Issue with pfBlocker GEOIP

johnpoz

@Abramelin Not exactly sure what your hoping to accomplish.. But little advice, its much easier to allow than to try and block everything else..

I use geoip aliases to allow inbound into my services I have open to the public, but I limit it to US ips.. and some others that I have created.

This is much smaller list than trying to block the planet.

Abramelin

@johnpoz Thanks sir i will do that!

SteveITS

@Abramelin I’d think this problem would apply to pfBlocker as well:
https://forum.netgate.com/topic/186065/heads-up-new-suricata-7-0-3-package-is-coming-soon
…might need an update to it.

tieskekiggen

@SteveITS
I have the same issue as the TS with GeoIP.
The link to the post you sent gives me access denied even though I am logged into the forum.

What was the problem/fix given therein?
Thanks in advance!

johnpoz

@tieskekiggen that post was deleted because it was release, here is the release notes

https://forum.netgate.com/topic/186071/suricata-package-v7-0-3-available-here-are-the-release-notes

tieskekiggen

@johnpoz
Thanks for the reply.
But I don't think that is the issue because the lists are downloading to the system and contain IP information.

It seems to be an issue in pfBlocker.
This is a fresh installation of pfBlocker on the machine.
I've put all continents on deny inbound except Europe.

After an update/reload the aliases for the continents are not created, but the default block list is working.

Any idea what it could be?

johnpoz

@tieskekiggen I already went over my suggestion.. You shouldn't be trying to block the world.. If all you want to allow is EU, then just allow that..

There is little point to blocking the whole planet, when there is a default deny.. If you do not allow it, its blocked anyway. Create your rules with the allow in them. See my screenshot above.

tieskekiggen

@johnpoz
Yes I understand that, when I get it working, I will implement it differently too. This was purely for testing.
But the problem I am running into now is that the aliases it is supposed to create are not creating.
Hence my question as to how it could be that it doesn't work.
It seems to be nothing with the MaxMind license because I see the downloaded files in the /usr/local/share/GeoIP folder. Only pfBlocker is not creating the needed aliases.

johnpoz

@tieskekiggen look in your table to validate the alias is populated.

tieskekiggen

@johnpoz
Found the issue, I didn't choose the countries within the continent.
Therefore, it was not creating the alias.
Thanks for your quick responses anyway!