aboutsummaryrefslogtreecommitdiffstats
path: root/config/pfblockerng/pfblockerng_top20.xml
diff options
context:
space:
mode:
authorRenato Botelho <garga@FreeBSD.org>2014-12-30 11:38:00 -0200
committerRenato Botelho <garga@FreeBSD.org>2014-12-30 11:38:00 -0200
commit081a958949c4efcfeb8221b2184b2a337a509ab8 (patch)
tree55424c698332d2d73af430ddf01e0b10bfdb67f1 /config/pfblockerng/pfblockerng_top20.xml
parent4b6c1012da36dd079a219056f812970b29a36fb7 (diff)
parentd43feb2ccc0cd5a617a20858c6ca5e3129e649a0 (diff)
downloadpfsense-packages-081a958949c4efcfeb8221b2184b2a337a509ab8.tar.gz
pfsense-packages-081a958949c4efcfeb8221b2184b2a337a509ab8.tar.bz2
pfsense-packages-081a958949c4efcfeb8221b2184b2a337a509ab8.zip
Merge pull request #743 from BBcan177/pfBlockerNG_Beta_0.99
Diffstat (limited to 'config/pfblockerng/pfblockerng_top20.xml')
-rw-r--r--config/pfblockerng/pfblockerng_top20.xml290
1 files changed, 290 insertions, 0 deletions
diff --git a/config/pfblockerng/pfblockerng_top20.xml b/config/pfblockerng/pfblockerng_top20.xml
new file mode 100644
index 00000000..7d2cf033
--- /dev/null
+++ b/config/pfblockerng/pfblockerng_top20.xml
@@ -0,0 +1,290 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd">
+<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?>
+<packagegui>
+ <copyright>
+ <![CDATA[
+/* $Id$ */
+/* ========================================================================== */
+/*
+ pfBlockerNG_Top20.xml
+
+ pfBlockerNG
+ Copyright (C) 2014 BBcan177@gmail.com
+ All rights reserved.
+
+ Based upon pfblocker for pfSense
+ Copyright (C) 2011 Marcello Coutinho
+ All rights reserved.
+*/
+/* ========================================================================== */
+/*
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+/* ========================================================================== */
+ ]]>
+ </copyright>
+ <description>Describe your package here</description>
+ <requirements>Describe your package requirements here</requirements>
+ <faq>Currently there are no FAQ items provided.</faq>
+ <name>pfblockerngtopspammers</name>
+ <version>1.0</version>
+ <title>pfBlockerNG: Top 20 Spammer Countries</title>
+ <include_file>/usr/local/pkg/pfblockerng/pfblockerng.inc</include_file>
+ <menu>
+ <name>pfBlockerNG</name>
+ <tooltiptext>Configure pfblockerNG</tooltiptext>
+ <section>Firewall</section>
+ <url>pkg_edit.php?xml=pfblockerng.xml&amp;id=0</url>
+ </menu>
+ <tabs>
+ <tab>
+ <text>General</text>
+ <url>/pkg_edit.php?xml=pfblockerng.xml&amp;id=0</url>
+ </tab>
+ <tab>
+ <text>Update</text>
+ <url>/pfblockerng/pfblockerng_update.php</url>
+ </tab>
+ <tab>
+ <text>Alerts</text>
+ <url>/pfblockerng/pfblockerng_alerts.php</url>
+ </tab>
+ <tab>
+ <text>Reputation</text>
+ <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_reputation.xml&amp;id=0</url>
+ </tab>
+ <tab>
+ <text>IPv4</text>
+ <url>/pkg.php?xml=/pfblockerng/pfblockerng_v4lists.xml</url>
+ </tab>
+ <tab>
+ <text>IPv6</text>
+ <url>/pkg.php?xml=/pfblockerng/pfblockerng_v6lists.xml</url>
+ </tab>
+ <tab>
+ <text>Top 20</text>
+ <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_top20.xml&amp;id=0</url>
+ <active/>
+ </tab>
+ <tab>
+ <text>Africa</text>
+ <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_Africa.xml&amp;id=0</url>
+ </tab>
+ <tab>
+ <text>Asia</text>
+ <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_Asia.xml&amp;id=0</url>
+ </tab>
+ <tab>
+ <text>Europe</text>
