diff options
author | Renato Botelho <garga@FreeBSD.org> | 2014-12-30 11:38:00 -0200 |
---|---|---|
committer | Renato Botelho <garga@FreeBSD.org> | 2014-12-30 11:38:00 -0200 |
commit | 081a958949c4efcfeb8221b2184b2a337a509ab8 (patch) | |
tree | 55424c698332d2d73af430ddf01e0b10bfdb67f1 /config/pfblockerng/pfblockerng_top20.xml | |
parent | 4b6c1012da36dd079a219056f812970b29a36fb7 (diff) | |
parent | d43feb2ccc0cd5a617a20858c6ca5e3129e649a0 (diff) | |
download | pfsense-packages-081a958949c4efcfeb8221b2184b2a337a509ab8.tar.gz pfsense-packages-081a958949c4efcfeb8221b2184b2a337a509ab8.tar.bz2 pfsense-packages-081a958949c4efcfeb8221b2184b2a337a509ab8.zip |
Merge pull request #743 from BBcan177/pfBlockerNG_Beta_0.99
Diffstat (limited to 'config/pfblockerng/pfblockerng_top20.xml')
-rw-r--r-- | config/pfblockerng/pfblockerng_top20.xml | 290 |
1 files changed, 290 insertions, 0 deletions
diff --git a/config/pfblockerng/pfblockerng_top20.xml b/config/pfblockerng/pfblockerng_top20.xml new file mode 100644 index 00000000..7d2cf033 --- /dev/null +++ b/config/pfblockerng/pfblockerng_top20.xml @@ -0,0 +1,290 @@ +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<packagegui> + <copyright> + <![CDATA[ +/* $Id$ */ +/* ========================================================================== */ +/* + pfBlockerNG_Top20.xml + + pfBlockerNG + Copyright (C) 2014 BBcan177@gmail.com + All rights reserved. + + Based upon pfblocker for pfSense + Copyright (C) 2011 Marcello Coutinho + All rights reserved. +*/ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* ========================================================================== */ + ]]> + </copyright> + <description>Describe your package here</description> + <requirements>Describe your package requirements here</requirements> + <faq>Currently there are no FAQ items provided.</faq> + <name>pfblockerngtopspammers</name> + <version>1.0</version> + <title>pfBlockerNG: Top 20 Spammer Countries</title> + <include_file>/usr/local/pkg/pfblockerng/pfblockerng.inc</include_file> + <menu> + <name>pfBlockerNG</name> + <tooltiptext>Configure pfblockerNG</tooltiptext> + <section>Firewall</section> + <url>pkg_edit.php?xml=pfblockerng.xml&id=0</url> + </menu> + <tabs> + <tab> + <text>General</text> + <url>/pkg_edit.php?xml=pfblockerng.xml&id=0</url> + </tab> + <tab> + <text>Update</text> + <url>/pfblockerng/pfblockerng_update.php</url> + </tab> + <tab> + <text>Alerts</text> + <url>/pfblockerng/pfblockerng_alerts.php</url> + </tab> + <tab> + <text>Reputation</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_reputation.xml&id=0</url> + </tab> + <tab> + <text>IPv4</text> + <url>/pkg.php?xml=/pfblockerng/pfblockerng_v4lists.xml</url> + </tab> + <tab> + <text>IPv6</text> + <url>/pkg.php?xml=/pfblockerng/pfblockerng_v6lists.xml</url> + </tab> + <tab> + <text>Top 20</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_top20.xml&id=0</url> + <active/> + </tab> + <tab> + <text>Africa</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_Africa.xml&id=0</url> + </tab> + <tab> + <text>Asia</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_Asia.xml&id=0</url> + </tab> + <tab> + <text>Europe</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_Europe.xml&id=0</url> + </tab> + <tab> + <text>N.A.</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_NorthAmerica.xml&id=0</url> + </tab> + <tab> + <text>Oceania</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_Oceania.xml&id=0</url> + </tab> + <tab> + <text>S.A.</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_SouthAmerica.xml&id=0</url> + </tab> + <tab> + <text>Logs</text> + <url>/pfblockerng/pfblockerng_log.php</url> + </tab> + <tab> + <text>Sync</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_sync.xml&id=0</url> + </tab> + </tabs> + <fields> + <field> + <name><![CDATA[TOP 20 - Spammer Countries (Geolite Data by Maxmind Inc. - ISO 3166)]]></name> + <type>listtopic</type> + </field> + <field> + <fielddescr>LINKS</fielddescr> + <fieldname>none</fieldname> + <description><![CDATA[<a href="/firewall_aliases.php">Firewall Alias</a> <a href="/firewall_rules.php">Firewall Rules</a> <a href="diag_logs_filter.php">Firewall Logs</a>]]> + </description> + <type>info</type> + </field> + <field> + <fielddescr><![CDATA[<br /><strong>Top 20 IPv4</strong><br />Spammer Countries]]></fielddescr> + <fieldname>countries4</fieldname> + <description> + <![CDATA[Select Top IPv4 Spammer Countries you want to take an action on.