diff options
author | Chris Buechler <cmb@pfsense.org> | 2015-11-20 04:13:13 -0600 |
---|---|---|
committer | Chris Buechler <cmb@pfsense.org> | 2015-11-20 04:13:13 -0600 |
commit | 93db1c7e80d14adb9105333a2fbb7fa002053c5f (patch) | |
tree | f8ac6294f25e6be8f5f7a2f787f7215cfd2527e1 /config/pfblockerng/pfblockerng_v4lists.xml | |
parent | ff93f32ea9da473792db0fa4eefe3e277a463989 (diff) | |
parent | 1dab6de7ab4cb66d19a0f89c4a162b8120a72f05 (diff) | |
download | pfsense-packages-93db1c7e80d14adb9105333a2fbb7fa002053c5f.tar.gz pfsense-packages-93db1c7e80d14adb9105333a2fbb7fa002053c5f.tar.bz2 pfsense-packages-93db1c7e80d14adb9105333a2fbb7fa002053c5f.zip |
Merge pull request #1174 from BBcan177/pfBNG-11-15-15-1
Diffstat (limited to 'config/pfblockerng/pfblockerng_v4lists.xml')
-rw-r--r-- | config/pfblockerng/pfblockerng_v4lists.xml | 251 |
1 files changed, 127 insertions, 124 deletions
diff --git a/config/pfblockerng/pfblockerng_v4lists.xml b/config/pfblockerng/pfblockerng_v4lists.xml index 00747a24..9ef3626b 100644 --- a/config/pfblockerng/pfblockerng_v4lists.xml +++ b/config/pfblockerng/pfblockerng_v4lists.xml @@ -1,6 +1,6 @@ <?xml version="1.0" encoding="utf-8" ?> -<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> -<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> <copyright> <![CDATA[ @@ -9,14 +9,15 @@ pfBlockerNG_v4lists.xml pfBlockerNG - Copyright (C) 2015 BBcan177@gmail.com + Copyright (c) 2015 BBcan177@gmail.com All rights reserved. Based upon pfblocker for pfSense - Copyright (C) 2011 Marcello Coutinho + Copyright (c) 2011 Marcello Coutinho - part of pfSense (http://www.pfSense.com) - Copyright (C) 2010 Scott Ullrich <sullrich@gmail.com> + part of pfSense (http://www.pfSense.org) + Copyright (c) 2015 Electric Sheep Fencing, LLC. All rights reserved. + Copyright (c) 2004-2005 Scott Ullrich All rights reserved. */ /* ========================================================================== */ @@ -64,7 +65,7 @@ <tabs> <tab> <text>General</text> - <url>/pkg_edit.php?xml=pfblockerng.xml&id=0</url> + <url>/pkg_edit.php?xml=pfblockerng.xml</url> <tooltiptext></tooltiptext> </tab> <tab> @@ -77,48 +78,24 @@ </tab> <tab> <text>Reputation</text> - <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_reputation.xml&id=0</url> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_reputation.xml</url> </tab> <tab> <text>IPv4</text> - <url>/pkg.php?xml=/pfblockerng/pfblockerng_v4lists.xml&id=0</url> + <url>/pkg.php?xml=/pfblockerng/pfblockerng_v4lists.xml</url> <active/> </tab> <tab> <text>IPv6</text> - <url>/pkg.php?xml=/pfblockerng/pfblockerng_v6lists.xml&id=0</url> + <url>/pkg.php?xml=/pfblockerng/pfblockerng_v6lists.xml</url> </tab> <tab> - <text>Top 20</text> - <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_top20.xml&id=0</url> + <text>DNSBL</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_dnsbl.xml</url> </tab> <tab> - <text>Africa</text> - <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_Africa.xml&id=0</url> - </tab> - <tab> - <text>Asia</text> - <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_Asia.xml&id=0</url> - </tab> - <tab> - <text>Europe</text> - <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_Europe.xml&id=0</url> - </tab> - <tab> - <text>N.A.</text> - <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_NorthAmerica.xml&id=0</url> - </tab> - <tab> - <text>Oceania</text> - <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_Oceania.xml&id=0</url> - </tab> - <tab> - <text>S.A.</text> - <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_SouthAmerica.xml&id=0</url> - </tab> - <tab> - <text>P.S.