Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Country Block

    Scheduled Pinned Locked Moved pfSense Packages
    691 Posts 79 Posters 688.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      kilthro
      last edited by

      Right I understand that I am on beta so it may not be a bug in your package persay. I think most of it is the location of the files it is referring to gets wiped. Is it possible to have it store files else where as suggested in a previous post?

      @robfantini:

      On some systems , /tmp  is cleared on reboot .

      Try copying some other files to /tmp , reboot and see if they exist after a reboot.

      If  /tmp is cleared on reboot, then /tmp/rules.debug should be stored in another location. like /var/tmp .  on our system /var/tmp is not cleared on reboot.

      1 Reply Last reply Reply Quote 0
      • T
        tommyboy180
        last edited by

        @kilthro:

        Right I understand that I am on beta so it may not be a bug in your package persay. I think most of it is the location of the files it is referring to gets wiped. Is it possible to have it store files else where as suggested in a previous post?

        @robfantini:

        On some systems , /tmp  is cleared on reboot .

        Try copying some other files to /tmp , reboot and see if they exist after a reboot.

        If  /tmp is cleared on reboot, then /tmp/rules.debug should be stored in another location. like /var/tmp .  on our system /var/tmp is not cleared on reboot.

        No, not possible. The firewall config will always be stored in /tmp. This is a pfsense thing and cannot be changed by the user.

        -Tom Schaefer
        SuperMicro 1U 2X Intel pro/1000 Dual Core Intel 2.2 Ghz - 2 Gig RAM

        Please support pfBlocker | File Browser | Strikeback

        1 Reply Last reply Reply Quote 0
        • D
          darklogic
          last edited by

          I am on the last stable version of pfsense 1.2.3 RELEASE with CB version 0.1.9, all is running smooth and very well. The package will restart ok if anything happens, it will e-mail me the alert of an issue. all-and-all it is working good.

          I have noticed something and was wondering if there is a way to make CB completely restart on its own in order to obtain updated block IP's. I noticed that my blocked IP list number will not increase or decrease unless I manually click the save/update button on the main page of CB.

          This is something I can live with, but I am wondering if anyone else noticed this or maybe has a quick fix?

          Thanks,

          Matt

          1 Reply Last reply Reply Quote 0
          • T
            tommyboy180
            last edited by

            @darklogic:

            I am on the last stable version of pfsense 1.2.3 RELEASE with CB version 0.1.9, all is running smooth and very well. The package will restart ok if anything happens, it will e-mail me the alert of an issue. all-and-all it is working good.

            I have noticed something and was wondering if there is a way to make CB completely restart on its own in order to obtain updated block IP's. I noticed that my blocked IP list number will not increase or decrease unless I manually click the save/update button on the main page of CB.

            This is something I can live with, but I am wondering if anyone else noticed this or maybe has a quick fix?

            Thanks,

            Matt

            Hey Matt,
            I can't imagine that country lists update frequently enough to see a visual change. My understanding is those lists barley change over months of time. I never considered this to be a problem. What country changes that frequently?

            -Tom Schaefer
            SuperMicro 1U 2X Intel pro/1000 Dual Core Intel 2.2 Ghz - 2 Gig RAM

            Please support pfBlocker | File Browser | Strikeback

            1 Reply Last reply Reply Quote 0
            • D
              darklogic
              last edited by

              I am not really sure what countries are changing and I always whitelist the same IP CIDR's and block everything but the US. I am currently blocking 245 out of 246 Countries in the list. I seen an increase from 67576 to You are blocking 69853 Networks. This number yesterday was 69834 and over the past couple of months it had increased from the 67576 amount.

              I was under the same impression that things would rarely if any change because of the lack of availible IPv4 addresses.

              Thanks,

              Matt

              1 Reply Last reply Reply Quote 0
              • T
                tommyboy180
                last edited by

                Same here. That's impressive that country blocks are changing that frequently. I always thought they were fixed by IANA. Well I don't know what to think. Changing how the package updates shouldn't be a problem. I'm not sure when I can dedicate time to countryblock in the near future. I have many projects that need attention right now.
                I added this to my list of things to-do. Thank you for your support!

                -Tom Schaefer
                SuperMicro 1U 2X Intel pro/1000 Dual Core Intel 2.2 Ghz - 2 Gig RAM

                Please support pfBlocker | File Browser | Strikeback

                1 Reply Last reply Reply Quote 0
                • D
                  darklogic
                  last edited by

                  Hey I understand how other obligations go. It is something that I can live with, I was just wondering if anyone was seeing this same thing. Thanks again for this great package.

                  Also, do you know of any other firewall distros that has this kind of ability to block country CIDR's ranges?

                  Thanks,

                  Matt

                  1 Reply Last reply Reply Quote 0
                  • X
                    XIII
                    last edited by

                    IANA says which country gets which IP range, or more accurately which regional authority is in charge of handing them out. IANA does not change them that frequently. Any changes to IPs either bogon, apipa, etc are usually scheduled to be made before they are actually going to be used.

