Not blocking any location
-
Hey guys,
I'm new to pfSense and very excited about it. Bought a license and everything and installed pfBlockerNG to prevent access from unwanted geolocations and other stuff.
- I only want to allow Europe and drop any other packets.
2. If possible, make an invert match to reduce the amount of data by changing to drop all except for European addresses.
Currently, I took the first way and a floating rule was created with IP address lists of IPv4 and IPv6 to drop packets from unwanted geolocations like Asia, America, and so on. I had to increase the amount of database entries of the pfSense to store the data, and it uses 14GB of RAM currently, but blocks nothing. I tried IPVanish, NordVPN, and 2 custom IPs from Asia, America, Africa, but nothing is blocked.
Currently, it's completely useless and it reduces the pfSense performance, consumes RAM, and does (feels like) nothing.
First question: How to invert match the rule to reduce the RAM and make it the opposite way, using drop all and allow all European GeoIPs?
Second, how to get it to work?I really appreciate any help, but please only if you know what you are talking about. :-)
- I only want to allow Europe and drop any other packets.
-
Only one hint from me: Top-Spammers is not about Spammers but about Countries other than the US.
Blocking this list is the worst you can do if you are outside the US and you do it even in both directions. -
@Viconnect blocking the planet is not the way to do it anyway.. Allow the traffic you want.. Can you show us your rules, and what exactly is those tables.. What are you trying to block them from.. You going to them, them hitting some port forward you have open?
I only allow US IPs to my port forwards and ports, and drop and log all inbound traffic to any port that is a syn..
So you can see my rule that would allow traffic to 443, is limited to my pfblock alias that includes US ips.. Notice this traffic was not allowed and dropped down to my logging rule.. Because was not on my allow list..
Trying to create lists of IPs that contain every IP on the planet vs the ones you want to allow is not very efficient way to do it.. Its better to just allow what you want to allow..
An intelligent man is sometimes forced to be drunk to spend time with his fools
If you get confused: Listen to the Music Play
Please don't Chat/PM me for help, unless mod related
SG-4860 24.11 | Lab VMs 2.7.2, 24.11 -
The specific case is: i have a nginx proxy open with port 80 and 443 and some other services at 8443, 7654...., the pfsense is infront of all the vms, services and servers, and i like to block any traffic out of europe only to reduce the ammount of attacks on devices behind the firewal (i know all reason why it doesn't make sense ... blabla) i want that and no discussion about why.
ipv6 does not interest me at all, is there an easy way to remove ipv6 at all? i could reduce a lot with that i think, simple deny rule in firewall for all ipv6 subnets or ipv6 option for the entire interface?
my pf database is still growing currently reaching 22GB of ram
-
@johnpoz can you tell me please how to add america, france, swiss or any other to the allowed list? and drop the rest?
-
@johnpoz said in Not blocking any location:
and drop and log all inbound traffic to any port that is a syn..
Out of curiosity, how much less blocked TCP-traffic gets logged by only doing it for SYN?
-
-
would you be so kind and tell me what to do to allow only sweeden, switzerland and .. another country and deny the rest.
i can see in your rule table in the end you deny all and at the allowed pfB_AllowPfb_v4 to 443, but where is pfB_AllowFb_v4 from? when i try to allow in pfblock it tells me an error message i have to be sure to allow inbound from many crountrys security risk ...... and so on.
-
@Viconnect said in Not blocking any location:
but where is pfB_AllowFb_v4 from?
its a list I created.
I allow US ips, some other lists for uptime robot and status cake - they could be international IPs, and I currently have family living in Morocco and they stream off my plex server.
As to how much less when only doing just syn than all.. I would have to turn all back on and let it run for a day.. But its not insignificant.. And just no desire to see that what I know what would be block because no state. But interesting to see who actually trying to create a state.
-
Great, I'll give it a try.
However, could anyone advise on how to reset PFBlocker to its default settings?
Ever since I activated geoblocking, my PFsense setup has become quite problematic.
It's using an enormous amount of RAM, around 40GB. I've tried deselecting all countries in PFBlocker, disabling the PFBlocker GeoIP feature, and even completely uninstalling the plugin, but nothing has changed.
Consequently, I installed a new PFsense and attempted to download and import a config file from the existing setup.
However, the backup’s XML config still contains all the PFBlockerNG data, including geoblocking addresses, IPs, and more.
Is there no way to remove PFBlocker without causing PFsense to crash or having to reinstall everything?