<br /> + <strong>Use CTRL + CLICK to unselect countries</strong>]]> + </description> + <type>select</type> + <options> + <option><name>China-CN</name><value>CN</value></option> + <option><name>Russia-RU</name><value>RU</value></option> + <option><name>Japan-JP</name><value>JP</value></option> + <option><name>Ukraine-UA</name><value>UA</value></option> + <option><name>United Kingdom-GB</name><value>GB</value></option> + <option><name>Germany-DE</name><value>DE</value></option> + <option><name>Brazil-BR</name><value>BR</value></option> + <option><name>France-FR</name><value>FR</value></option> + <option><name>India-IN</name><value>IN</value></option> + <option><name>Turkey-TR</name><value>TR</value></option> + <option><name>Italy-IT</name><value>IT</value></option> + <option><name>South Korea-KR</name><value>KR</value></option> + <option><name>Poland-PL</name><value>PL</value></option> + <option><name>Spain-ES</name><value>ES</value></option> + <option><name>Vietnam-VN</name><value>VN</value></option> + <option><name>Argentina-AR</name><value>AR</value></option> + <option><name>Columbia-CO</name><value>CO</value></option> + <option><name>Taiwan-TW</name><value>TW</value></option> + <option><name>Mexico-MX</name><value>MX</value></option> + <option><name>Chilie-CL</name><value>CL</value></option> + </options> + <size>20</size> + <multiple/> + </field> + <field> + <fielddescr><![CDATA[<br /><strong>Top 20 IPv6</strong><br />Spammer Countries]]></fielddescr> + <fieldname>countries6</fieldname> + <description> + <![CDATA[Select Top IPv6 Spammer Countries you want to take an action on.<br /> + <strong>Use CTRL + CLICK to unselect countries</strong>]]> + </description> + <type>select</type> + <options> + <option><name>China-CN</name><value>CN</value></option> + <option><name>Russia-RU</name><value>RU</value></option> + <option><name>Japan-JP</name><value>JP</value></option> + <option><name>Ukraine-UA</name><value>UA</value></option> + <option><name>United Kingdom-GB</name><value>GB</value></option> + <option><name>Germany-DE</name><value>DE</value></option> + <option><name>Brazil-BR</name><value>BR</value></option> + <option><name>France-FR</name><value>FR</value></option> + <option><name>India-IN</name><value>IN</value></option> + <option><name>Turkey-TR</name><value>TR</value></option> + <option><name>Italy-IT</name><value>IT</value></option> + <option><name>South Korea-KR</name><value>KR</value></option> + <option><name>Poland-PL</name><value>PL</value></option> + <option><name>Spain-ES</name><value>ES</value></option> + <option><name>Vietnam-VN</name><value>VN</value></option> + <option><name>Argentina-AR</name><value>AR</value></option> + <option><name>Columbia-CO</name><value>CO</value></option> + <option><name>Taiwan-TW</name><value>TW</value></option> + <option><name>Mexico-MX</name><value>MX</value></option> + <option><name>Chilie-CL</name><value>CL</value></option> + </options> + <size>20</size> + <multiple/> + </field> + <field> + <fielddescr>List Action</fielddescr> + <description><![CDATA[<br />Default : <strong>Disabled</strong><br /><br /> + Select the <strong>Action</strong> for Firewall Rules on lists you have selected.<br /><br /> + <strong><u>'Disabled' Rules:</u></strong> Disables selection and does nothing to selected Alias.<br /><br /> + + <strong><u>'Deny' Rules:</u></strong><br /> + 'Deny' rules create high priority 'block' or 'reject' rules on the stated interfaces. They don't change the 'pass' rules on other + interfaces. Typical uses of 'Deny' rules are:<br /> + <ul><li><strong>Deny Both</strong> - blocks all traffic in both directions, if the source or destination IP is in the block list</li> + <li><strong>Deny Inbound/Deny Outbound</strong> - blocks all traffic in one direction <u>unless</u> it is part of a session started by + traffic sent in the other direction. Does not affect traffic in the other direction. </li> + <li>One way 'Deny' rules can be used to selectively block <u>unsolicited</u> incoming (new session) packets in one direction, while + still allowing <u>deliberate</u> outgoing sessions to be created in the other direction.