Help with GeoIP aliases needed
-
I'm trying to only permit traffic from the United States to a handful of ports on my pfSense router.
I thought I had it working with GeoIP - North America - List Action = Alias Permit
Combined with my specific firewall rules that reference the pfB_NAmerica_v4 aliasHowever, in my firewall logs I'm finding IP addresses permitted through. For example, I'm seeing the follow source IP addresses coming through:
216.220.228.202
104.214.115.196
74.101.171.253
None of those IPs, or their related subnets appear in the North AmericaAll other GeoIP countries have nothing selected in the list with a List Action = Permit Both
Clearly I'm doing something wrong. I've tried my best to find manuals for pfBlockerNG online but the results are sparse.
Thanks in advance, Jason
-
@cfapress said in Help with GeoIP aliases needed:
216.220.228.202
maxmind sure thinks that is US IP.
16.220.228.202 US Wayne,
Maine,
United States,
North America 04284 44.3493,
-70.0712 50 Mid-Maine Communications Mid-Maine Communications midmaine.com 500Why would you think its not? Same goes for the other 2
104.214.115.196 US San Antonio,
Texas,
United States,
North America 78288 29.4247,
-98.4935 1000 Microsoft Corporation Microsoft Azure 641
74.101.171.253 US West Babylon,
New York,
United States,
North America 11704 40.7135,
-73.3546 20 Verizon Fios Business Verizon Fios Business verizon.net 501https://www.maxmind.com/en/geoip-demo
Looking in my NA list I see
216.220.128.0/17Which would be 216.220.128.0 - 216.220.255.255
So yeah your 216.220.228.202 is in that list.
-
AH ... yes, indeed my subnetting skills were lacking here.
I resorted to lookups with this tool which helped me better understand what my brain couldn't sort out itself:
http://jodies.de/ipcalc?host=216.220.128.0&mask1=17&mask2=Your link to the maxmind database is very helpful. So, thank you for that. Much appreciated. It will come in handy in the future.
Thanks for the prompt response.
