Describe your package hereDescribe your package requirements hereCurrently there are no FAQ items provided.pfblockernglistsv61.0pfBlockerNG: IPv6 Alias/List Configuration/usr/local/pkg/pfblockerng/pfblockerng.incpfBlockerNG: Save IPv6 settingsGeneral/pkg_edit.php?xml=pfblockerng.xmlUpdate/pfblockerng/pfblockerng_update.phpAlerts/pfblockerng/pfblockerng_alerts.phpReputation/pkg_edit.php?xml=/pfblockerng/pfblockerng_reputation.xmlIPv4/pkg.php?xml=/pfblockerng/pfblockerng_v4lists.xmlIPv6/pkg.php?xml=/pfblockerng/pfblockerng_v6lists.xmlDNSBL/pkg_edit.php?xml=/pfblockerng/pfblockerng_dnsbl.xmlCountry/pkg_edit.php?xml=/pfblockerng/pfblockerng_top20.xmlLogs/pfblockerng/pfblockerng_log.phpSync/pkg_edit.php?xml=/pfblockerng/pfblockerng_sync.xmlAlias NamealiasnameAlias DescriptiondescriptionActionactionFrequencycronLoggingaliaslogAdd a new AliasonlisttopicLINKSFirewall Alias
Firewall RulesFirewall Logs]]>
infoAlias Namealiasname
Do not include 'pfBlocker' or 'pfB_' in the Alias Name, it's done by package. International, special or space characters will be ignored in firewall alias names.
]]>
input20List Descriptiondescriptioninput90info'Format': Select the Format type.
'Local File': http(s)://127.0.0.1/filename
or /var/db/pfblockerng/filename
'Country code': /usr/pbi/pfblockerng-amd64/share/GeoIP/cc/US_v6.txt
(Change 'US' to required code)
'Whois': Domain name or AS (ie: facebook.com or AS13414)
( Click for ASN Lookup )
'Header/Label': This field must be unique. This names the file and is referenced in the widget.
(ie: Spamhaus_drop, Spamhaus_edrop)
]]>
IPv6 Lists]]>'Format': Select the file format that URL will retrieve.
'auto' - Default parser
'regex' - 'Regex' style parsing (ie: html Lists)
'whois' - Convert a Domain name or AS into its respective IP addresses.
'rsync' - RSync Lists
'State': Select the Run State for each list
'ON/OFF' - Enabled / Disabled
'HOLD' - Once a List has been Downloaded, list will remain Static
'FLEX' - Not Recommended - Allow downgraded SSL connections
'Note': Downloaded or pfsense local file musts have the syntax (See customlist below)]]>
rowhelperFormatformatselectautoStatestateselectEnabledSourceurlinput50Header/Labelheaderinput15List ActionDefault: Disabled
Select the Action for Firewall Rules on lists you have selected.
'Disabled' Rules: Disables selection and does nothing to selected Alias.
'Deny' Rules:
'Deny' rules create high priority 'block' or 'reject' rules on the stated interfaces. They don't change the 'pass' rules on other
interfaces. Typical uses of 'Deny' rules are:
Deny Both - blocks all traffic in both directions, if the source or destination IP is in the block list
Deny Inbound/Deny Outbound - blocks all traffic in one direction unless it is part of a session started by
traffic sent in the other direction. Does not affect traffic in the other direction.
One way 'Deny' rules can be used to selectively block unsolicited incoming (new session) packets in one direction, while
still allowing deliberate outgoing sessions to be created in the other direction.
'Permit' Rules:
'Permit' rules create high priority 'pass' rules on the stated interfaces. They are the opposite of Deny rules, and don't create
any 'blocking' effect anywhere. They have priority over all Deny rules. Typical uses of 'Permit' rules are:
To ensure that traffic to/from the listed IPs will always be allowed in the stated directions. They
override almost all other Firewall rules on the stated interfaces.
To act as a whitelist for Deny rule exceptions, for example if a large IP range or pre-created blocklist blocks a
few IPs that should be accessible.
'Match' Rules:
'Match' or 'Log' only the traffic on the stated interfaces. This does not Block or Reject. It just Logs the traffic.
Match Both - Matches all traffic in both directions, if the source or destination IP is in the list.
Match Inbound/Match Outbound - Matches all traffic in one direction only.
'Alias' Rules: 'Alias' rules create an alias for the list (and do nothing else).
This enables a pfBlockerNG list to be used by name, in any firewall rule or pfSense function, as desired.
Options - Alias Deny, Alias Permit, Alias Match, Alias Native
'Alias Deny' can use De-Duplication and Reputation Processes if configured.
