Country Block
-
Right I understand that I am on beta so it may not be a bug in your package persay. I think most of it is the location of the files it is referring to gets wiped. Is it possible to have it store files else where as suggested in a previous post?
On some systems , /tmp is cleared on reboot .
Try copying some other files to /tmp , reboot and see if they exist after a reboot.
If /tmp is cleared on reboot, then /tmp/rules.debug should be stored in another location. like /var/tmp . on our system /var/tmp is not cleared on reboot.
-
Right I understand that I am on beta so it may not be a bug in your package persay. I think most of it is the location of the files it is referring to gets wiped. Is it possible to have it store files else where as suggested in a previous post?
On some systems , /tmp is cleared on reboot .
Try copying some other files to /tmp , reboot and see if they exist after a reboot.
If /tmp is cleared on reboot, then /tmp/rules.debug should be stored in another location. like /var/tmp . on our system /var/tmp is not cleared on reboot.
No, not possible. The firewall config will always be stored in /tmp. This is a pfsense thing and cannot be changed by the user.
-
I am on the last stable version of pfsense 1.2.3 RELEASE with CB version 0.1.9, all is running smooth and very well. The package will restart ok if anything happens, it will e-mail me the alert of an issue. all-and-all it is working good.
I have noticed something and was wondering if there is a way to make CB completely restart on its own in order to obtain updated block IP's. I noticed that my blocked IP list number will not increase or decrease unless I manually click the save/update button on the main page of CB.
This is something I can live with, but I am wondering if anyone else noticed this or maybe has a quick fix?
Thanks,
Matt
-
I am on the last stable version of pfsense 1.2.3 RELEASE with CB version 0.1.9, all is running smooth and very well. The package will restart ok if anything happens, it will e-mail me the alert of an issue. all-and-all it is working good.
I have noticed something and was wondering if there is a way to make CB completely restart on its own in order to obtain updated block IP's. I noticed that my blocked IP list number will not increase or decrease unless I manually click the save/update button on the main page of CB.
This is something I can live with, but I am wondering if anyone else noticed this or maybe has a quick fix?
Thanks,
Matt
Hey Matt,
I can't imagine that country lists update frequently enough to see a visual change. My understanding is those lists barley change over months of time. I never considered this to be a problem. What country changes that frequently? -
I am not really sure what countries are changing and I always whitelist the same IP CIDR's and block everything but the US. I am currently blocking 245 out of 246 Countries in the list. I seen an increase from 67576 to You are blocking 69853 Networks. This number yesterday was 69834 and over the past couple of months it had increased from the 67576 amount.
I was under the same impression that things would rarely if any change because of the lack of availible IPv4 addresses.
Thanks,
Matt
-
Same here. That's impressive that country blocks are changing that frequently. I always thought they were fixed by IANA. Well I don't know what to think. Changing how the package updates shouldn't be a problem. I'm not sure when I can dedicate time to countryblock in the near future. I have many projects that need attention right now.
I added this to my list of things to-do. Thank you for your support! -
Hey I understand how other obligations go. It is something that I can live with, I was just wondering if anyone was seeing this same thing. Thanks again for this great package.
Also, do you know of any other firewall distros that has this kind of ability to block country CIDR's ranges?
Thanks,
Matt
-
IANA says which country gets which IP range, or more accurately which regional authority is in charge of handing them out. IANA does not change them that frequently. Any changes to IPs either bogon, apipa, etc are usually scheduled to be made before they are actually going to be used.
What could of happened is that when you selected the countries, you clicked save before all of them could get applied and lately you waited for it to load before doing a select/unselect and then deselecting US, I had this happen to me, I selected all countries, deselected US and clicked save, not all countries were added because I did not give CB a chance to load them all. Make sure you wait for the page to stop loading before making any changes (Someone was having this issue with IP Blocklist, I saw that Tommy, stated for them to let the page to fully load as well.)
-
What could of happened is that when you selected the countries, you clicked save before all of them could get applied and lately you waited for it to load before doing a select/unselect and then deselecting US, I had this happen to me, I selected all countries, deselected US and clicked save, not all countries were added because I did not give CB a chance to load them all. Make sure you wait for the page to stop loading before making any changes (Someone was having this issue with IP Blocklist, I saw that Tommy, stated for them to let the page to fully load as well.)
For all packages and parts of PfSense that have a delay like this , it would be good to have something more obvious to let us know that an action is occurring.
It would I think be great to have common code that could be used by package maintainers to display something. Or maybe there is a firefox addon to do that. I'll check.ps: -Tom Schaefer - thank you for your work on this package.
