aboutsummaryrefslogtreecommitdiffstats
path: root/config/pfblockerng
diff options
context:
space:
mode:
Diffstat (limited to 'config/pfblockerng')
-rw-r--r--config/pfblockerng/pfblockerng.php134
-rw-r--r--config/pfblockerng/pfblockerng.widget.php10
-rw-r--r--config/pfblockerng/pfblockerng.xml46
-rw-r--r--config/pfblockerng/pfblockerng_top20.xml44
-rw-r--r--config/pfblockerng/pfblockerng_v4lists.xml118
-rw-r--r--config/pfblockerng/pfblockerng_v6lists.xml114
6 files changed, 233 insertions, 233 deletions
diff --git a/config/pfblockerng/pfblockerng.php b/config/pfblockerng/pfblockerng.php
index 7dca9a1c..7539e9fd 100644
--- a/config/pfblockerng/pfblockerng.php
+++ b/config/pfblockerng/pfblockerng.php
@@ -922,10 +922,10 @@ $xml = <<<EOF
<type>info</type>
</field>
<field>
- <fielddescr><![CDATA[<br><strong>IPv4</strong><br>Countries]]></fielddescr>
+ <fielddescr><![CDATA[<br /><strong>IPv4</strong><br />Countries]]></fielddescr>
<fieldname>countries4</fieldname>
<description>
- <![CDATA[Select IPv4 Countries you want to take an action on.<br>
+ <![CDATA[Select IPv4 Countries you want to take an action on.<br />
<strong>Use CTRL + CLICK to unselect countries</strong>]]>
</description>
<type>select</type>
@@ -936,10 +936,10 @@ $xml = <<<EOF
<multiple/>
</field>
<field>
- <fielddescr><![CDATA[<br><strong>IPv6</strong><br>Countries]]></fielddescr>
+ <fielddescr><![CDATA[<br /><strong>IPv6</strong><br />Countries]]></fielddescr>
<fieldname>countries6</fieldname>
<description>
- <![CDATA[Select IPv6 Countries you want to take an action on.<br>
+ <![CDATA[Select IPv6 Countries you want to take an action on.<br />
<strong>Use CTRL + CLICK to unselect countries</strong>]]>
</description>
<type>select</type>
@@ -951,41 +951,41 @@ $xml = <<<EOF
</field>
<field>
<fielddescr>List Action</fielddescr>
- <description><![CDATA[<br>Default : <strong>Disabled</strong><br><br>
- Select the <strong>Action</strong> for Firewall Rules on lists you have selected.<br><br>
- <strong><u>'Disabled' Rules:</u></strong> Disables selection and does nothing to selected Alias.<br><br>
+ <description><![CDATA[<br />Default : <strong>Disabled</strong><br /><br />
+ Select the <strong>Action</strong> for Firewall Rules on lists you have selected.<br /><br />
+ <strong><u>'Disabled' Rules:</u></strong> Disables selection and does nothing to selected Alias.<br /><br />
- <strong><u>'Deny' Rules:</u></strong><br>
+ <strong><u>'Deny' Rules:</u></strong><br />
'Deny' rules create high priority 'block' or 'reject' rules on the stated interfaces. They don't change the 'pass' rules on other
- interfaces. Typical uses of 'Deny' rules are:<br>
+ interfaces. Typical uses of 'Deny' rules are:<br />
<ul><li><strong>Deny Both</strong> - blocks all traffic in both directions, if the source or destination IP is in the block list</li>
<li><strong>Deny Inbound/Deny Outbound</strong> - blocks all traffic in one direction <u>unless</u> it is part of a session started by
traffic sent in the other direction. Does not affect traffic in the other direction. </li>
<li>One way 'Deny' rules can be used to selectively block <u>unsolicited</u> incoming (new session) packets in one direction, while
still allowing <u>deliberate</u> outgoing sessions to be created in the other direction.</li></ul>
- <strong><u>'Permit' Rules:</u></strong><br>
- 'Permit' rules create high priority 'pass' rules on the stated interfaces. They are not the opposite of Deny rules, and don't create
- any 'blocking' effect anywhere. They have priority over all Deny rules. Typical uses of 'Permit' rules are:<br>
+ <strong><u>'Permit' Rules:</u></strong><br />
+ 'Permit' rules create high priority 'pass' rules on the stated interfaces. They are the opposite of Deny rules, and don't create
+ any 'blocking' effect anywhere. They have priority over all Deny rules. Typical uses of 'Permit' rules are:<br />
<ul><li><strong>To ensure</strong> that traffic to/from the listed IPs will <u>always</u> be allowed in the stated directions. They
override <u>almost all other</u> Firewall rules on the stated interfaces.</li>
<li><strong>To act as a whitelist</strong> for Deny rule exceptions, for example if a large IP range or pre-created blocklist blocks a
few IPs that should be accessible.</li></ul>
- <strong><u>'Match' Rules:</u></strong><br>
+ <strong><u>'Match' Rules:</u></strong><br />
'Match' or 'Log' only the traffic on the stated interfaces. This does not Block or Reject. It just Logs the traffic.
<ul><li><strong>Match Both</strong> - Matches all traffic in both directions, if the source or destination IP is in the list.</li>
- <li><strong>Match Inbound/Match Outbound</strong> - Matches all traffic in one direction only.</ul></li>
- <strong><u>'Alias' Rules:</u></strong><br>
- <strong>'Alias'</strong> rules create an <a target=_new href="/firewall_aliases.php">alias</a> for the list (and do nothing else).
+ <li><strong>Match Inbound/Match Outbound</strong> - Matches all traffic in one direction only.</li></ul>
+ <strong><u>'Alias' Rules:</u></strong><br />
+ <strong>'Alias'</strong> rules create an <a href="/firewall_aliases.php">alias</a> for the list (and do nothing else).
This enables a pfBlockerNG list to be used by name, in any firewall rule or pfSense function, as desired.
- <ul><li><strong>Options &nbsp;&nbsp; - Alias Deny,&nbsp; Alias Permit,&nbsp; Alias Match,&nbsp; Alias Native</strong></li><br>
- <li>'Alias Deny' can use De-Duplication and Reputation Processes if configured.</li><br>
- <li>'Alias Permit' and 'Alias Match' will be saved in the Same folder as the other Permit/Match Auto-Rules</li><br>
- <li>'Alias Native' lists are kept in their Native format without any modifications.</ul></li>
+ <ul><li><strong>Options &nbsp;&nbsp; - Alias Deny,&nbsp; Alias Permit,&nbsp; Alias Match,&nbsp; Alias Native</strong></li><br />
+ <li>'Alias Deny' can use De-Duplication and Reputation Processes if configured.</li><br />
+ <li>'Alias Permit' and 'Alias Match' will be saved in the Same folder as the other Permit/Match Auto-Rules</li><br />
+ <li>'Alias Native' lists are kept in their Native format without any modifications.</li></ul>
<strong>When using 'Alias' rules, change (pfB_) to ( pfb_ ) in the beginning of rule description and use the 'Exact' spelling of
the Alias (no trailing Whitespace)&nbsp;</strong> Custom 'Alias' rules with 'pfB_ xxx' description will be removed by package if
- using Auto Rule Creation.<br><br><strong>Tip</strong>: You can create the Auto Rules and remove "<u>auto rule</u>" from the Rule
+ using Auto Rule Creation.<br /><br /><strong>Tip</strong>: You can create the Auto Rules and remove "<u>auto rule</u>" from the Rule
Descriptions, then disable Auto Rules. This method will 'KEEP' these rules from being 'Deleted' which will allow editing for a Custom
- Alias Configuration<br>]]>
+ Alias Configuration<br />]]>
</description>
<fieldname>action</fieldname>
<type>select</type>
@@ -1009,8 +1009,8 @@ $xml = <<<EOF
<field>
<fielddescr>Enable Logging</fielddescr>
<fieldname>aliaslog</fieldname>
- <description><![CDATA[Default:<strong>Enable</strong><br>
- Select - Logging to Status: System Logs: FIREWALL ( Log )<br>
+ <description><![CDATA[Default:<strong>Enable</strong><br />
+ Select - Logging to Status: System Logs: FIREWALL ( Log )<br />
This can be overriden by the 'Global Logging' Option in the General Tab.]]></description>
<type>select</type>
<options>
@@ -1020,7 +1020,7 @@ $xml = <<<EOF
</field>
<field>
<name><![CDATA[<ul>Click to SAVE Settings and/or Rule Edits. &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Changes are Applied via CRON or
- 'Force Update']]>
+ 'Force Update'</ul>]]>
</name>
<type>listtopic</type>
</field>
@@ -1208,15 +1208,15 @@ $xmlrep = <<<EOF
<fieldname>why</fieldname>
<type>info</type>
<description><![CDATA[By Enabling '<strong>Reputation</strong>', each Blocklist will be analyzed for Repeat Offenders in each IP Range.
