Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    GeoIP blocking problems - Need help, please!

    pfBlockerNG
    2
    2
    189
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • GoldenMeanG
      GoldenMean
      last edited by

      Re: GeoIP: Wrong country-continent combinations are permitted?

      I have a related problem for which I could use help.
      I have a security tunnel agent running on my work laptop. It creates tunnel sessions to the proxy in the cloud and internal business systems. Without it, my work laptop cannot function properly. The target IP addresses show in maxmind correctly as USA and assigned to my company:
      165.156.24.100 =US, Canton, Michigan,United States,North America
      165.156.24.115 =US, Canton, Michigan,United States,North America
      165.156.24.79 =US, Canton, Michigan,United States,North America
      However, the agent cannot connect and the firewall shows the traffic blocked due to the auto-rule: pfB_Asia_v4 auto rule (1770008664)
      Capture.JPG

      If I disable (or match) the IP > GeoIP Asia auto rule, all works fine.
      I noticed that in ntopng, one or more of these IPs is assigned to India and I do NOT have India selected in the GeoIP Asia IPv4 list. As a matter of fact, it does not matter if I select or de-select individual countries in that list. The traffic gets blocked.
      Capture2.JPG
      It does not matter if the rules are set to floating nor on the interfaces
      I also cannot find a way to set the GeoIP Asia IPv4 auto rule to block enabled and bypass it for these IP addresses. I have already tried the pfBlockerNG > IP > IPv4 Suppression and this did not work. I also tried manual pass-allow rules above the pfB_Asia_v4 auto rule but these fail because the auto rule ALWAYS resorts above the manual, regardless of any other other settings. I have tried various Firewall 'Auto' Rule Order settings and found them to be unreliable, or too cryptic to my understanding to make some combination work.

      I see multiple issues here:

      • Why is the autorule in pfBlockerNG setting these IP addresses in India (Asia)?

      • Why does individual selections of countries in the GeoIP Asia rule not seem to work? And possibly [probably] others as well?

      • Where or how should one place IP exceptions to allow them to be ignored and pass traffic which might be blocked by the pfBlockerNG?

      1 Reply Last reply Reply Quote 0
      • S
        SteveITS Rebel Alliance
        last edited by SteveITS

        It could be an error in the third party database being downloaded. Or, IPs "move" (https://azure.microsoft.com/en-us/blog/windows-azures-use-of-non-us-ipv4-address-space-in-us-regions/).

        To allow an IP you need a firewall rule above it. What I often do is set up an Alias Native alias and then can use it in whatever NAT or firewall rule I want (which allows ordering). The files are downloaded and stored on disk by country code:
        e21f386f-a1f0-41b8-832f-08634edf26db-image.png
        Remember to run an Update in pfBlocker after creating the entry, to generate the alias.

        As pfBlocker notes you can also default block all, and just allow the desired IPs or countries.

        Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
        Upvote 👍 helpful posts!

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.