GeoIP policy based routing not working with pfBlockerNG-devel?



  • 2.4.3-RELEASE-p1 (amd64) on SG-2440.
    I've been using pfBlockerNG with GeoIP to create an "Alias Match" list for Polish (PL) IPv4 (pfb_Europe_v4).
    I have a LAN rule that directs traffic destined to Polish websites via NordVPN Gateway group (Destination: Single Host or Alias Set to: pfb_Europe_v4)

    All of this has been working great. However, I noticed recently that this rule is no longer working/applied.
    Only changes have been that I started using pfBlockerNG-devel (currently on 2.2.5_11) several weeks ago. Can't pin-point exact time when it stopped.

    (http://jakiemamip.pl) shows me my real IP, but when the rule worked, it showed the NordVPN's IP.

    For example, when I try to access vod.tvp.pl (195.245.213.252 & 195.245.213.251), I get Geo-blocked.

    I have created a new "alias match" list using the IP>IPv4 source definitions with "GeoIP" format for PL and PL_rep (pfB_Poland_v4.txt).
    When I look at the list in log viewer, I see "195.245.213.0/24" so I would expect it to work.

    If I change my rule to Destination: ANY, my traffic is routed via NordVPN.

    Any ideas?

    Edit: If I manually create an alias for those two IPs and use them in the firewall rule, I can access vod.tvp.pl and watch content.


  • Moderator

    Since this is an "Alias Match" Alias, and the IP range is found in the pfB_Poland_v4.txt Alias, I assume that the package did what it was asked to do.

    The firewall rule that you created is defined with your settings, so the pfBlockerNG package had nothing to do with that rule.

    I suspect that another rule may be causing issues that is above this rule? But I would start to look at other changes that might have caused this issue for you.

    Hope that helps.



  • @bbcan177 If I change my rule to Destination: ANY, my traffic is routed via NordVPN. Rule order is the same in this case. Wouldn't it imply something wrong with the alias list created by the package?


  • Moderator

    @bartkowski said in GeoIP policy based routing not working with pfBlockerNG-devel?:

    @bbcan177 If I change my rule to Destination: ANY, my traffic is routed via NordVPN. Rule order is the same in this case. Wouldn't it imply something wrong with the alias list created by the package?

    You are using Alias type rules, so you are creating your own rules. Either way, pfBlockerNG is just adding IPs to an Aliastable. There has to be something else in your setup that is causing your issue. Check the other rules/nat etc...


Log in to reply