From d2a5ab5879d8dc87b1ea8f9ca72e41107d353f4a Mon Sep 17 00:00:00 2001 From: marcelloc Date: Wed, 4 Jan 2012 14:22:52 -0200 Subject: dansguardian-dev - first files --- config/dansguardian/dansguardian.xml | 211 +++++++++++++++++ config/dansguardian/dansguardian_config.xml | 228 +++++++++++++++++++ config/dansguardian/dansguardian_filters.xml | 241 ++++++++++++++++++++ config/dansguardian/dansguardian_limits.xml | 161 +++++++++++++ config/dansguardian/dansguardian_lists.xml | 329 +++++++++++++++++++++++++++ config/dansguardian/dansguardian_log.xml | 215 +++++++++++++++++ config/dansguardian/dansguardian_sync.xml | 124 ++++++++++ 7 files changed, 1509 insertions(+) create mode 100644 config/dansguardian/dansguardian.xml create mode 100644 config/dansguardian/dansguardian_config.xml create mode 100755 config/dansguardian/dansguardian_filters.xml create mode 100644 config/dansguardian/dansguardian_limits.xml create mode 100755 config/dansguardian/dansguardian_lists.xml create mode 100644 config/dansguardian/dansguardian_log.xml create mode 100755 config/dansguardian/dansguardian_sync.xml diff --git a/config/dansguardian/dansguardian.xml b/config/dansguardian/dansguardian.xml new file mode 100644 index 00000000..f81be0e3 --- /dev/null +++ b/config/dansguardian/dansguardian.xml @@ -0,0 +1,211 @@ + + + + + + + + Describe your package here + Describe your package requirements here + Currently there are no FAQ items provided. + dansguardian + 1.0 + Services: Sansguardian + /usr/local/pkg/dansguardian.inc + + dansguardian + Configure dansguardian +
Firewall
+ pkg_edit.php?xml=dansguardian.xml + + + http:/www.pfsense.org/packages/config/pf-blocker/dansguardian.inc + /usr/local/pkg/ + 0755 + + + http://www.pfsense.org/packages/config/pf-blocker/dansguardian.php + /usr/local/www/ + 0755 + + + http://www.pfsense.org/packages/config/pf-blocker/dansguardian.widget.php + /usr/local/www/widgets/widgets/ + 0755 + + + http://www.pfsense.org/packages/config/dansguardian/dansguardian_limits.xml + /usr/local/pkg/ + 0755 + + + http://www.pfsense.org/packages/config/dansguardian/dansguardian_lists.xml + /usr/local/pkg/ + 0755 + + + http://www.pfsense.org/packages/config/dansguardian/dansguardian_config.xml + /usr/local/pkg/ + 0755 + + + http://www.pfsense.org/packages/config/dansguardian/dansguardian_sync.xml + /usr/local/pkg/ + 0755 + + + + Daemon + /pkg_edit.php?xml=dansguardian.xml&id=0 + + + + General + /pkg_edit.php?xml=dansguardian_config.xml&id=0 + + + Limits + /pkg_edit.php?xml=dansguardian_limits.xml&id=0 + + + Filter Groups + /pkg.php?xml=dansguardian_lists.xml + + + Report and Log + /pkg_edit.php?xml=dansguardian_log.xml&id=0 + + + XMLRPC Sync + /pkg_edit.php?xml=dansguardian_sync.xml&id=0 + + + About + /pkg_edit.php?xml=dansguardian.php&id=0 + + + + + Listening Settings + listtopic + + + Enable dansguardian + enable_cb + checkbox + + + + Listen Interface(s) + inbound_interface + WAN
Select interface(s) that you want to block incoming traffic.]]> + interfaces_selection + + + + + Listen port + filterports + input + 10 + 8080
The port(s) that DansGuardian listens to.]]> + + + Daemon Options + daemon_options + + select + + + + + + 3 + + + Min/Max Children + children + input + 10 + 8/120
+ Sets the minimun and maximum number of processes to spawn to handle the incoming connections.
+ Max value usually 250 depending on OS.
+ On large sites you might want to try 32/180.]]> + + + Min/Max Spare Children + minsparechildren + input + 10 + 4/32
+ Sets the minimum and maximun number of processes to be kept ready to handle connections.
+ On large sites you might want to try 8/64.]]> + + + Max Age Children + maxagechildren + input + 10 + 500
+ Sets the maximum age of a child process before it croaks it.
+ This is the number of connections they handle before exiting.
+ On large sites you might want to try 10000.]]> + + + Max Ips + maxips + input + 10 + 0
+ Sets the maximum number client IP addresses allowed to connect at once.
+ Use this to set a hard limit on the number of users allowed to concurrently
+ browse the web. Set to 0 for no limit, and to disable the IP cache process.]]> + + + + dansguardian_php_install_command(); + + + dansguardian_php_deinstall_command(); + + + dansguardian_validate_input($_POST, &$input_errors); + + + sync_package_dansguardian(); + + diff --git a/config/dansguardian/dansguardian_config.xml b/config/dansguardian/dansguardian_config.xml new file mode 100644 index 00000000..41e3c335 --- /dev/null +++ b/config/dansguardian/dansguardian_config.xml @@ -0,0 +1,228 @@ + + + + + + + + Describe your package here + Describe your package requirements here + Currently there are no FAQ items provided. + dansguardianconfig + 1.0 + Services: Dansguardian + /usr/local/pkg/dansguardian.inc + + + Daemon + /pkg_edit.php?xml=dansguardian.xml&id=0 + + + General + /pkg_edit.php?xml=dansguardian_config.xml&id=0 + + + + Limits + /pkg_edit.php?xml=dansguardian_limits.xml&id=0 + + + Filter Groups + /pkg.php?xml=dansguardian_lists.xml + + + Report and Log + /pkg_edit.php?xml=dansguardian_log.xml&id=0 + + + XMLRPC Sync + /pkg_edit.php?xml=dansguardian_sync.xml&id=0 + + + About + /pkg_edit.php?xml=dansguardian.php&id=0 + + + + + Config Settings + listtopic + + + Url cache number + urlcachenumber + input + 10 + + 0 = off (recommended for ISPs with users with disimilar browsing)
+ 1000 = recommended for most user
+ 5000 = suggested max upper limit
+ If you're using an AV plugin then use at least 5000.]]> + + + Url cache age + urlcacheage + input + 10 + + 900 = 15 mins(recommended)
+ 0 = never]]> + + + Scan Options + report_options + + select + + + + + + + + + + + + + 10 + + + Weighted phrase mode + weightedphrasemode + + select + + + + + + + + Phrase filter mode + phrasefiltermode + + Smart is where the multiple spaces and HTML are removed before phrase filtering
+ Raw is where the raw HTML including meta tags are phrase filtered
+ Meta/Title is where only meta and title tags are phrase filtered (v. quick)
+ CPU usage can be effectively halved by using setting 0 or 1 compared to 2]]> + select + + + + + + + + + Lower casing options + preservecase + + However this can break Big5 and other 16-bit texts. If needed preserve the case.]]> + select + + + + + + + + Content Scanner + listtopic + + + Content Scanners + content_scanners + + select + + + + + + 3 + + + Content scanner timeout + contentscannertimeout + input + 10 + Default is 60
+ Some of the content scanners support using a timeout value to stop processing (eg AV scanning) the file if it takes too long.
+ If supported this will be used.
+ The default of 60 seconds is probably reasonable.]]> + + + Content scan exceptions + contentscanexceptions + checkbox + + This is probably not desirable behavour as exceptions are supposed to be trusted and will increase load.
+ Correct use of grey lists are a better idea.]]> + + + Misc settings + listtopic + + + Misc Options + misc_options + + select + + + + + + + 4 + + + + dansguardian_php_install_command(); + + + dansguardian_php_deinstall_command(); + + + dansguardian_validate_input($_POST, &$input_errors); + + + sync_package_dansguardian(); + + diff --git a/config/dansguardian/dansguardian_filters.xml b/config/dansguardian/dansguardian_filters.xml new file mode 100755 index 00000000..42f1c0ae --- /dev/null +++ b/config/dansguardian/dansguardian_filters.xml @@ -0,0 +1,241 @@ + + + + + + + Copyright (C) 2011 Marcello Coutinho + + All rights reserved. +*/ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + + Describe your package here + Describe your package requirements here + Currently there are no FAQ items provided. + pfblockerlists + 1.0 + Firewall: pfBlocker + /usr/local/pkg/pfblocker.inc + + pfBlocker + +
Firewall
+ pfblocker_lists.xml + + + + General + /pkg_edit.php?xml=pfblocker.xml&id=0 + + + Lists + /pkg.php?xml=pfblocker_lists.xml + + + + + Top Spammers + /pkg_edit.php?xml=pfblocker_topspammers.xml&id=0 + + + + Africa + /pkg_edit.php?xml=pfblocker_Africa.xml&id=0 + + + + Asia + /pkg_edit.php?xml=pfblocker_Asia.xml&id=0 + + + + Europe + /pkg_edit.php?xml=pfblocker_Europe.xml&id=0 + + + North America + /pkg_edit.php?xml=pfblocker_NorthAmerica.xml&id=0 + + + Oceania + /pkg_edit.php?xml=pfblocker_Oceania.xml&id=0 + + + South America + /pkg_edit.php?xml=pfblocker_SouthAmerica.xml&id=0 + + + XMLRPC Sync + /pkg_edit.php?xml=pfblocker_sync.xml&id=0 + + + + + Alias + aliasname + + + Description + description + + + + Action + action + + + Update Frequency + cron + + + + + Network ranges / CIDR lists + listtopic + + + Alias Name + aliasname + + Example: Badguys
+ Do not include pfBlocker name, it's done by package.
+ International, special or space caracters will be ignored in pfsense alias name.
]]> + input + 20 + + + List Description + description + input + 90 + + + + none + + 'Url or local file' - Add direct link to list (Example: Ads, + Spyware, + Proxies )
+
Note:
+ Compressed lists must be in gz format.
+ Downloaded or local file must have only one network per line and could follows PeerBlock syntax or this below:
+ Network ranges: 172.16.1.0-172.16.1.255
+ IP Address: 172.16.1.10
+ CIDR: 172.16.1.0/24 + ]]> + rowhelper + + + Format + format + select + + + + + + + Url or localfile + url + input + 75 + + + + + List Action + Deny Inbound
+ Select action for network on lists you have selected.

+ Note:
'Deny Both' - Will deny access on Both directions.
+ 'Deny Inbound' - Will deny access from selected lists to your network.
+ 'Deny Outbound' - Will deny access from your users to ip lists you selected to block.
+ 'Permit Inbound' - Will allow access from selected lists to your network.
+ 'Permit Outbound' - Will allow access from your users to ip lists you selected to block.
+ 'Disabled' - Will just keep selection and do nothing to selected Lists.
+ 'Alias Only' - Will create an alias with selected Lists to help custom rule assignments.

+ While creating rules with this list, keep aliasname in the beggining of rule description and do not end description with 'rule'.
 + custom rules with 'Aliasname something rule' description will be removed by package.]]> + action + select + + + + + + + + + + + + Update frequency + cron + Never
+ Select how often pfsense will download List files]]> + select + + + + + + + + + + Custom list + listtopic + + + CIDR + custom + + Example: 192.168.1.0/24]]> + textarea + 50 + 10 + base64 + + + + pfblocker_php_install_command(); + + + pfblocker_php_deinstall_command(); + + + pfblocker_validate_input($_POST, &$input_errors); + + + sync_package_pfblocker(); + + \ No newline at end of file diff --git a/config/dansguardian/dansguardian_limits.xml b/config/dansguardian/dansguardian_limits.xml new file mode 100644 index 00000000..ecc3c020 --- /dev/null +++ b/config/dansguardian/dansguardian_limits.xml @@ -0,0 +1,161 @@ + + + + + + + + Describe your package here + Describe your package requirements here + Currently there are no FAQ items provided. + dansguardianlimits + 1.0 + Services: Dansguardian + /usr/local/pkg/dansguardian.inc + + + Daemon + /pkg_edit.php?xml=dansguardian.xml&id=0 + + + General + /pkg_edit.php?xml=dansguardian_config.xml&id=0 + + + Limits + /pkg_edit.php?xml=dansguardian_limits.xml&id=0 + + + + Filter Groups + /pkg.php?xml=dansguardian_lists.xml + + + Report and Log + /pkg_edit.php?xml=dansguardian_log.xml&id=0 + + + XMLRPC Sync + /pkg_edit.php?xml=dansguardian_sync.xml&id=0 + + + About + /pkg_edit.php?xml=dansguardian.php&id=0 + + + + + Limits + listtopic + + + Max upload size + maxuploadsize + input + 10 + + use 0 for a complete block
+ use higher (e.g. 512 = 512Kbytes) for limiting
+ use -1 for no blocking(default)]]> + + + Max content filter size + maxcontentfiltersize + input + 10 + Default is 256
Sometimes web servers label binary files as text which can be very large which causes a huge drain on memory and cpu resources.
+ To counter this, you can limit the size of the document to be filtered and get it to just pass it straight through.
+ This setting also applies to content regular expression modification.
+ The value must not be higher than maxcontentramcachescansize
+ The size is in Kibibytes - eg 2048 = 2Mb
+ use 0 to set it to maxcontentramcachescansize]]> + + + Max content ram cache scan size + maxcontentramcachescansize + input + 10 + Default is 2000
+ This is only used if you use a content scanner plugin such as AV. This is the max size of file that DG will download and cache in RAM.
+ After this limit is reached it will cache to disk. This value must be less than or equal to maxcontentfilecachescansize.
+ The size is in Kibibytes - eg 10240 = 10Mb
+ use 0 to set it to maxcontentfilecachescansize
+ This option may be ignored by the configured download manager.]]> + + + Max content file cache scan size + maxcontentfilecachescansize + input + 10 + Default is 2000
+ This is only used if you use a content scanner plugin such as AV. This is the max size file that DG will download so that it can be scanned or virus checked.
+ This value must be greater or equal to maxcontentramcachescansize.
+ The size is in Kibibytes - eg 10240 = 10Mb]]> + + + Initial Trickle delay + initialtrickledelay + input + 10 + Default is 20
+ This is the number of seconds a browser connection is left waiting before first being sent *something* to keep it alive.
+ Do not choose a value too low or normal web pages will be affected. A value between 20 and 110 would be sensible
+ This may be ignored by the configured download manager.]]> + + + Trickle delay + trickledelay + input + 10 + Default is 20
+ This is the number of seconds a browser connection is left waiting before being sent more *something* to keep it alive.
+ This may be ignored by the configured download manager.]]> + + + + dansguardian_php_install_command(); + + + dansguardian_php_deinstall_command(); + + + dansguardian_validate_input($_POST, &$input_errors); + + + sync_package_dansguardian(); + + diff --git a/config/dansguardian/dansguardian_lists.xml b/config/dansguardian/dansguardian_lists.xml new file mode 100755 index 00000000..e78658cd --- /dev/null +++ b/config/dansguardian/dansguardian_lists.xml @@ -0,0 +1,329 @@ + + + + + + + + Describe your package here + Describe your package requirements here + Currently there are no FAQ items provided. + dansguardianlists + 1.0 + Services: Dansguardian + /usr/local/pkg/dansguardian.inc + + + Daemon + /pkg_edit.php?xml=dansguardian.xml&id=0 + + + General + /pkg_edit.php?xml=dansguardian_config.xml&id=0 + + + Limits + /pkg_edit.php?xml=dansguardian_limits.xml&id=0 + + + Filter Groups + /pkg.php?xml=dansguardian_lists.xml + + + + Report and Log + /pkg_edit.php?xml=dansguardian_log.xml&id=0 + + + XMLRPC Sync + /pkg_edit.php?xml=dansguardian_sync.xml&id=0 + + + About + /pkg_edit.php?xml=dansguardian.php&id=0 + + + + + Group name + name + + + Group mode + mode + + + + Description + description + + + + Action + action + + + Update Frequency + cron + + + + + Description + listtopic + + + Filter Group Name + groupname + + Example: Badguys
+ Do not include pfBlocker name, it's done by package.
+ International, special or space caracters will be ignored in pfsense alias name.
]]> + input + 20 + + + Filter Group Mode + groupmode + + This mechanism replaces the "banneduserlist"]]> + select + + + + + + + + List Description + description + input + 90 + + + Values + listtopic + + + Reporting Level + report_level + + If defined, this overrides the global setting in dansguardian.conf for members of this filter group.]]> + select + + + + + + + + + + Weighted phrase mode + weightedphrasemode + + See documentation for supported values in that file.]]> + input + 10 + + + Naughtiness limite + naughtynesslimit + + Phrases to do with good subjects will have negative values, and bad subjects will have positive values.
+ See the weightedphraselist file for examples.
+ As a guide:
+ 50 is for young children, 100 for old children, 160 for young adults.]]> + input + 10 + + + Search term limit + searchtermlimit + Default 30
The limit over which requests will be blocked for containing search terms which match the weightedphraselist.
+ This should usually be lower than the 'naughtynesslimit' value above, because the amount of text being filtered is only a few words, rather than a whole page.
+ A value of 0 here indicates that search terms should be extracted, for logging/reporting purposes, but no filtering should be performed on the resulting text.]]> + input + 10 + + + Category display threshold + categorydisplaythreshold + + Defines the minimum score that must be accumulated within a particular category in order for it to show up on the block pages' category list.
+ All categories under which the page scores positively will be logged; those that were not displayed to the user appear in brackets.
+ -1 = display only the highest scoring category
+ 0 = display all categories (default)
+ > 0 = minimum score for a category to be displayed]]> + input + 10 + + + Embedded URL weighting + embeddedurlweight + + Each link to a banned page causes the amount set here to be added to the page's weighting.
+ The behaviour of this option with regards to multiple occurrences of a site/URL is affected by the weightedphrasemode setting.

+ Set to 0 to disable(default). + WARNING: This option is highly CPU intensive!]]> + input + 10 + + + Temporary Denied Page Bypass + bypass + + You define the number of seconds the bypass will function for before the deny will appear again.
+ To allow the link on the denied page to appear you will need to edit the template.html or dansguardian.pl file for your language.
+ 300 = enable for 5 minutes
+ 0 = disable ( defaults to 0 )]]> + input + 10 + + + Infection/Scan Error Bypass + infectionbypass + + The option specifies the number of seconds for which the bypass link will be valid.
+ 300 = enable for 5 minutes
+ 0 = disable ( defaults to 0 )]]> + input + 10 + + + Lists + listtopic + + + Group Options + group_options + + select + + + + + + + + + + + + + 10 + + + Content filtering + group_options + + select + + + + + + + + + + + + + + + + + 14 + + + File type filtering + file_options + + select + + + + + + + + + + 7 + + + search engine filtering + file_options + + select + + + + + + + + 5 + + + Custom list + listtopic + + + CIDR + custom + + Example: 192.168.1.0/24]]> + textarea + 50 + 10 + base64 + + + + pfblocker_php_install_command(); + + + pfblocker_php_deinstall_command(); + + + pfblocker_validate_input($_POST, &$input_errors); + + + sync_package_pfblocker(); + + \ No newline at end of file diff --git a/config/dansguardian/dansguardian_log.xml b/config/dansguardian/dansguardian_log.xml new file mode 100644 index 00000000..885aebf8 --- /dev/null +++ b/config/dansguardian/dansguardian_log.xml @@ -0,0 +1,215 @@ + + + + + + + + Describe your package here + Describe your package requirements here + Currently there are no FAQ items provided. + dansguardianlimits + 1.0 + Services: Dansguardian + /usr/local/pkg/dansguardian.inc + + + Daemon + /pkg_edit.php?xml=dansguardian.xml&id=0 + + + General + /pkg_edit.php?xml=dansguardian_config.xml&id=0 + + + Limits + /pkg_edit.php?xml=dansguardian_limits.xml&id=0 + + + Filter Groups + /pkg.php?xml=dansguardian_lists.xml + + + Report and Log + /pkg_edit.php?xml=dansguardian_log.xml&id=0 + + + + XMLRPC Sync + /pkg_edit.php?xml=dansguardian_sync.xml&id=0 + + + About + /pkg_edit.php?xml=dansguardian.php&id=0 + + + + + Reporting + listtopic + + + Reporting Level + report_level + + select + + + + + + + + + + Report Language + report_language + + select + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Reporting Options + report_options + + select + + + + + + + + 5 + + + Logging + listtopic + + + Logging Options + report_options + + select + + + + + + + + + 6 + + + Log Level + loglevel + + select + + + + + + + + + Log Exception Hints + logexceptionhits + + Can be useful for diagnosing why a site gets through the filter.]]> + select + + + + + + + + Log File Format + logfileformat + + select + + + + + + + + + + dansguardian_php_install_command(); + + + dansguardian_php_deinstall_command(); + + + dansguardian_validate_input($_POST, &$input_errors); + + + sync_package_dansguardian(); + + diff --git a/config/dansguardian/dansguardian_sync.xml b/config/dansguardian/dansguardian_sync.xml new file mode 100755 index 00000000..9fb69102 --- /dev/null +++ b/config/dansguardian/dansguardian_sync.xml @@ -0,0 +1,124 @@ + + + + + + + + Describe your package here + Describe your package requirements here + Currently there are no FAQ items provided. + dansguardiansync + 1.0 + Services: Dansguardian + /usr/local/pkg/dansguardian.inc + + + Daemon + /pkg_edit.php?xml=dansguardian.xml&id=0 + + + General + /pkg_edit.php?xml=dansguardian_config.xml&id=0 + + + Limits + /pkg_edit.php?xml=dansguardian_limits.xml&id=0 + + + Filter Groups + /pkg.php?xml=dansguardian_lists.xml + + + Report and Log + /pkg_edit.php?xml=dansguardian_log.xml&id=0 + + + XMLRPC Sync + /pkg_edit.php?xml=dansguardian_sync.xml&id=0 + + + + About + /pkg_edit.php?xml=dansguardian.php&id=0 + + + + + Dansguardian XMLRPC Sync + listtopic + + + Automatically sync mailscanner configuration changes + synconchanges + pfSense will automatically sync changes to the hosts defined below. + checkbox + + + Remote Server + none + rowhelper + + + IP Address + ipaddress + IP Address of remote server + input + 20 + + + Password + password + Password for remote server. + password + 20 + + + + + + mailscanner_php_install_command(); + + + mailscanner_php_deinstall_command(); + + + mailscanner_validate_input($_POST, &$input_errors); + + + sync_package_mailscanner(); + + -- cgit v1.2.3