'Alias Permit' and 'Alias Match' will be saved in the Same folder as the other Permit/Match Auto-Rules
'Alias Native' lists are kept in their Native format without any modifications.
Note:
When manually creating 'Alias' type firewall rules; Do not add (pfB_) to the
start of the rule description, use (pfb_) (Lowercase prefix). Manually created 'Alias' rules with 'pfB_' in the
description will be auto-removed by package when 'Auto' rules are defined.
]]>
actionselectUpdate FrequencycronNever
Select how often List files will be downloaded. This must be within the Cron Interval/Start Hour settings.]]>
selectWeekly (Day of Week)dowMonday
Select the 'Weekly' ( Day of the Week ) to Update
This is only required for the 'Weekly' Frequency Selection. The 24 Hour Download 'Time' will be used.]]>
selectEnable LoggingaliaslogEnable
Select - Logging to Status: System Logs: FIREWALL ( Log )
This can be overriden by the 'Global Logging' Option in the General Tab.]]>
selectstateremovalStates RemovalWith the 'Kill States' option (General Tab), you can disable States removal for this Alias.selectenabledAdvanced Inbound Firewall Rule SettingslisttopicinfoNote: In general, Auto-Rules are created as follows:
Inbound - 'any' port, 'any' protocol and 'any' destination
Outbound - 'any' port, 'any' protocol and 'any' destination address in the lists
Configuring the Adv. Inbound Rule settings, will allow for more customization of the Inbound Auto-Rules. Select the pfSense 'Port' and/or 'Destination' Alias below:]]>
autoportsEnable Custom PortcheckboxaliasportsbeginDefine AliasaliasportsClick Here to add/edit Aliases
Do not manually enter port numbers. Do not use 'pfB_' in the Port Alias name.]]>
21aliasesportendautodestEnable Custom Destinationcheckboxaliasdest,autonotbeginaliasdestClick Here to add/edit Aliases
Do not manually enter Addresses(es). Do not use 'pfB_' in the 'IP Network Type' Alias name.]]>
21aliasesnetworkInvertautonotInvert - Option to invert the sense of the match.
ie - Not (!) Destination Address(es)]]>
checkboxendCustom ProtocolautoprotoDefault: any Select the Protocol used for Inbound Firewall Rule(s).
Do not use 'any' with Adv. Inbound Rules as it will bypass these settings!]]>select4IPv6 Custom listlisttopicinfoNote: Custom List can be used in ONE of two ways:
1. IPv6 addresses entered directly into the custom list, as per the required format.
2. Domain names or AS numbers, which will be converted into their respective IPv6 addresses.
]]>
whois_convertDO NOT mix IPs with Domains/ASs in this custom list.]]>
Enable Domain/AScheckboxCustom Address(es)custom Format IPv6:
Source of Regex and format descriptions: SpriteLink
fe80:0000:0000:0000:0204:61ff:fe9d:f156 // full form of IPv6
fe80:0:0:0:204:61ff:fe9d:f156 // drop leading zeroes
fe80::204:61ff:fe9d:f156 // collapse multiple zeroes to :: in the IPv6 address
fe80:0000:0000:0000:0204:61ff:254.157.241.086 // IPv4 dotted quad at the end
fe80:0:0:0:0204:61ff:254.157.241.86 // drop leading zeroes, IPv4 dotted quad at the end
fe80::204:61ff:254.157.241.86 // dotted quad at the end, multiple zeroes collapsed
In addition, the regular expression matches these IPv6 forms:
::1 // localhost
fe80:: // link-local prefix
2000:: // global unicast prefix
Any slash-notation style prefix
Private IPv6 addresses may be used in a custom list.
You may use "#" after any IP/CIDR/Range to add comments. ie: x::x:x:x:x # Safe IP Address
If you select the Domain/AS checkbox above, the custom list can only
be used for Domain names/AS's.
Format Domain/AS:
One 'Domain' or 'AS' per line.
Domains and/or ASs can be used in the same list.
Conversion of Domains/ASs utilize Team CYMRU
and the RADb whois registry.
Configure the 'update frequency', so that it does not abuse these free services.]]>
textarea5010base64Update Custom Listcustom_updateDefault' to update Custom List as per Update Frequency setting.
Select - 'Update Custom List' followed by a 'Force Update' to apply Custom List Changes.
Cron will also resync this Custom List at the next Update Frequency.]]>
selectClick to SAVE Settings and/or Rule Edits. Changes are Applied via CRON or
'Force Update']]>listtopic