aboutsummaryrefslogtreecommitdiffstats
path: root/config/pfblockerng/pfblockerng_top20.xml
diff options
context:
space:
mode:
Diffstat (limited to 'config/pfblockerng/pfblockerng_top20.xml')
-rw-r--r--config/pfblockerng/pfblockerng_top20.xml11
1 files changed, 11 insertions, 0 deletions
diff --git a/config/pfblockerng/pfblockerng_top20.xml b/config/pfblockerng/pfblockerng_top20.xml
index 32ed52e8..030c1385 100644
--- a/config/pfblockerng/pfblockerng_top20.xml
+++ b/config/pfblockerng/pfblockerng_top20.xml
@@ -132,6 +132,17 @@
<type>listtopic</type>
</field>
<field>
+ <description><![CDATA[<font color='red'>Note:</font> pfSense by default implicitly blocks all unsolicited inbound traffic to the WAN
+ interface. Therefore adding GeoIP based firewall rules to the WAN will <strong>not</strong> provide any benefit, unless there are
+ open WAN ports. Also consider protecting just the specific open WAN ports. It's also <strong>not</strong> recommended to
+ block the 'world', instead consider rules to 'Permit' traffic from selected Countries only. Finally, it's just as important
+ to protect the outbound LAN traffic.]]>
+ </description>
+ <type>info</type>
+ <dontdisplayname/>
+ <usecolspan2/>
+ </field>
+ <field>
<fielddescr>LINKS</fielddescr>
<description><![CDATA[<a href="/firewall_aliases.php">Firewall Alias</a> &nbsp;&nbsp;&nbsp;
<a href="/firewall_rules.php">Firewall Rules</a> &nbsp;&nbsp;&nbsp; <a href="diag_logs_filter.php">Firewall Logs</a>]]>
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-02 22:02:06 +0000