From 40438c8ba1f7348d840e807e1c8446f5e8bf5561 Mon Sep 17 00:00:00 2001 From: BBcan177 Date: Tue, 9 Dec 2014 21:56:52 -0500 Subject: XHTML mods All
to
Widget Added alt="" to img tags Closed any open tags > to /> --- config/pfblockerng/pfblockerng.php | 134 ++++++++++++++--------------- config/pfblockerng/pfblockerng.widget.php | 10 +-- config/pfblockerng/pfblockerng.xml | 46 +++++----- config/pfblockerng/pfblockerng_top20.xml | 44 +++++----- config/pfblockerng/pfblockerng_v4lists.xml | 118 ++++++++++++------------- config/pfblockerng/pfblockerng_v6lists.xml | 114 ++++++++++++------------ 6 files changed, 233 insertions(+), 233 deletions(-) diff --git a/config/pfblockerng/pfblockerng.php b/config/pfblockerng/pfblockerng.php index 7dca9a1c..7539e9fd 100644 --- a/config/pfblockerng/pfblockerng.php +++ b/config/pfblockerng/pfblockerng.php @@ -922,10 +922,10 @@ $xml = <<info - IPv4
Countries]]>
+ IPv4
Countries]]>
countries4 - + Use CTRL + CLICK to unselect countries]]> select @@ -936,10 +936,10 @@ $xml = <<
- IPv6
Countries]]>
+ IPv6
Countries]]>
countries6 - + Use CTRL + CLICK to unselect countries]]> select @@ -951,41 +951,41 @@ $xml = << List Action - Default : Disabled

- Select the Action for Firewall Rules on lists you have selected.

- 'Disabled' Rules: Disables selection and does nothing to selected Alias.

+ Default : Disabled

+ Select the Action for Firewall Rules on lists you have selected.

+ 'Disabled' Rules: Disables selection and does nothing to selected Alias.

- 'Deny' Rules:
+ 'Deny' Rules:
'Deny' rules create high priority 'block' or 'reject' rules on the stated interfaces. They don't change the 'pass' rules on other - interfaces. Typical uses of 'Deny' rules are:
+ interfaces. Typical uses of 'Deny' rules are:
  • Deny Both - blocks all traffic in both directions, if the source or destination IP is in the block list
  • Deny Inbound/Deny Outbound - blocks all traffic in one direction unless it is part of a session started by traffic sent in the other direction. Does not affect traffic in the other direction.
  • One way 'Deny' rules can be used to selectively block unsolicited incoming (new session) packets in one direction, while still allowing deliberate outgoing sessions to be created in the other direction.
- 'Permit' Rules:
- 'Permit' rules create high priority 'pass' rules on the stated interfaces. They are not the opposite of Deny rules, and don't create - any 'blocking' effect anywhere. They have priority over all Deny rules. Typical uses of 'Permit' rules are:
+ 'Permit' Rules:
+ 'Permit' rules create high priority 'pass' rules on the stated interfaces. They are the opposite of Deny rules, and don't create + any 'blocking' effect anywhere. They have priority over all Deny rules. Typical uses of 'Permit' rules are:
  • To ensure that traffic to/from the listed IPs will always be allowed in the stated directions. They override almost all other Firewall rules on the stated interfaces.
  • To act as a whitelist for Deny rule exceptions, for example if a large IP range or pre-created blocklist blocks a few IPs that should be accessible.
- 'Match' Rules:
+ 'Match' Rules:
'Match' or 'Log' only the traffic on the stated interfaces. This does not Block or Reject. It just Logs the traffic.
  • Match Both - Matches all traffic in both directions, if the source or destination IP is in the list.
  • -
  • Match Inbound/Match Outbound - Matches all traffic in one direction only.
- 'Alias' Rules:
- 'Alias' rules create an alias for the list (and do nothing else). +
  • Match Inbound/Match Outbound - Matches all traffic in one direction only.
  • + 'Alias' Rules:
    + 'Alias' rules create an alias for the list (and do nothing else). This enables a pfBlockerNG list to be used by name, in any firewall rule or pfSense function, as desired. -
    • Options    - Alias Deny,  Alias Permit,  Alias Match,  Alias Native

    • -
    • 'Alias Deny' can use De-Duplication and Reputation Processes if configured.

    • -
    • 'Alias Permit' and 'Alias Match' will be saved in the Same folder as the other Permit/Match Auto-Rules

    • -
    • 'Alias Native' lists are kept in their Native format without any modifications.
    +
    • Options    - Alias Deny,  Alias Permit,  Alias Match,  Alias Native

    • +
    • 'Alias Deny' can use De-Duplication and Reputation Processes if configured.

    • +
    • 'Alias Permit' and 'Alias Match' will be saved in the Same folder as the other Permit/Match Auto-Rules

    • +
    • 'Alias Native' lists are kept in their Native format without any modifications.
    When using 'Alias' rules, change (pfB_) to ( pfb_ ) in the beginning of rule description and use the 'Exact' spelling of the Alias (no trailing Whitespace)  Custom 'Alias' rules with 'pfB_ xxx' description will be removed by package if - using Auto Rule Creation.

    Tip: You can create the Auto Rules and remove "auto rule" from the Rule + using Auto Rule Creation.