+ <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_Europe.xml&amp;id=0</url>
+ </tab>
+ <tab>
+ <text>N.A.</text>
+ <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_NorthAmerica.xml&amp;id=0</url>
+ </tab>
+ <tab>
+ <text>Oceania</text>
+ <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_Oceania.xml&amp;id=0</url>
+ </tab>
+ <tab>
+ <text>S.A.</text>
+ <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_SouthAmerica.xml&amp;id=0</url>
+ </tab>
+ <tab>
+ <text>Logs</text>
+ <url>/pfblockerng/pfblockerng_log.php</url>
+ </tab>
+ <tab>
+ <text>Sync</text>
+ <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_sync.xml&amp;id=0</url>
+ </tab>
+ </tabs>
+ <fields>
+ <field>
+ <name><![CDATA[TOP 20 - Spammer Countries&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; (Geolite Data by Maxmind Inc. - ISO 3166)]]></name>
+ <type>listtopic</type>
+ </field>
+ <field>
+ <fielddescr>LINKS</fielddescr>
+ <fieldname>none</fieldname>
+ <description><![CDATA[<a href="/firewall_aliases.php">Firewall Alias</a> &nbsp;&nbsp;&nbsp; <a href="/firewall_rules.php">Firewall Rules</a> &nbsp;&nbsp;&nbsp; <a href="diag_logs_filter.php">Firewall Logs</a>]]>
+ </description>
+ <type>info</type>
+ </field>
+ <field>
+ <fielddescr><![CDATA[<br /><strong>Top 20 IPv4</strong><br />Spammer Countries]]></fielddescr>
+ <fieldname>countries4</fieldname>
+ <description>
+ <![CDATA[Select Top IPv4 Spammer Countries you want to take an action on.<br />
+ <strong>Use CTRL + CLICK to unselect countries</strong>]]>
+ </description>
+ <type>select</type>
+ <options>
+ <option><name>China-CN</name><value>CN</value></option>
+ <option><name>Russia-RU</name><value>RU</value></option>
+ <option><name>Japan-JP</name><value>JP</value></option>
+ <option><name>Ukraine-UA</name><value>UA</value></option>
+ <option><name>United Kingdom-GB</name><value>GB</value></option>
+ <option><name>Germany-DE</name><value>DE</value></option>
+ <option><name>Brazil-BR</name><value>BR</value></option>
+ <option><name>France-FR</name><value>FR</value></option>
+ <option><name>India-IN</name><value>IN</value></option>
+ <option><name>Turkey-TR</name><value>TR</value></option>
+ <option><name>Italy-IT</name><value>IT</value></option>
+ <option><name>South Korea-KR</name><value>KR</value></option>
+ <option><name>Poland-PL</name><value>PL</value></option>
+ <option><name>Spain-ES</name><value>ES</value></option>
+ <option><name>Vietnam-VN</name><value>VN</value></option>
+ <option><name>Argentina-AR</name><value>AR</value></option>
+ <option><name>Columbia-CO</name><value>CO</value></option>
+ <option><name>Taiwan-TW</name><value>TW</value></option>
+ <option><name>Mexico-MX</name><value>MX</value></option>
+ <option><name>Chilie-CL</name><value>CL</value></option>
+ </options>
+ <size>20</size>
+ <multiple/>
+ </field>
+ <field>
+ <fielddescr><![CDATA[<br /><strong>Top 20 IPv6</strong><br />Spammer Countries]]></fielddescr>
+ <fieldname>countries6</fieldname>
+ <description>
+ <![CDATA[Select Top IPv6 Spammer Countries you want to take an action on.<br />
+ <strong>Use CTRL + CLICK to unselect countries</strong>]]>
+ </description>
+ <type>select</type>
+ <options>
+ <option><name>China-CN</name><value>CN</value></option>
+ <option><name>Russia-RU</name><value>RU</value></option>
+ <option><name>Japan-JP</name><value>JP</value></option>
+ <option><name>Ukraine-UA</name><value>UA</value></option>