- <ul>Example: &nbsp;&nbsp; x.x.x.1, x.x.x.2, x.x.x.3, x.x.x.4, x.x.x.5<br>
+ <ul>Example: &nbsp;&nbsp; x.x.x.1, x.x.x.2, x.x.x.3, x.x.x.4, x.x.x.5<br />
No. of <strong> Repeat Offending IPs </strong> [ &nbsp;<strong>5</strong>&nbsp; ], in a Blocklist within the same IP Range.</ul>
With '<strong>Reputation</strong> enabled, these 5 IPs will be removed and a single
- <strong>x.x.x.0/24</strong> Block is used.<br>
- This will completely Block/Reject this particular range from your Firewall.<br><br>
- Selecting Blocklists from various Threat Sources will help to highlight Repeat Offending IP Ranges,<br>
- Its Important to select a Broad Range of Blocklists that cover different types of Malicious Activity.<br><br>
- You *may* experience some False Positives. Add any False Positive IPs manually to the<br>
- <strong>pfBlockerNGSuppress Alias</strong> or use the "+" suppression Icon in the Alerts TAB<br><br>
+ <strong>x.x.x.0/24</strong> Block is used.<br />
+ This will completely Block/Reject this particular range from your Firewall.<br /><br />
+ Selecting Blocklists from various Threat Sources will help to highlight Repeat Offending IP Ranges,<br />
+ Its Important to select a Broad Range of Blocklists that cover different types of Malicious Activity.<br /><br />
+ You *may* experience some False Positives. Add any False Positive IPs manually to the<br />
+ <strong>pfBlockerNGSuppress Alias</strong> or use the "+" suppression Icon in the Alerts TAB<br /><br />
To help mitigate False Positives 'Countries' can be '<strong>Excluded</strong>' from this Process. (Refer to Country Code Settings)]]>
</description>
</field>
@@ -1226,7 +1226,7 @@ $xmlrep = <<<EOF
</field>
<field>
<fieldname></fieldname>
- <fielddescr><![CDATA[<br><strong>Individual List Reputation</strong><br><br>]]></fielddescr>
+ <fielddescr><![CDATA[<br /><strong>Individual List Reputation</strong><br /><br />]]></fielddescr>
<type>info</type>
<description></description>
</field>
@@ -1239,7 +1239,7 @@ $xmlrep = <<<EOF
<field>
<fielddescr><![CDATA[&nbsp;&nbsp;&nbsp;[ <strong>Max</strong> ] Setting]]></fielddescr>
<fieldname>p24_max_var</fieldname>
- <description><![CDATA[Default: <strong>5</strong><br>
+ <description><![CDATA[Default: <strong>5</strong><br />
Maximum number of Repeat Offenders allowed in a Single IP Range]]></description>
<type>select</type>
<options>
@@ -1253,22 +1253,22 @@ $xmlrep = <<<EOF
</field>
<field>
<fieldname></fieldname>
- <fielddescr><![CDATA[<br><strong>Collective List Reputation</strong><br><br>]]></fielddescr>
+ <fielddescr><![CDATA[<br /><strong>Collective List Reputation</strong><br /><br />]]></fielddescr>
<type>info</type>
<description></description>
</field>
<field>
<fieldname></fieldname>
<type>info</type>
- <description><![CDATA[Once all Blocklists are Downloaded, these two 'additional' processes <strong>[ pMax ] and [ dMax ]</strong><br>
- Can be used to Further analyze for Repeat Offenders.<br>
+ <description><![CDATA[Once all Blocklists are Downloaded, these two 'additional' processes <strong>[ pMax ] and [ dMax ]</strong><br />
+ Can be used to Further analyze for Repeat Offenders.<br />
<ul>Analyzing All Blocklists as a Whole:</ul>
- <ul><strong>[ pMax ]</strong> will analyze for Repeat Offenders in each IP Range but will not use the Country Exclusion.<br>
- Default is 50 IPs in any Range. Having 50 Repeat Offenders IPs in any Range will Block the entire Range.<br><br></ul>
- <ul><strong>[ dMax ]</strong> will analyze for Repeat Offenders in each IP Range. Country Exclusions will be applied.<br>
+ <ul><strong>[ pMax ]</strong> will analyze for Repeat Offenders in each IP Range but will not use the Country Exclusion.<br />
+ Default is 50 IPs in any Range. Having 50 Repeat Offenders IPs in any Range will Block the entire Range.<br /><br /></ul>
+ <ul><strong>[ dMax ]</strong> will analyze for Repeat Offenders in each IP Range. Country Exclusions will be applied.<br />
Default is 5 IPs in any Range.</ul>
Note: <strong>MAX</strong> performs on individual Blocklists, while <strong>pMAX / dMAX</strong>
- perform on all Lists together.<br>]]>
+ perform on all Lists together.<br />]]>
</description>
</field>
<field>
@@ -1281,7 +1281,7 @@ $xmlrep = <<<EOF
<field>
<fielddescr><![CDATA[&nbsp;&nbsp;&nbsp;[ <strong>pMax</strong> ] Setting]]></fielddescr>
<fieldname>p24_pmax_var</fieldname>
- <description><![CDATA[Default: <strong>50</strong><br>Maximum number of Repeat Offenders]]></description>
+ <description><![CDATA[Default: <strong>50</strong><br />Maximum number of Repeat Offenders]]></description>
<type>select</type>
<options>
<option><name>50</name><value>50</value></option>
@@ -1302,7 +1302,7 @@ $xmlrep = <<<EOF
<field>
<fielddescr><![CDATA[&nbsp;&nbsp;&nbsp;[ <strong>dMax</strong> ] Setting]]></fielddescr>
<fieldname>p24_dmax_var</fieldname>
- <description><![CDATA[Default: <strong>5</strong><br>
+ <description><![CDATA[Default: <strong>5</strong><br />
Maximum number of Repeat Offenders]]></description>
<type>select</type>
<options>
@@ -1322,23 +1322,23 @@ $xmlrep = <<<EOF
<fieldname>INFO</fieldname>
<type>info</type>
<description><![CDATA[When performing Queries for Repeat Offenders, you can choose to <strong>ignore</strong> Repeat Offenders in select
- Countries. The Original Blocklisted IPs remain intact. All other Repeat Offending Country Ranges will be processed.<br><br>
- Define Repeat Offending Ranges [ <strong>Action</strong> ] Available settings are:<br>
+ Countries. The Original Blocklisted IPs remain intact. All other Repeat Offending Country Ranges will be processed.<br /><br />
+ Define Repeat Offending Ranges [ <strong>Action</strong> ] Available settings are:<br />
<ul><strong>Ignore</strong>: Repeat Offenders that are in the 'ccwhite' category will be 'Ignored' (Default)</ul>
<ul><strong>Block:</strong> Repeat Offenders are set to Block the entire Repeat Offending Range(s)</ul>
- <ul><strong>Match:</strong> Repeat Offenders are added to a 'Match' List which can be used in a Floating Match Rule<br>
+ <ul><strong>Match:</strong> Repeat Offenders are added to a 'Match' List which can be used in a Floating Match Rule<br />
Selecting 'Match' will consume more processing time, so only select this option if you enable Rules for it.</ul>
- '<strong>ccwhite</strong>' are Countries that are Selected to be excluded from the Repeat Offenders Search.<br>
- '<strong>ccblack</strong>' are all other Countries that are not selected.<br><br>
+ '<strong>ccwhite</strong>' are Countries that are Selected to be excluded from the Repeat Offenders Search.<br />
+ '<strong>ccblack</strong>' are all other Countries that are not selected.<br /><br />
To use '<strong>Match</strong>' Lists, Create a new 'Alias'
- and select one of the <strong>Action 'Match'</strong> Formats and<br> enter the 'Localfile' as:
+ and select one of the <strong>Action 'Match'</strong> Formats and<br /> enter the 'Localfile' as:
<ul>/var/db/pfblockerng/match/matchdedup.txt</ul>]]>
</description>
</field>
<field>
<fielddescr>ccwhite Action:</fielddescr>
<fieldname>ccwhite</fieldname>
- <description><![CDATA[Default: <strong>Ignore</strong><br>
+ <description><![CDATA[Default: <strong>Ignore</strong><br />
Select the 'Action' format for ccwhite]]>
</description>
<type>select</type>
@@ -1350,7 +1350,7 @@ $xmlrep = <<<EOF
<field>
<fielddescr>ccblack Action:</fielddescr>
<fieldname>ccblack</fieldname>