                    What could of happened is that when you selected the countries, you clicked save before all of them could get applied and lately you waited for it to load before doing a select/unselect and then deselecting US, I had this happen to me, I selected all countries, deselected US and clicked save, not all countries were added because I did not give CB a chance to load them all. Make sure you wait for the page to stop loading before making any changes (Someone was having this issue with IP Blocklist, I saw that Tommy, stated for them to let the page to fully load as well.)

                    -Chris Stutzman
                    Sys0:2.0.1: AMD Sempron 140 @2.7 1024M RAM 100GHD
                    Sys1:2.0.1: Intel P4 @2.66 1024M RAM 40GHD
                    freedns.afraid.org - Free DNS dynamic DNS subdomain and domain hosting.
                    Check out the pfSense Wiki

                    1 Reply Last reply Reply Quote 0
                    • R
                      robfantini
                      last edited by

                      @XIII:

                      What could of happened is that when you selected the countries, you clicked save before all of them could get applied and lately you waited for it to load before doing a select/unselect and then deselecting US, I had this happen to me, I selected all countries, deselected US and clicked save, not all countries were added because I did not give CB a chance to load them all. Make sure you wait for the page to stop loading before making any changes (Someone was having this issue with IP Blocklist, I saw that Tommy, stated for them to let the page to fully load as well.)

                      For all packages and parts of PfSense that have a delay like this , it would be good to have  something more obvious to let us know that an action is occurring. 
                      It would I think be great to have common code that could be used by package maintainers to display something.    Or maybe there is a firefox addon to do that.  I'll check.

                      ps: -Tom Schaefer  - thank you  for your work on this package.

                      1 Reply Last reply Reply Quote 0
                      • D
                        darklogic
                        last edited by

                        Yeah I thought of the page taking a bit to load and I did let it load completely. Tommy was able to see the same thing according to his last post. As far as the package goes, it is running really good compared to how it was when I first started using it. Leaps and bounds have been done to get the package at this stable point and I feel Tommy has done an excellent job is such a short period of time. I am sure he will improve this package more, but ROAM was not built in a day.

                        In general a loading screen or notification when changes are taking effect would be nice, but I can't think of any other packages I am using does this either. I believe http://www.countryipblocks.net/ is where this list are being housed and more and likely I would say they are making changes and corrections?

                        Tommy, thanks again

                        1 Reply Last reply Reply Quote 0
                        • K
                          kilthro
                          last edited by

                          @tommyboy180:

                          @kilthro:

                          Yes I have gone into CB and deselected enable CB then clicked the save button at the bottom. (in red it says blocking 0 countries)
                          Then I re check the enable CB and click save at the bottom and the check now appears in the enable option but there is red text at the bottom that says blocking 0 countries.
                          There are countries enabled as I use the most spamming ones at the top of the list and says what is it 10 out of x amount enabled.

                          The only way I can get the red text at the bottom to go away and turn into black saying you are currently blocking x countries is to reinstall the package..

                          I don't really know what could cause that. Just keep in mind that you are using a BETA version of pfsense. There are no reports of this happening on stable versions.
                          I will get VM copy of the BETA going and take a look. Can you send me your config? PM it to me.

                          TB sorry for such a delay on this. Been really busy. Anyways I had some other issues crop up since i did the beta update when this issue did show up. Long story short I had to start from scratch with todays most recent version of the beta and reconfigure all settings and packages. Since I have done this, everything seems to be working fine. I guess that beta update I did a few days ago screwed some things up. So no need to look into this any farther as it was something that went bad with my setup.
                          Multipel reboots have been done and all is good.

                          1 Reply Last reply Reply Quote 0
                          • T
                            tommyboy180
                            last edited by

                            That's good news Kilthro. Glad you got it working!

                            -Tom Schaefer
                            SuperMicro 1U 2X Intel pro/1000 Dual Core Intel 2.2 Ghz - 2 Gig RAM

                            Please support pfBlocker | File Browser | Strikeback

                            1 Reply Last reply Reply Quote 0
                            • T
                              ToxIcon
                              last edited by

                              Thank you for all the time and hard work that you have put into created this great package Tommyboy.

                              When i have the Block outbound? check I see a lot source inbound activity being block from the outside in system log, but if i uncheck the Block outbound their is no more activity in the system logs, all interface check, Enable Logging check, Current Status = Running, You are blocking 108212 Networks. its running but was wondering if its  blocking inbound connections

                              1 Reply Last reply Reply Quote 0
                              • S
                                Supermule Banned
                                last edited by

                                It wil block from LAN -> WAN .