</li></ul> + <strong><u>'Permit' Rules:</u></strong><br /> + 'Permit' rules create high priority 'pass' rules on the stated interfaces. They are the opposite of Deny rules, and don't create + any 'blocking' effect anywhere. They have priority over all Deny rules. Typical uses of 'Permit' rules are:<br /> + <ul><li><strong>To ensure</strong> that traffic to/from the listed IPs will <u>always</u> be allowed in the stated directions. They + override <u>almost all other</u> Firewall rules on the stated interfaces.</li> + <li><strong>To act as a whitelist</strong> for Deny rule exceptions, for example if a large IP range or pre-created blocklist blocks a + few IPs that should be accessible.</li></ul> + <strong><u>'Match' Rules:</u></strong><br /> + 'Match' or 'Log' only the traffic on the stated interfaces. This does not Block or Reject. It just Logs the traffic. + <ul><li><strong>Match Both</strong> - Matches all traffic in both directions, if the source or destination IP is in the list.</li> + <li><strong>Match Inbound/Match Outbound</strong> - Matches all traffic in one direction only.</li></ul> + <strong><u>'Alias' Rules:</u></strong><br /> + <strong>'Alias'</strong> rules create an <a href="/firewall_aliases.php">alias</a> for the list (and do nothing else). + This enables a pfBlockerNG list to be used by name, in any firewall rule or pfSense function, as desired. + <ul><li><strong>Options - Alias Deny, Alias Permit, Alias Match, Alias Native</strong></li><br /> + <li>'Alias Deny' can use De-Duplication and Reputation Processes if configured.</li><br /> + <li>'Alias Permit' and 'Alias Match' will be saved in the Same folder as the other Permit/Match Auto-Rules</li><br /> + <li>'Alias Native' lists are kept in their Native format without any modifications.</li></ul> + <strong>When using 'Alias' rules, change (pfB_) to ( pfb_ ) in the beginning of rule description and Use the 'Exact' spelling of + the Alias (no trailing Whitespace) </strong> Custom 'Alias' rules with 'pfB_ xxx' description will be removed by package if + using Auto Rule Creation.<br /><br /><strong>Tip</strong>: You can create the Auto Rules and remove "<u>auto rule</u>" from the Rule + Descriptions, then disable Auto Rules. This method will 'KEEP' these rules from being 'Deleted' which will allow editing for a Custom + Alias Configuration<br />]]> + </description> + <fieldname>action</fieldname> + <type>select</type> + <options> + <option><name>Disabled</name><value>Disabled</value></option> + <option><name>Deny Inbound</name><value>Deny_Inbound</value></option> + <option><name>Deny Outbound</name><value>Deny_Outbound</value></option> + <option><name>Deny Both</name><value>Deny_Both</value></option> + <option><name>Permit Inbound</name><value>Permit_Inbound</value></option> + <option><name>Permit Outbound</name><value>Permit_Outbound</value></option> + <option><name>Permit Both</name><value>Permit_Both</value></option> + <option><name>Match Inbound</name><value>Match_Inbound</value></option> + <option><name>Match Outbound</name><value>Match_Outbound</value></option> + <option><name>Match Both</name><value>Match_Both</value></option> + <option><name>Alias Deny</name><value>Alias_Deny</value></option> + <option><name>Alias Permit</name><value>Alias_Permit</value></option> + <option><name>Alias Match</name><value>Alias_Match</value></option> + </options> + </field> + <field> + <fielddescr>Enable Logging</fielddescr> + <fieldname>aliaslog</fieldname> + <description><![CDATA[Default:<strong>Enable</strong><br /> + Select - Logging to Status: System Logs: FIREWALL ( Log )]]> + </description> + <type>select</type> + <options> + <option><name>Enable</name><value>enabled</value></option> + <option><name>Disable</name><value>disabled</value></option> + </options> + </field> + <field> + <name><![CDATA[<ul>Click to SAVE Settings and/or Rule Edits. Changes are Applied via CRON or + 'Force Update'</ul>]]> </name> + <type>listtopic</type> + </field> + </fields> + <custom_php_install_command> + pfblockerng_php_install_command(); + </custom_php_install_command> + <custom_php_deinstall_command> + pfblockerng_php_deinstall_command(); + </custom_php_deinstall_command> + <custom_php_validation_command> + pfblockerng_validate_input($_POST, $input_errors); + </custom_php_validation_command> + <custom_php_resync_config_command> + global $pfb; + $pfb['save'] = TRUE; + sync_package_pfblockerng(); + </custom_php_resync_config_command> +</packagegui>
\ No newline at end of file |