Country Block
-
Yes, system logs -> Firewall.
I am still working on a way to filter what is logged only by the package. That requires a lvl 67 programmer and I am only lvl 66.Right now the only way to tell if something is blocked by the package is to click the red x on the logged event.
-
Came across some issues. I found you may need to uninstall the 1.3 package and then reboot you system after the uninstall. Then install the new 1.4 package and reboot again. I was not able to get the new version to start until after I did the following. This is just something to try if anyone else happens to get this same issue for what ever reason.
Other than that, the package is working great. Good job on implementing the logging. I have a feeling level 67 will soon come about.
Thanks again for all the hard work tommyboy180
-
Thank you for the new version Tommyboy180.
-
-
has anybody got this going on embedded yet? i'm getting hit with terrible spam and this would come in extremely handy.
i've changed my embedded to rw, did the install but it still complains. i've tried to create countries.txt etc and they get deleted the minute i try to commit countries in the gui.
i'd really appreciate some help with this as i've had to close down my mail server to stop spam coming in (even with spam assasin!) -
i got it going but could the author or anybody else let me know if i am doing anything wrong or opening a hole as i am not a coder.
i simply edited the config file like:$N = count($aCountry);
$myFile = "countries.txt";
conf_mount_rw();
$fh = fopen($myFile, 'w+');
$output = "**You selected $N Countries";for($i=0; $i < $N; $i++)
{
//echo($aCountry[$i] . " ");
fwrite($fh, $aCountry[$i] . "\n");
conf_mount_rw();
}
echo("");
}
}and away it went. it's running ok now. thank you.**
-
i got it going but could the author or anybody else let me know if i am doing anything wrong or opening a hole as i am not a coder.
i simply edited the config file like:$N = count($aCountry);
$myFile = "countries.txt";
conf_mount_rw();
$fh = fopen($myFile, 'w+');
$output = "**You selected $N Countries";for($i=0; $i < $N; $i++)
{
//echo($aCountry[$i] . " ");
fwrite($fh, $aCountry[$i] . "\n");
conf_mount_rw();
}
echo("");
}
}and away it went. it's running ok now. thank you.**
Awesome! You saved me a couple hours on my day off. I will make the changes and commit this in the CountryBlock package and the IPBlocklist package.
-
hey, no probs! thanks for your efforts and what a great package!
i still can't get the logging to work (tick box etc) so there must be another bit in there to change to rwthink the last bit above is meant to be "ro" instead of "rw"
-
The logging uses a feature already built into pfsense. It logs just like anything else, so you logs should show up under the Firewall logs.
-
i've edited it again and put the conf_mount_rw(); at the very begining of the php script and the conf_mount_ro(); at the end and it works fine now
conf_mount_rw();
mwexec("touch countries.txt");
//$myFile = "countries.txt";
//$fh = fopen($myFile, 'a+');if(isset($_POST['formSubmit']))
{
$aCountry = $_POST['formCountry'];if(isset($_POST['formOutbound']))
{
$output2 = " and Outbound access is BLOCKED.";
exec("touch OUTBOUND");
}
else
{
$output2 = " and Outbound access is ALLOWED.";
exec("rm OUTBOUND");
}if(isset($_POST['formlogging']))
{
exec("touch logging");
}
else
{
exec("rm logging");
}if(empty($aCountry))
{
$output = "**You didn't select any Countries.";
exec("rm countries.txt");
}
else
{$N = count($aCountry);
$myFile = "countries.txt";
$fh = fopen($myFile, 'w+');
$output = "**You selected $N Countries";for($i=0; $i < $N; $i++)
{
//echo($aCountry[$i] . " ");
fwrite($fh, $aCountry[$i] . "\n");
}
echo("");
}
}
conf_mount_ro
?>**** -
Excellent! Great work and thank you.
-
and what a great peice of code too. that cheeky little bleeder from taiwan is now being blocked good and proper! thank you!
-
um….there's a bit of a difference between the full & embedded versions. running on a full version with the same packages eg snort etc, country block runs. with the embedded. it stops after 5 mins. i'll play a bit more i think.
-
um….there's a bit of a difference between the full & embedded versions. running on a full version with the same packages eg snort etc, country block runs. with the embedded. it stops after 5 mins. i'll play a bit more i think.
I don't have any experience with embedded so any help is appreciated. I wonder what the difference is, hopefully there is a fix that we can implement.
-
I don't have any experience with embedded so any help is appreciated. I wonder what the difference is, hopefully there is a fix that we can implement.
The only real difference is if you must write to something other than /var you must conf_mount_rw() first and conf_mount_ro() afterwards.
-
@cmb:
I don't have any experience with embedded so any help is appreciated. I wonder what the difference is, hopefully there is a fix that we can implement.
The only real difference is if you must write to something other than /var you must conf_mount_rw() first and conf_mount_ro() afterwards.
Thank you very much.
-
I have noticed that some IP's from other Countries have been getting blocked by SNORT even though I have the entire country set to block and country block package was verified to be running. I have never seen this before until now. This could be nothing, but I raise the question that if the country block is basically blocking the IP already, why now is SNORT even getting the opportunity to block the IP? Logic tells me that the country block package would simply overide any other decision the firewall would make on handdle the incoming connection and then simple discard the connection or auto block it from everthing. The only other option or idea I have is that maybe this is a new range of IP's not listed for those countries from the countryipblock.net website??? Maybe something to look into maybe not. Just thought I should say something.
The IP's below belong to Korea the republic and china according to countryipblock.net
121.176.124.65
123.159.194.21Thanks for any help or ideas.
-
I have noticed that some IP's from other Countries have been getting blocked by SNORT even though I have the entire country set to block and country block package was verified to be running. I have never seen this before until now. This could be nothing, but I raise the question that if the country block is basically blocking the IP already, why now is SNORT even getting the opportunity to block the IP? Logic tells me that the country block package would simply overide any other decision the firewall would make on handdle the incoming connection and then simple discard the connection or auto block it from everthing. The only other option or idea I have is that maybe this is a new range of IP's not listed for those countries from the countryipblock.net website??? Maybe something to look into maybe not. Just thought I should say something.
The IP's below belong to Korea the republic and china according to countryipblock.net
121.176.124.65
123.159.194.21Thanks for any help or ideas.
The pf Firewall follows rules in the order they are written to the config. SNORT rules must come before the countryblock rules. You can verify this by looking at /tmp/rules.debug.
What I think you are seeing the the same IP. Both packages block the IP but SNORT is the first to encounter based on your rule set. -
ok, so basically one way or another they will get blocked even though SNORT seen the incoming connection first. I just never noticed this before. Is it because the CountryBlock is sending information to the logs now?
Thanks,
-
ok, so basically one way or another they will get blocked even though SNORT seen the incoming connection first. I just never noticed this before. Is it because the CountryBlock is sending information to the logs now?
Thanks,
No the logs are separate. It's just the order that the rules are handled.