- <description><![CDATA[Default: <strong>Block</strong><br>
+ <description><![CDATA[Default: <strong>Block</strong><br />
Select the 'Action' format for ccblack]]>
</description>
<type>select</type>
@@ -1360,11 +1360,11 @@ $xmlrep = <<<EOF
</options>
</field>
<field>
- <fielddescr><![CDATA[<br><strong>IPv4</strong><br>Country Exclusion<br>
- <br>Geolite Data by:<br>MaxMind Inc.&nbsp;&nbsp;(ISO 3166)]]></fielddescr>
+ <fielddescr><![CDATA[<br /><strong>IPv4</strong><br />Country Exclusion<br />
+ <br />Geolite Data by:<br />MaxMind Inc.&nbsp;&nbsp;(ISO 3166)]]></fielddescr>
<fieldname>ccexclude</fieldname>
<description>
- <![CDATA[Select Countries you want to <strong>Exclude</strong> from the Reputation Process.<br>
+ <![CDATA[Select Countries you want to <strong>Exclude</strong> from the Reputation Process.<br />
<strong>Use CTRL + CLICK to unselect countries</strong>]]>
</description>
<type>select</type>
@@ -1382,16 +1382,16 @@ $xmlrep = <<<EOF
<fielddescr>Subscription Pro. Blocklist</fielddescr>
<fieldname>ETINFO</fieldname>
<type>info</type>
- <description><![CDATA[<strong>Emerging Threats IQRisk</strong> is a Subscription Professional Reputation List.<br><br>
+ <description><![CDATA[<strong>Emerging Threats IQRisk</strong> is a Subscription Professional Reputation List.<br /><br />
ET IQRisk Blocklist must be entered in the Lists Tab using the following example:
<ul>https://rules.emergingthreatspro.com/XXXXXXXXXXXXXXXX/reputation/iprepdata.txt.gz</ul>
- Select the <strong>ET IQRisk'</strong> format. The URL should use the .gz File Type.<br>
+ Select the <strong>ET IQRisk'</strong> format. The URL should use the .gz File Type.<br />
Enter your "ETPRO" code in URL. Further information can be found @
- <a target=_new href='http://emergingthreats.net/solutions/iqrisk-suite/'>ET IQRisk IP Reputation</a><br><br>
+ <a target=_new href='http://emergingthreats.net/solutions/iqrisk-suite/'>ET IQRisk IP Reputation</a><br /><br />
To use <strong>'Match'</strong> Lists, Create a new 'Alias' and select one of the <strong>
- Action 'Match'</strong> Formats and <br>
+ Action 'Match'</strong> Formats and <br />
enter the 'Localfile' as: <ul>/var/db/pfblockerng/match/ETMatch.txt</ul>
- ET IQRisk Individual Match Lists can be found in the following folder:<br>
+ ET IQRisk Individual Match Lists can be found in the following folder:<br />
<ul>/var/db/pfblockerng/ET</ul> ]]>
</description>
</field>
@@ -1399,7 +1399,7 @@ $xmlrep = <<<EOF
<fielddescr>ET IQRisk Header Name</fielddescr>
<fieldname>et_header</fieldname>
<type>input</type>
- <description><![CDATA[Enter the 'Header Name' referenced in the IPv4 List TAB for ET IQRisk IPRep.<br>
+ <description><![CDATA[Enter the 'Header Name' referenced in the IPv4 List TAB for ET IQRisk IPRep.<br />
This will be used to improve the Alerts TAB reporting for ET IPRep.]]>
</description>
</field>
@@ -1407,9 +1407,9 @@ $xmlrep = <<<EOF
<fielddescr>ET IQRISK BLOCK LISTS</fielddescr>
<fieldname>etblock</fieldname>
<description>
- <![CDATA[Select Lists you want to BLOCK.<br>
+ <![CDATA[Select Lists you want to BLOCK.<br />
<strong>Use CTRL + CLICK to unselect Categories</strong>
- <br><br>Any Changes will take effect at the Next Scheduled CRON Task]]>
+ <br /><br />Any Changes will take effect at the Next Scheduled CRON Task]]>
</description>
<type>select</type>
<options>
@@ -1456,9 +1456,9 @@ $xmlrep = <<<EOF
<fielddescr>ET IQRISK Match LISTS</fielddescr>
<fieldname>etmatch</fieldname>
<description>
- <![CDATA[Select Lists you want to MATCH.<br>
+ <![CDATA[Select Lists you want to MATCH.<br />
<strong>Use CTRL + CLICK to unselect Categories</strong>
- <br><br>Any Changes will take effect at the Next Scheduled CRON Task]]>
+ <br /><br />Any Changes will take effect at the Next Scheduled CRON Task]]>
</description>
<type>select</type>
<options>
@@ -1504,9 +1504,9 @@ $xmlrep = <<<EOF
<field>
<fielddescr>Update ET Categories</fielddescr>
<fieldname>et_update</fieldname>
- <description><![CDATA[Default:<strong>Disable</strong><br>
- Select - Enable ET Update if Category Changes are Made.<br>
- You can perform a 'Force Update' to enable these changes.<br>
+ <description><![CDATA[Default:<strong>Disable</strong><br />
+ Select - Enable ET Update if Category Changes are Made.<br />
+ You can perform a 'Force Update' to enable these changes.<br />
Cron will also resync this list at the next Scheduled Update.]]>
</description>
<type>select</type>
diff --git a/config/pfblockerng/pfblockerng.widget.php b/config/pfblockerng/pfblockerng.widget.php
index b3ab5703..7ac9faa3 100644
--- a/config/pfblockerng/pfblockerng.widget.php
+++ b/config/pfblockerng/pfblockerng.widget.php
@@ -64,8 +64,8 @@ function pfBlockerNG_get_counts() {
// Collect Alias Count and Update Date/Time
$pfb_table = array();
- $out = "<img src ='/themes/{$g['theme']}/images/icons/icon_interface_down.gif' title=\"No Rules are Defined using this Alias\">";
- $in = "<img src ='/themes/{$g['theme']}/images/icons/icon_interface_up.gif' title=\"Rules are Defined using this Alias\">";
+ $out = "<img src ='/themes/{$g['theme']}/images/icons/icon_interface_down.gif' title=\"No Rules are Defined using this Alias\" alt=\"\" />";
+ $in = "<img src ='/themes/{$g['theme']}/images/icons/icon_interface_up.gif' title=\"Rules are Defined using this Alias\" alt=\"\" />";
if (is_array($config['aliases']['alias'])) {
foreach ($config['aliases']['alias'] as $cbalias) {
if (preg_match("/pfB_/", $cbalias['name'])) {
@@ -168,7 +168,7 @@ $fails = exec("grep $(date +%m/%d/%y) {$pfb['errlog']} | grep 'FAIL'", $results)
<table border="0" cellspacing="0" cellpadding="0">
<thead>
<tr>
- <td valign="middle">&nbsp;<img src="<?= $pfb_status ?>" width="13" height="13" border="0" title="<?=gettext($pfb_msg) ?>"></td>
+ <td valign="middle">&nbsp;<img src="<?= $pfb_status ?>" width="13" height="13" border="0" title="<?=gettext($pfb_msg) ?>" alt="" /></td>
<td valign="middle">&nbsp;&nbsp;</td>
<td valign="middle" p style="font-size:10px">
<?php if ($dcount != 0): ?>
@@ -187,11 +187,11 @@ $fails = exec("grep $(date +%m/%d/%y) {$pfb['errlog']} | grep 'FAIL'", $results)
<?=gettext("&nbsp;Supp:"); echo("&nbsp;<strong>" . $pfbsupp_cnt . "</strong>"); ?>
<?php endif; ?></td>
<td valign="middle">&nbsp;&nbsp;</td>
- <td valign="top"><a href="pfblockerng/pfblockerng_log.php"><img src="/themes/<?=$g['theme']; ?>/images/icons/icon_logs.gif" width="13" height="13" border="0" title="<?=gettext("View pfBlockerNG Logs TAB") ?>"></a>&nbsp;
+ <td valign="top"><a href="pfblockerng/pfblockerng_log.php"><img src="/themes/<?=$g['theme']; ?>/images/icons/icon_logs.gif" width="13" height="13" border="0" title="<?=gettext("View pfBlockerNG Logs TAB") ?>" alt="" /></a>&nbsp;
<td valign="top">
<?php if (!empty($results)): ?> <!--Hide "Ack" Button when Failed Downloads are Empty-->
<form action="/widgets/widgets/pfblockerng.widget.php" method="post" name="widget_pfblockerng_ack">
- <input type="hidden" value="clearack" name="pfblockerngack">
+ <input type="hidden" value="clearack" name="pfblockerngack" />
<input class="vexpl" type="image" name="pfblockerng_ackbutton" src="/themes/<?=$g['theme']; ?>/images/icons/icon_x.gif" width="14" height="14" border="0" title="<?=gettext("Clear Failed Downloads") ?>"/>
</form>
<?php endif; ?>
diff --git a/config/pfblockerng/pfblockerng.xml b/config/pfblockerng/pfblockerng.xml
