From b1ef3af0c8c141b75dc61ba9c68f80b961e9f03d Mon Sep 17 00:00:00 2001 From: BBcan177 Date: Sun, 15 Nov 2015 22:35:26 -0500 Subject: pfBlockerNG v2.0 --- config/pfblockerng/pfblockerng_v6lists.xml | 267 +++++++++++++++-------------- 1 file changed, 141 insertions(+), 126 deletions(-) (limited to 'config/pfblockerng/pfblockerng_v6lists.xml') diff --git a/config/pfblockerng/pfblockerng_v6lists.xml b/config/pfblockerng/pfblockerng_v6lists.xml index 3e9dbe6f..e5f30caa 100644 --- a/config/pfblockerng/pfblockerng_v6lists.xml +++ b/config/pfblockerng/pfblockerng_v6lists.xml @@ -1,6 +1,6 @@ - - + + + part of pfSense (http://www.pfSense.org) + Copyright (c) 2015 Electric Sheep Fencing, LLC. All rights reserved. + Copyright (c) 2004-2005 Scott Ullrich All rights reserved. */ /* ========================================================================== */ @@ -64,7 +65,7 @@ General - /pkg_edit.php?xml=pfblockerng.xml&id=0 + /pkg_edit.php?xml=pfblockerng.xml @@ -77,48 +78,24 @@ Reputation - /pkg_edit.php?xml=/pfblockerng/pfblockerng_reputation.xml&id=0 + /pkg_edit.php?xml=/pfblockerng/pfblockerng_reputation.xml IPv4 - /pkg.php?xml=/pfblockerng/pfblockerng_v4lists.xml&id=0 + /pkg.php?xml=/pfblockerng/pfblockerng_v4lists.xml IPv6 - /pkg.php?xml=/pfblockerng/pfblockerng_v6lists.xml&id=0 + /pkg.php?xml=/pfblockerng/pfblockerng_v6lists.xml - Top 20 - /pkg_edit.php?xml=/pfblockerng/pfblockerng_top20.xml&id=0 + DNSBL + /pkg_edit.php?xml=/pfblockerng/pfblockerng_dnsbl.xml - Africa - /pkg_edit.php?xml=/pfblockerng/pfblockerng_Africa.xml&id=0 - - - Asia - /pkg_edit.php?xml=/pfblockerng/pfblockerng_Asia.xml&id=0 - - - Europe - /pkg_edit.php?xml=/pfblockerng/pfblockerng_Europe.xml&id=0 - - - N.A. - /pkg_edit.php?xml=/pfblockerng/pfblockerng_NorthAmerica.xml&id=0 - - - Oceania - /pkg_edit.php?xml=/pfblockerng/pfblockerng_Oceania.xml&id=0 - - - S.A. - /pkg_edit.php?xml=/pfblockerng/pfblockerng_SouthAmerica.xml&id=0 - - - P.S. - /pkg_edit.php?xml=/pfblockerng/pfblockerng_ProxyandSatellite.xml&id=0 + Country + /pkg_edit.php?xml=/pfblockerng/pfblockerng_top20.xml Logs @@ -126,50 +103,49 @@ Sync - /pkg_edit.php?xml=/pfblockerng/pfblockerng_sync.xml&id=0 + /pkg_edit.php?xml=/pfblockerng/pfblockerng_sync.xml - - - Alias Name - aliasname - - - Alias Description - description - - - Action - action - - - Frequency - cron - - - Logging - aliaslog - - Add a new Alias - on - + + + Alias Name + aliasname + + + Alias Description + description + + + Action + action + + + Frequency + cron + + + Logging + aliaslog + + Add a new Alias + on + - IPv6 Network ranges / CIDR lists + listtopic LINKS - Firewall Alias     - Firewall Rules     Firewall Logs]]> + Firewall Alias  + Firewall RulesFirewall Logs]]> info Alias Name aliasname - - Example: Badguys
+ Do not include 'pfBlocker' or 'pfB_' in the Alias Name, it's done by package.
International, special or space characters will be ignored in firewall alias names.
]]> @@ -185,38 +161,33 @@ info - 'Format': Select the Format Type