-
Yeah I thought of the page taking a bit to load and I did let it load completely. Tommy was able to see the same thing according to his last post. As far as the package goes, it is running really good compared to how it was when I first started using it. Leaps and bounds have been done to get the package at this stable point and I feel Tommy has done an excellent job is such a short period of time. I am sure he will improve this package more, but ROAM was not built in a day.
In general a loading screen or notification when changes are taking effect would be nice, but I can't think of any other packages I am using does this either. I believe http://www.countryipblocks.net/ is where this list are being housed and more and likely I would say they are making changes and corrections?
Tommy, thanks again
-
Yes I have gone into CB and deselected enable CB then clicked the save button at the bottom. (in red it says blocking 0 countries)
Then I re check the enable CB and click save at the bottom and the check now appears in the enable option but there is red text at the bottom that says blocking 0 countries.
There are countries enabled as I use the most spamming ones at the top of the list and says what is it 10 out of x amount enabled.The only way I can get the red text at the bottom to go away and turn into black saying you are currently blocking x countries is to reinstall the package..
I don't really know what could cause that. Just keep in mind that you are using a BETA version of pfsense. There are no reports of this happening on stable versions.
I will get VM copy of the BETA going and take a look. Can you send me your config? PM it to me.TB sorry for such a delay on this. Been really busy. Anyways I had some other issues crop up since i did the beta update when this issue did show up. Long story short I had to start from scratch with todays most recent version of the beta and reconfigure all settings and packages. Since I have done this, everything seems to be working fine. I guess that beta update I did a few days ago screwed some things up. So no need to look into this any farther as it was something that went bad with my setup.
Multipel reboots have been done and all is good. -
That's good news Kilthro. Glad you got it working!
-
Thank you for all the time and hard work that you have put into created this great package Tommyboy.
When i have the Block outbound? check I see a lot source inbound activity being block from the outside in system log, but if i uncheck the Block outbound their is no more activity in the system logs, all interface check, Enable Logging check, Current Status = Running, You are blocking 108212 Networks. its running but was wondering if its blocking inbound connections
-
It wil block from LAN -> WAN .
-
I seem to be having an email problem. The following settings:
SMTP Auth: No
SMTP Security: None
Host: isp smtp address
Port: 25
U: <blank>P: <blank>Use HTML formatting: Yes
From email address: isp email address
To email address: personal email address
Subject: Check CountryblockClick Save: Couldn't write values to file!
Click Test: 404 on packages/countryblock/email_send.php
I've uninstalled the package, rebooted pfsense, re-installed package, reconfigured, attempted email and still the same error code.</blank></blank>
-
Thank you for all the time and hard work that you have put into created this great package Tommyboy.
When i have the Block outbound? check I see a lot source inbound activity being block from the outside in system log, but if i uncheck the Block outbound their is no more activity in the system logs, all interface check, Enable Logging check, Current Status = Running, You are blocking 108212 Networks. its running but was wondering if its blocking inbound connections
ToxIcon,
you still are blocking. To test you can use a proxy or use your work network.
As each attempt comes in or out you will see it in the log if you have it checked. If you don't see anything in the logs then the sites that you are blocking are not trying to send traffic your way.I seem to be having an email problem. The following settings:
SMTP Auth: No
SMTP Security: None
Host: isp smtp address
Port: 25
U: <blank>P: <blank>Use HTML formatting: Yes
From email address: isp email address
To email address: personal email address
Subject: Check CountryblockClick Save: Couldn't write values to file!
Click Test: 404 on packages/countryblock/email_send.php
I've uninstalled the package, rebooted pfsense, re-installed package, reconfigured, attempted email and still the same error code.</blank></blank>
Username is blank. This is causing the error. Right now password is allowed blank. You can edit the page and copy the syntax I have on password to username as well.
I will allow blank usernames on my next update. -
A weird error seems to have cropped up in my CB installation:
Here, I've chosen only the Top Spammers:
"Check the country that you would like to block completely. Currently 10 of 246 selected."And, just above the Save/Update button:
"Current Status = Running
/tmp/rules.debug:378: cannot load "/usr/local/www/packages/ipblocklist/lists/ipfw.ipfw": No such file or directory
You are blocking 0 Networks"I've re-installed, as well as uninstall/re-install - same error. The error is not there if no countries are selected.
Thanks for any input
-
When I got this error, I had to uninstall it, then reboot, then reinstall it.
Are you on a beta build? Most of my issues like this was due to a beta update that corrupted items. Once I installed most recent beta cleanly and redid CB all my issues like this went away.
-
I have gotten this error as well, I went to IP Blocklist (which I have installed as well) and enabled/updated it then went back to CB and tried again and it updated without errors.
-
I have gotten this error as well, I went to IP Blocklist (which I have installed as well) and enabled/updated it then went back to CB and tried again and it updated without errors.
Thanks XIII, that did the trick