    Tip: You can create the Auto Rules and remove "auto rule" from the Rule Descriptions, then disable Auto Rules. This method will 'KEEP' these rules from being 'Deleted' which will allow editing for a Custom - Alias Configuration
    ]]> + Alias Configuration
    ]]>
    action select @@ -1009,8 +1009,8 @@ $xml = << Enable Logging aliaslog - Enable
    - Select - Logging to Status: System Logs: FIREWALL ( Log )
    + Enable
    + Select - Logging to Status: System Logs: FIREWALL ( Log )
    This can be overriden by the 'Global Logging' Option in the General Tab.]]>
    select @@ -1020,7 +1020,7 @@ $xml = << Click to SAVE Settings and/or Rule Edits.      Changes are Applied via CRON or - 'Force Update']]> + 'Force Update']]> listtopic @@ -1208,15 +1208,15 @@ $xmlrep = <<why info Reputation', each Blocklist will be analyzed for Repeat Offenders in each IP Range. -
      Example:    x.x.x.1, x.x.x.2, x.x.x.3, x.x.x.4, x.x.x.5
      +
        Example:    x.x.x.1, x.x.x.2, x.x.x.3, x.x.x.4, x.x.x.5
        No. of Repeat Offending IPs [  5  ], in a Blocklist within the same IP Range.
      With 'Reputation enabled, these 5 IPs will be removed and a single - x.x.x.0/24 Block is used.
      - This will completely Block/Reject this particular range from your Firewall.

      - Selecting Blocklists from various Threat Sources will help to highlight Repeat Offending IP Ranges,
      - Its Important to select a Broad Range of Blocklists that cover different types of Malicious Activity.

      - You *may* experience some False Positives. Add any False Positive IPs manually to the
      - pfBlockerNGSuppress Alias or use the "+" suppression Icon in the Alerts TAB

      + x.x.x.0/24 Block is used.
      + This will completely Block/Reject this particular range from your Firewall.

      + Selecting Blocklists from various Threat Sources will help to highlight Repeat Offending IP Ranges,
      + Its Important to select a Broad Range of Blocklists that cover different types of Malicious Activity.

      + You *may* experience some False Positives. Add any False Positive IPs manually to the
      + pfBlockerNGSuppress Alias or use the "+" suppression Icon in the Alerts TAB

      To help mitigate False Positives 'Countries' can be 'Excluded' from this Process. (Refer to Country Code Settings)]]> @@ -1226,7 +1226,7 @@ $xmlrep = << - Individual List Reputation

      ]]>
      + Individual List Reputation

      ]]>
      info
      @@ -1239,7 +1239,7 @@ $xmlrep = << Max ] Setting]]> p24_max_var - 5
      + 5
      Maximum number of Repeat Offenders allowed in a Single IP Range]]>
      select @@ -1253,22 +1253,22 @@ $xmlrep = << - Collective List Reputation

      ]]>
      + Collective List Reputation

      ]]>
      info
      info - [ pMax ] and [ dMax ]
      - Can be used to Further analyze for Repeat Offenders.
      + [ pMax ] and [ dMax ]
      + Can be used to Further analyze for Repeat Offenders.
        Analyzing All Blocklists as a Whole:
      -
        [ pMax ] will analyze for Repeat Offenders in each IP Range but will not use the Country Exclusion.
        - Default is 50 IPs in any Range. Having 50 Repeat Offenders IPs in any Range will Block the entire Range.

      -
        [ dMax ] will analyze for Repeat Offenders in each IP Range. Country Exclusions will be applied.
        +
          [ pMax ] will analyze for Repeat Offenders in each IP Range but will not use the Country Exclusion.
          + Default is 50 IPs in any Range. Having 50 Repeat Offenders IPs in any Range will Block the entire Range.

        +
          [ dMax ] will analyze for Repeat Offenders in each IP Range. Country Exclusions will be applied.
          Default is 5 IPs in any Range.
        Note: MAX performs on individual Blocklists, while pMAX / dMAX - perform on all Lists together.
        ]]> + perform on all Lists together.
        ]]> @@ -1281,7 +1281,7 @@ $xmlrep = << pMax ] Setting]]> p24_pmax_var - 50
        Maximum number of Repeat Offenders]]>
        + 50
        Maximum number of Repeat Offenders]]>
        select @@ -1302,7 +1302,7 @@ $xmlrep = << dMax ] Setting]]> p24_dmax_var - 5
        + 5
        Maximum number of Repeat Offenders]]>
        select @@ -1322,23 +1322,23 @@ $xmlrep = <<INFO info ignore Repeat Offenders in select - Countries. The Original Blocklisted IPs remain intact. All other Repeat Offending Country Ranges will be processed.

        - Define Repeat Offending Ranges [ Action ] Available settings are:
        + Countries. The Original Blocklisted IPs remain intact. All other Repeat Offending Country Ranges will be processed.

        + Define Repeat Offending Ranges [ Action ] Available settings are:
          Ignore: Repeat Offenders that are in the 'ccwhite' category will be 'Ignored' (Default)
          Block: Repeat Offenders are set to Block the entire Repeat Offending Range(s)
        -
          Match: Repeat Offenders are added to a 'Match' List which can be used in a Floating Match Rule
          +
            Match: Repeat Offenders are added to a 'Match' List which can be used in a Floating Match Rule
            Selecting 'Match' will consume more processing time, so only select this option if you enable Rules for it.
          - 'ccwhite' are Countries that are Selected to be excluded from the Repeat Offenders Search.
          - 'ccblack' are all other Countries that are not selected.

          + 'ccwhite' are Countries that are Selected to be excluded from the Repeat Offenders Search.
          + 'ccblack' are all other Countries that are not selected.