index 469cb1fc..996ed3b6 100644
--- a/config/pfblockerng/pfblockerng.xml
+++ b/config/pfblockerng/pfblockerng.xml
@@ -272,13 +272,13 @@
<fielddescr><![CDATA[<strong>Enable pfBlockerNG</strong>]]></fielddescr>
<fieldname>enable_cb</fieldname>
<type>checkbox</type>
- <description><![CDATA[Note - with "Keep settings" enabled, pfBlockerNG will maintain run state on Installation/Upgrade<br>
+ <description><![CDATA[Note - with "Keep settings" enabled, pfBlockerNG will maintain run state on Installation/Upgrade<br />
If "Keep Settings" is not "enabled" on pkg Install/De-Install, all Settings will be Wiped!]]></description>
</field>
<field>
<fielddescr>CRON MIN Start Time</fielddescr>
<fieldname>pfb_min</fieldname>
- <description><![CDATA[Default: <strong> : 00</strong><br>
+ <description><![CDATA[Default: <strong> : 00</strong><br />
Select Cron Update Minute ]]></description>
<type>select</type>
<options>
@@ -291,7 +291,7 @@
<field>
<fielddescr>CRON Base Hour Start Time</fielddescr>
<fieldname>pfb_hour</fieldname>
- <description><![CDATA[Default: <strong> 1 </strong><br>
+ <description><![CDATA[Default: <strong> 1 </strong><br />
Select Cron Base Start Hour ]]></description>
<type>select</type>
<options>
@@ -324,8 +324,8 @@
<field>
<fielddescr>'Daily/Weekly' Start Hour</fielddescr>
<fieldname>pfb_dailystart</fieldname>
- <description><![CDATA[Default: <strong> 1 </strong><br>
- Select 'Daily' Schedule Start Hour <br>
+ <description><![CDATA[Default: <strong> 1 </strong><br />
+ Select 'Daily' Schedule Start Hour <br />
This is used for the 'Daily/Weekly' Scheduler Only.]]></description>
<type>select</type>
<options>
@@ -365,10 +365,10 @@
<fielddescr>Enable Suppression</fielddescr>
<fieldname>suppression</fieldname>
<type>checkbox</type>
- <description><![CDATA[This will prevent Selected IPs from being Blocked. Only for IPv4 Lists (/32 and /24).<br>
- Country Blocking Lists cannot be Suppressed.<br>
- This will also remove RFC1918 addresses, 0.0.0.0 and 127.0.0.1 from all Lists.<br><br>
- Alerts can be Suppressed using the '+' icon in the Alerts Tab and IPs added to the 'pfBlockerNGSuppress' Alias<br>
+ <description><![CDATA[This will prevent Selected IPs from being Blocked. Only for IPv4 Lists (/32 and /24).<br />
+ Country Blocking Lists cannot be Suppressed.<br />
+ This will also remove any RFC1918 addresses from all Lists.<br /><br />
+ Alerts can be Suppressed using the '+' icon in the Alerts Tab and IPs added to the 'pfBlockerNGSuppress' Alias<br />
A Blocked IP in a CIDR other than /24 will need to be Suppressed by an 'Permit Outbound' Firewall Rule]]>
</description>
</field>
@@ -388,14 +388,14 @@
<fielddescr>Disable MaxMind Country Database CRON Updates</fielddescr>
<fieldname>database_cc</fieldname>
<type>checkbox</type>
- <description><![CDATA[This will Disable the MaxMind Monthly Country Database Cron Update.<br>
+ <description><![CDATA[This will Disable the MaxMind Monthly Country Database Cron Update.<br />
This does not affect the MaxMind Binary Cron Task]]>
</description>
</field>
<field>
<fielddescr>Logfile Size</fielddescr>
<fieldname>log_maxlines</fieldname>
- <description><![CDATA[Default:<strong>20000</strong><br>
+ <description><![CDATA[Default:<strong>20000</strong><br />
Select number of Lines to Keep in Log File]]></description>
<type>select</type>
<options>
@@ -414,7 +414,7 @@
<field>
<fielddescr>Inbound Interface(s)</fielddescr>
<fieldname>inbound_interface</fieldname>
- <description><![CDATA[Default: <strong>WAN</strong><br>Select the interface(s) you want to Apply Rules to]]></description>
+ <description><![CDATA[Default: <strong>WAN</strong><br />Select the interface(s) you want to Apply Rules to]]></description>
<type>interfaces_selection</type>
<hideinterfaceregex>loopback</hideinterfaceregex>
<required/>
@@ -423,7 +423,7 @@
<field>
<fielddescr> - Rule Action</fielddescr>
<fieldname>inbound_deny_action</fieldname>
- <description><![CDATA[Default:<strong>Block</strong><br>
+ <description><![CDATA[Default:<strong>Block</strong><br />
Select 'Rule Action' for Inbound Rules]]></description>
<type>select</type>
<options>
@@ -434,7 +434,7 @@
<field>
<fielddescr>Outbound Interface(s)</fielddescr>
<fieldname>outbound_interface</fieldname>
- <description><![CDATA[Default:<strong>LAN</strong> or none.<br>Select the interface(s) you want to Apply Rules to]]></description>
+ <description><![CDATA[Default:<strong>LAN</strong> or none.<br />Select the interface(s) you want to Apply Rules to]]></description>
<type>interfaces_selection</type>
<hideinterfaceregex>loopback</hideinterfaceregex>
<required/>
@@ -443,7 +443,7 @@
<field>
<fielddescr> - Rule Action</fielddescr>
<fieldname>outbound_deny_action</fieldname>
- <description><![CDATA[Default:<strong>Reject</strong><br>
+ <description><![CDATA[Default:<strong>Reject</strong><br />
Select 'Rule Action' for Outbound rules]]></description>
<type>select</type>
<options>
@@ -461,16 +461,16 @@
<fielddescr><![CDATA[<strong>Floating Rules</strong>]]></fielddescr>
<fieldname>enable_float</fieldname>
<type>checkbox</type>
- <description><![CDATA[<strong>Enabled:&nbsp;</strong> Auto-Rules will be generated in the 'Floating Rules' Tab<br><br>
- <strong>Disabled:</strong> Auto-Rules will be generated in the Selected Inbound/Outbound Interfaces<br><br>
+ <description><![CDATA[<strong>Enabled:&nbsp;</strong> Auto-Rules will be generated in the 'Floating Rules' Tab<br /><br />
+ <strong>Disabled:</strong> Auto-Rules will be generated in the Selected Inbound/Outbound Interfaces<br /><br />
<strong>Rules will be ordered by the selection below.</strong>]]></description>
</field>
<field>
<fielddescr><![CDATA[<strong>Rule Order</strong>]]></fielddescr>
<fieldname>pass_order</fieldname>
- <description><![CDATA[<br>Default Order: <strong> | pfB_Block/Reject | All other Rules | (original format)<br></strong><br>
- Select The '<strong>Order</strong>' of the Rules<br>
- Selecting 'original format', sets pfBlockerNG rules at the top of the Firewall TAB.<br>
+ <description><![CDATA[<br />Default Order: <strong> | pfB_Block/Reject | All other Rules | (original format)<br /></strong><br />
+ Select The '<strong>Order</strong>' of the Rules<br />
+ Selecting 'original format', sets pfBlockerNG rules at the top of the Firewall TAB.<br />
Selecting any other 'Order' will re-order <strong>all the Rules to the format indicated!</strong>]]></description>
<type>select</type>
<options>
@@ -483,7 +483,7 @@
<field>
<fielddescr><![CDATA[<strong>Auto Rule Suffix</strong>]]></fielddescr>
<fieldname>autorule_suffix</fieldname>
- <description><![CDATA[Default:<strong>auto rule</strong><br>
+ <description><![CDATA[Default:<strong>auto rule</strong><br />
Select 'Auto Rule' Description Suffix for Auto Defined rules. pfBlockerNG Must be Disabled to Modify Suffix]]></description>
<type>select</type>
<options>
@@ -502,7 +502,7 @@
<type>info</type>
<description><![CDATA[<strong>
pfBlockerNG</strong> Created in 2014 by <a target=_new href='https://forum.pfsense.org/index.php?action=profile;u=238481'>BBcan177.</a>
- <br><br>Based upon pfBlocker by Marcello Coutinho and Tom Schaefer.<br>
+ <br /><br />Based upon pfBlocker by Marcello Coutinho and Tom Schaefer.<br />
Country Database GeoLite distributed under the Creative Commons Attribution-ShareAlike 3.0 Unported License by:
MaxMind Inc. @ <a target=_new href='http://www.maxmind.com'>MaxMind.com</a>.
