Dnsbl geoblocking unselected country



  • Hi folks.

    I have geoblocking enabled but noticing it's blocking this IP address (US based IP):

    https://www.shodan.io/host/191.238.35.129

    However I do not have US selected in the geoblocking sections (top 20, NA, etc).

    denied list:
    Sep 11 21:18:43 LAN pfB_Top_v4    (1770009096) TCP-S 10.180.24.25:53029    xboxone 191.238.35.129:443      US Country

    Is there something I can do within pfblockering to resolve?


  • Moderator

    That IP is hosted in Brazil as per MaxMind. You can run the following command in a pfSense shell:

    geoiplookup 191.238.35.129
    

    More info here (see the whois info):
    https://www.tcpiputils.com/browse/ip-address/191.238.35.129

    The Alerts tab has a ! icon which will open a Threat Source lookup page which has a lot of other resources that can be used.

    To overcome this block, you can create a Permit Outbound IPv4 alias and add this IP to the customlist and select the appropriate "Rule Order" option that places the permit rule above the block/reject rules.



  • HI BBCan..

    Your link shows this:

    IP information 191.238.35.129
    IP address 191.238.35.129
    Location Boydton, Virginia, United States (US) flag
    Registry lacnic

    Is there a difference between physical IP location and GEO based lookups?

    Jon