          To use 'Match' Lists, Create a new 'Alias' - and select one of the Action 'Match' Formats and
          enter the 'Localfile' as: + and select one of the Action 'Match' Formats and
          enter the 'Localfile' as:
            /var/db/pfblockerng/match/matchdedup.txt
          ]]> ccwhite Action: ccwhite - Ignore
          + Ignore
          Select the 'Action' format for ccwhite]]>
          select @@ -1350,7 +1350,7 @@ $xmlrep = << ccblack Action: ccblack - Block
          + Block
          Select the 'Action' format for ccblack]]>
          select @@ -1360,11 +1360,11 @@ $xmlrep = <<
          - IPv4
          Country Exclusion
          -
          Geolite Data by:
          MaxMind Inc.  (ISO 3166)]]>
          + IPv4
          Country Exclusion
          +
          Geolite Data by:
          MaxMind Inc.  (ISO 3166)]]>
          ccexclude - Exclude from the Reputation Process.
          + Exclude from the Reputation Process.
          Use CTRL + CLICK to unselect countries]]>
          select @@ -1382,16 +1382,16 @@ $xmlrep = <<Subscription Pro. Blocklist ETINFO info - Emerging Threats IQRisk is a Subscription Professional Reputation List.

          + Emerging Threats IQRisk is a Subscription Professional Reputation List.

          ET IQRisk Blocklist must be entered in the Lists Tab using the following example:
            https://rules.emergingthreatspro.com/XXXXXXXXXXXXXXXX/reputation/iprepdata.txt.gz
          - Select the ET IQRisk' format. The URL should use the .gz File Type.
          + Select the ET IQRisk' format. The URL should use the .gz File Type.
          Enter your "ETPRO" code in URL. Further information can be found @ - ET IQRisk IP Reputation

          + ET IQRisk IP Reputation

          To use 'Match' Lists, Create a new 'Alias' and select one of the - Action 'Match' Formats and
          + Action 'Match' Formats and
          enter the 'Localfile' as:
            /var/db/pfblockerng/match/ETMatch.txt
          - ET IQRisk Individual Match Lists can be found in the following folder:
          + ET IQRisk Individual Match Lists can be found in the following folder:
            /var/db/pfblockerng/ET
          ]]>
          @@ -1399,7 +1399,7 @@ $xmlrep = <<ET IQRisk Header Name et_header input - + This will be used to improve the Alerts TAB reporting for ET IPRep.]]> @@ -1407,9 +1407,9 @@ $xmlrep = <<ET IQRISK BLOCK LISTS etblock - + Use CTRL + CLICK to unselect Categories -

          Any Changes will take effect at the Next Scheduled CRON Task]]> +

          Any Changes will take effect at the Next Scheduled CRON Task]]>
          select @@ -1456,9 +1456,9 @@ $xmlrep = <<ET IQRISK Match LISTS etmatch - + Use CTRL + CLICK to unselect Categories -

          Any Changes will take effect at the Next Scheduled CRON Task]]> +

          Any Changes will take effect at the Next Scheduled CRON Task]]>
          select @@ -1504,9 +1504,9 @@ $xmlrep = << Update ET Categories et_update - Disable
          - Select - Enable ET Update if Category Changes are Made.
          - You can perform a 'Force Update' to enable these changes.
          + Disable
          + Select - Enable ET Update if Category Changes are Made.
          + You can perform a 'Force Update' to enable these changes.
          Cron will also resync this list at the next Scheduled Update.]]>
          select diff --git a/config/pfblockerng/pfblockerng.widget.php b/config/pfblockerng/pfblockerng.widget.php index b3ab5703..7ac9faa3 100644 --- a/config/pfblockerng/pfblockerng.widget.php +++ b/config/pfblockerng/pfblockerng.widget.php @@ -64,8 +64,8 @@ function pfBlockerNG_get_counts() { // Collect Alias Count and Update Date/Time $pfb_table = array(); - $out = ""; - $in = ""; + $out = "\"\""; + $in = "\"\""; if (is_array($config['aliases']['alias'])) { foreach ($config['aliases']['alias'] as $cbalias) { if (preg_match("/pfB_/", $cbalias['name'])) { @@ -168,7 +168,7 @@ $fails = exec("grep $(date +%m/%d/%y) {$pfb['errlog']} | grep 'FAIL'", $results) - + -
                @@ -187,11 +187,11 @@ $fails = exec("grep $(date +%m/%d/%y) {$pfb['errlog']} | grep 'FAIL'", $results) " . $pfbsupp_cnt . ""); ?>   ">  + " alt="" /> 
          - + "/>
          diff --git a/config/pfblockerng/pfblockerng.xml b/config/pfblockerng/pfblockerng.xml index 469cb1fc..996ed3b6 100644 --- a/config/pfblockerng/pfblockerng.xml +++ b/config/pfblockerng/pfblockerng.xml @@ -272,13 +272,13 @@ Enable pfBlockerNG]]> enable_cb checkbox - + If "Keep Settings" is not "enabled" on pkg Install/De-Install, all Settings will be Wiped!]]> CRON MIN Start Time pfb_min - : 00
          + : 00
          Select Cron Update Minute ]]>
          select @@ -291,7 +291,7 @@ CRON Base Hour Start Time pfb_hour - 1
          + 1
          Select Cron Base Start Hour ]]>
          select @@ -324,8 +324,8 @@ 'Daily/Weekly' Start Hour pfb_dailystart - 1
          - Select 'Daily' Schedule Start Hour
          + 1
          + Select 'Daily' Schedule Start Hour
          This is used for the 'Daily/Weekly' Scheduler Only.]]>
          select @@ -365,10 +365,10 @@ Enable Suppression suppression checkbox - - Country Blocking Lists cannot be Suppressed.
          - This will also remove RFC1918 addresses, 0.0.0.0 and 127.0.0.1 from all Lists.

