From e80da3c57d0501d7a5962fcacd6416d47385e86a Mon Sep 17 00:00:00 2001 From: BBcan177 Date: Sat, 23 May 2015 16:28:12 -0400 Subject: pfBlockerNG v1.09 --- config/pfblockerng/pfblockerng_v4lists.xml | 231 +++++++++++++++++++---------- 1 file changed, 155 insertions(+), 76 deletions(-) (limited to 'config/pfblockerng/pfblockerng_v4lists.xml') diff --git a/config/pfblockerng/pfblockerng_v4lists.xml b/config/pfblockerng/pfblockerng_v4lists.xml index febfd597..b4c7e916 100644 --- a/config/pfblockerng/pfblockerng_v4lists.xml +++ b/config/pfblockerng/pfblockerng_v4lists.xml @@ -149,6 +149,8 @@ Logging aliaslog + Add a new Alias + on @@ -158,15 +160,15 @@ LINKS - none - Firewall Alias     Firewall Rules     Firewall Logs]]> + Firewall Alias     + Firewall Rules     Firewall Logs]]> info Alias Name aliasname - + Example: Badguys
Do not include 'pfBlocker' or 'pfB_' in the Alias Name, it's done by package.
International, special or space characters will be ignored in firewall alias names. @@ -182,40 +184,37 @@ 90 - InfoLists info - 'Format' : Select the Format Type

- 'URL' : Add direct link to list: + 'Format': Select the Format Type

+ 'URL': Add direct link to list: Example: Ads, Spyware, - Proxies )

- 'pfSense Local File' Format :

-   http(s)://127.0.0.1/NAME_OF_FILE   or   + Proxies

+ 'pfSense Local File' Format:

+   http(s)://127.0.0.1/NAME_OF_FILE   or   /usr/local/www/NAME_OF_FILE    (Files can also be placed in the /var/db/pfblockerng folders)

- 'Header' : The 'Header' Field must be Unique, it will + 'Header': The 'Header' Field must be Unique, it will name the List File and it will be referenced in the pfBlockerNG Widget. Use a Unique Prefix per 'Alias Category' followed by a unique descriptor for each List.

]]> IPv4 Lists]]> - none 'Format' - Select the file format that URL will retrieve.
- -
  • 'txt' Plain txt Lists

    • -
  • 'gz' - IBlock GZ Lists in Range Format only.

    • -
  • 'gz_2' - Other GZ Lists in IP or CIDR only.

    • -
  • 'gz_lg' - Large IBlock GZ Lists in Range Format only.

    • -
  • 'zip' - ZIP'd Lists

    • -
  • 'block'- IP x.x.x.0 Block type

    • -
  • 'html' - Web Links

    • -
  • 'xlsx' - Excel Lists

    • -
  • 'rsync' - RSync Lists

    • +
    • 'txt' Plain txt Lists
      • +
    • 'gz' - IBlock GZ Lists in Range Format only
      • +
    • 'gz_2' - Other GZ Lists in IP or CIDR only
      • +
    • 'gz_lg' - Large IBlock GZ Lists in Range Format only
      • +
    • 'zip' - ZIP'd Lists
      • +
    • 'block'- IP x.x.x.0 Block type
      • +
    • 'html' - Web Links
      • +
    • 'xlsx' - Excel Lists
      • +
    • 'rsync' - RSync Lists
    • 'ET' IQRisk - Only
    - 'State' - Select the Run State for each list.
    -
    • 'ON/OFF' - Enabled / Disabled

      • -
    • 'HOLD' - Once a List has been Downloaded, list will remain Static.
    + 'State' - Select the Run State for each list
    +
    • 'ON/OFF' - Enabled / Disabled
      • +
    • 'HOLD' - Once a List has been Downloaded, list will remain Static
    'Note' - Downloaded or pfsense local file must have only one network per line and follows the syntax below:
      Network ranges: 172.16.1.0-172.16.1.255
      IP Address: 172.16.1.10
      @@ -223,50 +222,50 @@ rowhelper - - Format - format - select - - - - - - - - - - - - - - - State - state - select - - - - - - - - URL or pfSense local file - url - input - 50 - - - Header - header - input - 15 - + + Format + format + select + + + + + + + + + + + + + + + State + state + select + + + + + + + + URL or pfSense local file + url + input + 50 + + + Header + header + input + 15 + List Action - Default : Disabled

      + Default: Disabled

      Select the Action for Firewall Rules on lists you have selected.

