diff options
Diffstat (limited to 'config/pfblockerng/pfblockerng.xml')
-rw-r--r-- | config/pfblockerng/pfblockerng.xml | 217 |
1 files changed, 123 insertions, 94 deletions
diff --git a/config/pfblockerng/pfblockerng.xml b/config/pfblockerng/pfblockerng.xml index d3b2cb16..c7f2c068 100644 --- a/config/pfblockerng/pfblockerng.xml +++ b/config/pfblockerng/pfblockerng.xml @@ -1,20 +1,19 @@ <?xml version="1.0" encoding="utf-8" ?> -<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> -<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> <copyright> <![CDATA[ -/* $Id$ */ /* ======================================================================================= */ /* pfBlockerNG.xml pfBlockerNG - Copyright (C) 2015 BBcan177@gmail.com + Copyright (c) 2015 BBcan177@gmail.com All rights reserved. Based upon pfblocker for pfSense - Copyright (C) 2011 Marcello Coutinho + Copyright (c) 2011 Marcello Coutinho All rights reserved. /* /* ====================================================================================== */ @@ -49,7 +48,7 @@ <requirements>Describe your package requirements here</requirements> <faq>Currently there are no FAQ items provided.</faq> <name>pfblockerng</name> - <version>1.09</version> + <version>2.0</version> <title>pfBlockerNG: General Settings</title> <include_file>/usr/local/pkg/pfblockerng/pfblockerng.inc</include_file> <addedit_string>pfBlockerNG: Save General Settings</addedit_string> @@ -60,84 +59,91 @@ <section>Firewall</section> <url>/pkg_edit.php?xml=pfblockerng.xml</url> </menu> + <service> + <name>dnsbl</name> + <rcfile>dnsbl.sh</rcfile> + <executable>lighttpd_pfb</executable> + <description>pfBlockerNG DNSBL Web Server</description> + </service> <additional_files_needed> <item>https://packages.pfsense.org/packages/config/pfblockerng/pfblockerng.priv.inc</item> <prefix>/etc/inc/priv/</prefix> - <chmod>0644</chmod> </additional_files_needed> <additional_files_needed> <item>https://packages.pfsense.org/packages/config/pfblockerng/pfblockerng.inc</item> <prefix>/usr/local/pkg/pfblockerng/</prefix> - <chmod>0644</chmod> </additional_files_needed> <additional_files_needed> <item>https://packages.pfsense.org/packages/config/pfblockerng/pfblockerng_install.inc</item> <prefix>/usr/local/pkg/pfblockerng/</prefix> </additional_files_needed> <additional_files_needed> + <item>https://packages.pfsense.org/packages/config/pfblockerng/pfblockerng_extra.inc</item> + <prefix>/usr/local/pkg/pfblockerng/</prefix> + </additional_files_needed> + <additional_files_needed> <item>https://packages.pfsense.org/packages/config/pfblockerng/pfblockerng.php</item> <prefix>/usr/local/www/pfblockerng/</prefix> - <chmod>0644</chmod> </additional_files_needed> <additional_files_needed> <item>https://packages.pfsense.org/packages/config/pfblockerng/pfblockerng_alerts.php</item> <prefix>/usr/local/www/pfblockerng/</prefix> - <chmod>0644</chmod> + </additional_files_needed> + <additional_files_needed> + <item>https://packages.pfsense.org/packages/config/pfblockerng/pfblockerng_alerts_ar.php</item> + <prefix>/usr/local/www/pfblockerng/</prefix> </additional_files_needed> <additional_files_needed> <item>https://packages.pfsense.org/packages/config/pfblockerng/pfblockerng_update.php</item> <prefix>/usr/local/www/pfblockerng/</prefix> - <chmod>0644</chmod> </additional_files_needed> <additional_files_needed> <item>https://packages.pfsense.org/packages/config/pfblockerng/pfblockerng_log.php</item> <prefix>/usr/local/www/pfblockerng/</prefix> - <chmod>0644</chmod> </additional_files_needed> <additional_files_needed> - <item>https://packages.pfsense.org/packages/config/pfblockerng/pfblockerng_diag_dns.php</item> + <item>https://packages.pfsense.org/packages/config/pfblockerng/pfblockerng_threats.php</item> <prefix>/usr/local/www/pfblockerng/</prefix> - <chmod>0644</chmod> </additional_files_needed> <additional_files_needed> <item>https://packages.pfsense.org/packages/config/pfblockerng/pfblockerng.widget.php</item> <prefix>/usr/local/www/widgets/widgets/</prefix> - <chmod>0644</chmod> </additional_files_needed> <additional_files_needed> <item>https://packages.pfsense.org/packages/config/pfblockerng/widget-pfblockerng.inc</item> <prefix>/usr/local/www/widgets/include/</prefix> - <chmod>0644</chmod> </additional_files_needed> <additional_files_needed> <item>https://packages.pfsense.org/packages/config/pfblockerng/pfblockerng.js</item> <prefix>/usr/local/www/widgets/javascript/</prefix> - <chmod>0644</chmod> </additional_files_needed> <additional_files_needed> <item>https://packages.pfsense.org/packages/config/pfblockerng/pfblockerng_top20.xml</item> <prefix>/usr/local/pkg/pfblockerng/</prefix> - <chmod>0644</chmod> + </additional_files_needed> + <additional_files_needed> + <item>https://packages.pfsense.org/packages/config/pfblockerng/pfblockerng_dnsbl.xml</item> + <prefix>/usr/local/pkg/pfblockerng/</prefix> + </additional_files_needed> + <additional_files_needed> + <item>https://packages.pfsense.org/packages/config/pfblockerng/pfblockerng_dnsbl_lists.xml</item> + <prefix>/usr/local/pkg/pfblockerng/</prefix> + </additional_files_needed> + <additional_files_needed> + <item>https://packages.pfsense.org/packages/config/pfblockerng/pfblockerng_dnsbl_easylist.xml</item> + <prefix>/usr/local/pkg/pfblockerng/</prefix> </additional_files_needed> <additional_files_needed> <item>https://packages.pfsense.org/packages/config/pfblockerng/pfblockerng_v4lists.xml</item> <prefix>/usr/local/pkg/pfblockerng/</prefix> - <chmod>0644</chmod> </additional_files_needed> <additional_files_needed> <item>https://packages.pfsense.org/packages/config/pfblockerng/pfblockerng_v6lists.xml</item> <prefix>/usr/local/pkg/pfblockerng/</prefix> - <chmod>0644</chmod> </additional_files_needed> <additional_files_needed> <item>https://packages.pfsense.org/packages/config/pfblockerng/pfblockerng_sync.xml</item> <prefix>/usr/local/pkg/pfblockerng/</prefix> - <chmod>0644</chmod> - </additional_files_needed> - <additional_files_needed> - <item>https://packages.pfsense.org/packages/config/pfblockerng/countrycodes.tar.bz2</item> - <prefix>/var/db/pfblockerng/</prefix> - <chmod>0444</chmod> </additional_files_needed> <additional_files_needed> <item>https://packages.pfsense.org/packages/config/pfblockerng/pfblockerng.sh</item> @@ -145,14 +151,14 @@ <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>https://packages.pfsense.org/packages/config/pfblockerng/geoipupdate.sh</item> - <prefix>/usr/local/pkg/pfblockerng/</prefix> + <item>https://packages.pfsense.org/packages/config/pfblockerng/index.php</item> + <prefix>/usr/local/www/pfblockerng/www/</prefix> <chmod>0755</chmod> </additional_files_needed> <tabs> <tab> <text>General</text> - <url>/pkg_edit.php?xml=pfblockerng.xml&id=0</url> + <url>/pkg_edit.php?xml=pfblockerng.xml</url> <active/> </tab> <tab> @@ -165,47 +171,23 @@ </tab> <tab> <text>Reputation</text> - <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_reputation.xml&id=0</url> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_reputation.xml</url> </tab> <tab> <text>IPv4</text> - <url>/pkg.php?xml=/pfblockerng/pfblockerng_v4lists.xml&id=0</url> + <url>/pkg.php?xml=/pfblockerng/pfblockerng_v4lists.xml</url> </tab> <tab> <text>IPv6</text> - <url>/pkg.php?xml=/pfblockerng/pfblockerng_v6lists.xml&id=0</url> - </tab> - <tab> - <text>Top20</text> - <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_top20.xml&id=0</url> - </tab> - <tab> - <text>Africa</text> - <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_Africa.xml&id=0</url> - </tab> - <tab> - <text>Asia</text> - <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_Asia.xml&id=0</url> + <url>/pkg.php?xml=/pfblockerng/pfblockerng_v6lists.xml</url> </tab> <tab> - <text>Europe</text> - <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_Europe.xml&id=0</url> + <text>DNSBL</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_dnsbl.xml</url> </tab> <tab> - <text>N.A.</text> - <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_NorthAmerica.xml&id=0</url> - </tab> - <tab> - <text>Oceania</text> - <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_Oceania.xml&id=0</url> - </tab> - <tab> - <text>S.A.</text> - <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_SouthAmerica.xml&id=0</url> - </tab> - <tab> - <text>P.S.