Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pfBlocker GeoIP Not Working

    Scheduled Pinned Locked Moved pfBlockerNG
    15 Posts 5 Posters 4.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      econ
      last edited by

      I have been having an issue with pfBlocker's GeoIP functionality since the upgrade to pfSense 2.4.5. I currently am on 2.2.5_32 of pfB.

      I utilize the GeoIP functionality to deny inbound connections to specific countries. However, it seems as if the rule that pfB adds to the pfS firewall rules doesn't correctly analyze the packets. For example, if I look at the firewall rules page under the states column it will list 0/0 B for each firewall rule added by pfB. In addition, if I look at the pfB dashboard the packets column will sit at 0.
      2020-05-06_9-09-08.jpg

      I know that I am receiving traffic from the countries I am attempting to block because I enable the kill states setting in pfB and I can see pfB remove open states in the update logs from the specific countries I am trying to block.

      I also have certain alias' that will show a count of 0 IPs even though I can pull up the individual file from within the pfB log page.
      2020-05-06_9-04-55.jpg

      I have attempted to completely reinstall pfB with and without the keep settings option.

      Any ideas as to what would cause this? I previously had pfB working flawlessly for quite some time.

      1 Reply Last reply Reply Quote 0
      • M
        mhab12
        last edited by

        I had a similar issue after upgrading to 2.4.5 this weekend. pfBlocker had not had a max mind key before the update as it was an old version. I let the package update during the pfSense upgrade. I entered the maxmind key and ran an update in pfB but that didn't help. Ultimately I had to make a firewall rule change to get it to accept the GeoIP aliases. I suppose I could have just rebooted or done a filter reload too. Try either of those and see if it helps.

        1 Reply Last reply Reply Quote 0
        • E
          econ
          last edited by

          Unfortunately, that did not work for me. I did a filter reload, tried adding a new firewall rule, and rebooted. I also verified the maxmind key is being correctly pulled based off of the 'last used' field on the maxmind site.

          J 1 Reply Last reply Reply Quote 0
          • A
            Alex99
            last edited by

            I have the same problem.

            Any solution ?

            1 Reply Last reply Reply Quote 0
            • J
              jdeloach @econ
              last edited by jdeloach

              @econ said in pfBlocker GeoIP Not Working:

              Unfortunately, that did not work for me. I did a filter reload, tried adding a new firewall rule, and rebooted. I also verified the maxmind key is being correctly pulled based off of the 'last used' field on the maxmind site.

              You probably need to force Maxmind to update.

              Run this command from the command prompt to force Maxmind to update: php /usr/local/www/pfblockerng/pfblockerng.php dc . This should force the Maxmind.com database to update.

              A 1 Reply Last reply Reply Quote 0
              • A
                Alex99 @jdeloach
                last edited by

                It worked, thanks !

                Just for those who are struggling: I had to put this command, including the quotes in the PHP window:

                "/usr/local/www/pfblockerng/pfblockerng.php dc"

                1 Reply Last reply Reply Quote 0
                • S
                  shdwkeeper
                  last edited by shdwkeeper

                  I'm running pfsense version 2.4.5-RELEASE-p1 (amd64) & pfBlockerNG-devel 2.2.5_33

                  Any idea how to get this IP stats to show up on the widget? I ran this command ( php /usr/local/www/pfblockerng/pfblockerng.php dc) to manually force Maxmind to update. Is it supposed to update on its own if you have a license key? This widget has never updated correctly for me for IP. I see this in the update log though [ pfB_Top_v4 ] Removed 6 state(s) for [ 178.xxx.xxx.xxx ]

                  Capture.JPG

                  1 Reply Last reply Reply Quote 0
                  • A
                    Alex99
                    last edited by

                    This is what I have:

                    It is also a bit obscure to me what the IP count is, but I have never investigated in-depth.

                    ad55a5c6-ae8d-499c-a864-f849990bfe00-image.png

                    S 1 Reply Last reply Reply Quote 0
                    • S
                      shdwkeeper @Alex99
                      last edited by

                      @Alex99

                      I dont get any numbers in that field at all

                      1 Reply Last reply Reply Quote 0
                      • A
                        Alex99
                        last edited by

                        This is what I have when I hover:

                        db8610b9-2ac4-4909-9369-324ce7a6bc1f-image.png

                        I guess it depends on the config of the IP tab. All my combos are set to default.

                        1 Reply Last reply Reply Quote 0
                        • S
                          shdwkeeper
                          last edited by

                          Capture.JPG

                          Now its working after I increased the Maximum Firewall entries from 400000 to 950000. This option is under the: System-->Advanced-->Firewall & Nat area.

                          1 Reply Last reply Reply Quote 0
                          • A
                            Alex99
                            last edited by

                            Firewall Maximum Table Entries
                            is already at 3M on mine.

                            Very strange that you have Block & Reject packets under IP and that I don't have any... it probably depends on the config & the firewall rules...

                            S 1 Reply Last reply Reply Quote 0
                            • S
                              shdwkeeper @Alex99
                              last edited by shdwkeeper

                              @Alex99

                              Oh wow 3 million. What does your GeoIP settings look like? I have deny inbound on everything and North America Disabled
                              Capture.JPG

                              1 Reply Last reply Reply Quote 0
                              • A
                                Alex99
                                last edited by

                                This is what I have. I am now thinking that perhaps I should change to "deny inbound" instead of "disabled" ? (I want to block those of course)
                                In Europe, I allow 2 countries.

                                7b5d0728-5979-4691-8735-2a0f940c2341-image.png

                                S 1 Reply Last reply Reply Quote 0
                                • S
                                  shdwkeeper @Alex99
                                  last edited by shdwkeeper

                                  @Alex99 Yeah change that to deny and you will probably see your counter go up, I'm going to try that with North America (allow inbound) as well just to test.

                                  This is probably a better approach than blocking all the countries: Pfblocker … is this normal after 3 hours of uptime

                                  1 Reply Last reply Reply Quote 0
                                  • First post
                                    Last post
                                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.