+ <option><name>United Kingdom-GB</name><value>GB</value></option>
+ <option><name>Germany-DE</name><value>DE</value></option>
+ <option><name>Brazil-BR</name><value>BR</value></option>
+ <option><name>France-FR</name><value>FR</value></option>
+ <option><name>India-IN</name><value>IN</value></option>
+ <option><name>Turkey-TR</name><value>TR</value></option>
+ <option><name>Italy-IT</name><value>IT</value></option>
+ <option><name>South Korea-KR</name><value>KR</value></option>
+ <option><name>Poland-PL</name><value>PL</value></option>
+ <option><name>Spain-ES</name><value>ES</value></option>
+ <option><name>Vietnam-VN</name><value>VN</value></option>
+ <option><name>Argentina-AR</name><value>AR</value></option>
+ <option><name>Columbia-CO</name><value>CO</value></option>
+ <option><name>Taiwan-TW</name><value>TW</value></option>
+ <option><name>Mexico-MX</name><value>MX</value></option>
+ <option><name>Chilie-CL</name><value>CL</value></option>
+ </options>
+ <size>20</size>
+ <multiple/>
+ </field>
+ <field>
+ <fielddescr>List Action</fielddescr>
+ <description><![CDATA[<br />Default : <strong>Disabled</strong><br /><br />
+ Select the <strong>Action</strong> for Firewall Rules on lists you have selected.<br /><br />
+ <strong><u>'Disabled' Rules:</u></strong> Disables selection and does nothing to selected Alias.<br /><br />
+
+ <strong><u>'Deny' Rules:</u></strong><br />
+ 'Deny' rules create high priority 'block' or 'reject' rules on the stated interfaces. They don't change the 'pass' rules on other
+ interfaces. Typical uses of 'Deny' rules are:<br />
+ <ul><li><strong>Deny Both</strong> - blocks all traffic in both directions, if the source or destination IP is in the block list</li>
+ <li><strong>Deny Inbound/Deny Outbound</strong> - blocks all traffic in one direction <u>unless</u> it is part of a session started by
+ traffic sent in the other direction. Does not affect traffic in the other direction. </li>
+ <li>One way 'Deny' rules can be used to selectively block <u>unsolicited</u> incoming (new session) packets in one direction, while
+ still allowing <u>deliberate</u> outgoing sessions to be created in the other direction.</li></ul>
+ <strong><u>'Permit' Rules:</u></strong><br />
+ 'Permit' rules create high priority 'pass' rules on the stated interfaces. They are the opposite of Deny rules, and don't create
+ any 'blocking' effect anywhere. They have priority over all Deny rules. Typical uses of 'Permit' rules are:<br />
+ <ul><li><strong>To ensure</strong> that traffic to/from the listed IPs will <u>always</u> be allowed in the stated directions. They
+ override <u>almost all other</u> Firewall rules on the stated interfaces.</li>
+ <li><strong>To act as a whitelist</strong> for Deny rule exceptions, for example if a large IP range or pre-created blocklist blocks a
+ few IPs that should be accessible.</li></ul>
+ <strong><u>'Match' Rules:</u></strong><br />
+ 'Match' or 'Log' only the traffic on the stated interfaces. This does not Block or Reject. It just Logs the traffic.
+ <ul><li><strong>Match Both</strong> - Matches all traffic in both directions, if the source or destination IP is in the list.</li>
+ <li><strong>Match Inbound/Match Outbound</strong> - Matches all traffic in one direction only.</li></ul>
+ <strong><u>'Alias' Rules:</u></strong><br />
+ <strong>'Alias'</strong> rules create an <a href="/firewall_aliases.php">alias</a> for the list (and do nothing else).