</text> - <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_ProxyandSatellite.xml&id=0</url> + <text>Country</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_top20.xml</url> </tab> <tab> <text>Logs</text> @@ -213,7 +195,7 @@ </tab> <tab> <text>Sync</text> - <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_sync.xml&id=0</url> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_sync.xml</url> </tab> </tabs> <fields> @@ -224,8 +206,8 @@ <field> <fielddescr>LINKS</fielddescr> <fieldname></fieldname> - <description><![CDATA[<a href="/firewall_aliases.php">Firewall Alias</a> - <a href="/firewall_rules.php">Firewall Rules</a> <a href="diag_logs_filter.php">Firewall Logs</a>]]> + <description><![CDATA[<a href="/firewall_aliases.php">Firewall Alias</a>  + <a href="/firewall_rules.php">Firewall Rules</a> <a href="diag_logs_filter.php">Firewall Logs</a>]]> </description> <type>info</type> </field> @@ -241,7 +223,7 @@ <fieldname>pfb_keep</fieldname> <type>checkbox</type> <description><![CDATA[Keep Settings: <br /><font color='red'>Note:</font> - with 'Keep settings' enabled, pfBlockerNG will maintain run state - on Installation/Upgrade<br />If 'Keep Settings' is not 'enabled' on pkg Install/De-Install, all Settings will be Wiped!<br /><br /> + on Installation/Upgrade<br />If 'Keep Settings' is not 'enabled' on pkg Install/De-Install, all settings will be Wiped!<br /><br /> <font color='red'>Note: </font>To clear all downloaded lists, uncheck these two checkboxes and 'Save'. re-check both boxes and run a 'Force Update']]> </description> @@ -258,8 +240,8 @@ <fielddescr>Hour Interval</fielddescr> <fieldname>pfb_interval</fieldname> <description><![CDATA[Default: <strong>Every hour</strong><br /> - Select the cron Hour Interval. The interval selected will be used with the Start min/hour below.<br /> - <strong>Ensure that all List 'Update Settings' are within the selected Interval/Start Hour Settings.</strong>]]> + Select the cron hour interval. The interval selected will be used with the start min/hour below.<br /> + <strong>Ensure that all list 'Update settings' are within the selected interval/start hour settings.</strong>]]> </description> <type>select</type> <options> @@ -295,7 +277,7 @@ <fielddescr>Start Hour</fielddescr> <fieldname>pfb_hour</fieldname> <description><![CDATA[Default: <strong>0</strong><br /> - Select the Start Hour]]> + Select the start hour]]> </description> <type>select</type> <options> @@ -330,7 +312,7 @@ <field> <fielddescr><![CDATA['Daily/Weekly'<br />Start Hour]]></fielddescr> <fieldname>pfb_dailystart</fieldname> - <description><![CDATA[Default: <strong>0</strong><br />This is used for the 'Daily/Weekly' Scheduler Only.]]></description> + <description><![CDATA[Default: <strong>0</strong><br />This is used by the 'Daily/Weekly' scheduler only.]]></description> <type>select</type> <options> <option><name>0</name><value>0</value></option> @@ -368,13 +350,19 @@ <description>Only for IPv4 Lists</description> </field> <field> + <fielddescr>Enable Aggregation of CIDRs</fielddescr> + <fieldname>enable_agg</fieldname> + <type>checkbox</type> + <description>Optimise CIDRs (not recommended for slow systems with large lists)</description> + </field> + <field> <fielddescr>Enable Suppression</fielddescr> <fieldname>suppression</fieldname> <type>checkbox</type> - <description><![CDATA[This will prevent Selected IPs from being Blocked. Only for IPv4 Lists (/32 and /24).<br /> - Country Blocking Lists cannot be Suppressed.<br />This will also remove any RFC1918 addresses from all Lists.<br /><br /> - Alerts can be Suppressed using the '+' icon in the Alerts Tab and IPs added to the 'pfBlockerNGSuppress' Alias<br /> - A Blocked IP in a CIDR other than /32 or /24 will need a 'Whitelist Alias' w/ List Action: 'Permit Outbound' Firewall Rule + <description><![CDATA[This will prevent Selected IPs from being blocked. Only for IPv4 lists (/32 and /24).<br /> + Country blocking lists cannot be suppressed.<br />This will also remove any RFC1918 addresses from all lists.<br /><br /> + Alerts can be suppressed using the '+' icon in the Alerts tab and IPs added to the 'pfBlockerNGSuppress' alias<br /> + A blocked IP in a CIDR other than /32 or /24 will need a 'Whitelist alias' w/ list action: 'Permit Outbound' Firewall rule <br />Do not use the pfBlockerNGSuppress Alias in a Firewall Rule. This alias is used during the cron download process only.]]