You need to force reload after adding whitelist entries.
Also clear the clients DNS cache.

-Rico

@Jack37 said in Wrong geoip classification:

Is there a chance to reclassify the ip?

The theory :
As you might know, "pfBlockerNG" doesn't know anything about an IP and their location. The info comes from lists, like the "MaxMind GeoIP " -where you took a subscription to have access to their lists.

Contact them if you want something gets changed.

The reality :
As said often : because the stock with IPv4 has been totally depleted, their is a real traffic of IPv4 going on. Thye are sold and bought all the time in big blocks or small chunks. This traffic is a world wide thing. It's close to impossible to trace - or keep up to date - the exact IP location.
It's nice if it works - but often GEOIP info is plain wrong - and/or takes time to mute to another place.

Keep in mind : with IPv6 things will get worse as just make a list == mission impossible.

Rico...thanks for the reply. I appreciate your time in answering. Is there anything I need to do in the console such as delete files, change anything, etc.?

When I chose to delete the package from the Package Manager, this is what happened, it just hangs -
pfSense Package Manager.png

However, when I checked my dashboard, it looks like it was deleted from my system. I can't be for sure though.

Ah, so a DNS issue then? That would be unrelated to the auto firewall rule ordering you were seeing.

Steve

@gwaitsi
Have a look at https://www.reddit.com/r/pfBlockerNG/comments/jt9k89/pfblockerng_malwarebytes_telementery_increased/

https://docs.netgate.com/pfsense/en/latest/troubleshooting/upgrades.html#segmentation-fault-in-pkg

@Draco

Thanks I like the idea of puutin win update or global dns on a whitelist
Havnt come to my mind just yet
Thx

This worked. Thanks Ron

I add jasonhill's to a online doc and provided it as feed list.

Thanks both

Excellent. I just re-enabled all the feeds and the whitelisting seems to be working.

Thanks!
Matt

@sreeram
I don't use it, but I suspect you're right.

The DNS-BL VIP uses 10.10.10.1 by default. It looks like you're already using a subnet containing that so you need to change the default value there to something you're not using before it can start.

Steve

Yeah, probably not the best idea but it works. Im thinking to run a hotspot and dont want to find myself feeding bots.

I'll get that done this evening or tomorrow morning. I guess it goes without saying it's not a wide spread problem but something out of wack with my config. That you sir!

@trilobite
Yea, I use about 1/2 the feeds in Malicious_2, basically chose the ones that give the least grief. Frankly, relying on lists that someone else decides on will always get some domains blocked that you want. Between being choosy (yea this takes time to tweak) with what lists I use, maintaining white lists and setting the TOP1M whitelist to the top 5k, I rarely have an issue. None of this is turn-key it is all trial and error and frankly never ends. Lists go from good to bad and vice versa, lists go away and new lists popup. I peak in there every week or two to validate that the lists I chose are still 'live' and being maintained.

Yes very simple, configure cloud DNS ip's on the general setup screen under "dns server settings"

Then go to services -> dns resolver.

Tick the box next to "dns query forwarding"

Save, apply, done.