                                1 Reply Last reply Reply Quote 0
                                • M
                                  mgc6288
                                  last edited by

                                  I seem to be having an email problem.  The following settings:

                                  SMTP Auth: No
                                  SMTP Security: None
                                  Host: isp smtp address
                                  Port: 25
                                  U: <blank>P: <blank>Use HTML formatting: Yes
                                  From email address: isp email address
                                  To email address: personal email address
                                  Subject: Check Countryblock

                                  Click Save: Couldn't write values to file!

                                  Click Test: 404 on packages/countryblock/email_send.php

                                  I've uninstalled the package, rebooted pfsense, re-installed package, reconfigured, attempted email and still the same error code.</blank></blank>

                                  1 Reply Last reply Reply Quote 0
                                  • T
                                    tommyboy180
                                    last edited by

                                    @ToxIcon:

                                    Thank you for all the time and hard work that you have put into created this great package Tommyboy.

                                    When i have the Block outbound? check I see a lot source inbound activity being block from the outside in system log, but if i uncheck the Block outbound their is no more activity in the system logs, all interface check, Enable Logging check, Current Status = Running, You are blocking 108212 Networks. its running but was wondering if its  blocking inbound connections

                                    ToxIcon,
                                    you still are blocking. To test you can use a proxy or use your work network.
                                    As each attempt comes in or out you will see it in the log if you have it checked. If you don't see anything in the logs then the sites that you are blocking are not trying to send traffic your way.

                                    @mgc6288:

                                    I seem to be having an email problem.  The following settings:

                                    SMTP Auth: No
                                    SMTP Security: None
                                    Host: isp smtp address
                                    Port: 25
                                    U: <blank>P: <blank>Use HTML formatting: Yes
                                    From email address: isp email address
                                    To email address: personal email address
                                    Subject: Check Countryblock

                                    Click Save: Couldn't write values to file!

                                    Click Test: 404 on packages/countryblock/email_send.php

                                    I've uninstalled the package, rebooted pfsense, re-installed package, reconfigured, attempted email and still the same error code.</blank></blank>

                                    Username is blank. This is causing the error. Right now password is allowed blank. You can edit the page and copy the syntax I have on password to username as well.
                                    I will allow blank usernames on my next update.

                                    -Tom Schaefer
                                    SuperMicro 1U 2X Intel pro/1000 Dual Core Intel 2.2 Ghz - 2 Gig RAM

                                    Please support pfBlocker | File Browser | Strikeback

                                    1 Reply Last reply Reply Quote 0
                                    • D
                                      DigitalJer
                                      last edited by

                                      A weird error seems to have cropped up in my CB installation:

                                      Here, I've chosen only the Top Spammers:
                                      "Check the country that you would like to block completely. Currently 10 of 246 selected."

                                      And, just above the Save/Update button:
                                      "Current Status = Running
                                      /tmp/rules.debug:378: cannot load "/usr/local/www/packages/ipblocklist/lists/ipfw.ipfw": No such file or directory
                                      You are blocking 0 Networks"

                                      I've re-installed, as well as uninstall/re-install - same error.  The error is not there if no countries are selected.

                                      Thanks for any input

                                      –------------------------------------------------
                                      2.4.3-RELEASE (amd64)
                                      built on Mon Mar 26 18:02:04 CDT 2018
                                      FreeBSD 11.1-RELEASE-p7
                                      VM in ESXi 5.5
                                      1 x 1000baseTX (WAN)
                                      1 x 1000baseTX (LAN)

                                      1 Reply Last reply Reply Quote 0
                                      • K
                                        kilthro
                                        last edited by

                                        When I got this error, I had to uninstall it, then reboot, then reinstall it.

                                        Are you on a beta build? Most of my issues like this was due to a beta update that corrupted items. Once I installed most recent beta cleanly and redid CB all my issues like this went away.

                                        1 Reply Last reply Reply Quote 0
                                        • X
                                          XIII
                                          last edited by

                                          I have gotten this error as well, I went to IP Blocklist (which I have installed as well) and enabled/updated it then went back to CB and tried again and it updated without errors.

                                          -Chris Stutzman
                                          Sys0:2.0.1: AMD Sempron 140 @2.7 1024M RAM 100GHD
                                          Sys1:2.0.1: Intel P4 @2.66 1024M RAM 40GHD
                                          freedns.afraid.org - Free DNS dynamic DNS subdomain and domain hosting.
                                          Check out the pfSense Wiki

                                          1 Reply Last reply Reply Quote 0
                                          • D
                                            DigitalJer
                                            last edited by

                                            @XIII:

                                            I have gotten this error as well, I went to IP Blocklist (which I have installed as well) and enabled/updated it then went back to CB and tried again and it updated without errors.

                                            Thanks XIII, that did the trick

                                            –------------------------------------------------
                                            2.4.3-RELEASE (amd64)
                                            built on Mon Mar 26 18:02:04 CDT 2018
                                            FreeBSD 11.1-RELEASE-p7
                                            VM in ESXi 5.5
                                            1 x 1000baseTX (WAN)
                                            1 x 1000baseTX (LAN)

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.