> </description> @@ -383,17 +371,44 @@ <fielddescr>Global Enable Logging</fielddescr> <fieldname>enable_log</fieldname> <type>checkbox</type> - <description><![CDATA[Firewall Rule logging - Enable Global Logging to [ Status: System Logs: FIREWALL Log ]<br /> - This overrides any Log Settings in the Alias Tabs.]]> + <description><![CDATA[Firewall Rule logging - Enable Global logging to [ Status: System Logs: FIREWALL Log ]<br /> + This overrides any log settings in the Alias tabs.]]> </description> </field> <field> - <fielddescr>Disable MaxMind Country Database CRON Updates</fielddescr> + <fielddescr>Disable MaxMind Country database CRON updates</fielddescr> <fieldname>database_cc</fieldname> <type>checkbox</type> - <description><![CDATA[This will Disable the MaxMind Monthly Country Database Cron Update.<br /> - This does not affect the MaxMind Binary Cron Task]]> + <description><![CDATA[This will disable the MaxMind monthly Country database Cron update.<br /> + This does not affect the MaxMind binary cron task]]> + </description> + </field> + <field> + <fielddescr>Max daily download failure threshold</fielddescr> + <fieldname>skipfeed</fieldname> + <description><![CDATA[Default: <strong>0</strong> (Disabled)<br /> + Select max daily download failure threshold via CRON. Clear widget 'failed downloads' to reset.]]> </description> + <type>select</type> + <options> + <option><name>0</name><value>0</value></option> + <option><name>1</name><value>1</value></option> + <option><name>2</name><value>2</value></option> + <option><name>3</name><value>3</value></option> + <option><name>4</name><value>4</value></option> + <option><name>5</name><value>5</value></option> + <option><name>6</name><value>6</value></option> + </options> + <default_value>0</default_value> + </field> + <field> + <fielddescr>Restore previous download on failure</fielddescr> + <fieldname>restore_feed</fieldname> + <type>checkbox</type> + <description><![CDATA[Default: <strong>Enabled</strong><br /> + When 'selected', on a download failure, the previously downloaded list is restored.]]> + </description> + <default_value>on</default_value> </field> <field> <fielddescr>Logfile Size</fielddescr> @@ -423,25 +438,26 @@ <field> <fieldname>inbound_interface</fieldname> <fielddescr>Interface(s)</fielddescr> - <description>Select the Inbound interface(s) you want to Apply Auto Rules to</description> + <description>Select the Inbound interface(s) you want to apply auto rules to:</description> <type>interfaces_selection</type> <hideinterfaceregex>loopback</hideinterfaceregex> <required/> <multiple/> <combinefields/> + <default_value>wan</default_value> </field> <field> <fielddescr>Rule Action</fielddescr> <fieldname>inbound_deny_action</fieldname> - <description><![CDATA[Default: <strong>Block</strong><br />Select 'Rule Action' for Inbound Rules]]></description> + <description><![CDATA[Default: <strong>Block</strong><br />Select 'Rule action' for Inbound rules:]]></description> <type>select</type> <options> <option><name>Block</name><value>block</value></option> <option><name>Reject</name><value>reject</value></option> </options> - <default_value>block</default_value> <required/> <combinefields>end</combinefields> + <default_value>block</default_value> </field> <field> <fielddescr>Outbound Firewall Rules</fielddescr> @@ -450,38 +466,39 @@ <field> <fielddescr>Interface(s)</fielddescr> <fieldname>outbound_interface</fieldname> - <description>Select the Outbound interface(s) you want to Apply Auto Rules to</description> + <description>Select the Outbound interface(s) you want to apply auto rules to:</description> <type>interfaces_selection</type> <hideinterfaceregex>loopback</hideinterfaceregex> <required/> <multiple/> <combinefields/> + <default_value>lan</default_value> </field> <field> <fielddescr>Rule Action</fielddescr> <fieldname>outbound_deny_action</fieldname> - <description><![CDATA[Default: <strong>Reject</strong><br />Select 'Rule Action' for Outbound rules]]></description> + <description><![CDATA[Default: <strong>Reject</strong><br />Select 'Rule action' for Outbound rules:]]></description> <type>select</type> <options> <option><name>Reject</name><value>reject</value></option> <option><name>Block</name><value>block</value></option> </options> - <default_value>reject</default_value> <required/> + <default_value>reject</default_value> <combinefields>end</combinefields> </field> <field> <fielddescr>OpenVPN Interface</fielddescr> <fieldname>openvpn_action</fieldname> <type>checkbox</type> - <description>Select to add Auto-Rules for OpenVPN. These will be added to 'Floating Rules' or OpenVPN Rules Tab.