The Database is Automatically Updated the First Tuesday of Each Month]]></description>
@@ -516,7 +516,7 @@
<field>
<fielddescr>Gold Membership</fielddescr>
<type>info</type>
- <description><![CDATA[If you like this package, please Support pfSense by subscribing to a <a target=_new href='https://portal.pfsense.org/gold-subscription.php'>Gold Membership</a><br> or support the developer @ BBCan177@gmail.com]]></description>
+ <description><![CDATA[If you like this package, please Support pfSense by subscribing to a <a target=_new href='https://portal.pfsense.org/gold-subscription.php'>Gold Membership</a><br /> or support the developer @ BBCan177@gmail.com]]></description>
</field>
<field>
<name><![CDATA[<ul>Click to SAVE Settings and/or Rule Edits. &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Changes are Applied via CRON or
diff --git a/config/pfblockerng/pfblockerng_top20.xml b/config/pfblockerng/pfblockerng_top20.xml
index 692917a3..7d2cf033 100644
--- a/config/pfblockerng/pfblockerng_top20.xml
+++ b/config/pfblockerng/pfblockerng_top20.xml
@@ -134,10 +134,10 @@
<type>info</type>
</field>
<field>
- <fielddescr><![CDATA[<br><strong>Top 20 IPv4</strong><br>Spammer Countries]]></fielddescr>
+ <fielddescr><![CDATA[<br /><strong>Top 20 IPv4</strong><br />Spammer Countries]]></fielddescr>
<fieldname>countries4</fieldname>
<description>
- <![CDATA[Select Top IPv4 Spammer Countries you want to take an action on.<br>
+ <![CDATA[Select Top IPv4 Spammer Countries you want to take an action on.<br />
<strong>Use CTRL + CLICK to unselect countries</strong>]]>
</description>
<type>select</type>
@@ -167,10 +167,10 @@
<multiple/>
</field>
<field>
- <fielddescr><![CDATA[<br><strong>Top 20 IPv6</strong><br>Spammer Countries]]></fielddescr>
+ <fielddescr><![CDATA[<br /><strong>Top 20 IPv6</strong><br />Spammer Countries]]></fielddescr>
<fieldname>countries6</fieldname>
<description>
- <![CDATA[Select Top IPv6 Spammer Countries you want to take an action on.<br>
+ <![CDATA[Select Top IPv6 Spammer Countries you want to take an action on.<br />
<strong>Use CTRL + CLICK to unselect countries</strong>]]>
</description>
<type>select</type>
@@ -201,41 +201,41 @@
</field>
<field>
<fielddescr>List Action</fielddescr>
- <description><![CDATA[<br>Default : <strong>Disabled</strong><br><br>
- Select the <strong>Action</strong> for Firewall Rules on lists you have selected.<br><br>
- <strong><u>'Disabled' Rules:</u></strong> Disables selection and does nothing to selected Alias.<br><br>
+ <description><![CDATA[<br />Default : <strong>Disabled</strong><br /><br />
+ Select the <strong>Action</strong> for Firewall Rules on lists you have selected.<br /><br />
+ <strong><u>'Disabled' Rules:</u></strong> Disables selection and does nothing to selected Alias.<br /><br />
- <strong><u>'Deny' Rules:</u></strong><br>
+ <strong><u>'Deny' Rules:</u></strong><br />
'Deny' rules create high priority 'block' or 'reject' rules on the stated interfaces. They don't change the 'pass' rules on other
- interfaces. Typical uses of 'Deny' rules are:<br>
+ interfaces. Typical uses of 'Deny' rules are:<br />
<ul><li><strong>Deny Both</strong> - blocks all traffic in both directions, if the source or destination IP is in the block list</li>
<li><strong>Deny Inbound/Deny Outbound</strong> - blocks all traffic in one direction <u>unless</u> it is part of a session started by
traffic sent in the other direction. Does not affect traffic in the other direction. </li>
<li>One way 'Deny' rules can be used to selectively block <u>unsolicited</u> incoming (new session) packets in one direction, while
still allowing <u>deliberate</u> outgoing sessions to be created in the other direction.</li></ul>
- <strong><u>'Permit' Rules:</u></strong><br>
- 'Permit' rules create high priority 'pass' rules on the stated interfaces. They are not the opposite of Deny rules, and don't create
- any 'blocking' effect anywhere. They have priority over all Deny rules. Typical uses of 'Permit' rules are:<br>
+ <strong><u>'Permit' Rules:</u></strong><br />
+ 'Permit' rules create high priority 'pass' rules on the stated interfaces. They are the opposite of Deny rules, and don't create
+ any 'blocking' effect anywhere. They have priority over all Deny rules. Typical uses of 'Permit' rules are:<br />
<ul><li><strong>To ensure</strong> that traffic to/from the listed IPs will <u>always</u> be allowed in the stated directions. They
override <u>almost all other</u> Firewall rules on the stated interfaces.</li>
<li><strong>To act as a whitelist</strong> for Deny rule exceptions, for example if a large IP range or pre-created blocklist blocks a
few IPs that should be accessible.</li></ul>
- <strong><u>'Match' Rules:</u></strong><br>
+ <strong><u>'Match' Rules:</u></strong><br />
'Match' or 'Log' only the traffic on the stated interfaces. This does not Block or Reject. It just Logs the traffic.
<ul><li><strong>Match Both</strong> - Matches all traffic in both directions, if the source or destination IP is in the list.</li>
- <li><strong>Match Inbound/Match Outbound</strong> - Matches all traffic in one direction only.</ul></li>
- <strong><u>'Alias' Rules:</u></strong><br>
+ <li><strong>Match Inbound/Match Outbound</strong> - Matches all traffic in one direction only.</li></ul>
+ <strong><u>'Alias' Rules:</u></strong><br />
<strong>'Alias'</strong> rules create an <a href="/firewall_aliases.php">alias</a> for the list (and do nothing else).
This enables a pfBlockerNG list to be used by name, in any firewall rule or pfSense function, as desired.
- <ul><li><strong>Options &nbsp;&nbsp; - Alias Deny,&nbsp; Alias Permit,&nbsp; Alias Match,&nbsp; Alias Native</strong></li><br>
- <li>'Alias Deny' can use De-Duplication and Reputation Processes if configured.</li><br>
- <li>'Alias Permit' and 'Alias Match' will be saved in the Same folder as the other Permit/Match Auto-Rules</li><br>
- <li>'Alias Native' lists are kept in their Native format without any modifications.</ul></li>
+ <ul><li><strong>Options &nbsp;&nbsp; - Alias Deny,&nbsp; Alias Permit,&nbsp; Alias Match,&nbsp; Alias Native</strong></li><br />
+ <li>'Alias Deny' can use De-Duplication and Reputation Processes if configured.</li><br />
+ <li>'Alias Permit' and 'Alias Match' will be saved in the Same folder as the other Permit/Match Auto-Rules</li><br />
+ <li>'Alias Native' lists are kept in their Native format without any modifications.</li></ul>
<strong>When using 'Alias' rules, change (pfB_) to ( pfb_ ) in the beginning of rule description and Use the 'Exact' spelling of
the Alias (no trailing Whitespace)&nbsp;</strong> Custom 'Alias' rules with 'pfB_ xxx' description will be removed by package if
- using Auto Rule Creation.<br><br><strong>Tip</strong>: You can create the Auto Rules and remove "<u>auto rule</u>" from the Rule
+ using Auto Rule Creation.<br /><br /><strong>Tip</strong>: You can create the Auto Rules and remove "<u>auto rule</u>" from the Rule
Descriptions, then disable Auto Rules. This method will 'KEEP' these rules from being 'Deleted' which will allow editing for a Custom
- Alias Configuration<br>]]>
+ Alias Configuration<br />]]>
</description>
<fieldname>action</fieldname>
<type>select</type>
@@ -258,7 +258,7 @@
<field>
<fielddescr>Enable Logging</fielddescr>
<fieldname>aliaslog</fieldname>
- <description><![CDATA[Default:<strong>Enable</strong><br>
+ <description><![CDATA[Default:<strong>Enable</strong><br />
Select - Logging to Status: System Logs: FIREWALL ( Log )]]>
</description>
<type>select</type>
diff --git a/config/pfblockerng/pfblockerng_v4lists.xml b/config/pfblockerng/pfblockerng_v4lists.xml
index b075f439..469607e6 100644
--- a/config/pfblockerng/pfblockerng_v4lists.xml
+++ b/config/pfblockerng/pfblockerng_v4lists.xml
@@ -162,11 +162,11 @@
<field>
<fielddescr>Alias Name</fielddescr>
<fieldname>aliasname</fieldname>
- <description><![CDATA[Enter lists Alias Names.<br>
- Example: Badguys<br>
- Do not include <strong>'pfBlocker' or 'pfB_'</strong> in the Alias Name, it's done by package.<br>
+ <description><![CDATA[Enter lists Alias Names.<br />
+ Example: Badguys<br />
+ Do not include <strong>'pfBlocker' or 'pfB_'</strong> in the Alias Name, it's done by package.<br />
<strong>International, special or space characters will be ignored in firewall alias names.
- </strong><br>]]>
+ </strong><br />]]>
</description>
<type>input</type>
<size>20</size>
@@ -180,43 +180,43 @@
<field>
<fieldname>InfoLists</fieldname>
<type>info</type>
- <description><![CDATA[<strong><u>'Format'</u></strong> : Select the Format Type<br><br>
+ <description><![CDATA[<strong><u>'Format'</u></strong> : Select the Format Type<br /><br />
<strong><u>'URL'</u></strong> : Add direct link to list:
Example: <a target=_new href='http://list.iblocklist.com/?list=bt_ads&fileformat=p2p&archiveformat=gz'>Ads</a>,
<a target=_new href='http://list.iblocklist.com/?list=bt_spyware&fileformat=p2p&archiveformat=gz'>Spyware</a>,
- <a target=_new href='http://list.iblocklist.com/?list=bt_proxy&fileformat=p2p&archiveformat=gz'>Proxies</a> )<br><br>
- <strong><u>'pfSense Local File'</u></strong> Format :<br><br>
+ <a target=_new href='http://list.iblocklist.com/?list=bt_proxy&fileformat=p2p&archiveformat=gz'>Proxies</a> )<br /><br />
+ <strong><u>'pfSense Local File'</u></strong> Format :<br /><br />
&nbsp;&nbsp;http(s)://127.0.0.1/NAME_OF_FILE &nbsp;&nbsp;<strong>or</strong>&nbsp;&nbsp;
- /usr/local/www/NAME_OF_FILE &nbsp;&nbsp; (Files can also be placed in the /var/db/pfblockerng folders)<br><br>
+ /usr/local/www/NAME_OF_FILE &nbsp;&nbsp; (Files can also be placed in the /var/db/pfblockerng folders)<br /><br />
- <strong><u>'Header'</u></strong> : Enter the <u>'Header' Field</u> it must be <u>Unique</u>, it will
- name the Blocklist File and it will be referenced in the pfBlocker Widget.