</text> - <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_ProxyandSatellite.xml&id=0</url> + <text>Country</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_top20.xml</url> </tab> <tab> <text>Logs</text> @@ -126,51 +103,50 @@ </tab> <tab> <text>Sync</text> - <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_sync.xml&id=0</url> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_sync.xml</url> </tab> </tabs> - <adddeleteeditpagefields> - <columnitem> - <fielddescr>Alias Name</fielddescr> - <fieldname>aliasname</fieldname> - </columnitem> - <columnitem> - <fielddescr>Alias Description</fielddescr> - <fieldname>description</fieldname> - </columnitem> - <columnitem> - <fielddescr>Action</fielddescr> - <fieldname>action</fieldname> - </columnitem> - <columnitem> - <fielddescr>Frequency</fielddescr> - <fieldname>cron</fieldname> - </columnitem> - <columnitem> - <fielddescr>Logging</fielddescr> - <fieldname>aliaslog</fieldname> - </columnitem> - <addtext>Add a new Alias</addtext> - <movable>on</movable> - </adddeleteeditpagefields> + <adddeleteeditpagefields> + <columnitem> + <fielddescr>Alias Name</fielddescr> + <fieldname>aliasname</fieldname> + </columnitem> + <columnitem> + <fielddescr>Alias Description</fielddescr> + <fieldname>description</fieldname> + </columnitem> + <columnitem> + <fielddescr>Action</fielddescr> + <fieldname>action</fieldname> + </columnitem> + <columnitem> + <fielddescr>Frequency</fielddescr> + <fieldname>cron</fieldname> + </columnitem> + <columnitem> + <fielddescr>Logging</fielddescr> + <fieldname>aliaslog</fieldname> + </columnitem> + <addtext>Add a new Alias</addtext> + <movable>on</movable> + </adddeleteeditpagefields> <fields> <field> - <name><![CDATA[IPv4 Network ranges / CIDR lists + <name><![CDATA[IPv4 -   Run 'Force Update' to deploy new Settings.  (When Removing or Re-configuring Lists a 'Reload' is recommended.)]]></name> <type>listtopic</type> </field> <field> <fielddescr>LINKS</fielddescr> - <description><![CDATA[<a href="/firewall_aliases.php">Firewall Alias</a> - <a href="/firewall_rules.php">Firewall Rules</a> <a href="diag_logs_filter.php">Firewall Logs</a>]]> + <description><![CDATA[<a href="/firewall_aliases.php">Firewall Alias</a>  + <a href="/firewall_rules.php">Firewall Rules</a> <a href="diag_logs_filter.php">Firewall Logs</a>]]> </description> <type>info</type> </field> <field> <fielddescr>Alias Name</fielddescr> <fieldname>aliasname</fieldname> - <description><![CDATA[Enter Alias Name.<br /> - Example: Badguys<br /> + <description><![CDATA[Enter Alias Name ( Example: Badguys )<br /> Do not include <strong>'pfBlocker' or 'pfB_'</strong> in the Alias Name, it's done by package.<br /> <strong>International, special or space characters will be ignored in firewall alias names. </strong><br />]]> @@ -186,37 +162,35 @@ </field> <field> <type>info</type> - <description><![CDATA[<strong><u>'Format'</u></strong>: Select the Format Type<br /><br /> - <strong><u>'URL'</u></strong>: Add direct link to list: - Example: <a target=_new href='http://list.iblocklist.com/?list=bt_ads&fileformat=p2p&archiveformat=gz'>Ads</a>, - <a target=_new href='http://list.iblocklist.com/?list=bt_spyware&fileformat=p2p&archiveformat=gz'>Spyware</a>, - <a target=_new href='http://list.iblocklist.com/?list=bt_proxy&fileformat=p2p&archiveformat=gz'>Proxies</a><br /><br /> - <strong><u>'pfSense Local File'</u></strong> Format:<br /><br /> - http(s)://127.0.0.1/NAME_OF_FILE <strong>or</strong> - /usr/local/www/NAME_OF_FILE (Files can also be placed in the /var/db/pfblockerng folders)<br /><br /> - - <strong><u>'Header'</u></strong>: The <u>'Header' Field</u> must be <u>Unique</u>, it will - name the List File and it will be referenced in the pfBlockerNG Widget. - Use a Unique Prefix per 'Alias Category' followed by a unique descriptor for each List.<br /><br />]]> + <description><![CDATA[<strong><u>'Format'</u></strong>: Select the Format type.<br /><br /> + <strong><u>'State'</u></strong>: Select the run state.<br /><br /> + <strong><u>'Source'</u></strong>: + <ul><li><strong>'URL'</strong>: External link to source +  (ie: <a target="_blank" href='https://rules.emergingthreats.net/blockrules/compromised-ips.txt'>ET Compromised</a>, + <a target="_blank" href='https://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt'>ET Blocked</a>, + <a target="_blank" href='https://www.spamhaus.org/drop/drop.txt'>Spamhaus Drop</a>)</li></ul> + <ul><li><strong>'Local File'</strong>: http(s)://127.0.0.1/filename +  <strong>or</strong>  /var/db/pfblockerng/filename</li></ul> + <ul><li><strong>'Country code'</strong>: /usr/pbi/pfblockerng-amd64/share/GeoIP/cc/US_v4.txt +  (Change 'US' to required code)</li></ul> + <ul><li><strong>'Whois'</strong>: Domain name or AS (ie: facebook.com or AS13414) +  ( <a target="_blank" href='https://asn.cymru.com/'>Click for ASN Lookup</a> )</li></ul> + <strong><u>'Header/Label'</u></strong>: This field must be <u>unique.</u> This names the file and is referenced in the widget. +  (ie: Spamhaus_drop, Spamhaus_edrop)<br /><br />]]> </description> </field> <field> <fielddescr><![CDATA[<strong>IPv4</strong> Lists]]></fielddescr> - <description><![CDATA[<br /><strong>'Format'</strong> - Select the file format that URL will retrieve.<br /> - <ul><li><strong>'txt'</strong> Plain txt Lists</li> - <li><strong>'gz'</strong> - IBlock GZ Lists in Range Format only</li> - <li><strong>'gz_2'</strong> - Other GZ Lists in IP or CIDR only</li> - <li><strong>'gz_lg'</strong> - Large IBlock GZ Lists in Range Format only</li> - <li><strong>'zip'</strong> - ZIP'd Lists</li> - <li><strong>'block'</strong>- IP x.x.x.0 Block type</li> - <li><strong>'html'</strong> - Web Links</li> - <li><strong>'xlsx'</strong> - Excel Lists</li> - <li><strong>'rsync'</strong> - RSync Lists</li> - <li><strong>'ET' IQRisk</strong> - Only</li></ul> - <strong>'State'</strong> - Select the Run State for each list<br /> + <description><![CDATA[<br /><strong>'Format'</strong>: Select the file format that URL will retrieve.<br /> + <ul><li><strong>'auto'</strong> - Default parser</li> + <li><strong>'regex'</strong> - 'Regex' style parsing (ie: html Lists)</li> + <li><strong>'whois'</strong> - Convert a Domain name or AS into its respective IP addresses.</li> + <li><strong>'rsync'</strong> - RSync Lists</li></ul> + <strong>'State'</strong>: Select the Run State for each list<br /> <ul><li><strong>'ON/OFF'</strong> - Enabled / Disabled</li> - <li><strong>'HOLD'</strong> - Once a List has been Downloaded, list will remain Static</li></ul> - <strong>'Note' -</strong> Downloaded or pfsense local file must have only one network per line and follows the syntax below: + <li><strong>'HOLD'</strong> - Once a List has been Downloaded, list will remain Static</li> + <li><strong>'FLEX'</strong> - Not Recommended - Allow downgraded SSL connections</li></ul> + <strong>'Note'</strong>: Source lists musts follow the syntax below: <ul>Network ranges: <strong>172.16.1.0-172.16.1.255</strong><br /> IP Address: <strong>172.16.1.10</strong><br /> CIDR: <strong>172.16.1.0/24</strong></ul>]]> @@ -228,17 +202,12 @@ <fieldname>format</fieldname> <type>select</type> <options> - <option><name>txt</name><value>txt</value></option> - <option><name>gz</name><value>gz</value></option> - <option><name>gz_2</name><value>gz_2</value></option> - <option><name>gz_lg</name><value>gz_lg</value></option> - <option><name>zip</name><value>zip</value></option> - <option><name>block</name><value>block</value></option> - <option><name>html</name><value>html</value></option> - <option><name>xlsx</name><value>xlsx</value></option> + <option><name>Auto</name><value>auto</value></option> + <option><name>Regex</name><value>regex</value></option> + <option><name>Whois</name><value>whois</value></option> <option><name>RSync</name><value>rsync</value></option> - <option><name>ET</name><value>et</value></option> </options> + <default_value>auto</default_value> </rowhelperfield> <rowhelperfield> <fielddescr>State</fielddescr> @@ -248,16 +217,18 @@ <option><name>ON</name><value>Enabled</value></option> <option><name>OFF</name><value>Disabled</value></option> <option><name>HOLD</name><value>Hold</value></option> + <option><name>FLEX</name><value>Flex</value></option> </options> + <default_value>Enabled</default_value> </rowhelperfield> <rowhelperfield> - <fielddescr>URL or pfSense local file</fielddescr> + <fielddescr>Source</fielddescr> <fieldname>url</fieldname> <type>input</type> <size>50</size> </rowhelperfield> <rowhelperfield> - <fielddescr>Header</fielddescr> + <fielddescr>Header/Label</fielddescr> <fieldname>header</fieldname> <type>input</type> <size>15</size> @@ -296,11 +267,9 @@ <li>'Alias Deny' can use De-Duplication and Reputation Processes if configured.</li><br /> <li>'Alias Permit' and 'Alias Match' will be saved in the Same folder as the other Permit/Match Auto-Rules</li><br /> <li>'Alias Native' lists are kept in their Native format without any modifications.</li></ul> - <strong>When using 'Alias' rules, change (pfB_) to ( pfb_ ) in the beginning of rule description and Use the 'Exact' spelling of - the Alias (no trailing Whitespace)</strong> Custom 'Alias' rules with 'pfB_ xxx' description will be removed by package if - using Auto Rule Creation.<br /><br /><strong>Tip</strong>: You can create the Auto Rules and remove "<u>auto rule</u>" from the Rule - Descriptions, then disable Auto Rules. This method will 'KEEP' these rules from being 'Deleted' which will allow editing for a Custom - Alias Configuration<br />]]> + <font color='red'>Note: </font><ul>When manually creating 'Alias' type firewall rules; <strong>Do not add</strong> (pfB_) to the + start of the rule description, use (pfb_) (Lowercase prefix). Manually created 'Alias' rules with 'pfB_' in the + description will be auto-removed by package when 'Auto' rules are defined.</ul>]]> </description> <fieldname>action</fieldname> <type>select</type> @@ -373,13 +342,24 @@ </options> </field> <field> + <fieldname>stateremoval</fieldname> + <fielddescr>States Removal</fielddescr> + <description>With the 'Kill States' option (General Tab), you can disable States removal for this Alias.</description> + <type>select</type> + <options> + <option><name>Enable</name><value>enabled</value></option> + <option><name>Disable</name><value>disabled</value></option> + </options> + <default_value>enabled</default_value> + </field> + <field> <name>Advanced Inbound Firewall Rule Settings</name> <type>listtopic</type> </field> <field> <type>info</type> - <description><![CDATA[<font color='red'>Note: </font>In general Auto-Rules are created as follows:<br /> - <ul>Inbound - 'any' port, 'any' protocol and 'any' destination<br /> + <description><![CDATA[<font color='red'>Note: </font> In general, Auto-Rules are created as follows:<br /> + <ul>Inbound  - 'any' port, 'any' protocol and 'any' destination<br /> Outbound - 'any' port, 'any' protocol and 'any' destination address in the lists</ul> Configuring the Adv. Inbound Rule settings, will allow for more customization of the Inbound Auto-Rules.