=D0=BA=D0=BD=D0=B0=D0=BC=D0=B8',
 'urlfilter empty repository' =3D> '=D0=9B=D0=BE=D0=BA=D0=B0=D0=BB=D1=8C=D0=
=BD=D1=8B=D0=B9 =D1=84=D0=B0=D0=B9=D0=BB=D0=BE=D0=B2=D1=8B=D0=B9 =D1=80=D0=B5=
=D0=BF=D0=BE=D0=B7=D0=B8=D1=82=D0=BE=D1=80=D0=B8=D0=B9 =D0=BF=D1=83=D1=81=D1=
=82',
 'urlfilter enable automatic blacklist update' =3D> '=D0=A0=D0=B0=D0=B7=D1=80=
=D0=B5=D1=88=D0=B8=D1=82=D1=8C =D0=B0=D0=B2=D1=82=D0=BE=D0=BC=D0=B0=D1=82=D0=
=B8=D1=87=D0=B5=D1=81=D0=BA=D0=BE=D0=B5 =D0=BE=D0=B1=D0=BD=D0=BE=D0=B2=D0=BB=
=D0=B5=D0=BD=D0=B8=D0=B5',
+'urlfilter enable dnsbl' =3D> '=D0=90=D0=BA=D1=82=D0=B8=D0=B2=D0=B8=D1=80=D0=
=BE=D0=B2=D0=B0=D1=82=D1=8C DNS =D1=87=D0=B5=D1=80=D0=BD=D1=8B=D0=B9 =D1=81=
=D0=BF=D0=B8=D1=81=D0=BE=D0=BA',
 'urlfilter enable custom blacklist' =3D> '=D0=A0=D0=B0=D0=B7=D1=80=D0=B5=D1=
=88=D0=B8=D1=82=D1=8C =D0=BF=D0=BE=D0=BB=D1=8C=D0=B7=D0=BE=D0=B2=D0=B0=D1=82=
=D0=B5=D0=BB=D1=8C=D1=81=D0=BA=D0=B8=D0=B9 =D1=87=D1=91=D1=80=D0=BD=D1=8B=D0=
=B9 =D1=81=D0=BF=D0=B8=D1=81=D0=BE=D0=BA',
 'urlfilter enable custom expression list' =3D> '=D0=A0=D0=B0=D0=B7=D1=80=D0=
=B5=D1=88=D0=B8=D1=82=D1=8C =D0=BF=D0=BE=D0=BB=D1=8C=D0=B7=D0=BE=D0=B2=D0=B0=
=D1=82=D0=B5=D0=BB=D1=8C=D1=81=D0=BA=D0=B8=D0=B9 =D1=81=D0=BF=D0=B8=D1=81=D0=
=BE=D0=BA =D0=B2=D1=8B=D1=80=D0=B0=D0=B6=D0=B5=D0=BD=D0=B8=D0=B9',
 'urlfilter enable custom whitelist' =3D> '=D0=A0=D0=B0=D0=B7=D1=80=D0=B5=D1=
=88=D0=B8=D1=82=D1=8C =D0=BF=D0=BE=D0=BB=D1=8C=D0=B7=D0=BE=D0=B2=D0=B0=D1=82=
=D0=B5=D0=BB=D1=8C=D1=81=D0=BA=D0=B8=D0=B9 =D0=B1=D0=B5=D0=BB=D1=8B=D0=B9 =D1=
=81=D0=BF=D0=B8=D1=81=D0=BE=D0=BA',
diff --git a/langs/tr/cgi-bin/tr.pl b/langs/tr/cgi-bin/tr.pl
index 9eb300006..bbb01ce6b 100644
--- a/langs/tr/cgi-bin/tr.pl
+++ b/langs/tr/cgi-bin/tr.pl
@@ -2485,6 +2485,7 @@
 'urlfilter enable custom blacklist' =3D> '=C3=96zel kara listeyi aktifle=C5=
=9Ftir',
 'urlfilter enable custom expression list' =3D> '=C3=96zel ifade listesini ak=
tifle=C5=9Ftir',
 'urlfilter enable custom whitelist' =3D> '=C3=96zel beyaz listeyi aktifle=C5=
=9Ftir',
+'urlfilter enable dnsbl' =3D> 'DNS Blacklist etkinle=C5=9Ftirin',
 'urlfilter enable expression lists' =3D> '=C4=B0fade listesini aktifle=C5=9F=
tir',
 'urlfilter enable full backup' =3D> 'Tamamlanan kara listeyi dahil et',
 'urlfilter enable jpeg' =3D> 'Arka plan resmini aktifle=C5=9Ftir',
diff --git a/lfs/squidguard b/lfs/squidguard
index e3fd0c4e4..bca43ce22 100644
--- a/lfs/squidguard
+++ b/lfs/squidguard
@@ -1,7 +1,7 @@
 ############################################################################=
###
 #                                                                           =
  #
 # IPFire.org - A linux based firewall                                       =
  #
-# Copyright (C) 2007-2016  IPFire Team  <info(a)ipfire.org>                 =
    #
+# Copyright (C) 2007-2017  IPFire Team  <info(a)ipfire.org>                 =
    #
 #                                                                           =
  #
 # This program is free software: you can redistribute it and/or modify      =
  #
 # it under the terms of the GNU General Public License as published by      =
  #
--=20
2.11.0


--===============8856011203886053865==--