GeoIP Blocking
-
Hi!
I wanted to know some information about MaxMind
To block access from some regions of the world, I first need to create a free account on MaxMind.
Question! Can I register as a private user or do I have to be a corporate user? Mandatory data?
You will now receive a license key, which you can enter in IP → MaxMind GeoIP Configuration. After that you have to download the GeoIP databases in Update → Reload → IP.
Is the license key free or paid?
Finally, how can I register?
Do I have to use MaxMind exclusively or can I enter license keys from other accounts?
If so, which accounts do you recommend? -
You can sign up at https://www.maxmind.com/en/geolite2/signup. It's free. ("Visit the following [Link to Register] for a free MaxMind user account. Utilize the GeoIP Update version 3.1.1 or newer registration option.")
pfBlockerNG is programmed to download from MaxMind. There wasn't a signup process until about a year ago when MaxMind instituted it. You can manually create your own feeds on Firewall/pfBlockerNG/IP/IPv4 but I've not bothered reinventing the wheel.
-
@teamits I registered but don't know which one to download.
I can't find what you told me GeoIP Update version 3.1.1 -
@teamits Then where I find MaxMind License Key see screenshot
-
Under Services click My License Key. You don't download anything yourself, just put they key in pfBlocker and it will download it for you.
See https://forum.netgate.com/topic/149343/pfblockerng-maxmind-registration-required-to-continue-to-use-the-geoip-functionality
-
@teamits Hello
I have activated the maxmin license but I don't know how to configure the geo ip in pfBlockerNG on pfsense 2.4.5 help thanks -
@antonio-briguglio ops * maxmind
-
@teamits Hello
I have activated the maxmin license but I don't know how to configure the geo ip in pfBlockerNG on pfsense 2.4.5 help thanks -
@teamits how should i block countries such as the United Kingdom? if you can also help me with screenshots it is easier for me
-
What I usually do is set up rules using Alias Native:
with all the countries desired. Then set up any firewall rules desired using that alias.Note it's usually better to allow the desired countries than block the world, since all the IP addresses of the world would have to be held in memory.
Also note you have to use the Update tab to generate the files before they can be used.
-
This post is deleted! -
This post is deleted! -
@antonio-briguglio You are using pfblockerNG, was Format GeoIP available then ? Or maybe it's not be compatible with the new MaxMind requirements? I don't know.
Maybe it's time to move to pfBlockerNG-devel. Disable pfblockerNG, Uninstall it, install pfblockerNG-devel, insert Maxmind License, configure, Run Force Update, Force Reload All and see if that works.
-
@ronpfs It's not like you say. I don't want to uninstall it
In my opinion I am wrong or skip a few steps.
Help with screenshots -
@antonio-briguglio
Search the forum: https://forum.netgate.com/search?term=GeoIP&in=titlesposts&matchWords=all&categories[]=62&sortBy=relevance&sortDirection=desc&showAs=postsThis one was on first page: https://forum.netgate.com/topic/154140/can-t-get-geoip-to-work/4
-
What is the pfBlockerNG version this :
?
The new GeoIP (they == GeoIP, changed a lot last year) needs to new pfBlockerNG.
@antonio-briguglio said in GeoIP Blocking:
I don't want to uninstall it
You want to use the 'latest and greatest' with the oldest ?
-
@ronpfs said in GeoIP Blocking:
pfBlockerNG-devel
Ah, sorry, I had trouble with pfBlockerNG and the new MaxMind so we switched all our clients to pfBlockerNG-devel. I wasn't even thinking about the package.
It kept losing the MaxMind key overnight.
https://forum.netgate.com/topic/149343/pfblockerng-maxmind-registration-required-to-continue-to-use-the-geoip-functionality/49The package maintainer has recommended in the forums to use -devel anyway. I am not sure why there are two at this point...? If you uninstall pfBlockerNG and install pfBlockerNG-devel it will import settings.
-
This post is deleted! -
The warning is so that you don't run an update while an update is already running. Since your update is 59 minutes away, it's safe to go ahead. Aggiorna I assume is "update" so pick that and click Run.
Or wait 59 minutes and it will run an update on its own. :)
-
@teamits Active pfBlockerNG CRON JOB normally means there is an update running on the box.
Inspect pfblockerNG.log file to see what is happening
-
@ronpfs yes, but he always does it and doesn't let me update after the time runs out, the stopwatch always starts again
and manual updating doesn't -
@antonio-briguglio What are you seeing in pfblockerng.log?
-
@teamits how do you put a website blocking warning web page when blocking countries?
-
@antonio-briguglio said in GeoIP Blocking:
@teamits how do you put a website blocking warning web page when blocking countries?
You can't.
You use the Alerts tab to see what is blocked on the IP side. -
@ronpfs said in GeoIP Blocking:
Active pfBlockerNG CRON JOB normally means there is an update running on the box
Yeah, missed that giant red label. It's been a long day.
