Country Block
-
Just FYI, I had another error like before and it might be worthwhile to get your rules resaved. I just disabled one and re enabled it and was able to go back without any issue with CB.
-
@ supermule: Maybe i was not clear, so see the attached pic. I cannot activate nor deactivate wan, the checkbox is not preset!
It was just an installation and on overlooking the options to set them it was like shown at the pic.
@ dlawley: Which rules to resave? If you mean the country election, these ones i enabled and disabled all, selected only the "top ten", nothing changed the behaviour. Even deinstalled and installed newly, no change. :(edit:
Looked at the interfaces.txt, which had this entries:
__csrf_magic
em0deleted that entries and added "any" (only the word). Saved the file and reviewed the interface-section in webgui. Same as before. Only LAN, which is checked, the other 2 interfaces (WAN and GRE) don't have the check-boxes. If i save the setting, the 2 mentioned lines appear again in the interfaces.txt.
But now countryblock starts and seems to work.
Added the cron-entry. Maybe this could be made by the installer?Thanks for help
-
Using cron w/ the command /usr/local/etc/rc.d/countryblock.sh with */1 * * * * root, I am unable to get country block to auto-start after it stops (from either a reboot or updating to the latest snapshot). Any tips by chance?
-
This is what my cron job looks like. If you still can't get the cron to work, try executing the cron command from console to view any errors that it may be having.
-
That's exactly how mine looks as well :-(. Once it is on, I'm good to go. It's only when I restart the server or hit the auto-update firmware. I can then get it to start again easily using the GUI, I was hoping the cron would solve my woes. I have an update now to do so I will apply that and see if it happens again. As with through out this topic, thank you for being so active :-) I know how hard it is to dedicate the time we have so little of today to help others.
Ah well maybe it is because it reinstalls the apps after the update, that would make sense no? lol, sorry I didn't think about it :-P
-
The "Enable/disable" checkbox does what?
If countryblock is enabled, the box is not checked, so i check it and press "apply", countryblock ends disabled.
If cb is disabled, the checkbox is disabled too. checking the box and pressing "apply" cb ends enabled. So is he function of this box as it says "enable/disable" or is there anything running wrong with cb? The checkbox is always not checked.I did a reinstall today due to updating pfSense (2.0 snap, amd64, full install) and the weird interfaces-section is still like before: Only lan has a checkbox, which is checked, the other interfaces don't have any checkboxes. Nor is anything checked. Interfaces.txt still contains "any".
-
I read your previous posts and didn't see this, but could you give us more information about your set up? Is this a virtual machine? What NIC hardware are you using per interface? Are you running other services?
Also about this button that says both "enable/disable", where do you see this? Mine only says "Enable Country block" so with that in mind, by checking it you're enabling it.
It's a little quircky to enable, first you select the countries you want to block, you click commit. After that it writes the information to a file. Then you check the box for "Enable Country Block"
Though this is only useful once you're able to activate it once your WAN interface allows you to check it :-)
The "Enable/disable" checkbox does what?
If countryblock is enabled, the box is not checked, so i check it and press "apply", countryblock ends disabled.
If cb is disabled, the checkbox is disabled too. checking the box and pressing "apply" cb ends enabled. So is he function of this box as it says "enable/disable" or is there anything running wrong with cb? The checkbox is always not checked.I did a reinstall today due to updating pfSense (2.0 snap, amd64, full install) and the weird interfaces-section is still like before: Only lan has a checkbox, which is checked, the other interfaces don't have any checkboxes. Nor is anything checked. Interfaces.txt still contains "any".
-
Also,
/* Go through the list of ports selected by the user, build a list of port-to-interface mappings in portifmap */ conf_mount_rw(); $myFile = "interfaces.txt"; $fh = fopen($myFile, 'w+');this is going to over-write any changes you make to interfaces.txt when you click save/apply or any other modifier that runs that script.
-
I did a reinstall (deinstalled and installed newly), so the enable/disable disappeared and i see now "Enable Country Block" as shown at your pic. Now the checkbox remains checked too. This part is repaired. :-)
Seems to work now as expected.
Its a full install pf 2.0, Mar.10.2011, amd64. Intel nics, using the em-driver.The interfaces-section still is the same as before. Here no change. :-(
-
I saw m0n0wall's version of countryblock_if.php, and it had this line of code which is missing from the countryblock_if.php. Though some of the text came out a bit funky as you can see in the code.
igor do you have an interface with more than one assignment?
