From 385d1827985ea568d047369f88b8eadd82ca53e2 Mon Sep 17 00:00:00 2001
From: Ad Schellevis <ad@opnsense.org>
Date: Mon, 10 Oct 2022 18:24:32 +0200
Subject: [PATCH] Firewall: Aliases - support Maxmind's unclassified EU
 (region, country unknown) as country selector EU

6255148,en,EU,Europe,,,0

Although the same applies for Asia, we can't use AS as country code here, so we do have to skip this for now until we find a better alternative.

6255147,en,AS,Asia,,,0

closes https://github.com/opnsense/core/issues/6063
---
 .../controllers/OPNsense/Firewall/Api/AliasController.php  | 7 ++++++-
 .../OPNsense/Firewall/FieldTypes/AliasContentField.php     | 2 ++
 src/opnsense/scripts/filter/lib/geoip.py                   | 7 +++++--
 3 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/src/opnsense/mvc/app/controllers/OPNsense/Firewall/Api/AliasController.php b/src/opnsense/mvc/app/controllers/OPNsense/Firewall/Api/AliasController.php
index f3d13c4c6..e8b88a61e 100644
--- a/src/opnsense/mvc/app/controllers/OPNsense/Firewall/Api/AliasController.php
+++ b/src/opnsense/mvc/app/controllers/OPNsense/Firewall/Api/AliasController.php
@@ -182,7 +182,12 @@ class AliasController extends ApiMutableModelControllerBase
      */
     public function listCountriesAction()
     {
-        $result = array();
+        $result = [
+            'EU' => [
+                'name' => gettext('Unclassified'),
+                'region' => 'Europe'
+            ]
+        ];
 
         foreach (explode("\n", file_get_contents('/usr/local/opnsense/contrib/tzdata/iso3166.tab')) as $line) {
             $line = trim($line);
diff --git a/src/opnsense/mvc/app/models/OPNsense/Firewall/FieldTypes/AliasContentField.php b/src/opnsense/mvc/app/models/OPNsense/Firewall/FieldTypes/AliasContentField.php
index dab5039e8..54203f08f 100644
--- a/src/opnsense/mvc/app/models/OPNsense/Firewall/FieldTypes/AliasContentField.php
+++ b/src/opnsense/mvc/app/models/OPNsense/Firewall/FieldTypes/AliasContentField.php
@@ -105,6 +105,8 @@ class AliasContentField extends BaseField
     private function getCountryCodes()
     {
         if (empty(self::$internalCountryCodes)) {
+            // Maxmind's country code 6255148 (EU Unclassified)
+            self::$internalCountryCodes[] = 'EU';
             foreach (explode("\n", file_get_contents('/usr/local/opnsense/contrib/tzdata/iso3166.tab')) as $line) {
                 $line = trim($line);
                 if (strlen($line) > 3 && substr($line, 0, 1) != '#') {
diff --git a/src/opnsense/scripts/filter/lib/geoip.py b/src/opnsense/scripts/filter/lib/geoip.py
index 26d503671..53a1141fa 100755
--- a/src/opnsense/scripts/filter/lib/geoip.py
+++ b/src/opnsense/scripts/filter/lib/geoip.py
@@ -90,8 +90,11 @@ def download_geolite():
                         locations = zf.open(file_handles[result['locations_filename']]).read()
                         for line in locations.decode().split('\n'):
                             parts = line.split(',')
-                            if len(parts) > 4 and len(parts[4]) >= 1 and len(parts[4]) <= 3:
-                                country_codes[parts[0]] = parts[4]
+                            if len(parts) > 4 and parts[0].isdigit():
+                                if len(parts[4]) >= 1:
+                                    country_codes[parts[0]] = parts[4]
+                                elif parts[2] == 'EU':
+                                    country_codes[parts[0]] = parts[2]
                         # process all details into files per country / protocol
                         for proto in ['IPv4', 'IPv6']:
                             if result['address_sources'][proto] is not None: