From e0acf9ae6217557b2e77152ca498b2f73a08f624 Mon Sep 17 00:00:00 2001
From: BBcan177 <bbcan177@gmail.com>
Date: Sun, 30 Aug 2015 22:19:30 -0400
Subject: pfBlockerNG mods

---
 config/pfblockerng/pfblockerng_top20.xml | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'config/pfblockerng/pfblockerng_top20.xml')

diff --git a/config/pfblockerng/pfblockerng_top20.xml b/config/pfblockerng/pfblockerng_top20.xml
index 32ed52e8..030c1385 100644
--- a/config/pfblockerng/pfblockerng_top20.xml
+++ b/config/pfblockerng/pfblockerng_top20.xml
@@ -131,6 +131,17 @@
 			<name><![CDATA[TOP 20 - Spammer Countries&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; (Geolite Data by Maxmind Inc. - ISO 3166)]]></name>
 			<type>listtopic</type>
 		</field>
+		<field>
+			<description><![CDATA[<font color='red'>Note:</font> pfSense by default implicitly blocks all unsolicited inbound traffic to the WAN
+				interface. Therefore adding GeoIP based firewall rules to the WAN will <strong>not</strong> provide any benefit, unless there are
+				open WAN ports.  Also consider protecting just the specific open WAN ports. It's also <strong>not</strong> recommended to
+				block the 'world', instead consider rules to 'Permit' traffic from selected Countries only. Finally, it's just as important
+				to protect the outbound LAN traffic.]]>
+			</description>
+			<type>info</type>
+			<dontdisplayname/>
+			<usecolspan2/>
+		</field>
 		<field>
 			<fielddescr>LINKS</fielddescr>
 			<description><![CDATA[<a href="/firewall_aliases.php">Firewall Alias</a> &nbsp;&nbsp;&nbsp;
-- 
cgit v1.2.3