From b3ce3bde07750e25fabca14faf18c0e5f0eb74dc Mon Sep 17 00:00:00 2001 From: BBcan177 Date: Sun, 30 Nov 2014 18:49:04 -0500 Subject: pfBlockerNG Beta v0.99 pkg_config.10.xml edits and associated files for Package pfBlockerNG --- config/pfblockerng/pfblockerng_v6lists.xml | 410 +++++++++++++++++++++++++++++ 1 file changed, 410 insertions(+) create mode 100644 config/pfblockerng/pfblockerng_v6lists.xml (limited to 'config/pfblockerng/pfblockerng_v6lists.xml') diff --git a/config/pfblockerng/pfblockerng_v6lists.xml b/config/pfblockerng/pfblockerng_v6lists.xml new file mode 100644 index 00000000..7d5c2b00 --- /dev/null +++ b/config/pfblockerng/pfblockerng_v6lists.xml @@ -0,0 +1,410 @@ + + + + + + + All rights reserved. +*/ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* ========================================================================== */ + ]]> + + Describe your package here + Describe your package requirements here + Currently there are no FAQ items provided. + pfblockernglistsv6 + 1.0 + pfBlockerNG: IPv6 Alias/List Configuration + /usr/local/pkg/pfblockerng/pfblockerng.inc + + pfBlockerNG + +
Firewall
+ pfblockerng_v6lists.xml + + + + General + /pkg_edit.php?xml=pfblockerng.xml&id=0 + + + + Update + /pfblockerng/pfblockerng_update.php + + + Alerts + /pfblockerng/pfblockerng_alerts.php + + + Reputation + /pkg_edit.php?xml=/pfblockerng/pfblockerng_reputation.xml&id=0 + + + IPv4 + /pkg.php?xml=/pfblockerng/pfblockerng_v4lists.xml + + + IPv6 + /pkg.php?xml=/pfblockerng/pfblockerng_v6lists.xml + + + + Top 20 + /pkg_edit.php?xml=/pfblockerng/pfblockerng_top20.xml&id=0 + + + Africa + /pkg_edit.php?xml=/pfblockerng/pfblockerng_Africa.xml&id=0 + + + Asia + /pkg_edit.php?xml=/pfblockerng/pfblockerng_Asia.xml&id=0 + + + Europe + /pkg_edit.php?xml=/pfblockerng/pfblockerng_Europe.xml&id=0 + + + N.A. + /pkg_edit.php?xml=/pfblockerng/pfblockerng_NorthAmerica.xml&id=0 + + + Oceania + /pkg_edit.php?xml=/pfblockerng/pfblockerng_Oceania.xml&id=0 + + + S.A. + /pkg_edit.php?xml=/pfblockerng/pfblockerng_SouthAmerica.xml&id=0 + + + Logs + /pfblockerng/pfblockerng_log.php + + + Sync + /pkg_edit.php?xml=/pfblockerng/pfblockerng_sync.xml&id=0 + + + + + Alias Name + aliasname + + + Alias Description + description + + + Action + action + + + Frequency + cron + + + Logging + aliaslog + + + + + IPv6 Network ranges / CIDR lists + listtopic + + + LINKS + none + Firewall Alias     Firewall Rules     Firewall Logs]]> + + info + + + Alias Name + aliasname + + Example: Badguys
+ Do not include 'pfBlocker' or 'pfB_' in the Alias Name, it's done by package.
+ International, special or space characters will be ignored in firewall alias names. +
]]> + + input + 20 + + + List Description + description + input + 90 + + + InfoLists + info + 'Format' : Select the Format Type

+ 'URL' : Add direct link to list: + (Example: Ads, + Spyware, + Proxies )

+ 'pfSense Local File' Format :

+   http(s)://127.0.0.1/NAME_OF_FILE   or   + /usr/local/www/NAME_OF_FILE    ((Files can also be placed in the /var/db/pfblockerng folders)

+ + 'Header' : Enter the 'Header' Field it must be Unique, it will + name the Blocklist File and it will be referenced in the pfBlocker Widget. + Use a Unique Prefix per 'Alias Category' followed by a unique descriptor for each Blocklist.

]]> + + + + IPv6 Lists]]> + none + 'Format' - Choose the file format that URL will retrieve.
+ +
  • 'txt' Plain txt Lists

    • +
  • 'gz' - IBlock GZ Lists in Range Format

    • +
  • 'gz_2' - Other GZ Lists in IP or CIDR only

    • +
  • 'zip' - ZIP'd Lists

    • +
  • 'block'- IP x.x.x.0 Block type

    • +
  • 'html' - Web Links

    • +
  • 'xlsx' - Excel Lists

    • +
  • 'rsync' - RSync Lists

    • +
  • 'SKIP' - This format can be used to 'Disable' an Individual List.