- Use a Unique Prefix per 'Alias Category' followed by a unique descriptor for each Blocklist.<br><br>]]>
+ <strong><u>'Header'</u></strong> : The <u>'Header' Field</u> must be <u>Unique</u>, it will
+ name the List File and it will be referenced in the pfBlockerNG Widget.
+ Use a Unique Prefix per 'Alias Category' followed by a unique descriptor for each List.<br /><br />]]>
</description>
</field>
<field>
<fielddescr><![CDATA[<strong>IPv4</strong> Lists]]></fielddescr>
<fieldname>none</fieldname>
- <description><![CDATA[<br><strong>'Format'</strong> - Choose the file format that URL will retrieve.<br>
+ <description><![CDATA[<br /><strong>'Format'</strong> - Choose the file format that URL will retrieve.<br />
- <ul><li><strong>'txt'</strong> Plain txt Lists</li><br>
- <li><strong>'gz'</strong> - IBlock GZ Lists in Range Format only.</li><br>
- <li><strong>'gz_2'</strong> - Other GZ Lists in IP or CIDR only.</li><br>
- <li><strong>'gz_lg'</strong> - Large IBlock GZ Lists in Range Format only.</li><br>
- <li><strong>'zip'</strong> - ZIP'd Lists</li><br>
- <li><strong>'block'</strong>- IP x.x.x.0 Block type</li><br>
- <li><strong>'html'</strong> - Web Links</li><br>
- <li><strong>'xlsx'</strong> - Excel Lists</li><br>
- <li><strong>'rsync'</strong> - RSync Lists</li><br>
- <li><strong>'ET IQRisk'</strong>- Only<br></li><br>
- <li><strong>'SKIP'</strong> - This format can be used to 'Disable' an Individual List.</li><br>
- <li><strong>'HOLD'</strong> - Once a List has been Downloaded, you can change to 'HOLD' to keep this list Static.</ul></li>
+ <ul><li><strong>'txt'</strong> Plain txt Lists</li><br />
+ <li><strong>'gz'</strong> - IBlock GZ Lists in Range Format only.</li><br />
+ <li><strong>'gz_2'</strong> - Other GZ Lists in IP or CIDR only.</li><br />
+ <li><strong>'gz_lg'</strong> - Large IBlock GZ Lists in Range Format only.</li><br />
+ <li><strong>'zip'</strong> - ZIP'd Lists</li><br />
+ <li><strong>'block'</strong>- IP x.x.x.0 Block type</li><br />
+ <li><strong>'html'</strong> - Web Links</li><br />
+ <li><strong>'xlsx'</strong> - Excel Lists</li><br />
+ <li><strong>'rsync'</strong> - RSync Lists</li><br />
+ <li><strong>'ET IQRisk'</strong> - Only</li><br />
+ <li><strong>'SKIP'</strong> - This format can be used to 'Disable' an Individual List.</li><br />
+ <li><strong>'HOLD'</strong> - Once a List has been Downloaded, you can change to 'HOLD' to keep this list Static.</li><br />
- <strong>Note: </strong><br>
- Downloaded or pfsense local file must have only one network per line and follows the syntax below:<br>
- Network ranges: <strong>172.16.1.0-172.16.1.255</strong><br>
- IP Address: <strong>172.16.1.10</strong><br>
- CIDR: <strong>172.16.1.0/24</strong><br><br>]]>
+ <strong>Note: </strong><br />
+ Downloaded or pfsense local file must have only one network per line and follows the syntax below:<br />
+ Network ranges: <strong>172.16.1.0-172.16.1.255</strong><br />
+ IP Address: <strong>172.16.1.10</strong><br />
+ CIDR: <strong>172.16.1.0/24</strong></ul><br /><br />]]>
</description>
<type>rowhelper</type>
<rowhelper>
@@ -255,41 +255,41 @@
</field>
<field>
<fielddescr>List Action</fielddescr>
- <description><![CDATA[<br>Default : <strong>Disabled</strong><br><br>
- Select the <strong>Action</strong> for Firewall Rules on lists you have selected.<br><br>
- <strong><u>'Disabled' Rules:</u></strong> Disables selection and does nothing to selected Alias.<br><br>
+ <description><![CDATA[<br />Default : <strong>Disabled</strong><br /><br />
+ Select the <strong>Action</strong> for Firewall Rules on lists you have selected.<br /><br />
+ <strong><u>'Disabled' Rules:</u></strong> Disables selection and does nothing to selected Alias.<br /><br />
- <strong><u>'Deny' Rules:</u></strong><br>
+ <strong><u>'Deny' Rules:</u></strong><br />
'Deny' rules create high priority 'block' or 'reject' rules on the stated interfaces. They don't change the 'pass' rules on other
- interfaces. Typical uses of 'Deny' rules are:<br>
+ interfaces. Typical uses of 'Deny' rules are:<br />
<ul><li><strong>Deny Both</strong> - blocks all traffic in both directions, if the source or destination IP is in the block list</li>
<li><strong>Deny Inbound/Deny Outbound</strong> - blocks all traffic in one direction <u>unless</u> it is part of a session started by
- traffic sent in the other direction. Does not affect traffic in the other direction. </li>
+ traffic sent in the other direction. Does not affect traffic in the other direction.</li>
<li>One way 'Deny' rules can be used to selectively block <u>unsolicited</u> incoming (new session) packets in one direction, while
still allowing <u>deliberate</u> outgoing sessions to be created in the other direction.</li></ul>
- <strong><u>'Permit' Rules:</u></strong><br>
- 'Permit' rules create high priority 'pass' rules on the stated interfaces. They are not the opposite of Deny rules, and don't create
- any 'blocking' effect anywhere. They have priority over all Deny rules. Typical uses of 'Permit' rules are:<br>
+ <strong><u>'Permit' Rules:</u></strong><br />
+ 'Permit' rules create high priority 'pass' rules on the stated interfaces. They are the opposite of Deny rules, and don't create
+ any 'blocking' effect anywhere. They have priority over all Deny rules. Typical uses of 'Permit' rules are:<br />
<ul><li><strong>To ensure</strong> that traffic to/from the listed IPs will <u>always</u> be allowed in the stated directions. They
override <u>almost all other</u> Firewall rules on the stated interfaces.</li>
<li><strong>To act as a whitelist</strong> for Deny rule exceptions, for example if a large IP range or pre-created blocklist blocks a
few IPs that should be accessible.</li></ul>
- <strong><u>'Match' Rules:</u></strong><br>
+ <strong><u>'Match' Rules:</u></strong><br />
'Match' or 'Log' only the traffic on the stated interfaces. This does not Block or Reject. It just Logs the traffic.
<ul><li><strong>Match Both</strong> - Matches all traffic in both directions, if the source or destination IP is in the list.</li>
- <li><strong>Match Inbound/Match Outbound</strong> - Matches all traffic in one direction only.</ul></li>
- <strong><u>'Alias' Rules:</u></strong><br>
- <strong>'Alias'</strong> rules create an <a target=_new href="/firewall_aliases.php">alias</a> for the list (and do nothing else).
+ <li><strong>Match Inbound/Match Outbound</strong> - Matches all traffic in one direction only.</li></ul>
+ <strong><u>'Alias' Rules:</u></strong><br />
+ <strong>'Alias'</strong> rules create an <a href="/firewall_aliases.php">alias</a> for the list (and do nothing else).
This enables a pfBlockerNG list to be used by name, in any firewall rule or pfSense function, as desired.
