Trouble with pfBlockerNG v2.0.17 w/DNSBL

detox

hello all!
First, I am a true novice at this.
I installed pfBlockerNG to add security.  I followed the instructions listed at these two places:

https://forum.pfsense.org/index.php?topic=102470.msg572943#msg572943 
and
https://turbofuture.com/internet/How-to-Configure-pfBlocker-An-IP-Block-List-and-Country-Block-Package-for-pfSense
There are results listed on  my dashboard.
Here is my question:
I have all of Europe blocked in and outbound, but I can still go to websites in Russia, China, Japan and other countries listed.
Does this package block websites?  Or does it focus on advertising? 
And finally, is there a really good document on configuring and testing of the package?
Thanks for any help

johnpoz

Last time I checked Japan was not in Europe ;)  Either was China ;)  Maybe you just need a geography lesson, hehehe

As to blocking outbound?  How are you blocking that, in floating rules?  If you don't want someone on your lan going somewhere it should be on the interface their traffic first enters pfsense, so normally say the lan interface.

You also need to make sure there is no active state, so for example if I went to site, then put in block without a flush of the state on pfsense I would still go there even if a block since I already had a state before the rule was put in place.

If still not working you need to validate what IP your actually going to, and what IPs are listed in the block country list - is quite possible some IPs are missing or not up to date, etc.

detox

johnpoz –-  Err  my example is certainly not good.  I blocked all except North America.  Got lost in thought while typing this
Inbound = Wan
outbound = Lan

I do  not have any floating rules
I did not know anything about flushing states and I have just done that
You mentioned verifying IP addresses.  How do I verify an IP in the block country list?

And, Thanks so much for the help!!  (is there a manual on pfblockerNG?

johnpoz

so you have rules on your wan to block those IPs from accessing your port forwards.  That would be the only reason for rules on your wan to block, since if not allowed all traffic is blocked on the wan just like other interfaces.

How you would verify is look at the list of that country and see if IP is in there.. You can just put your mouse over the alias in the rules and it will list the ips in that alias, or just go to pfsense folders and look at the files they are located

/usr/local/share/GeoIP/cc

or
/var/db/pfblockerng/

These locations are listed when you go to add a alias and click the little i for info..

detox

Thanks so much!
The more I read the more I realize how little I know.  I'll be doing a gob of reading over the next month.