      'Disabled' Rules: Disables selection and does nothing to selected Alias.

      @@ -292,12 +291,12 @@ 'Alias' Rules:
      'Alias' rules create an alias for the list (and do nothing else). This enables a pfBlockerNG list to be used by name, in any firewall rule or pfSense function, as desired. -
      • Options    - Alias Deny,  Alias Permit,  Alias Match,  Alias Native

        • +
        • Options - Alias Deny,  Alias Permit,  Alias Match,  Alias Native

        • 'Alias Deny' can use De-Duplication and Reputation Processes if configured.

        • 'Alias Permit' and 'Alias Match' will be saved in the Same folder as the other Permit/Match Auto-Rules

        • 'Alias Native' lists are kept in their Native format without any modifications.
        When using 'Alias' rules, change (pfB_) to ( pfb_ ) in the beginning of rule description and Use the 'Exact' spelling of - the Alias (no trailing Whitespace)  Custom 'Alias' rules with 'pfB_ xxx' description will be removed by package if + the Alias (no trailing Whitespace) Custom 'Alias' rules with 'pfB_ xxx' description will be removed by package if using Auto Rule Creation.

        Tip: You can create the Auto Rules and remove "auto rule" from the Rule Descriptions, then disable Auto Rules. This method will 'KEEP' these rules from being 'Deleted' which will allow editing for a Custom Alias Configuration
        ]]> @@ -324,8 +323,8 @@ Update Frequency cron - Never
        - Select how often List files will be downloaded]]> + Never
        + Select how often List files will be downloaded. This must be within the Cron Interval/Start Hour settings.]]>         select @@ -344,7 +343,7 @@ Weekly (Day of Week) dow - 1
        + Monday
        Select the 'Weekly' ( Day of the Week ) to Update
        This is only required for the 'Weekly' Frequency Selection. The 24 Hour Download 'Time' will be used.]]>         @@ -362,7 +361,7 @@ Enable Logging aliaslog - Enable
        + Enable
        Select - Logging to Status: System Logs: FIREWALL ( Log )
        This can be overriden by the 'Global Logging' Option in the General Tab.]]>         @@ -372,6 +371,85 @@         + + Advanced Inbound Firewall Rule Settings + listtopic + + + info + Note: In general Auto-Rules are created as follows:
        +
          Inbound   - 'any' port, 'any' protocol and 'any' destination
          + Outbound - 'any' port, 'any' protocol and 'any' destination address in the lists
        + Configuring the Adv. Inbound Rule settings, will allow for more customization of the Inbound Auto-Rules.
        + Select the pfSense 'Port' and/or 'Destination' Alias below:]]> +         +         + + autoports + Enable Custom Port + checkbox + aliasports + + begin + + + Define Alias + aliasports + Click Here to add/edit Aliases + Do not manually enter port numbers.
        Do not use 'pfB_' in the Port Alias name.]]> +         + 21 + aliases + port + + + end +         + + autodest + Enable Custom Destination + checkbox + aliasdest,autonot + + begin + + + aliasdest + Click Here to add/edit Aliases + Do not manually enter Addresses(es).
        Do not use 'pfB_' in the 'IP Network Type' Alias name.]]> +         + 21 + aliases + network + + + +         + + Invert + autonot + Invert - Option to invert the sense of the match.
        + ie - Not (!) Destination Address(es)]]> +         + checkbox + + + end +         + + Custom Protocol + autoproto + Default: any
        Select the Protocol used for Inbound Firewall Rule(s).]]>         + select + + + + + + + 4 + +         IPv4 Custom list listtopic @@ -394,18 +472,19 @@ Update Custom List custom_update - Disable
        - select - Enable Update if changes are made to this List. Cron will also resync this list at the next Scheduled Update.]]> + Default' to update Custom List as per Update Frequency setting.
        + Select - 'Update Custom List' followed by a 'Force Update' to apply Custom List Changes.
        + Cron will also resync this Custom List at the next Update Frequency.]]>         select - - + +         - Click to SAVE Settings and/or Rule Edits.       Changes are Applied via CRON or - 'Force Update'
      ]]> + Click to SAVE Settings and/or Rule Edits.       Changes are Applied via CRON or + 'Force Update']]> listtopic       -- cgit v1.2.3