IPV4 White list before Geo IP
I have a white list in the IPV4 tab that's worked perfectly for an untold amount of time. Today, Microsoft in their infinite wisdom moved a bunch of stuff overseas and because I have Geo IP Block (Country Blocking) also enabled and configured it now seems that my IPV4 white list takes a back seat to the Geo IP Block list.
I think it used to work differently.
Used to be:
IPV4 White List > Geo IP
Now seems to be:
Geo IP > IPV4 White List
So if it matches the Geo IP it blocks it and never makes it to my IPV4 white list!!!
If I'm blocking the EU (and all their countries) BUT I have specific EU based IP's like Microsoft's IP's in Italy, Netherlands, Finland, etc…it seems my white list is ignored in favor of the country.
Can you confirm this behavior?
Block message on the FW log:
@115(1770004605) block return log quick on re0 inet from any to <pfb_europe_v4:120341>label "USER_RULE: pfB_Europe_v4 auto rule"
My IP's in my white list:
whois: 220.127.116.11 White List: 18.104.22.168/17, 22.214.171.124/13, 126.96.36.199/12, 188.8.131.52/15, 184.108.40.206/16, 220.127.116.11/14, 18.104.22.168/12, 22.214.171.124/14
Another interesting thing is if I look that IP address up on the SANS IP Country Lookup I get this:
126.96.36.199/10 US MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US
…that it's in the US and NOT in an EU country. Is something wrong with the maxmind db perhaps?
I'd also re-installed PFB to see if it would update something but it did not. I kept all my old settings of course.
Any insight into this issue would be helpful. It seems two fold, rule order (which on the general tab is the default) between Geo IP v IPV4 and then the last issue of the maxmind db having incorrect country resolution.
Check the Firewall rule order… To overcome a GeoIP blocklist, you need to have the Permit rules above the Block rules. The Rule order setting is in the General tab.