- <ul><li><strong>Options &nbsp;&nbsp; - Alias Deny,&nbsp; Alias Permit,&nbsp; Alias Match,&nbsp; Alias Native</strong></li><br>
- <li>'Alias Deny' can use De-Duplication and Reputation Processes if configured.</li><br>
- <li>'Alias Permit' and 'Alias Match' will be saved in the Same folder as the other Permit/Match Auto-Rules</li><br>
- <li>'Alias Native' lists are kept in their Native format without any modifications.</ul></li>
+ <ul><li><strong>Options &nbsp;&nbsp; - Alias Deny,&nbsp; Alias Permit,&nbsp; Alias Match,&nbsp; Alias Native</strong></li><br />
+ <li>'Alias Deny' can use De-Duplication and Reputation Processes if configured.</li><br />
+ <li>'Alias Permit' and 'Alias Match' will be saved in the Same folder as the other Permit/Match Auto-Rules</li><br />
+ <li>'Alias Native' lists are kept in their Native format without any modifications.</li></ul>
<strong>When using 'Alias' rules, change (pfB_) to ( pfb_ ) in the beginning of rule description and Use the 'Exact' spelling of
the Alias (no trailing Whitespace)&nbsp;</strong> Custom 'Alias' rules with 'pfB_ xxx' description will be removed by package if
- using Auto Rule Creation.<br><br><strong>Tip</strong>: You can create the Auto Rules and remove "<u>auto rule</u>" from the Rule
+ using Auto Rule Creation.<br /><br /><strong>Tip</strong>: You can create the Auto Rules and remove "<u>auto rule</u>" from the Rule
Descriptions, then disable Auto Rules. This method will 'KEEP' these rules from being 'Deleted' which will allow editing for a Custom
- Alias Configuration<br>]]>
+ Alias Configuration<br />]]>
</description>
<fieldname>action</fieldname>
<type>select</type>
@@ -313,7 +313,7 @@
<field>
<fielddescr>Update Frequency</fielddescr>
<fieldname>cron</fieldname>
- <description><![CDATA[Default:<strong>Never</strong><br>
+ <description><![CDATA[Default:<strong>Never</strong><br />
Select how often List files will be downloaded]]></description>
<type>select</type>
<options>
@@ -332,8 +332,8 @@
<field>
<fielddescr>Weekly (Day of Week)</fielddescr>
<fieldname>dow</fieldname>
- <description><![CDATA[Default:<strong>1</strong><br>
- Select the 'Weekly' ( Day of the Week ) to Update <br>
+ <description><![CDATA[Default:<strong>1</strong><br />
+ Select the 'Weekly' ( Day of the Week ) to Update <br />
This is only required for the 'Weekly' Frequency Selection. The 24 Hour Download 'Time' will be used.]]>
</description>
<type>select</type>
@@ -350,8 +350,8 @@
<field>
<fielddescr>Enable Logging</fielddescr>
<fieldname>aliaslog</fieldname>
- <description><![CDATA[Default:<strong>Enable</strong><br>
- Select - Logging to Status: System Logs: FIREWALL ( Log )<br>
+ <description><![CDATA[Default:<strong>Enable</strong><br />
+ Select - Logging to Status: System Logs: FIREWALL ( Log )<br />
This can be overriden by the 'Global Logging' Option in the General Tab.]]>
</description>
<type>select</type>
@@ -367,11 +367,11 @@
<field>
<fielddescr>IPv4 Custom Address(es)</fielddescr>
<fieldname>custom</fieldname>
- <description><![CDATA[Please limit the size of the Custom List as this is stored as 'Base64' format in the config.xml file.<br>
- Follow the syntax below:<br><br>
- Network ranges: <strong>172.16.1.0-172.16.1.255</strong><br>
- IP Address: <strong>172.16.1.10</strong><br>
- CIDR: <strong>172.16.1.0/24</strong><br><br>
+ <description><![CDATA[Please limit the size of the Custom List as this is stored as 'Base64' format in the config.xml file.<br />
+ Follow the syntax below:<br /><br />
+ Network ranges: <strong>172.16.1.0-172.16.1.255</strong><br />
+ IP Address: <strong>172.16.1.10</strong><br />
+ CIDR: <strong>172.16.1.0/24</strong><br /><br />
You may use "<strong>#</strong>" after any IP/CIDR/Range to add comments. ie: x.x.x.x # Safe IP Address]]>
</description>
<type>textarea</type>
@@ -382,7 +382,7 @@
<field>
<fielddescr>Update Custom List</fielddescr>
<fieldname>custom_update</fieldname>
- <description><![CDATA[Default:<strong>Disable</strong><br>
+ <description><![CDATA[Default:<strong>Disable</strong><br />
select - Enable Update if changes are made to this List. Cron will also resync this list at the next Scheduled Update.]]>
</description>
<type>select</type>
diff --git a/config/pfblockerng/pfblockerng_v6lists.xml b/config/pfblockerng/pfblockerng_v6lists.xml
index a13db64f..c324b310 100644
--- a/config/pfblockerng/pfblockerng_v6lists.xml
+++ b/config/pfblockerng/pfblockerng_v6lists.xml
@@ -162,11 +162,11 @@
<field>
<fielddescr>Alias Name</fielddescr>
<fieldname>aliasname</fieldname>
- <description><![CDATA[Enter lists Alias Names.<br>
- Example: Badguys<br>
- Do not include <strong>'pfBlocker' or 'pfB_'</strong> in the Alias Name, it's done by package.<br>
+ <description><![CDATA[Enter lists Alias Names.<br />
+ Example: Badguys<br />
+ Do not include <strong>'pfBlocker' or 'pfB_'</strong> in the Alias Name, it's done by package.<br />
<strong>International, special or space characters will be ignored in firewall alias names.
- </strong><br>]]>
+ </strong><br />]]>
</description>
<type>input</type>
<size>20</size>
@@ -180,41 +180,41 @@
<field>
<fieldname>InfoLists</fieldname>
<type>info</type>
- <description><![CDATA[<strong><u>'Format'</u></strong> : Select the Format Type<br><br>
+ <description><![CDATA[<strong><u>'Format'</u></strong> : Select the Format Type<br /><br />
<strong><u>'URL'</u></strong> : Add direct link to list:
(Example: <a target=_new href='http://list.iblocklist.com/?list=bt_ads&fileformat=p2p&archiveformat=gz'>Ads</a>,
<a target=_new href='http://list.iblocklist.com/?list=bt_spyware&fileformat=p2p&archiveformat=gz'>Spyware</a>,
- <a target=_new href='http://list.iblocklist.com/?list=bt_proxy&fileformat=p2p&archiveformat=gz'>Proxies</a> )<br><br>
- <strong><u>'pfSense Local File'</u></strong> Format :<br><br>
+ <a target=_new href='http://list.iblocklist.com/?list=bt_proxy&fileformat=p2p&archiveformat=gz'>Proxies</a> )<br /><br />
+ <strong><u>'pfSense Local File'</u></strong> Format :<br /><br />
&nbsp;&nbsp;http(s)://127.0.0.1/NAME_OF_FILE &nbsp;&nbsp;<strong>or</strong>&nbsp;&nbsp;
- /usr/local/www/NAME_OF_FILE &nbsp;&nbsp; ((Files can also be placed in the /var/db/pfblockerng folders)<br><br>
+ /usr/local/www/NAME_OF_FILE &nbsp;&nbsp; ((Files can also be placed in the /var/db/pfblockerng folders)<br /><br />
- <strong><u>'Header'</u></strong> : Enter the <u>'Header' Field</u> it must be <u>Unique</u>, it will
- name the Blocklist File and it will be referenced in the pfBlocker Widget.
- Use a Unique Prefix per 'Alias Category' followed by a unique descriptor for each Blocklist.<br><br>]]>
+ <strong><u>'Header'</u></strong> : The <u>'Header' Field</u> must be <u>Unique</u>, it will
+ name the List File and it will be referenced in the pfBlockerNG Widget.
