IP Country Block {Now $150}
-
I am using it to block all traffic from specific countries. You are absolutely right people get around IP address restrictions by using proxies or many other clever tools/methods however I can tell you from analyzing my own traffic that after I blocked a few countries the number of attacks reported by my IDS as well as the amount of spam has significantly decreased. It does not mean that I don't get attacks or spam but the number has been reduced substantially and the load on the servers has decreased substantially. In any case, I felt like maybe the community could benefit from this feature. I think pfSense is an awesome firewall, I have recently started using it and I love to see it grow quickly.
-
Your reasoning makes sense. ;D
-
Is this possible in pfsense 1.2.2?
jigp
Davao City -
I would do a package for this when i find time.
-
One very helpful feature will be to create firewall rules based on a country's IP address. I am currently using aliases to do this but this is a tedious work specially since there is a limit in the number entries in an alias. So if someone can create a module for this I am willing to put $100 into it. I imagine the UI would have a drop down option to pick a country. It would be great for the list of IPs to be editable so it can be updated if needed. I currently use the following website http://www.countryIPblocks.net/ to get my IP list and it seems to be very accurate.
Is such a service really correct enough?
-
To the best of my knowledge it is. IANA assigns address blocks to Regional Internet Registries. ISP's then apply for their IP block from their Local Internet Registry http://www.iana.org/numbers/. Such allocation is kept in a database (updated regularly) which can be downloaded from the appropriate Regional Registry ftp://ftp.arin.net/pub/stats/.
-
To the best of my knowledge it is. IANA assigns address blocks to Regional Internet Registries. ISP's then apply for their IP block from their Local Internet Registry http://www.iana.org/numbers/. Such allocation is kept in a database (updated regularly) which can be downloaded from the appropriate Regional Registry ftp://ftp.arin.net/pub/stats/.
Ok, if this works not only in theory but also in practice it's obviously a very handy feature for any FW-admin.
Cheers,
-
+1 for this feature,
Spam is my biggest bug bare ATM, I can filter it out but not stop the initial connection to my graylist server - this feature would help greatly.
I could imagine a GUI page of flags where by you would tick a check box next to the flag of the countries you would like to block.
Cheers
-
Please do not make feature requests or comments on the bounty unless you are contributing money to the bounty.
-
OK + {$50} then.
-
Perfect timing…..
Right now I have scripts that do what you guys want.
My scripts download blacklists and inject them into the firewall.OpenBSD keeps a country black list somewhere, I could easily add those.
For example they have a black list of all of China and Korea.I could make it into a package with a gui if you guys want, I'm really busy with work right now so I cant give you a date.
James
-
This bounty is complete with the countryblock package
