Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Incorrect GeoIP entry in pfB_Top_v4

    Scheduled Pinned Locked Moved pfBlockerNG
    3 Posts 2 Posters 942 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      djanakes
      last edited by

      Hi all,

      I'm new to this forum and may be posting in the wrong place, but I've discovered an incorrect IP address in the GeoIP country blocks for pfBlockerNG. Specifically, the IPv4 entries for "India (1269750) IN_rep (343)" contains 34.225.144.0/24, which is actually located in the United States. Unless I'm missing something very rudimentary, this IP range should NOT be listed under India. I've spent the better part of the evening attempting to locate and identify this error and I've temporarily whitelisted the IP range on my own router in order to continue blocking India from our mail server. What is the proper procedure to report something like this, and to whom? Any help in pointing me to the right source would be greatly appreciated.

      On a side note, the more I learn the intricacies of pfSense and it's wonderful packages, the more impressed I become with its functionality. Keep up the great work!!

      David

      1 Reply Last reply Reply Quote 0
      • BBcan177B
        BBcan177 Moderator
        last edited by BBcan177

        @djanakes said in Incorrect GeoIP entry in pfB_Top_v4:

        34.225.144.0

        Thanks for the feedback.

        Please review the MaxMind website which will provide some more information on what "Represented Country" means:
        https://dev.maxmind.com/geoip/geoip2/whats-new-in-geoip2/

        Country, Registered Country, and Represented Country
        We now distinguish between several types of country data. The country is the country where the IP address is located. The registered_country is the country in which the IP is registered. These two may differ in some cases.

        Finally, we also include a represented_country key for some records. This is used when the IP address belongs to something like a military base. The represented_country is the country that the base represents. This can be useful for managing content licensing, among other uses.

        head -1 /usr/local/share/GeoIP/GeoLite2-Country-Blocks-IPv4.csv
network,geoname_id,registered_country_geoname_id,represented_country_geoname_id,is_anonymous_proxy,is_satellite_provider```java
code

        grep "34.225.144.0/24" /usr/local/share/GeoIP/*

        /usr/local/share/GeoIP/GeoLite2-Country-Blocks-IPv4.csv:34.225.144.0/24,6252001,1269750,,0,0

        "Experience is something you don't get until just after you need it."

        Website: http://pfBlockerNG.com
        Twitter: @BBcan177  #pfBlockerNG
        Reddit: https://www.reddit.com/r/pfBlockerNG/new/

        1 Reply Last reply Reply Quote 0
        • D
          djanakes
          last edited by djanakes

          Thank you very much for the quick reply. I hadn't considered the consequences of blocking India vs India_Rep.

          It turns out that entire subnet is controlled by Cisco and several of our Texas state counties are assigned IPs in that range. Since this "problem" only began after July 2nd (the last time they were able to connect to our mail server using that same IP), we assumed it was entered by mistake.

          I've informed our customer and they will get with Cisco to determine a resolution, as it seems they're also now being blocked by other mail servers as well as their hosted helpdesk app is failing. All of these problems began sometime after July 2nd, which is when I assume the IP was entered into the India_Rep database.

          Thanks again for your assistance!

          David

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.