<br /> <strong>Select the pfSense 'Port' and/or 'Destination' Alias below:</strong>]]> @@ -440,7 +420,8 @@ <field> <fielddescr>Custom Protocol</fielddescr> <fieldname>autoproto</fieldname> - <description><![CDATA[<strong>Default: any</strong><br />Select the Protocol used for Inbound Firewall Rule(s).]]></description> + <description><![CDATA[<strong>Default: any</strong><br />Select the Protocol used for Inbound Firewall Rule(s).<br /> + Do not use 'any' with Adv. Inbound Rules as it will bypass these settings!]]></description> <type>select</type> <options> <option><name>any</name><value></value></option> @@ -456,14 +437,38 @@ <type>listtopic</type> </field> <field> - <fielddescr>IPv4 Custom Address(es)</fielddescr> + <type>info</type> + <description><![CDATA[<font color='red'>Note: </font> Custom List can be used in <strong>ONE</strong> of two ways:<br /> + <ul>1. IPv4 addresses entered directly into the custom list, as per the required format.</ul> + <ul>2. Domain names or AS numbers, which will be converted into their respective IPv4 addresses.</ul>]]> + </description> + </field> + <field> + <fieldname>whois_convert</fieldname> + <description><![CDATA[Select to enable 'Domain/AS' conversion. + <font color='red'>DO NOT</font> mix IPs with Domains/ASs in this custom list.]]> + </description> + <fielddescr>Enable Domain/AS</fielddescr> + <type>checkbox</type> + </field> + <field> + <fielddescr>Custom Address(es)</fielddescr> <fieldname>custom</fieldname> - <description><![CDATA[Please limit the size of the Custom List as this is stored as 'Base64' format in the config.xml file.<br /> - Follow the syntax below:<br /><br /> + <description><![CDATA[Please limit the size of the Custom List as this is stored as 'Base64' format in the config.xml file.<br /><br /> + <strong>Format IPv4:</strong><br /><br /> Network ranges: <strong>172.16.1.0-172.16.1.255</strong><br /> IP Address: <strong>172.16.1.10</strong><br /> CIDR: <strong>172.16.1.0/24</strong><br /><br /> - You may use "<strong>#</strong>" after any IP/CIDR/Range to add comments. ie: x.x.x.x # Safe IP Address]]> + RFC 1918 addresses may be used in a custom list.<br /> + You may use "<strong>#</strong>" after any IP/CIDR/Range to add comments. ie: x.x.x.x # Safe IP Address<br /><br /> + If you select the <strong>Domain/AS</strong> checkbox above, the custom list can <strong>only</strong> + be used for Domain names/AS's.<br /><br /> + <strong>Format Domain/AS:</strong><br /><br /> + One 'Domain' or 'AS' per line.<br /> + Domains and/or ASs can be used in the same list.<br /><br /> + Conversion of Domains/ASs utilize <a target="_blank" href="http://www.team-cymru.org/IP-ASN-mapping.html">Team CYMRU</a> + and the <a target="_blank" href="http://www.radb.net/">RADb</a> whois registry.<br /> + Configure the 'update frequency', so that it does not <strong>abuse</strong> these free services.]]> </description> <type>textarea</type> <cols>50</cols> @@ -484,23 +489,21 @@ </options> </field> <field> - <name><![CDATA[<center>Click to SAVE Settings and/or Rule Edits. Changes are Applied via CRON or + <name><![CDATA[<center>Click to SAVE Settings and/or Rule Edits.   Changes are Applied via CRON or 'Force Update'</center>]]></name> <type>listtopic</type> </field> </fields> - <custom_php_install_command> - pfblockerng_php_install_command(); - </custom_php_install_command> - <custom_php_deinstall_command> - pfblockerng_php_deinstall_command(); - </custom_php_deinstall_command> <custom_php_validation_command> + <![CDATA[ pfblockerng_validate_input($_POST, $input_errors); + ]]> </custom_php_validation_command> <custom_php_resync_config_command> + <![CDATA[ global $pfb; $pfb['save'] = TRUE; sync_package_pfblockerng(); + ]]> </custom_php_resync_config_command> </packagegui>
\ No newline at end of file |