          - Alerts can be Suppressed using the '+' icon in the Alerts Tab and IPs added to the 'pfBlockerNGSuppress' Alias
          + + Country Blocking Lists cannot be Suppressed.
          + This will also remove any RFC1918 addresses from all Lists.

          + Alerts can be Suppressed using the '+' icon in the Alerts Tab and IPs added to the 'pfBlockerNGSuppress' Alias
          A Blocked IP in a CIDR other than /24 will need to be Suppressed by an 'Permit Outbound' Firewall Rule]]>
          @@ -388,14 +388,14 @@ Disable MaxMind Country Database CRON Updates database_cc checkbox - + This does not affect the MaxMind Binary Cron Task]]>
          Logfile Size log_maxlines - 20000
          + 20000
          Select number of Lines to Keep in Log File]]>
          select @@ -414,7 +414,7 @@ Inbound Interface(s) inbound_interface - WAN
          Select the interface(s) you want to Apply Rules to]]>
          + WAN
          Select the interface(s) you want to Apply Rules to]]>
          interfaces_selection loopback @@ -423,7 +423,7 @@ - Rule Action inbound_deny_action - Block
          + Block
          Select 'Rule Action' for Inbound Rules]]>
          select @@ -434,7 +434,7 @@ Outbound Interface(s) outbound_interface - LAN or none.
          Select the interface(s) you want to Apply Rules to]]>
          + LAN or none.
          Select the interface(s) you want to Apply Rules to]]>
          interfaces_selection loopback @@ -443,7 +443,7 @@ - Rule Action outbound_deny_action - Reject
          + Reject
          Select 'Rule Action' for Outbound rules]]>
          select @@ -461,16 +461,16 @@ Floating Rules]]> enable_float checkbox - Enabled:  Auto-Rules will be generated in the 'Floating Rules' Tab

          - Disabled: Auto-Rules will be generated in the Selected Inbound/Outbound Interfaces

          + Enabled:  Auto-Rules will be generated in the 'Floating Rules' Tab

          + Disabled: Auto-Rules will be generated in the Selected Inbound/Outbound Interfaces

          Rules will be ordered by the selection below.]]>
          Rule Order]]> pass_order - Default Order: | pfB_Block/Reject | All other Rules | (original format)

          - Select The 'Order' of the Rules
          - Selecting 'original format', sets pfBlockerNG rules at the top of the Firewall TAB.
          + Default Order: | pfB_Block/Reject | All other Rules | (original format)

          + Select The 'Order' of the Rules
          + Selecting 'original format', sets pfBlockerNG rules at the top of the Firewall TAB.
          Selecting any other 'Order' will re-order all the Rules to the format indicated!]]>
          select @@ -483,7 +483,7 @@ Auto Rule Suffix]]> autorule_suffix - auto rule
          + auto rule
          Select 'Auto Rule' Description Suffix for Auto Defined rules. pfBlockerNG Must be Disabled to Modify Suffix]]>
          select @@ -502,7 +502,7 @@ info pfBlockerNG Created in 2014 by BBcan177. -

          Based upon pfBlocker by Marcello Coutinho and Tom Schaefer.
          +

          Based upon pfBlocker by Marcello Coutinho and Tom Schaefer.
          Country Database GeoLite distributed under the Creative Commons Attribution-ShareAlike 3.0 Unported License by: MaxMind Inc. @ MaxMind.com. The Database is Automatically Updated the First Tuesday of Each Month]]>
          @@ -516,7 +516,7 @@ Gold Membership info - Gold Membership
          or support the developer @ BBCan177@gmail.com]]>
          + Gold Membership
          or support the developer @ BBCan177@gmail.com]]>
          Click to SAVE Settings and/or Rule Edits.       Changes are Applied via CRON or diff --git a/config/pfblockerng/pfblockerng_top20.xml b/config/pfblockerng/pfblockerng_top20.xml index 692917a3..7d2cf033 100644 --- a/config/pfblockerng/pfblockerng_top20.xml +++ b/config/pfblockerng/pfblockerng_top20.xml @@ -134,10 +134,10 @@ info - Top 20 IPv4
          Spammer Countries]]>
          + Top 20 IPv4
          Spammer Countries]]>
          countries4 - + Use CTRL + CLICK to unselect countries]]> select @@ -167,10 +167,10 @@
          - Top 20 IPv6
          Spammer Countries]]>
          + Top 20 IPv6
          Spammer Countries]]>
          countries6 - + Use CTRL + CLICK to unselect countries]]> select @@ -201,41 +201,41 @@
          List Action - Default : Disabled

          - Select the Action for Firewall Rules on lists you have selected.

          - 'Disabled' Rules: Disables selection and does nothing to selected Alias.

          + Default : Disabled

          + Select the Action for Firewall Rules on lists you have selected.

          + 'Disabled' Rules: Disables selection and does nothing to selected Alias.

          - 'Deny' Rules:
          + 'Deny' Rules:
          'Deny' rules create high priority 'block' or 'reject' rules on the stated interfaces. They don't change the 'pass' rules on other - interfaces. Typical uses of 'Deny' rules are:
          + interfaces. Typical uses of 'Deny' rules are:
          • Deny Both - blocks all traffic in both directions, if the source or destination IP is in the block list
          • Deny Inbound/Deny Outbound - blocks all traffic in one direction unless it is part of a session started by traffic sent in the other direction. Does not affect traffic in the other direction.
          • One way 'Deny' rules can be used to selectively block unsolicited incoming (new session) packets in one direction, while still allowing deliberate outgoing sessions to be created in the other direction.
          - 'Permit' Rules:
          - 'Permit' rules create high priority 'pass' rules on the stated interfaces. They are not the opposite of Deny rules, and don't create - any 'blocking' effect anywhere. They have priority over all Deny rules. Typical uses of 'Permit' rules are:
          + 'Permit' Rules:
          + 'Permit' rules create high priority 'pass' rules on the stated interfaces. They are the opposite of Deny rules, and don't create + any 'blocking' effect anywhere. They have priority over all Deny rules. Typical uses of 'Permit' rules are:
          • To ensure that traffic to/from the listed IPs will always be allowed in the stated directions. They override almost all other Firewall rules on the stated interfaces.
          • To act as a whitelist for Deny rule exceptions, for example if a large IP range or pre-created blocklist blocks a few IPs that should be accessible.
          - 'Match' Rules:
          + 'Match' Rules:
          'Match' or 'Log' only the traffic on the stated interfaces. This does not Block or Reject. It just Logs the traffic.
          • Match Both - Matches all traffic in both directions, if the source or destination IP is in the list.
          • -
          • Match Inbound/Match Outbound - Matches all traffic in one direction only.
          - 'Alias' Rules:
          +
        • Match Inbound/Match Outbound - Matches all traffic in one direction only.
        • + 'Alias' Rules:
          'Alias' rules create an alias for the list (and do nothing else). This enables a pfBlockerNG list to be used by name, in any firewall rule or pfSense function, as desired. -
          • Options    - Alias Deny,  Alias Permit,  Alias Match,  Alias Native

          • -
          • 'Alias Deny' can use De-Duplication and Reputation Processes if configured.

          • -
          • 'Alias Permit' and 'Alias Match' will be saved in the Same folder as the other Permit/Match Auto-Rules

          • -
          • 'Alias Native' lists are kept in their Native format without any modifications.
          +
          • Options    - Alias Deny,  Alias Permit,  Alias Match,  Alias Native

          • +
          • 'Alias Deny' can use De-Duplication and Reputation Processes if configured.

          • +
          • 'Alias Permit' and 'Alias Match' will be saved in the Same folder as the other Permit/Match Auto-Rules

          • +
          • 'Alias Native' lists are kept in their Native format without any modifications.
          When using 'Alias' rules, change (pfB_) to ( pfb_ ) in the beginning of rule description and Use the 'Exact' spelling of the Alias (no trailing Whitespace)  Custom 'Alias' rules with 'pfB_ xxx' description will be removed by package if - using Auto Rule Creation.

          Tip: You can create the Auto Rules and remove "auto rule" from the Rule + using Auto Rule Creation.

          Tip: You can create the Auto Rules and remove "auto rule" from the Rule Descriptions, then disable Auto Rules. This method will 'KEEP' these rules from being 'Deleted' which will allow editing for a Custom - Alias Configuration
          ]]> + Alias Configuration
          ]]>
          action select @@ -258,7 +258,7 @@ Enable Logging aliaslog - Enable
          + Enable
          Select - Logging to Status: System Logs: FIREWALL ( Log )]]>
          select diff --git a/config/pfblockerng/pfblockerng_v4lists.xml b/config/pfblockerng/pfblockerng_v4lists.xml index b075f439..469607e6 100644 --- a/config/pfblockerng/pfblockerng_v4lists.xml +++ b/config/pfblockerng/pfblockerng_v4lists.xml @@ -162,11 +162,11 @@ Alias Name aliasname - - Example: Badguys
          - Do not include 'pfBlocker' or 'pfB_' in the Alias Name, it's done by package.
          + + Example: Badguys
          + Do not include 'pfBlocker' or 'pfB_' in the Alias Name, it's done by package.
          International, special or space characters will be ignored in firewall alias names. -
          ]]> +
          ]]>
          input 20 @@ -180,43 +180,43 @@ InfoLists info - 'Format' : Select the Format Type

          + 'Format' : Select the Format Type

          'URL' : Add direct link to list: Example: Ads, Spyware, - Proxies )

          - 'pfSense Local File' Format :

          + Proxies )

          + 'pfSense Local File' Format :

            http(s)://127.0.0.1/NAME_OF_FILE   or   - /usr/local/www/NAME_OF_FILE    (Files can also be placed in the /var/db/pfblockerng folders)

          + /usr/local/www/NAME_OF_FILE    (Files can also be placed in the /var/db/pfblockerng folders)

          - 'Header' : Enter the 'Header' Field it must be Unique, it will - name the Blocklist File and it will be referenced in the pfBlocker Widget. - Use a Unique Prefix per 'Alias Category' followed by a unique descriptor for each Blocklist.

          ]]> + 'Header' : The 'Header' Field must be Unique, it will + name the List File and it will be referenced in the pfBlockerNG Widget. + Use a Unique Prefix per 'Alias Category' followed by a unique descriptor for each List.

          ]]>
          IPv4 Lists]]> none - 'Format' - Choose the file format that URL will retrieve.
          + 'Format' - Choose the file format that URL will retrieve.
          -
          • 'txt' Plain txt Lists

          • -
          • 'gz' - IBlock GZ Lists in Range Format only.

          • -
          • 'gz_2' - Other GZ Lists in IP or CIDR only.

          • -
          • 'gz_lg' - Large IBlock GZ Lists in Range Format only.

