GeoIP Blocking

RonpfS

@antonio-briguglio It is also possible to put domain like .ru in TLD Blacklist. But that's won't block a .net domain using RU ASN.

@ronpfs but I don't understand why after for example 5 interregations sites no longer block them is it normal?

RonpfS

@antonio-briguglio GeoIP isn't always accurate. I block TOP Spammer from RU, RU_rep, CN and CN_rep, but sometimes the Alerts Tab will report another country. That is because the network is in two countries files.

Example for a block of 45.146.165.149 is reported as GB_v4 45.146.164.0/23.

grep "45\.146\.16" /usr/local/share/GeoIP/cc/*v4.txt
/usr/local/share/GeoIP/cc/DE_v4.txt:45.146.16.0/21
/usr/local/share/GeoIP/cc/Europe_v4.txt:45.146.160.0/22
/usr/local/share/GeoIP/cc/Europe_v4.txt:45.146.167.0/24
/usr/local/share/GeoIP/cc/Europe_v4.txt:45.146.168.0/23
/usr/local/share/GeoIP/cc/Europe_v4.txt:45.146.164.0/23
/usr/local/share/GeoIP/cc/Europe_v4.txt:45.146.166.0/24
/usr/local/share/GeoIP/cc/Europe_v4.txt:45.146.164.0/23
/usr/local/share/GeoIP/cc/Europe_v4.txt:45.146.166.0/24
/usr/local/share/GeoIP/cc/Europe_v4.txt:45.146.16.0/21
/usr/local/share/GeoIP/cc/GB_v4.txt:45.146.164.0/23
/usr/local/share/GeoIP/cc/GB_v4.txt:45.146.166.0/24
/usr/local/share/GeoIP/cc/LT_v4.txt:45.146.160.0/22
/usr/local/share/GeoIP/cc/RU_rep_v4.txt:45.146.164.0/23
/usr/local/share/GeoIP/cc/RU_rep_v4.txt:45.146.166.0/24
/usr/local/share/GeoIP/cc/RU_v4.txt:45.146.167.0/24
/usr/local/share/GeoIP/cc/RU_v4.txt:45.146.168.0/23

RonpfS

@antonio-briguglio said in GeoIP Blocking:

@ronpfs but I don't understand why after for example 5 interregations sites no longer block them is it normal?

It shouldn't be normal. Investigate the pfblockerNG log files, firewall logs etc to debug what is happening.

SteveITS

The web site may have round robin or otherwise rotating DNS? For the OP, the Geo IP block is by IP address not web site name.

@teamits hi i can't find the program for geoip automatic updates.
The latest version can be downloaded from GitHub called something like geoipupdate_4.0.0_windows_amd64 depending on the version and architecture.
But unfortunately this file is not there.
Can you give me the direct link so I download it on my pc?
Help

RonpfS

@antonio-briguglio You can do that from the Maxmind web site :

Screenshot_2021-02-06 Download GeoIP2 and GeoIP Legacy Databases MaxMind.png

@ronpfs Hi!
explain to me how to update binary databases GeoIP2 and GeoIP Legacy.
I only have a pc with windows q0 home.
I honestly didn't understand anything if you can show me screenshots and explain me in a simple way. Help thanks

@teamits Hi!
explain to me how to update binary databases GeoIP2 and GeoIP Legacy.
I only have a pc with windows 10 home.
I honestly didn't understand anything if you can show me screenshots and explain me in a simple way. Help thanks

SteveITS

It sounds like you're trying to run updates manually? Let pfBlocker do it.

and on the IP page:

@teamits okkkkk :-)

@ronpfs thank you :-)

@gertjan ok thank you :-)