It sounds like pfBlockerNG is set to check for updates every hour? So it should have updated already.
-
@ronpfs so I want that when a customer for example visits a web page in Turkey that I have blocked that a web page is displayed where it warns that the site is blocked instead of the classic internet page not available
-
@antonio-briguglio Not possible with IP blocking. Maybe other package like Squid or something similar could do that.
-
@ronpfs i have squid but does it block geoips?
-
@antonio-briguglio said in GeoIP Blocking:
i have squid but does it block geoips?
I don't know, I don't use Squid.
-
@antonio-briguglio said in GeoIP Blocking:
so I want that when a customer for example visits a web page in Turkey that I have blocked that a web page is displayed where it warns that the site is blocked instead of the classic internet page not available
That's what called 'doing MITM'.
You can't (it's very hard).
See here for why not.If the sites visited were 'http' only the redirection would be easy. https can't be redirected.
-
@ronpfs Hi!
I set up geoips on PfblokerNg.
I tried to block a country of Africa Algeria, two countries of Europe, Germany and Sweden and one of Oceania, New Zealand, blocking the inbound and outbound connections. I type in a site from Algeria and it blocks it I type in a site from Germany and it blocks it and so far everything is ok.
But then when I go to type more sites of the countries that I have blocked here is the surprise the sites as if by magic are no longer blocked they are visible.
Why does this happen? is there a maximum number of consultation?
Then in some countries that I have set the block I have noticed for example that blocking four countries in Europe three out of four blocks one no.
Finally, in the log files trying to block, for example, Algeria in Africa, the site is blocked but the log file shows Europe and not Africa. Help -
@teamits so I want that when a customer for example visits a web page in Turkey that I have blocked that a web page is displayed where it warns that the site is blocked instead of the classic internet page not available
That's what called 'doing MITM'.
You can't (it's very hard).
See here for why not.If the sites visited were 'http' only the redirection would be easy. https can't be redirected
-
@antonio-briguglio It is also possible to put domain like .ru in TLD Blacklist. But that's won't block a .net domain using RU ASN.
-
@ronpfs but I don't understand why after for example 5 interregations sites no longer block them is it normal?
-
@antonio-briguglio GeoIP isn't always accurate. I block TOP Spammer from RU, RU_rep, CN and CN_rep, but sometimes the Alerts Tab will report another country. That is because the network is in two countries files.
Example for a block of 45.146.165.149 is reported as GB_v4 45.146.164.0/23.
grep "45\.146\.16" /usr/local/share/GeoIP/cc/*v4.txt /usr/local/share/GeoIP/cc/DE_v4.txt:45.146.16.0/21 /usr/local/share/GeoIP/cc/Europe_v4.txt:45.146.160.0/22 /usr/local/share/GeoIP/cc/Europe_v4.txt:45.146.167.0/24 /usr/local/share/GeoIP/cc/Europe_v4.txt:45.146.168.0/23 /usr/local/share/GeoIP/cc/Europe_v4.txt:45.146.164.0/23 /usr/local/share/GeoIP/cc/Europe_v4.txt:45.146.166.0/24 /usr/local/share/GeoIP/cc/Europe_v4.txt:45.146.164.0/23 /usr/local/share/GeoIP/cc/Europe_v4.txt:45.146.166.0/24 /usr/local/share/GeoIP/cc/Europe_v4.txt:45.146.16.0/21 /usr/local/share/GeoIP/cc/GB_v4.txt:45.146.164.0/23 /usr/local/share/GeoIP/cc/GB_v4.txt:45.146.166.0/24 /usr/local/share/GeoIP/cc/LT_v4.txt:45.146.160.0/22 /usr/local/share/GeoIP/cc/RU_rep_v4.txt:45.146.164.0/23 /usr/local/share/GeoIP/cc/RU_rep_v4.txt:45.146.166.0/24 /usr/local/share/GeoIP/cc/RU_v4.txt:45.146.167.0/24 /usr/local/share/GeoIP/cc/RU_v4.txt:45.146.168.0/23
-
@antonio-briguglio said in GeoIP Blocking:
@ronpfs but I don't understand why after for example 5 interregations sites no longer block them is it normal?
It shouldn't be normal. Investigate the pfblockerNG log files, firewall logs etc to debug what is happening.
-
The web site may have round robin or otherwise rotating DNS? For the OP, the Geo IP block is by IP address not web site name.
-
@teamits hi i can't find the program for geoip automatic updates.
The latest version can be downloaded from GitHub called something like geoipupdate_4.0.0_windows_amd64 depending on the version and architecture.
But unfortunately this file is not there.
Can you give me the direct link so I download it on my pc?
Help -
@antonio-briguglio You can do that from the Maxmind web site :
-
@ronpfs Hi!
explain to me how to update binary databases GeoIP2 and GeoIP Legacy.
I only have a pc with windows q0 home.
I honestly didn't understand anything if you can show me screenshots and explain me in a simple way. Help thanks