Re: [pfSense Support] blocking spammers xml

Mon, 22 Sep 2008 21:21:01 -0700 

I did these a little different...
in XML I added

in filters section
<filters>


        <rule>
                        <type>block</type>
                        <interface>wan</interface>
                        <max-src-nodes/>
                        <max-src-states/>
                        <statetimeout/>
                        <statetype>keep state</statetype>
                        <os></os>
                        <protocol>tcp/udp</protocol>
                        <source>
                                <address>spammers</address>
                        </source>
                        <destination>
                                <any/>
                                <port>25</port>
                        </destination>
                        <descr>spammers</descr>
                </rule>


</filters>

then below the rules / filters section



        <aliases>
                <alias>
                        <name>spammers</name>
<address>66.0.0.0/8 66.0.0.0/8 78.0.0.0/8 79.0.0.0/8 80.0.0.0/8 81.0.0.0/8 82.0.0.0/8 83.0.0.0/8 84.0.0.0/8 85.0.0.0/8 86.0.0.0/8 87.0.0.0/8 88.0.0.0/8 89.0.0.0/8 90.0.0.0/8 91.0.0.0/8 92.0.0.0/8 93.0.0.0/8 94.0.0.0/8 95.0.0.0/8 116.0.0.0/8 121.0.0.0/8 122.0.0.0/8 123.0.0.0/8 124.0.0.0/8 125.0.0.0/8 194.0.0.0/8 195.0.0.0/8 200.0.0.0/8 201.0.0.0/8 202.0.0.0/8 203.0.0.0/8 210.0.0.0/8 190.0.0.0/8</address> 
                        <descr>SMTP Block Known Spam Networks</descr>
                        <type>network</type>
<detail>smtp block spam Canada||smtp block Spam Canada||smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam|| smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Asia||smtp block Spam Amsterdam||smtp block Spam Amsterdam|| smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Mexico||smtp block Spam Mexico||smtp block Spam Mexico|| smtp block Spam Mexico||smtp block Spam Mexico||smtp block Spam Mexico||</detail> 
                </alias>
        </aliases>


Seems to work well.

On Sep 22, 2008, at 9:25 PM, Derrick Conner wrote:


  I've attached my cleaned up XML of all the subnets I block.   Feel
free to post it, or whatever you want to do with it. I would have sent 
it to Joe Laffey, but I think my spam filter got him.


Derrick

-----Original Message-----
From: Glenn Kelley [mailto:[EMAIL PROTECTED]
Sent: Monday, September 22, 2008 10:43 AM
To: support@pfsense.com
Subject: Re: [pfSense Support] blockign china

I would need to know perl .

I have given my wife a few of those in the past....
hmmm

going to her jewlery box

all kidding aside - i think your right.

I will see what I can come up w/ - i think this might help the pfsense
community @ large.
In fact - it seems simple enough - it might make a very simple pkg

just a thought -

I think if it were a pkg - it could then parse those lists every month
or so - cron job 1 time per month
and then reinject the changes

This way it stays up to date...

I would say 95% of the hacking attempts we are seeing in our
datacenter are all out of China and Korea -
the last 5 % would be say 4% from Russia and 1% from script kiddies in
the US

Then again 99.256% of all statistics are made up 98.721% of the time

I know my #'s are close however

Glenn


On Sep 22, 2008, at 10:08 AM, Joe Laffey wrote:


On Mon, 22 Sep 2008, Glenn Kelley wrote:


Thanks Joe -

I saw that...

My concern was typing all of those into the system one by one by
one...

Its okay if I gotta do it :-)
My hope was that someone already has - and that they could put out
that part of their xml file - so the community could all benefit.



I would think you could write a perl script to convert those into a
segment of XML that you could then paste into a saved config. Then
reload that config.



--
Joe Laffey                |       Visual Effects for Film and Video
LAFFEY Computer Imaging   |     -------------------------------------
St. Louis, MO             |       Show Reel http://LAFFEY.tv/?e11861
USA                       |     -------------------------------------
.                         |        -*- Digital Fusion Plugins -*-


------------------------------------------------------------------------
--


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]




---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
<Big Spammers .zip >--------------------------------------------------------------------- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to