IPv6 Alert SRC GeoIP Issue 2.2.5_19
-
The following is being blocked by a GeoIP block for Russia IPv4 & IPv6.
The IP subnet is in the RU_v6.txt file.
I'm in Great Britain and the traffic is comming from Russia
-
@nogbadthebad
Report it to Maxmind https://www.maxmind.com/en/geoip2-databases that's the source for the database in pfBlockerNG.
-
it’s not a maxmind issue, the IP address is in the Russia txt file, pfBlockerNG Dev reports the source is in the GB.
See my last screenshot.
-
Sorry but the whois shows that IP as RU
https://www.ultratools.com/tools/ipv6InfoResult?ipAddress=2001%3A6d0%3Affd9%3A301%3A195%3A209%3A146%3A222&as_sfid=AAAAAAXJdN8y4VwMH_qPRG_IcyFdkPd3_ZN0h9t9D15a_vHkdQJ8YFwobWJbcq4LRKKBjEqFL6b5YZxVtYEgtINFLR4zjSfuBv2mXAo25oTOlmd2zVc8qUymoip6aF95o4-qiac%3D&as_fid=4cf20d4e5d982453717d1efee86a730cba0705ee
And so does maxmind
Where are you getting that its GB?
In the Big Picture guess you could say that RU is Europe ;)
Where an IP is for sure not an exact science and all kinds of problems can be seen with their database... I was fighting with maxmind for like ever that a /24 out of our /16 was not in freaking Vietnam!! ;) I don't think they ever fixed it.. Have to go back and look.. But it was stopping people from accessing their banks and websites because the IP was coming out not in the US.. Which clearly it was.. It was IP of our DC in Florida for gosh sake ;) But we shut down the proxy at that location so stop getting complaints about not able to access this or that because of geoip info not being correct..
-
Also I'd have thought the Alert would have been Inbound not outbound like all the other IPv4 alerts, as it's 2001:6d0:ffd9:301:195:209:146:222 trying to poke my WAN interface on port 53.
-
Those blocks in the firewall your showing are inbound to the wan. If they were outbound block you would have the little > symbol..
-
Yup