</description> + <description>Select to add auto-rules for OpenVPN. These will be added to 'Floating Rules' or OpenVPN rules tab.</description> </field> <field> <fielddescr>Floating Rules</fielddescr> <fieldname>enable_float</fieldname> <type>checkbox</type> - <description><![CDATA[<strong>Enabled:</strong> Auto-Rules will be generated in the 'Floating Rules' Tab<br /><br /> - <strong>Disabled:</strong> Auto-Rules will be generated in the Selected Inbound/Outbound Interfaces<br /><br /> + <description><![CDATA[<strong>Enabled:</strong> Auto-rules will be generated in the 'Floating Rules' tab<br /><br /> + <strong>Disabled:</strong> Auto-rules will be generated in the selected Inbound/Outbound interfaces<br /><br /> <strong>Rules will be ordered by the selection below.</strong>]]> </description> </field> @@ -490,8 +507,8 @@ <fieldname>pass_order</fieldname> <description><![CDATA[<br />Default Order:<strong> | pfB_Block/Reject | All other Rules | (original format)<br /></strong><br /> Select The '<strong>Order</strong>' of the Rules<br /> - Selecting 'original format', sets pfBlockerNG rules at the top of the Firewall TAB.<br /> - Selecting any other 'Order' will re-order <strong>all the Rules to the format indicated!</strong>]]> +  Selecting 'original format', sets pfBlockerNG rules at the top of the Firewall TAB.<br /> +  Selecting any other 'Order' will re-order <strong>all the rules to the format indicated!</strong>]]> </description> <type>select</type> <options> @@ -506,7 +523,7 @@ <fielddescr>Auto Rule Suffix</fielddescr> <fieldname>autorule_suffix</fieldname> <description><![CDATA[Default: <strong>auto rule</strong><br /> - Select 'Auto Rule' Description Suffix for Auto Defined rules. pfBlockerNG Must be Disabled to Modify Suffix]]> + Select 'Auto Rule' description suffix for auto defined rules. pfBlockerNG must be disabled to modify suffix]]> </description> <type>select</type> <options> @@ -517,6 +534,14 @@ <default_value>autorule</default_value> </field> <field> + <fielddescr>Kill States</fielddescr> + <fieldname>killstates</fieldname> + <type>checkbox</type> + <description><![CDATA[When 'Enabled', after a cron event or any 'Force' commands, any blocked IPs found in the <br /> + Firewall states will be cleared.]]> + </description> + </field> + <field> <name><![CDATA[Acknowledgements]]></name> <type>listtopic</type> </field> @@ -525,11 +550,11 @@ <fieldname>credits</fieldname> <type>info</type> <description><![CDATA[<strong>pfBlockerNG </strong> - Created in 2015 by <a target=_new href='https://forum.pfsense.org/index.php?action=profile;u=238481'>BBcan177.</a><br /><br /> + Created in 2015 by <a target='_blank' href='https://forum.pfsense.org/index.php?action=profile;u=238481'>BBcan177.</a><br /><br /> Based upon pfBlocker by Marcello Coutinho and Tom Schaefer.<br /> - Country Database GeoLite distributed under the Creative Commons Attribution-ShareAlike 3.0 Unported License by: - MaxMind Inc. @ <a target=_new href='http://www.maxmind.com'>MaxMind.com</a>. - The Database is Automatically Updated the First Tuesday of Each Month]]> + Country database GeoLite distributed under the Creative Commons Attribution-ShareAlike 3.0 Unported License by: + MaxMind Inc. @ <a target='_blank' href='http://www.maxmind.com'>MaxMind.com</a>. + The database is automatically updated the first Tuesday of each month]]> </description> </field> <field> @@ -540,7 +565,7 @@ </description> </field> <field> - <name><![CDATA[<center>Click to SAVE Settings and/or Rule Edits. Changes are Applied via CRON or + <name><![CDATA[<center>Click to SAVE Settings and/or Rule edits.   Changes are applied via CRON or 'Force Update'</center>]]></name> <type>listtopic</type> </field> @@ -556,11 +581,15 @@ ]]> </custom_php_deinstall_command> <custom_php_validation_command> + <![CDATA[ pfblockerng_validate_input($_POST, $input_errors); + ]]> </custom_php_validation_command> <custom_php_resync_config_command> + <![CDATA[ global $pfb; $pfb['save'] = TRUE; sync_package_pfblockerng(); + ]]> </custom_php_resync_config_command> </packagegui>
\ No newline at end of file |