    • +
  • 'HOLD' - Once a List has been Downloaded, you can change to 'HOLD' to keep this list Static.
+ + Note:
+ Downloaded or pfSense local file must have only one network per line and follows the syntax below:
+ Network ranges: TBC
+ IP Address: TBC
+ CIDR: TBC

]]> + + rowhelper + + + Format + format + select + + + + + + + + + + + + + + + URL or pfSense local file + url + input + 75 + + + Header + header + input + 15 + + + + + List Action + Default : Disabled

+ Select the Action for Firewall Rules on lists you have selected.

+ 'Disabled' Rules: Disables selection and does nothing to selected Alias.

+ + 'Deny' Rules:
+ 'Deny' rules create high priority 'block' or 'reject' rules on the stated interfaces. They don't change the 'pass' rules on other + interfaces. Typical uses of 'Deny' rules are:
+
  • Deny Both - blocks all traffic in both directions, if the source or destination IP is in the block list
    • +
  • Deny Inbound/Deny Outbound - blocks all traffic in one direction unless it is part of a session started by + traffic sent in the other direction. Does not affect traffic in the other direction.
    • +
  • One way 'Deny' rules can be used to selectively block unsolicited incoming (new session) packets in one direction, while + still allowing deliberate outgoing sessions to be created in the other direction.
+ 'Permit' Rules:
+ 'Permit' rules create high priority 'pass' rules on the stated interfaces. They are not the opposite of Deny rules, and don't create + any 'blocking' effect anywhere. They have priority over all Deny rules. Typical uses of 'Permit' rules are:
+
  • To ensure that traffic to/from the listed IPs will always be allowed in the stated directions. They + override almost all other Firewall rules on the stated interfaces.
    • +
  • To act as a whitelist for Deny rule exceptions, for example if a large IP range or pre-created blocklist blocks a + few IPs that should be accessible.
+ 'Match' Rules:
+ 'Match' or 'Log' only the traffic on the stated interfaces. This does not Block or Reject. It just Logs the traffic. +
  • Match Both - Matches all traffic in both directions, if the source or destination IP is in the list.
    • +
  • Match Inbound/Match Outbound - Matches all traffic in one direction only.
+ 'Alias' Rules:
+ 'Alias' rules create an alias for the list (and do nothing else). + This enables a pfBlockerNG list to be used by name, in any firewall rule or pfSense function, as desired. +
  • Options    - Alias Deny,  Alias Permit,  Alias Match,  Alias Native

    • +
  • 'Alias Deny' can use De-Duplication and Reputation Processes if configured.

    • +
  • 'Alias Permit' and 'Alias Match' will be saved in the Same folder as the other Permit/Match Auto-Rules

    • +
  • 'Alias Native' lists are kept in their Native format without any modifications.
+ When using 'Alias' rules, change (pfB_) to ( pfb_ ) in the beginning of rule description and Use the 'Exact' spelling of + the Alias (no trailing Whitespace)  Custom 'Alias' rules with 'pfB_ xxx' description will be removed by package if + using Auto Rule Creation.

Tip: You can create the Auto Rules and remove "auto rule" from the Rule + Descriptions, then disable Auto Rules. This method will 'KEEP' these rules from being 'Deleted' which will allow editing for a Custom + Alias Configuration
]]> + + action + select + + + + + + + + + + + + + + + + + + + Update Frequency + cron + Never
+ Select how often List files will be downloaded]]> + + select + + + + + + + + + + + + + + + Weekly (Day of Week) + dow + 1
+ Select the 'Weekly' ( Day of the Week ) to Update
+ This is only required for the 'Weekly' Frequency Selection. The 24 Hour Download 'Time' will be used.]]> + + select + + + + + + + + + + + + Enable Logging + aliaslog + Enable
+ Select - Logging to Status: System Logs: FIREWALL ( Log )
+ This can be overriden by the 'Global Logging' Option in the General Tab.]]> + select + + + + + + + IPv6 Custom list + listtopic + + + IPv6 Custom Address(es) + custom + + Follow the syntax below:

+ Network ranges: TBC
+ IP Address: TBC
+ CIDR: TBC

+ You may use "#" after any IP/CIDR/Range to add comments. # Safe IP Address]]> + + textarea + 50 + 10 + base64 + + + Update Custom List + custom_update + Disable
+ Select - Enable Update if changes are made to this List. Cron will also resync this list at the next Scheduled Update.]]> + + select + + + + + + + Click to SAVE Settings and/or Rule Edits.       Changes are Applied via CRON or + 'Manual Update']]> + listtopic + + + + pfblockerng_php_install_command(); + + + pfblockerng_php_deinstall_command(); + + + pfblockerng_validate_input($_POST, $input_errors); + + + global $pfb; + $pfb['save'] = TRUE; + sync_package_pfblockerng(); + + \ No newline at end of file -- cgit v1.2.3