IPv4 Source Definitions, Line 1: Invalid GeoIP entry!

Gertjan

@jazzl0ver

Not only 'Europe' ...
Any of these :

jazzl0ver

@Gertjan right. i was able to work this around by commenting out the input validation:

/*
                        if ($value != 'Disabled' && $_POST["format-{$key_1}"] == 'geoip') {
                                $k_validate = str_replace('_', '', strstr($_POST["url-{$key_1}"], ' ', TRUE));
                                if (empty(pfb_filter($k_validate, PFB_FILTER_ALNUM, 'Category_edit'))) {
                                        $input_errors[] = "{$type} Source Definitions, Line {$line}: "
                                                        . "Invalid GeoIP entry!";
                                }
                        }
*/

in /usr/local/www/pfblockerng/pfblockerng_category_edit.php

michmoor

@jazzl0ver Whats the best way to alert the maintainer?

jazzl0ver

@michmoor is that a sarcasm? meaning I'd better go and create a redmine issue?

michmoor

@jazzl0ver no not at all legit asking.

I ended up creating a redmine for this issue.

smolka_J

Another possible work around, rather than manually creating that rule as ALIAS match from the IPv4 tab, have you tried using the GeoIP tab to set Europe or others as ALIAS match on that tab? I don't get that validation error from the GeoIP tab setting them to any ALIAS variant, could also save from double loading lists.

jazzl0ver

@smolka_J that worked, thanks. but I intended to include several locations as "TheWest" and then use them all with a single firewall rule.

Gertjan

@jazzl0ver said in IPv4 Source Definitions, Line 1: Invalid GeoIP entry!:

"TheWest"

That would be a ... a list with IP networks that covers what, half the "IPv4 Internet" ?
A pretty big list.
A couple of what, millions (?) of firewall IP network entries ... All loaded into pf when it starts and reloads ... and every entry of this list is tested for every packet stream belonging to a potential new firewall state, if a match was found.

Let's say you've use the "TheWest" list as a whitelist list.
So, when a load of connections comes in from a network not on the list (the "East" ^^), the entire list has to be traversed, and at the end the IP gets blocked as no match was found. This means : thousands of times per second the entire 'million' list has to be traversed.
You get where this is going ?

smolka_J

@jazzl0ver Manually adding the local URL for the continent file like /usr/local/share/GeoIP/cc/Europe_v4.txt with format set to Auto does look to work otherwise as the info box notes, just not the autocomplete entry for continents when the state is set to ON for it but individual country entries do seem to work fine for autocomplete otherwise. Strangely enough, if you have the State option set to OFF then autocomplete continent entries do pass validation to save successfully but same message if you change it to ON after. BBCan177 is looking into it

jazzl0ver

@Gertjan i'm aware of all of that, thanks. the thread was about a bug in the pfB, not about the right usage