+ Use a Unique Prefix per 'Alias Category' followed by a unique descriptor for each List.<br /><br />]]>
</description>
</field>
<field>
<fielddescr><![CDATA[<strong>IPv6</strong> Lists]]></fielddescr>
<fieldname>none</fieldname>
- <description><![CDATA[<br><strong>'Format'</strong> - Choose the file format that URL will retrieve.<br>
+ <description><![CDATA[<br /><strong>'Format'</strong> - Choose the file format that URL will retrieve.<br />
- <ul><li><strong>'txt'</strong> Plain txt Lists</li><br>
- <li><strong>'gz'</strong> - IBlock GZ Lists in Range Format</li><br>
- <li><strong>'gz_2'</strong> - Other GZ Lists in IP or CIDR only</li><br>
- <li><strong>'zip'</strong> - ZIP'd Lists</li><br>
- <li><strong>'block'</strong>- IP x.x.x.0 Block type</li><br>
- <li><strong>'html'</strong> - Web Links</li><br>
- <li><strong>'xlsx'</strong> - Excel Lists</li><br>
- <li><strong>'rsync'</strong> - RSync Lists</li><br>
- <li><strong>'SKIP'</strong> - This format can be used to 'Disable' an Individual List.</li><br>
- <li><strong>'HOLD'</strong> - Once a List has been Downloaded, you can change to 'HOLD' to keep this list Static.</ul></li>
+ <ul><li><strong>'txt'</strong> Plain txt Lists</li><br />
+ <li><strong>'gz'</strong> - IBlock GZ Lists in Range Format</li><br />
+ <li><strong>'gz_2'</strong> - Other GZ Lists in IP or CIDR only</li><br />
+ <li><strong>'zip'</strong> - ZIP'd Lists</li><br />
+ <li><strong>'block'</strong>- IP x.x.x.0 Block type</li><br />
+ <li><strong>'html'</strong> - Web Links</li><br />
+ <li><strong>'xlsx'</strong> - Excel Lists</li><br />
+ <li><strong>'rsync'</strong> - RSync Lists</li><br />
+ <li><strong>'SKIP'</strong> - This format can be used to 'Disable' an Individual List.</li><br />
+ <li><strong>'HOLD'</strong> - Once a List has been Downloaded, you can change to 'HOLD' to keep this list Static.</li><br />
- <strong>Note: </strong><br>
- Downloaded or pfSense local file must have only one network per line and follows the syntax below:<br>
- Network ranges: <strong> TBC </strong><br>
- IP Address: <strong> TBC </strong><br>
- CIDR: <strong> TBC </strong><br><br>]]>
+ <strong>Note: </strong><br />
+ Downloaded or pfSense local file must have only one network per line and follows the syntax below:<br />
+ Network ranges: <strong> TBC </strong><br />
+ IP Address: <strong> TBC </strong><br />
+ CIDR: <strong> TBC </strong></ul><br /><br />]]>
</description>
<type>rowhelper</type>
<rowhelper>
@@ -242,7 +242,7 @@
<size>75</size>
</rowhelperfield>
<rowhelperfield>
- <fielddescr>Header</fielddescr>
+ <fielddescr>Header</fielddescr>
<fieldname>header</fieldname>
<type>input</type>
<size>15</size>
@@ -251,41 +251,41 @@
</field>
<field>
<fielddescr>List Action</fielddescr>
- <description><![CDATA[<br>Default : <strong>Disabled</strong><br><br>
- Select the <strong>Action</strong> for Firewall Rules on lists you have selected.<br><br>
- <strong><u>'Disabled' Rules:</u></strong> Disables selection and does nothing to selected Alias.<br><br>
+ <description><![CDATA[<br />Default : <strong>Disabled</strong><br /><br />
+ Select the <strong>Action</strong> for Firewall Rules on lists you have selected.<br /><br />
+ <strong><u>'Disabled' Rules:</u></strong> Disables selection and does nothing to selected Alias.<br /><br />
- <strong><u>'Deny' Rules:</u></strong><br>
+ <strong><u>'Deny' Rules:</u></strong><br />
'Deny' rules create high priority 'block' or 'reject' rules on the stated interfaces. They don't change the 'pass' rules on other
- interfaces. Typical uses of 'Deny' rules are:<br>
+ interfaces. Typical uses of 'Deny' rules are:<br />
<ul><li><strong>Deny Both</strong> - blocks all traffic in both directions, if the source or destination IP is in the block list</li>
<li><strong>Deny Inbound/Deny Outbound</strong> - blocks all traffic in one direction <u>unless</u> it is part of a session started by
traffic sent in the other direction. Does not affect traffic in the other direction.</li>
<li>One way 'Deny' rules can be used to selectively block <u>unsolicited</u> incoming (new session) packets in one direction, while
still allowing <u>deliberate</u> outgoing sessions to be created in the other direction.</li></ul>
- <strong><u>'Permit' Rules:</u></strong><br>
- 'Permit' rules create high priority 'pass' rules on the stated interfaces. They are not the opposite of Deny rules, and don't create
- any 'blocking' effect anywhere. They have priority over all Deny rules. Typical uses of 'Permit' rules are:<br>
+ <strong><u>'Permit' Rules:</u></strong><br />
+ 'Permit' rules create high priority 'pass' rules on the stated interfaces. They are the opposite of Deny rules, and don't create
+ any 'blocking' effect anywhere. They have priority over all Deny rules. Typical uses of 'Permit' rules are:<br />
<ul><li><strong>To ensure</strong> that traffic to/from the listed IPs will <u>always</u> be allowed in the stated directions. They
override <u>almost all other</u> Firewall rules on the stated interfaces.</li>
<li><strong>To act as a whitelist</strong> for Deny rule exceptions, for example if a large IP range or pre-created blocklist blocks a
few IPs that should be accessible.</li></ul>
- <strong><u>'Match' Rules:</u></strong><br>
- 'Match' or 'Log' only the traffic on the stated interfaces. This does not Block or Reject. It just Logs the traffic.
+ <strong><u>'Match' Rules:</u></strong><br />
+ 'Match' or 'Log' only the traffic on the stated interfaces. This does not Block or Reject. It just Logs the traffic.
<ul><li><strong>Match Both</strong> - Matches all traffic in both directions, if the source or destination IP is in the list.</li>
- <li><strong>Match Inbound/Match Outbound</strong> - Matches all traffic in one direction only.</ul></li>
- <strong><u>'Alias' Rules:</u></strong><br>
+ <li><strong>Match Inbound/Match Outbound</strong> - Matches all traffic in one direction only.</li></ul>
+ <strong><u>'Alias' Rules:</u></strong><br />
<strong>'Alias'</strong> rules create an <a href="/firewall_aliases.php">alias</a> for the list (and do nothing else).
This enables a pfBlockerNG list to be used by name, in any firewall rule or pfSense function, as desired.
- <ul><li><strong>Options &nbsp;&nbsp; - Alias Deny,&nbsp; Alias Permit,&nbsp; Alias Match,&nbsp; Alias Native</strong></li><br>
- <li>'Alias Deny' can use De-Duplication and Reputation Processes if configured.</li><br>
- <li>'Alias Permit' and 'Alias Match' will be saved in the Same folder as the other Permit/Match Auto-Rules</li><br>
- <li>'Alias Native' lists are kept in their Native format without any modifications.</ul></li>
+ <ul><li><strong>Options &nbsp;&nbsp; - Alias Deny,&nbsp; Alias Permit,&nbsp; Alias Match,&nbsp; Alias Native</strong></li><br />
+ <li>'Alias Deny' can use De-Duplication and Reputation Processes if configured.</li><br />
+ <li>'Alias Permit' and 'Alias Match' will be saved in the Same folder as the other Permit/Match Auto-Rules</li><br />
+ <li>'Alias Native' lists are kept in their Native format without any modifications.</li></ul>
<strong>When using 'Alias' rules, change (pfB_) to ( pfb_ ) in the beginning of rule description and Use the 'Exact' spelling of
the Alias (no trailing Whitespace)&nbsp;</strong> Custom 'Alias' rules with 'pfB_ xxx' description will be removed by package if
- using Auto Rule Creation.<br><br><strong>Tip</strong>: You can create the Auto Rules and remove "<u>auto rule</u>" from the Rule
+ using Auto Rule Creation.<br /><br /><strong>Tip</strong>: You can create the Auto Rules and remove "<u>auto rule</u>" from the Rule
Descriptions, then disable Auto Rules. This method will 'KEEP' these rules from being 'Deleted' which will allow editing for a Custom
- Alias Configuration<br>]]>
+ Alias Configuration<br />]]>
</description>
<fieldname>action</fieldname>
<type>select</type>
@@ -309,7 +309,7 @@
<field>
<fielddescr>Update Frequency</fielddescr>
<fieldname>cron</fieldname>
- <description><![CDATA[Default:<strong>Never</strong><br>
+ <description><![CDATA[Default:<strong>Never</strong><br />
Select how often List files will be downloaded]]>
</description>
<type>select</type>
@@ -329,8 +329,8 @@
<field>
<fielddescr>Weekly (Day of Week)</fielddescr>
<fieldname>dow</fieldname>
- <description><![CDATA[Default:<strong>1</strong><br>
- Select the 'Weekly' ( Day of the Week ) to Update <br>
+ <description><![CDATA[Default:<strong>1</strong><br />
+ Select the 'Weekly' ( Day of the Week ) to Update <br />
This is only required for the 'Weekly' Frequency Selection. The 24 Hour Download 'Time' will be used.]]>
</description>
<type>select</type>
@@ -347,8 +347,8 @@
<field>
<fielddescr>Enable Logging</fielddescr>
<fieldname>aliaslog</fieldname>
- <description><![CDATA[Default:<strong>Enable</strong><br>
- Select - Logging to Status: System Logs: FIREWALL ( Log )<br>
+ <description><![CDATA[Default:<strong>Enable</strong><br />
+ Select - Logging to Status: System Logs: FIREWALL ( Log )<br />
This can be overriden by the 'Global Logging' Option in the General Tab.]]></description>
<type>select</type>
<options>
@@ -363,11 +363,11 @@
<field>
<fielddescr>IPv6 Custom Address(es)</fielddescr>
<fieldname>custom</fieldname>
- <description><![CDATA[Please limit the size of the Custom List as this is stored as 'Base64' format in the config.xml file.<br>
- Follow the syntax below:<br><br>
- Network ranges: <strong> TBC </strong><br>
- IP Address: <strong> TBC </strong><br>
- CIDR: <strong> TBC </strong><br><br>
+ <description><![CDATA[Please limit the size of the Custom List as this is stored as 'Base64' format in the config.xml file.<br />
+ Follow the syntax below:<br /><br />
+ Network ranges: <strong> TBC </strong><br />
+ IP Address: <strong> TBC </strong><br />
+ CIDR: <strong> TBC </strong><br /><br />
You may use "<strong>#</strong>" after any IP/CIDR/Range to add comments. # Safe IP Address]]>
</description>
<type>textarea</type>
@@ -378,7 +378,7 @@
<field>
<fielddescr>Update Custom List</fielddescr>
<fieldname>custom_update</fieldname>
- <description><![CDATA[Default:<strong>Disable</strong><br>
+ <description><![CDATA[Default:<strong>Disable</strong><br />
Select - Enable Update if changes are made to this List. Cron will also resync this list at the next Scheduled Update.]]>
</description>
<type>select</type>