          • -
          • 'zip' - ZIP'd Lists

          • -
          • 'block'- IP x.x.x.0 Block type

          • -
          • 'html' - Web Links

          • -
          • 'xlsx' - Excel Lists

          • -
          • 'rsync' - RSync Lists

          • -
          • 'ET IQRisk'- Only

          • -
          • 'SKIP' - This format can be used to 'Disable' an Individual List.

          • -
          • 'HOLD' - Once a List has been Downloaded, you can change to 'HOLD' to keep this list Static.
          +
          • 'txt' Plain txt Lists

          • +
          • 'gz' - IBlock GZ Lists in Range Format only.

          • +
          • 'gz_2' - Other GZ Lists in IP or CIDR only.

          • +
          • 'gz_lg' - Large IBlock GZ Lists in Range Format only.

          • +
          • 'zip' - ZIP'd Lists

          • +
          • 'block'- IP x.x.x.0 Block type

          • +
          • 'html' - Web Links

          • +
          • 'xlsx' - Excel Lists

          • +
          • 'rsync' - RSync Lists

          • +
          • 'ET IQRisk' - Only

          • +
          • 'SKIP' - This format can be used to 'Disable' an Individual List.

          • +
          • 'HOLD' - Once a List has been Downloaded, you can change to 'HOLD' to keep this list Static.

          • - Note:
            - Downloaded or pfsense local file must have only one network per line and follows the syntax below:
            - Network ranges: 172.16.1.0-172.16.1.255
            - IP Address: 172.16.1.10
            - CIDR: 172.16.1.0/24

            ]]> + Note:
            + Downloaded or pfsense local file must have only one network per line and follows the syntax below:
            + Network ranges: 172.16.1.0-172.16.1.255
            + IP Address: 172.16.1.10
            + CIDR: 172.16.1.0/24


          ]]>
          rowhelper @@ -255,41 +255,41 @@
          List Action - Default : Disabled

          - Select the Action for Firewall Rules on lists you have selected.

          - 'Disabled' Rules: Disables selection and does nothing to selected Alias.

          + Default : Disabled

          + Select the Action for Firewall Rules on lists you have selected.

          + 'Disabled' Rules: Disables selection and does nothing to selected Alias.

          - 'Deny' Rules:
          + 'Deny' Rules:
          'Deny' rules create high priority 'block' or 'reject' rules on the stated interfaces. They don't change the 'pass' rules on other - interfaces. Typical uses of 'Deny' rules are:
          + interfaces. Typical uses of 'Deny' rules are:
          • Deny Both - blocks all traffic in both directions, if the source or destination IP is in the block list
          • Deny Inbound/Deny Outbound - blocks all traffic in one direction unless it is part of a session started by - traffic sent in the other direction. Does not affect traffic in the other direction.
          • + traffic sent in the other direction. Does not affect traffic in the other direction.
          • One way 'Deny' rules can be used to selectively block unsolicited incoming (new session) packets in one direction, while still allowing deliberate outgoing sessions to be created in the other direction.
          - 'Permit' Rules:
          - 'Permit' rules create high priority 'pass' rules on the stated interfaces. They are not the opposite of Deny rules, and don't create - any 'blocking' effect anywhere. They have priority over all Deny rules. Typical uses of 'Permit' rules are:
          + 'Permit' Rules:
          + 'Permit' rules create high priority 'pass' rules on the stated interfaces. They are the opposite of Deny rules, and don't create + any 'blocking' effect anywhere. They have priority over all Deny rules. Typical uses of 'Permit' rules are:
          • To ensure that traffic to/from the listed IPs will always be allowed in the stated directions. They override almost all other Firewall rules on the stated interfaces.
          • To act as a whitelist for Deny rule exceptions, for example if a large IP range or pre-created blocklist blocks a few IPs that should be accessible.
          - 'Match' Rules:
          + 'Match' Rules:
          'Match' or 'Log' only the traffic on the stated interfaces. This does not Block or Reject. It just Logs the traffic.
          • Match Both - Matches all traffic in both directions, if the source or destination IP is in the list.
          • -
          • Match Inbound/Match Outbound - Matches all traffic in one direction only.
          - 'Alias' Rules:
          - 'Alias' rules create an alias for the list (and do nothing else). +
        • Match Inbound/Match Outbound - Matches all traffic in one direction only.
        • + 'Alias' Rules:
          + 'Alias' rules create an alias for the list (and do nothing else). This enables a pfBlockerNG list to be used by name, in any firewall rule or pfSense function, as desired. -
          • Options    - Alias Deny,  Alias Permit,  Alias Match,  Alias Native

          • -
          • 'Alias Deny' can use De-Duplication and Reputation Processes if configured.

          • -
          • 'Alias Permit' and 'Alias Match' will be saved in the Same folder as the other Permit/Match Auto-Rules

          • -
          • 'Alias Native' lists are kept in their Native format without any modifications.
          +
          • Options    - Alias Deny,  Alias Permit,  Alias Match,  Alias Native

          • +
          • 'Alias Deny' can use De-Duplication and Reputation Processes if configured.

          • +
          • 'Alias Permit' and 'Alias Match' will be saved in the Same folder as the other Permit/Match Auto-Rules

          • +
          • 'Alias Native' lists are kept in their Native format without any modifications.
          When using 'Alias' rules, change (pfB_) to ( pfb_ ) in the beginning of rule description and Use the 'Exact' spelling of the Alias (no trailing Whitespace)  Custom 'Alias' rules with 'pfB_ xxx' description will be removed by package if - using Auto Rule Creation.

          Tip: You can create the Auto Rules and remove "auto rule" from the Rule + using Auto Rule Creation.

