GeoIP Blocking
-
Hi!
I wanted to know some information about MaxMind
To block access from some regions of the world, I first need to create a free account on MaxMind.
Question! Can I register as a private user or do I have to be a corporate user? Mandatory data?
You will now receive a license key, which you can enter in IP → MaxMind GeoIP Configuration. After that you have to download the GeoIP databases in Update → Reload → IP.
Is the license key free or paid?
Finally, how can I register?
Do I have to use MaxMind exclusively or can I enter license keys from other accounts?
If so, which accounts do you recommend? -
You can sign up at https://www.maxmind.com/en/geolite2/signup. It's free. ("Visit the following [Link to Register] for a free MaxMind user account. Utilize the GeoIP Update version 3.1.1 or newer registration option.")
pfBlockerNG is programmed to download from MaxMind. There wasn't a signup process until about a year ago when MaxMind instituted it. You can manually create your own feeds on Firewall/pfBlockerNG/IP/IPv4 but I've not bothered reinventing the wheel.
-
@teamits I registered but don't know which one to download.
I can't find what you told me GeoIP Update version 3.1.1
-
@teamits Then where I find MaxMind License Key see screenshot
-
Under Services click My License Key. You don't download anything yourself, just put they key in pfBlocker and it will download it for you.
See https://forum.netgate.com/topic/149343/pfblockerng-maxmind-registration-required-to-continue-to-use-the-geoip-functionality
-
@teamits Hello
I have activated the maxmin license but I don't know how to configure the geo ip in pfBlockerNG on pfsense 2.4.5 help thanks -
@antonio-briguglio ops * maxmind
-
@teamits Hello
I have activated the maxmin license but I don't know how to configure the geo ip in pfBlockerNG on pfsense 2.4.5 help thanks -
@teamits how should i block countries such as the United Kingdom? if you can also help me with screenshots it is easier for me
-
What I usually do is set up rules using Alias Native:
with all the countries desired. Then set up any firewall rules desired using that alias.Note it's usually better to allow the desired countries than block the world, since all the IP addresses of the world would have to be held in memory.
Also note you have to use the Update tab to generate the files before they can be used.
-
This post is deleted! -
This post is deleted! -
@antonio-briguglio You are using pfblockerNG, was Format GeoIP available then ? Or maybe it's not be compatible with the new MaxMind requirements? I don't know.
Maybe it's time to move to pfBlockerNG-devel. Disable pfblockerNG, Uninstall it, install pfblockerNG-devel, insert Maxmind License, configure, Run Force Update, Force Reload All and see if that works.
-
@ronpfs It's not like you say. I don't want to uninstall it
In my opinion I am wrong or skip a few steps.
Help with screenshots -
@antonio-briguglio
Search the forum: https://forum.netgate.com/search?term=GeoIP&in=titlesposts&matchWords=all&categories[]=62&sortBy=relevance&sortDirection=desc&showAs=postsThis one was on first page: https://forum.netgate.com/topic/154140/can-t-get-geoip-to-work/4
-
What is the pfBlockerNG version this :
?
The new GeoIP (they == GeoIP, changed a lot last year) needs to new pfBlockerNG.
@antonio-briguglio said in GeoIP Blocking:
I don't want to uninstall it
You want to use the 'latest and greatest' with the oldest ?
-
@ronpfs said in GeoIP Blocking:
pfBlockerNG-devel
Ah, sorry, I had trouble with pfBlockerNG and the new MaxMind so we switched all our clients to pfBlockerNG-devel. I wasn't even thinking about the package.
It kept losing the MaxMind key overnight.
https://forum.netgate.com/topic/149343/pfblockerng-maxmind-registration-required-to-continue-to-use-the-geoip-functionality/49The package maintainer has recommended in the forums to use -devel anyway. I am not sure why there are two at this point...? If you uninstall pfBlockerNG and install pfBlockerNG-devel it will import settings.
-
This post is deleted! -
The warning is so that you don't run an update while an update is already running. Since your update is 59 minutes away, it's safe to go ahead. Aggiorna I assume is "update" so pick that and click Run.
Or wait 59 minutes and it will run an update on its own. :)
Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
Upvote 👍 helpful posts! -
@teamits Active pfBlockerNG CRON JOB normally means there is an update running on the box.
Inspect pfblockerNG.log file to see what is happening