/* Deliver error message for any port with more than one assignment */ foreach ($portifmap as $portname => $ifnames) { if (count($ifnames) > 1) { $errstr = "Íø¿¨ " . $portname . "±»Ö¸ÅɸøÁË " . count($ifnames) . "¸ö½Ó¿Ú£º"; foreach ($portifmap[$portname] as $ifn) $errstr .= " " . $ifn; $input_errors[] = $errstr; } } -
@heavy1metal:
I saw m0n0wall's version of countryblock_if.php, and it had this line of code which is missing from the countryblock_if.php. Though some of the text came out a bit funky as you can see in the code.
igor do you have an interface with more than one assignment?
/* Deliver error message for any port with more than one assignment */ foreach ($portifmap as $portname => $ifnames) { if (count($ifnames) > 1) { $errstr = "Íø¿¨ " . $portname . "±»Ö¸ÅɸøÁË " . count($ifnames) . "¸ö½Ó¿Ú£º"; foreach ($portifmap[$portname] as $ifn) $errstr .= " " . $ifn; $input_errors[] = $errstr; } }M0n0wall has a countryblock package?
-
Is there any workaround for that:
Current Status = NOT running
no IP address found for __csrf_magic
You are blocking 0 Networks2.0 RC1 Full install i386 …....
-
Sorry, I just meant they have the equivalent/same interface detection page/script.
also just curious, igor/mst, did either of you rename your WAN interface name? Just curious, not sure if this should make a difference or not.
-
@heavy1metal: yep. My GRE-interface. Its bound to the LAN-interface.
@mst: edit your interfaces.txt. There delete all entries and put in "any" (without ""), nothing more. Then your error disappears.
News about the country-block: yesterday suddenly i was locked out of internet, say, no surfing, mail and so on. First i suspected snort, but it was country-block which blocked all incoming and outgoing traffic. Disabled countryblock because i suspect the weird interfaces-section.
-
hello,
quick question…. I know the country block will block outgoing connections to these countries because I accidentally choose "select all" once and pretty much blocked myself out of the US,
my question is will this block incoming connections as well? I'm trying to cut down spam on some forums and blogs i host. Will this work as most of the IP's i see are foreign.
-
hello,
quick question…. I know the country block will block outgoing connections to these countries because I accidentally choose "select all" once and pretty much blocked myself out of the US,
my question is will this block incoming connections as well? I'm trying to cut down spam on some forums and blogs i host. Will this work as most of the IP's i see are foreign.
It was orginally designed to block incoming connections, so yes. It does that very well.
It will work for the foreign IPs that belong to a country that is selected. -
Country Block sounds great and I really want to use it. I'm running pfSense 2.0 RC-1 and it is working great. But I've read that some people have had problems when they try to upgrade to another snapshot of 2.0. I do realize it's hard to code with consistency for somersetting else that is always changing.
Is there any new one way or the other that you can add about this as of today (May 10th)? I really want to try it.
Thanks!
-
Country Block sounds great and I really want to use it. I'm running pfSense 2.0 RC-1 and it is working great. But I've read that some people have had problems when they try to upgrade to another snapshot of 2.0. I do realize it's hard to code with consistency for somersetting else that is always changing.
Is there any new one way or the other that you can add about this as of today (May 10th)? I really want to try it.
Thanks!
There is no reason why you can't install it and try it. If it doesn't work, it doesn't work. It doesn't break anything or mess with your install at all.
My money says that it will work just fine, in fact I guarantee that it works! -
Confidence! I like that.
My concern is when I update to a newer snapshot. That's when I'm afraid that I'll have problems. I've read a few things here and there in different places in the forum. I just can't afford to be down while trying to fix stuff after having Country Block installed and then upgrading to a newer snapshot. That's my concern.
I'm not as smart as the rest of the guys in this forum!
-
Confidence! I like that.
My concern is when I update to a newer snapshot. That's when I'm afraid that I'll have problems. I've read a few things here and there in different places in the forum. I just can't afford to be down while trying to fix stuff after having Country Block installed and then upgrading to a newer snapshot. That's my concern.
I'm not as smart as the rest of the guys in this forum!
I could see that for one of my other packages (ip-blocklist since it requires perl and perl doesn't install properly some times) but countryblock only uses php which mean there is no difference in the countryblock that runs on 1.2.3 and the latest BETA.
So based on that it will work on any version including future version.The only down side from upgrades will be loosing your configuration settings or your country selection. So what forum posts are giving you concern?