+ This enables a pfBlockerNG list to be used by name, in any firewall rule or pfSense function, as desired.
+ <ul><li><strong>Options &nbsp;&nbsp; - Alias Deny,&nbsp; Alias Permit,&nbsp; Alias Match,&nbsp; Alias Native</strong></li><br />
+ <li>'Alias Deny' can use De-Duplication and Reputation Processes if configured.</li><br />
+ <li>'Alias Permit' and 'Alias Match' will be saved in the Same folder as the other Permit/Match Auto-Rules</li><br />
+ <li>'Alias Native' lists are kept in their Native format without any modifications.</li></ul>
+ <strong>When using 'Alias' rules, change (pfB_) to ( pfb_ ) in the beginning of rule description and Use the 'Exact' spelling of
+ the Alias (no trailing Whitespace)&nbsp;</strong> Custom 'Alias' rules with 'pfB_ xxx' description will be removed by package if
+ using Auto Rule Creation.<br /><br /><strong>Tip</strong>: You can create the Auto Rules and remove "<u>auto rule</u>" from the Rule
+ Descriptions, then disable Auto Rules. This method will 'KEEP' these rules from being 'Deleted' which will allow editing for a Custom
+ Alias Configuration<br />]]>
+ </description>
+ <fieldname>action</fieldname>
+ <type>select</type>
+ <options>
+ <option><name>Disabled</name><value>Disabled</value></option>
+ <option><name>Deny Inbound</name><value>Deny_Inbound</value></option>
+ <option><name>Deny Outbound</name><value>Deny_Outbound</value></option>
+ <option><name>Deny Both</name><value>Deny_Both</value></option>
+ <option><name>Permit Inbound</name><value>Permit_Inbound</value></option>
+ <option><name>Permit Outbound</name><value>Permit_Outbound</value></option>
+ <option><name>Permit Both</name><value>Permit_Both</value></option>
+ <option><name>Match Inbound</name><value>Match_Inbound</value></option>
+ <option><name>Match Outbound</name><value>Match_Outbound</value></option>
+ <option><name>Match Both</name><value>Match_Both</value></option>
+ <option><name>Alias Deny</name><value>Alias_Deny</value></option>
+ <option><name>Alias Permit</name><value>Alias_Permit</value></option>
+ <option><name>Alias Match</name><value>Alias_Match</value></option>
+ </options>
+ </field>
+ <field>
+ <fielddescr>Enable Logging</fielddescr>
+ <fieldname>aliaslog</fieldname>
+ <description><![CDATA[Default:<strong>Enable</strong><br />
+ Select - Logging to Status: System Logs: FIREWALL ( Log )]]>
+ </description>
+ <type>select</type>
+ <options>
+ <option><name>Enable</name><value>enabled</value></option>
+ <option><name>Disable</name><value>disabled</value></option>
+ </options>
+ </field>
+ <field>
+ <name><![CDATA[<ul>Click to SAVE Settings and/or Rule Edits. &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Changes are Applied via CRON or
+ 'Force Update'</ul>]]> </name>
+ <type>listtopic</type>
+ </field>
+ </fields>
+ <custom_php_install_command>
+ pfblockerng_php_install_command();
+ </custom_php_install_command>
+ <custom_php_deinstall_command>
+ pfblockerng_php_deinstall_command();
+ </custom_php_deinstall_command>
+ <custom_php_validation_command>
+ pfblockerng_validate_input($_POST, $input_errors);
+ </custom_php_validation_command>
+ <custom_php_resync_config_command>
+ global $pfb;
+ $pfb['save'] = TRUE;
+ sync_package_pfblockerng();
+ </custom_php_resync_config_command>
+</packagegui> \ No newline at end of file