          Tip: You can create the Auto Rules and remove "auto rule" from the Rule Descriptions, then disable Auto Rules. This method will 'KEEP' these rules from being 'Deleted' which will allow editing for a Custom - Alias Configuration
          ]]> + Alias Configuration
          ]]>
          action select @@ -313,7 +313,7 @@ Update Frequency cron - Never
          + Never
          Select how often List files will be downloaded]]>
          select @@ -332,8 +332,8 @@ Weekly (Day of Week) dow - 1
          - Select the 'Weekly' ( Day of the Week ) to Update
          + 1
          + Select the 'Weekly' ( Day of the Week ) to Update
          This is only required for the 'Weekly' Frequency Selection. The 24 Hour Download 'Time' will be used.]]>
          select @@ -350,8 +350,8 @@ Enable Logging aliaslog - Enable
          - Select - Logging to Status: System Logs: FIREWALL ( Log )
          + Enable
          + Select - Logging to Status: System Logs: FIREWALL ( Log )
          This can be overriden by the 'Global Logging' Option in the General Tab.]]>
          select @@ -367,11 +367,11 @@ IPv4 Custom Address(es) custom - - Follow the syntax below:

          - Network ranges: 172.16.1.0-172.16.1.255
          - IP Address: 172.16.1.10
          - CIDR: 172.16.1.0/24

          + + Follow the syntax below:

          + Network ranges: 172.16.1.0-172.16.1.255
          + IP Address: 172.16.1.10
          + CIDR: 172.16.1.0/24

          You may use "#" after any IP/CIDR/Range to add comments. ie: x.x.x.x # Safe IP Address]]>
          textarea @@ -382,7 +382,7 @@ Update Custom List custom_update - Disable
          + Disable
          select - Enable Update if changes are made to this List. Cron will also resync this list at the next Scheduled Update.]]>
          select diff --git a/config/pfblockerng/pfblockerng_v6lists.xml b/config/pfblockerng/pfblockerng_v6lists.xml index a13db64f..c324b310 100644 --- a/config/pfblockerng/pfblockerng_v6lists.xml +++ b/config/pfblockerng/pfblockerng_v6lists.xml @@ -162,11 +162,11 @@ Alias Name aliasname - - Example: Badguys
          - Do not include 'pfBlocker' or 'pfB_' in the Alias Name, it's done by package.
          + + Example: Badguys
          + Do not include 'pfBlocker' or 'pfB_' in the Alias Name, it's done by package.
          International, special or space characters will be ignored in firewall alias names. -
          ]]> +
          ]]>
          input 20 @@ -180,41 +180,41 @@ InfoLists info - 'Format' : Select the Format Type

          + 'Format' : Select the Format Type

          'URL' : Add direct link to list: (Example: Ads, Spyware, - Proxies )

          - 'pfSense Local File' Format :

          + Proxies )

          + 'pfSense Local File' Format :

            http(s)://127.0.0.1/NAME_OF_FILE   or   - /usr/local/www/NAME_OF_FILE    ((Files can also be placed in the /var/db/pfblockerng folders)

          + /usr/local/www/NAME_OF_FILE    ((Files can also be placed in the /var/db/pfblockerng folders)

          - 'Header' : Enter the 'Header' Field it must be Unique, it will - name the Blocklist File and it will be referenced in the pfBlocker Widget. - Use a Unique Prefix per 'Alias Category' followed by a unique descriptor for each Blocklist.

          ]]> + 'Header' : The 'Header' Field must be Unique, it will + name the List File and it will be referenced in the pfBlockerNG Widget. + Use a Unique Prefix per 'Alias Category' followed by a unique descriptor for each List.

          ]]>
          IPv6 Lists]]> none - 'Format' - Choose the file format that URL will retrieve.
          + 'Format' - Choose the file format that URL will retrieve.
          -
          • 'txt' Plain txt Lists

          • -
          • 'gz' - IBlock GZ Lists in Range Format

          • -
          • 'gz_2' - Other GZ Lists in IP or CIDR only

          • -
          • 'zip' - ZIP'd Lists

          • -
          • 'block'- IP x.x.x.0 Block type

          • -
          • 'html' - Web Links

          • -
          • 'xlsx' - Excel Lists

          • -
          • 'rsync' - RSync Lists

          • -
          • 'SKIP' - This format can be used to 'Disable' an Individual List.

          • -
          • 'HOLD' - Once a List has been Downloaded, you can change to 'HOLD' to keep this list Static.
          +
          • 'txt' Plain txt Lists

          • +
          • 'gz' - IBlock GZ Lists in Range Format

          • +
          • 'gz_2' - Other GZ Lists in IP or CIDR only

          • +
          • 'zip' - ZIP'd Lists

          • +
          • 'block'- IP x.x.x.0 Block type

          • +
          • 'html' - Web Links

          • +
          • 'xlsx' - Excel Lists

          • +
          • 'rsync' - RSync Lists

          • +
          • 'SKIP' - This format can be used to 'Disable' an Individual List.

          • +
          • 'HOLD' - Once a List has been Downloaded, you can change to 'HOLD' to keep this list Static.

          • - Note:
            - Downloaded or pfSense local file must have only one network per line and follows the syntax below:
            - Network ranges: TBC
            - IP Address: TBC
            - CIDR: TBC

            ]]> + Note:
            + Downloaded or pfSense local file must have only one network per line and follows the syntax below:
            + Network ranges: TBC
            + IP Address: TBC
            + CIDR: TBC


          ]]>
          rowhelper @@ -242,7 +242,7 @@ 75 - Header + Header header input 15 @@ -251,41 +251,41 @@
          List Action - Default : Disabled

          - Select the Action for Firewall Rules on lists you have selected.

