Prevent countries access to specific hosted site



  • Greetings,

    My the company I work for host websites.  pfBlocker, for the most part allows access to ALL of our hosted websites.  We have a client that wants specific countries from accessing their website.  How do I allow both rule sets to function properly?

    Thanks ahead of time.



  • Is it possible to generate rules that focus on dynamic 'aliases' that focus on individual countries?



  • have a look in:
    /usr/local/share/GeoIP/cc/
    and you will find the GeoIP country codes pfBlockerNG download from MaxMind.

    create alias only with country you need and use it as you want in a firewall rule allow/deny.
    for ex Poland:
    /usr/local/share/GeoIP/cc/PL_v4.txt
    /usr/local/share/GeoIP/cc/PL_v6.txt



  • OUTSTANDING!!  Thank you VERY much!!

    Actually question along the lines of using Alias Deny and De-Duplication.  When I created an Alias yesterday and created a rule, the alias under the rule only showed 1.1.1.1.  Is that normal?



  • If you move the mouse on alias name in the rule ( interface ) it will show all IPs for that alias.
    If you have only one address 1.1.1.1 have a look at what's inside each file / link for that alias and try to figure if something is missing or not and why ( bad link/file, can't download link/file ??


  • Moderator

    @dbennett:

    OUTSTANDING!!  Thank you VERY much!!

    Actually question along the lines of using Alias Deny and De-Duplication.  When I created an Alias yesterday and created a rule, the alias under the rule only showed 1.1.1.1.  Is that normal?

    Click on the blue infoblock icons in the IPv4 tab. It will detail how to achieve this…. When creating multiple GeoIP aliases with duplicated ISO, its best to use "Alias Native", so that deduplication does not take effect...



  • Thanks to everyone for replying to my post.

    I've located and added each of the country lists into a single alias and will be checking our webstats to see if the rule works.

    Question:  What is the _rep_ipv4 lists for?

    Thanks again for your input



  • There is an Red url in the GeoIP tabs :

    @ :

    GeoIP data by MaxMind Inc. - GeoLite2
    Click here for IMPORTANT info –> What new in GeoIP2

    Country, Registered Country, and Represented Country

    We now distinguish between several types of country data. The country is the country where the IP address is located. The registered_country is the country in which the IP is registered. These two may differ in some cases.

    Finally, we also include a represented_country key for some records. This is used when the IP address belongs to something like a military base. The represented_country is the country that the base represents. This can be useful for managing content licensing, among other uses.