Country Block
-
I did a reinstall (deinstalled and installed newly), so the enable/disable disappeared and i see now "Enable Country Block" as shown at your pic. Now the checkbox remains checked too. This part is repaired. :-)
Seems to work now as expected.
Its a full install pf 2.0, Mar.10.2011, amd64. Intel nics, using the em-driver.The interfaces-section still is the same as before. Here no change. :-(
-
I saw m0n0wall's version of countryblock_if.php, and it had this line of code which is missing from the countryblock_if.php. Though some of the text came out a bit funky as you can see in the code.
igor do you have an interface with more than one assignment?
/* Deliver error message for any port with more than one assignment */ foreach ($portifmap as $portname => $ifnames) { if (count($ifnames) > 1) { $errstr = "Íø¿¨ " . $portname . "±»Ö¸ÅɸøÁË " . count($ifnames) . "¸ö½Ó¿Ú£º"; foreach ($portifmap[$portname] as $ifn) $errstr .= " " . $ifn; $input_errors[] = $errstr; } } -
@heavy1metal:
I saw m0n0wall's version of countryblock_if.php, and it had this line of code which is missing from the countryblock_if.php. Though some of the text came out a bit funky as you can see in the code.
igor do you have an interface with more than one assignment?
/* Deliver error message for any port with more than one assignment */ foreach ($portifmap as $portname => $ifnames) { if (count($ifnames) > 1) { $errstr = "Íø¿¨ " . $portname . "±»Ö¸ÅɸøÁË " . count($ifnames) . "¸ö½Ó¿Ú£º"; foreach ($portifmap[$portname] as $ifn) $errstr .= " " . $ifn; $input_errors[] = $errstr; } }M0n0wall has a countryblock package?
-
Is there any workaround for that:
Current Status = NOT running
no IP address found for __csrf_magic
You are blocking 0 Networks2.0 RC1 Full install i386 …....
-
Sorry, I just meant they have the equivalent/same interface detection page/script.
also just curious, igor/mst, did either of you rename your WAN interface name? Just curious, not sure if this should make a difference or not.
-
@heavy1metal: yep. My GRE-interface. Its bound to the LAN-interface.
@mst: edit your interfaces.txt. There delete all entries and put in "any" (without ""), nothing more. Then your error disappears.
News about the country-block: yesterday suddenly i was locked out of internet, say, no surfing, mail and so on. First i suspected snort, but it was country-block which blocked all incoming and outgoing traffic. Disabled countryblock because i suspect the weird interfaces-section.
-
hello,
quick question…. I know the country block will block outgoing connections to these countries because I accidentally choose "select all" once and pretty much blocked myself out of the US,
my question is will this block incoming connections as well? I'm trying to cut down spam on some forums and blogs i host. Will this work as most of the IP's i see are foreign.
-
hello,
quick question…. I know the country block will block outgoing connections to these countries because I accidentally choose "select all" once and pretty much blocked myself out of the US,
my question is will this block incoming connections as well? I'm trying to cut down spam on some forums and blogs i host. Will this work as most of the IP's i see are foreign.
It was orginally designed to block incoming connections, so yes. It does that very well.
It will work for the foreign IPs that belong to a country that is selected. -
Country Block sounds great and I really want to use it. I'm running pfSense 2.0 RC-1 and it is working great. But I've read that some people have had problems when they try to upgrade to another snapshot of 2.0. I do realize it's hard to code with consistency for somersetting else that is always changing.
Is there any new one way or the other that you can add about this as of today (May 10th)? I really want to try it.
Thanks!
-
Country Block sounds great and I really want to use it. I'm running pfSense 2.0 RC-1 and it is working great. But I've read that some people have had problems when they try to upgrade to another snapshot of 2.0. I do realize it's hard to code with consistency for somersetting else that is always changing.
Is there any new one way or the other that you can add about this as of today (May 10th)? I really want to try it.
Thanks!
There is no reason why you can't install it and try it. If it doesn't work, it doesn't work. It doesn't break anything or mess with your install at all.
My money says that it will work just fine, in fact I guarantee that it works! -
Confidence! I like that.
My concern is when I update to a newer snapshot. That's when I'm afraid that I'll have problems. I've read a few things here and there in different places in the forum. I just can't afford to be down while trying to fix stuff after having Country Block installed and then upgrading to a newer snapshot. That's my concern.
I'm not as smart as the rest of the guys in this forum!
-
Confidence! I like that.
My concern is when I update to a newer snapshot. That's when I'm afraid that I'll have problems. I've read a few things here and there in different places in the forum. I just can't afford to be down while trying to fix stuff after having Country Block installed and then upgrading to a newer snapshot. That's my concern.
I'm not as smart as the rest of the guys in this forum!
I could see that for one of my other packages (ip-blocklist since it requires perl and perl doesn't install properly some times) but countryblock only uses php which mean there is no difference in the countryblock that runs on 1.2.3 and the latest BETA.
So based on that it will work on any version including future version.The only down side from upgrades will be loosing your configuration settings or your country selection. So what forum posts are giving you concern?
-
I don't recall what other forum posts I saw this in. They are all over the place. You need your own division or top. Maybe it's the config that I recall people losing. That's no problem and would be easy to redo.
It sounds great! Do you know if it requires a reboot when it's installed?
Thank you for your time!
-
Another dumb question…
After I install Country Block, I'm blocking all of the countries you have listed as top spammers. You made it easy, because those are the countries I do want to block.
I do have a few clients that correspond with people in the countries I want to block because these people do programming for them. How do I go about blocking the country yet allowing a few specific IPs access to our network?
Again, thanks for your time.
-
There is no reason why you can't install it and try it. If it doesn't work, it doesn't work. It doesn't break anything or mess with your install at all.
My money says that it will work just fine, in fact I guarantee that it works!Or your money back!
:)
-
@Bai:
There is no reason why you can't install it and try it. If it doesn't work, it doesn't work. It doesn't break anything or mess with your install at all.
My money says that it will work just fine, in fact I guarantee that it works!Or your money back!
:)
Not like someone can't easily backup their current configuration, and at worse, reinstall pfsense…easy as all get out with minimal time. This isn't a Windows Server rebuild...
-
You're correct about reinstalling pfSense. It's fast and easy. The problem is that the data center is a 45 minute drive (one way) from where I'm located.
I'm hoping to have the ability to install County Block yet allow specific IPs from banned countries access. I have a few clients that have people in those countries that do programming and they need to have access to their sites.
-
You're correct about reinstalling pfSense. It's fast and easy. The problem is that the data center is a 45 minute drive (one way) from where I'm located.
I'm hoping to have the ability to install County Block yet allow specific IPs from banned countries access. I have a few clients that have people in those countries that do programming and they need to have access to their sites.
Just bustin' your chops…I understand. Being an IT one has to be sure before making willy-nilly decisions. I've been using Country Block since its inception and it is awesome, in fact it is the reason I started pfsense. I prefer the 1.2.3 version as it is solid. As far as your questions about specific IPs...that would be a cool feature but I haven't seen it implemented yet. I'm still trying to figure out why the email doesn't work effectively. Hmm. Good luck mate!
-
Another dumb question…
After I install Country Block, I'm blocking all of the countries you have listed as top spammers. You made it easy, because those are the countries I do want to block.
I do have a few clients that correspond with people in the countries I want to block because these people do programming for them. How do I go about blocking the country yet allowing a few specific IPs access to our network?
Again, thanks for your time.
Take a look at the whitelist tab.
-
Take a look at the whitelist tab.
Damn…even comes with an example... I'll just go back to that email tab...