          - 'Disabled' Rules: Disables selection and does nothing to selected Alias.

          + Default : Disabled

          + Select the Action for Firewall Rules on lists you have selected.

          + 'Disabled' Rules: Disables selection and does nothing to selected Alias.

          - 'Deny' Rules:
          + 'Deny' Rules:
          'Deny' rules create high priority 'block' or 'reject' rules on the stated interfaces. They don't change the 'pass' rules on other - interfaces. Typical uses of 'Deny' rules are:
          + interfaces. Typical uses of 'Deny' rules are:
          • Deny Both - blocks all traffic in both directions, if the source or destination IP is in the block list
          • Deny Inbound/Deny Outbound - blocks all traffic in one direction unless it is part of a session started by traffic sent in the other direction. Does not affect traffic in the other direction.
          • One way 'Deny' rules can be used to selectively block unsolicited incoming (new session) packets in one direction, while still allowing deliberate outgoing sessions to be created in the other direction.
          - 'Permit' Rules:
          - 'Permit' rules create high priority 'pass' rules on the stated interfaces. They are not the opposite of Deny rules, and don't create - any 'blocking' effect anywhere. They have priority over all Deny rules. Typical uses of 'Permit' rules are:
          + 'Permit' Rules:
          + 'Permit' rules create high priority 'pass' rules on the stated interfaces. They are the opposite of Deny rules, and don't create + any 'blocking' effect anywhere. They have priority over all Deny rules. Typical uses of 'Permit' rules are:
          • To ensure that traffic to/from the listed IPs will always be allowed in the stated directions. They override almost all other Firewall rules on the stated interfaces.
          • To act as a whitelist for Deny rule exceptions, for example if a large IP range or pre-created blocklist blocks a few IPs that should be accessible.
          - 'Match' Rules:
          - 'Match' or 'Log' only the traffic on the stated interfaces. This does not Block or Reject. It just Logs the traffic. + 'Match' Rules:
          + 'Match' or 'Log' only the traffic on the stated interfaces. This does not Block or Reject. It just Logs the traffic.
          • Match Both - Matches all traffic in both directions, if the source or destination IP is in the list.
          • -
          • Match Inbound/Match Outbound - Matches all traffic in one direction only.
          - 'Alias' Rules:
          +
        • Match Inbound/Match Outbound - Matches all traffic in one direction only.
        • + 'Alias' Rules:
          'Alias' rules create an alias for the list (and do nothing else). This enables a pfBlockerNG list to be used by name, in any firewall rule or pfSense function, as desired. -
          • Options    - Alias Deny,  Alias Permit,  Alias Match,  Alias Native

          • -
          • 'Alias Deny' can use De-Duplication and Reputation Processes if configured.

          • -
          • 'Alias Permit' and 'Alias Match' will be saved in the Same folder as the other Permit/Match Auto-Rules

          • -
          • 'Alias Native' lists are kept in their Native format without any modifications.
          +
          • Options    - Alias Deny,  Alias Permit,  Alias Match,  Alias Native

          • +
          • 'Alias Deny' can use De-Duplication and Reputation Processes if configured.

          • +
          • 'Alias Permit' and 'Alias Match' will be saved in the Same folder as the other Permit/Match Auto-Rules

          • +
          • 'Alias Native' lists are kept in their Native format without any modifications.
          When using 'Alias' rules, change (pfB_) to ( pfb_ ) in the beginning of rule description and Use the 'Exact' spelling of the Alias (no trailing Whitespace)  Custom 'Alias' rules with 'pfB_ xxx' description will be removed by package if - using Auto Rule Creation.

          Tip: You can create the Auto Rules and remove "auto rule" from the Rule + using Auto Rule Creation.

          Tip: You can create the Auto Rules and remove "auto rule" from the Rule Descriptions, then disable Auto Rules. This method will 'KEEP' these rules from being 'Deleted' which will allow editing for a Custom - Alias Configuration
          ]]> + Alias Configuration
          ]]>
          action select @@ -309,7 +309,7 @@ Update Frequency cron - Never
          + Never
          Select how often List files will be downloaded]]>
          select @@ -329,8 +329,8 @@ Weekly (Day of Week) dow - 1
          - Select the 'Weekly' ( Day of the Week ) to Update
          + 1
          + Select the 'Weekly' ( Day of the Week ) to Update
          This is only required for the 'Weekly' Frequency Selection. The 24 Hour Download 'Time' will be used.]]>
          select @@ -347,8 +347,8 @@ Enable Logging aliaslog - Enable
          - Select - Logging to Status: System Logs: FIREWALL ( Log )
          + Enable
          + Select - Logging to Status: System Logs: FIREWALL ( Log )
          This can be overriden by the 'Global Logging' Option in the General Tab.]]>
          select @@ -363,11 +363,11 @@ IPv6 Custom Address(es) custom - - Follow the syntax below:

          - Network ranges: TBC
          - IP Address: TBC
          - CIDR: TBC

          + + Follow the syntax below:

          + Network ranges: TBC
          + IP Address: TBC
          + CIDR: TBC

          You may use "#" after any IP/CIDR/Range to add comments. # Safe IP Address]]>
          textarea @@ -378,7 +378,7 @@ Update Custom List custom_update - Disable
          + Disable
          Select - Enable Update if changes are made to this List. Cron will also resync this list at the next Scheduled Update.]]>
          select -- cgit v1.2.3