- 'URL': Add direct link to list: - Example: Ads, - Spyware, - Proxies

- 'pfSense Local File' Format:

-   http(s)://127.0.0.1/NAME_OF_FILE   or   - /usr/local/www/NAME_OF_FILE    (Files can also be placed in the /var/db/pfblockerng folders)

- - 'Header': The 'Header' Field must be Unique, it will - name the List File and it will be referenced in the pfBlockerNG Widget. - Use a Unique Prefix per 'Alias Category' followed by a unique descriptor for each List.

]]> + 'Format': Select the Format type.

+ 'State': Select the run state.

+ 'Source': + +
  • 'Local File': http(s)://127.0.0.1/filename +  or  /var/db/pfblockerng/filename
+
  • 'Country code': /usr/pbi/pfblockerng-amd64/share/GeoIP/cc/US_v6.txt +  (Change 'US' to required code)
+ + 'Header/Label': This field must be unique. This names the file and is referenced in the widget. +  (ie: Spamhaus_drop, Spamhaus_edrop)

]]> IPv6 Lists]]> - 'Format' - Select the file format that URL will retrieve.
-
  • 'txt' Plain txt Lists
    • -
  • 'gz' - IBlock GZ Lists in Range Format only
    • -
  • 'gz_2' - Other GZ Lists in IP or CIDR only
    • -
  • 'zip' - ZIP'd Lists
    • -
  • 'block'- IP x.x.x.0 Block type
    • -
  • 'html' - Web Links
    • -
  • 'xlsx' - Excel Lists
    • -
  • 'rsync' - RSync Lists
    • - 'State' - Select the Run State for each list
    + 'Format': Select the file format that URL will retrieve.
    +
    • 'auto' - Default parser
      • +
    • 'regex' - 'Regex' style parsing (ie: html Lists)
      • +
    • 'whois' - Convert a Domain name or AS into its respective IP addresses.
      • +
    • 'rsync' - RSync Lists
    + 'State': Select the Run State for each list
    • 'ON/OFF' - Enabled / Disabled
      • -
    • 'HOLD' - Once a List has been Downloaded, list will remain Static
    - 'Note' - Downloaded or pfsense local file must have only one network per line and follows the syntax below: -
      Network ranges: TBC
      - IP Address: TBC
      - CIDR: TBC
    ]]> +
  • 'HOLD' - Once a List has been Downloaded, list will remain Static
    • +
  • 'FLEX' - Not Recommended - Allow downgraded SSL connections
+ 'Note': Downloaded or pfsense local file musts have the syntax (See customlist below)]]> rowhelper @@ -225,15 +196,12 @@ format select - - - - - - - + + + + auto State @@ -243,16 +211,18 @@ + + Enabled - URL or pfSense local file + Source url input 50 - Header + Header/Label header input 15 @@ -291,11 +261,9 @@
  • 'Alias Deny' can use De-Duplication and Reputation Processes if configured.

  • 'Alias Permit' and 'Alias Match' will be saved in the Same folder as the other Permit/Match Auto-Rules

  • 'Alias Native' lists are kept in their Native format without any modifications.
    • - When using 'Alias' rules, change (pfB_) to ( pfb_ ) in the beginning of rule description and Use the 'Exact' spelling of - the Alias (no trailing Whitespace)  Custom 'Alias' rules with 'pfB_ xxx' description will be removed by package if - using Auto Rule Creation.

