Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    SNORT, OpenAppID and weird Block reason: Gateway GEO-IP Filter Alert¨

    Scheduled Pinned Locked Moved IDS/IPS
    1 Posts 1 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      DBcom
      last edited by

      Hello Everyone!
      I"ve been reading this forum for a long time and usually found answers to my issues.
      But now I've  encountered something that I cant resolve.

      I installed and configured SNORT.
      I also decided to try the OpenAppID rules, which all installed except the Snort OpenAppID RULES Detectors.
      That MD5 error kept bugging me for a long time, so I decided to install them semi-manually.
      I amended the original update script to forgo the MD5 check.
      From what i can tell the RULES Detectors installed.
      But right after that i get the Block reason: Gateway GEO-IP Filter Alert in the SNORT update window.

      window message:
      –---------------------------------------------------------------------------------
      This site has been blocked by the network administrator.
      Block reason: Gateway GEO-IP Filter Alert

      IP address: 2XX.XXX.XXX.XXX

      Connection initiated from country: XXXXXXXXXXXXXXXXXX

      I do NOT have any COUNTRY blocks, just some pfBlockerNG lists.

      I am thinking that one of the OpenAppID RULES Detectors I downloaded/updated is causing  this window.
      Is there any way to trace the rule that creates this windows?

      Thank you in advance.

      DBcom

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.