pfBlocker GeoIP Not Working
-
I have been having an issue with pfBlocker's GeoIP functionality since the upgrade to pfSense 2.4.5. I currently am on 2.2.5_32 of pfB.
I utilize the GeoIP functionality to deny inbound connections to specific countries. However, it seems as if the rule that pfB adds to the pfS firewall rules doesn't correctly analyze the packets. For example, if I look at the firewall rules page under the states column it will list 0/0 B for each firewall rule added by pfB. In addition, if I look at the pfB dashboard the packets column will sit at 0.
I know that I am receiving traffic from the countries I am attempting to block because I enable the kill states setting in pfB and I can see pfB remove open states in the update logs from the specific countries I am trying to block.
I also have certain alias' that will show a count of 0 IPs even though I can pull up the individual file from within the pfB log page.
I have attempted to completely reinstall pfB with and without the keep settings option.
Any ideas as to what would cause this? I previously had pfB working flawlessly for quite some time.
-
I had a similar issue after upgrading to 2.4.5 this weekend. pfBlocker had not had a max mind key before the update as it was an old version. I let the package update during the pfSense upgrade. I entered the maxmind key and ran an update in pfB but that didn't help. Ultimately I had to make a firewall rule change to get it to accept the GeoIP aliases. I suppose I could have just rebooted or done a filter reload too. Try either of those and see if it helps.
-
Unfortunately, that did not work for me. I did a filter reload, tried adding a new firewall rule, and rebooted. I also verified the maxmind key is being correctly pulled based off of the 'last used' field on the maxmind site.
-
I have the same problem.
Any solution ?
-
@econ said in pfBlocker GeoIP Not Working:
Unfortunately, that did not work for me. I did a filter reload, tried adding a new firewall rule, and rebooted. I also verified the maxmind key is being correctly pulled based off of the 'last used' field on the maxmind site.
You probably need to force Maxmind to update.
Run this command from the command prompt to force Maxmind to update: php /usr/local/www/pfblockerng/pfblockerng.php dc . This should force the Maxmind.com database to update.
-
It worked, thanks !
Just for those who are struggling: I had to put this command, including the quotes in the PHP window:
"/usr/local/www/pfblockerng/pfblockerng.php dc"
-
I'm running pfsense version 2.4.5-RELEASE-p1 (amd64) & pfBlockerNG-devel 2.2.5_33
Any idea how to get this IP stats to show up on the widget? I ran this command ( php /usr/local/www/pfblockerng/pfblockerng.php dc) to manually force Maxmind to update. Is it supposed to update on its own if you have a license key? This widget has never updated correctly for me for IP. I see this in the update log though [ pfB_Top_v4 ] Removed 6 state(s) for [ 178.xxx.xxx.xxx ]
-
This is what I have:
It is also a bit obscure to me what the IP count is, but I have never investigated in-depth.
-
I dont get any numbers in that field at all
-
This is what I have when I hover:
I guess it depends on the config of the IP tab. All my combos are set to default.
-
Now its working after I increased the Maximum Firewall entries from 400000 to 950000. This option is under the: System-->Advanced-->Firewall & Nat area.
-
Firewall Maximum Table Entries
is already at 3M on mine.Very strange that you have Block & Reject packets under IP and that I don't have any... it probably depends on the config & the firewall rules...
-
Oh wow 3 million. What does your GeoIP settings look like? I have deny inbound on everything and North America Disabled
-
This is what I have. I am now thinking that perhaps I should change to "deny inbound" instead of "disabled" ? (I want to block those of course)
In Europe, I allow 2 countries.
-
@Alex99 Yeah change that to deny and you will probably see your counter go up, I'm going to try that with North America (allow inbound) as well just to test.
This is probably a better approach than blocking all the countries: Pfblocker … is this normal after 3 hours of uptime