    Tip: You can create the Auto Rules and remove "auto rule" from the Rule - Descriptions, then disable Auto Rules. This method will 'KEEP' these rules from being 'Deleted' which will allow editing for a Custom - Alias Configuration
    ]]> + Note:
      When manually creating 'Alias' type firewall rules; Do not add (pfB_) to the + start of the rule description, use (pfb_) (Lowercase prefix). Manually created 'Alias' rules with 'pfB_' in the + description will be auto-removed by package when 'Auto' rules are defined.
    ]]> action select @@ -367,14 +335,25 @@     + + stateremoval + States Removal + With the 'Kill States' option (General Tab), you can disable States removal for this Alias. + select + + + + + enabled + Advanced Inbound Firewall Rule Settings listtopic info - Note: In general Auto-Rules are created as follows:
    -
      Inbound   - 'any' port, 'any' protocol and 'any' destination
      + Note:  In general, Auto-Rules are created as follows:
      +
        Inbound  - 'any' port, 'any' protocol and 'any' destination
        Outbound - 'any' port, 'any' protocol and 'any' destination address in the lists
      Configuring the Adv. Inbound Rule settings, will allow for more customization of the Inbound Auto-Rules.
      Select the pfSense 'Port' and/or 'Destination' Alias below:]]> @@ -435,7 +414,8 @@ Custom Protocol autoproto - Default: any
      Select the Protocol used for Inbound Firewall Rule(s).]]>       + Default: any
      Select the Protocol used for Inbound Firewall Rule(s).
      + Do not use 'any' with Adv. Inbound Rules as it will bypass these settings!]]>       select @@ -451,14 +431,51 @@ listtopic       - IPv6 Custom Address(es) + info + Note:  Custom List can be used in ONE of two ways:
      +
        1. IPv6 addresses entered directly into the custom list, as per the required format.
      +
        2. Domain names or AS numbers, which will be converted into their respective IPv6 addresses.
      ]]> +       +       + + whois_convert + DO NOT mix IPs with Domains/ASs in this custom list.]]> + + Enable Domain/AS + checkbox + + + Custom Address(es) custom - - Follow the syntax below:

      - Network ranges: TBC
      - IP Address: TBC
      - CIDR: TBC

      - You may use "#" after any IP/CIDR/Range to add comments. # Safe IP Address]]> +
      + Format IPv6:

      + + Source of Regex and format descriptions: SpriteLink
      + fe80:0000:0000:0000:0204:61ff:fe9d:f156 // full form of IPv6
      + fe80:0:0:0:204:61ff:fe9d:f156 // drop leading zeroes
      + fe80::204:61ff:fe9d:f156 // collapse multiple zeroes to :: in the IPv6 address
      + fe80:0000:0000:0000:0204:61ff:254.157.241.086 // IPv4 dotted quad at the end
      + fe80:0:0:0:0204:61ff:254.157.241.86 // drop leading zeroes, IPv4 dotted quad at the end
      + fe80::204:61ff:254.157.241.86 // dotted quad at the end, multiple zeroes collapsed

      + + In addition, the regular expression matches these IPv6 forms:

      + + ::1 // localhost
      + fe80:: // link-local prefix
      + 2000:: // global unicast prefix
      + Any slash-notation style prefix

      + + Private IPv6 addresses may be used in a custom list.
      + You may use "#" after any IP/CIDR/Range to add comments. ie: x::x:x:x:x # Safe IP Address

      + If you select the Domain/AS checkbox above, the custom list can only + be used for Domain names/AS's.

      + Format Domain/AS:

      + One 'Domain' or 'AS' per line.
      + Domains and/or ASs can be used in the same list.

      + Conversion of Domains/ASs utilize Team CYMRU + and the RADb whois registry.
      + Configure the 'update frequency', so that it does not abuse these free services.]]>       textarea 50 @@ -479,23 +496,21 @@       - Click to SAVE Settings and/or Rule Edits.       Changes are Applied via CRON or + Click to SAVE Settings and/or Rule Edits.   Changes are Applied via CRON or 'Force Update']]> listtopic - - pfblockerng_php_install_command(); - - - pfblockerng_php_deinstall_command(); - + + \ No newline at end of file -- cgit v1.2.3