• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

GeoIP Blocking

pfBlockerNG
4
45
11.1k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • R
    RonpfS @A Former User
    last edited by Feb 4, 2021, 10:15 PM

    @antonio-briguglio It is also possible to put domain like .ru in TLD Blacklist. But that's won't block a .net domain using RU ASN.

    2.4.5-RELEASE-p1 (amd64)
    Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
    Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

    ? 1 Reply Last reply Feb 4, 2021, 10:22 PM Reply Quote 0
    • ?
      A Former User @RonpfS
      last edited by Feb 4, 2021, 10:22 PM

      @ronpfs but I don't understand why after for example 5 interregations sites no longer block them is it normal?

      R 1 Reply Last reply Feb 4, 2021, 10:28 PM Reply Quote 0
      • R
        RonpfS @A Former User
        last edited by RonpfS Feb 4, 2021, 10:29 PM Feb 4, 2021, 10:25 PM

        @antonio-briguglio GeoIP isn't always accurate. I block TOP Spammer from RU, RU_rep, CN and CN_rep, but sometimes the Alerts Tab will report another country. That is because the network is in two countries files.

        Example for a block of 45.146.165.149 is reported as GB_v4 45.146.164.0/23.

        grep "45\.146\.16" /usr/local/share/GeoIP/cc/*v4.txt
        /usr/local/share/GeoIP/cc/DE_v4.txt:45.146.16.0/21
        /usr/local/share/GeoIP/cc/Europe_v4.txt:45.146.160.0/22
        /usr/local/share/GeoIP/cc/Europe_v4.txt:45.146.167.0/24
        /usr/local/share/GeoIP/cc/Europe_v4.txt:45.146.168.0/23
        /usr/local/share/GeoIP/cc/Europe_v4.txt:45.146.164.0/23
        /usr/local/share/GeoIP/cc/Europe_v4.txt:45.146.166.0/24
        /usr/local/share/GeoIP/cc/Europe_v4.txt:45.146.164.0/23
        /usr/local/share/GeoIP/cc/Europe_v4.txt:45.146.166.0/24
        /usr/local/share/GeoIP/cc/Europe_v4.txt:45.146.16.0/21
        /usr/local/share/GeoIP/cc/GB_v4.txt:45.146.164.0/23
        /usr/local/share/GeoIP/cc/GB_v4.txt:45.146.166.0/24
        /usr/local/share/GeoIP/cc/LT_v4.txt:45.146.160.0/22
        /usr/local/share/GeoIP/cc/RU_rep_v4.txt:45.146.164.0/23
        /usr/local/share/GeoIP/cc/RU_rep_v4.txt:45.146.166.0/24
        /usr/local/share/GeoIP/cc/RU_v4.txt:45.146.167.0/24
        /usr/local/share/GeoIP/cc/RU_v4.txt:45.146.168.0/23
        

        2.4.5-RELEASE-p1 (amd64)
        Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
        Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

        1 Reply Last reply Reply Quote 0
        • R
          RonpfS @A Former User
          last edited by Feb 4, 2021, 10:28 PM

          @antonio-briguglio said in GeoIP Blocking:

          @ronpfs but I don't understand why after for example 5 interregations sites no longer block them is it normal?

          It shouldn't be normal. Investigate the pfblockerNG log files, firewall logs etc to debug what is happening.

          2.4.5-RELEASE-p1 (amd64)
          Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
          Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

          S 1 Reply Last reply Feb 4, 2021, 10:51 PM Reply Quote 0
          • S
            SteveITS Galactic Empire @RonpfS
            last edited by Feb 4, 2021, 10:51 PM

            The web site may have round robin or otherwise rotating DNS? For the OP, the Geo IP block is by IP address not web site name.

            Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
            When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
            Upvote 👍 helpful posts!

            ? 2 Replies Last reply Feb 5, 2021, 11:05 PM Reply Quote 0
            • ?
              A Former User @SteveITS
              last edited by Feb 5, 2021, 11:05 PM

              @teamits hi i can't find the program for geoip automatic updates.
              The latest version can be downloaded from GitHub called something like geoipupdate_4.0.0_windows_amd64 depending on the version and architecture.
              But unfortunately this file is not there.
              Can you give me the direct link so I download it on my pc?
              Help

              R 1 Reply Last reply Feb 6, 2021, 7:23 AM Reply Quote 0
              • R
                RonpfS @A Former User
                last edited by Feb 6, 2021, 7:23 AM

                @antonio-briguglio You can do that from the Maxmind web site :

                Screenshot_2021-02-06 Download GeoIP2 and GeoIP Legacy Databases MaxMind.png

                2.4.5-RELEASE-p1 (amd64)
                Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
                Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

                ? 2 Replies Last reply Feb 6, 2021, 11:27 PM Reply Quote 0
                • ?
                  A Former User @RonpfS
                  last edited by Feb 6, 2021, 11:27 PM

                  @ronpfs Hi!
                  explain to me how to update binary databases GeoIP2 and GeoIP Legacy.
                  I only have a pc with windows q0 home.
                  I honestly didn't understand anything if you can show me screenshots and explain me in a simple way. Help thanks

                  S 1 Reply Last reply Feb 6, 2021, 11:32 PM Reply Quote 0
                  • ?
                    A Former User @SteveITS
                    last edited by Feb 6, 2021, 11:30 PM

                    @teamits Hi!
                    explain to me how to update binary databases GeoIP2 and GeoIP Legacy.
                    I only have a pc with windows 10 home.
                    I honestly didn't understand anything if you can show me screenshots and explain me in a simple way. Help thanks

                    1 Reply Last reply Reply Quote 0
                    • S
                      SteveITS Galactic Empire @A Former User
                      last edited by Feb 6, 2021, 11:32 PM

                      It sounds like you're trying to run updates manually? Let pfBlocker do it.

                      340f5611-119b-4da2-b41c-4ea2a0170a79-image.png

                      and on the IP page:
                      77d022c8-e714-42f9-9503-e91b50bbe5d3-image.png

                      Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                      When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
                      Upvote 👍 helpful posts!

                      ? 1 Reply Last reply Feb 7, 2021, 1:27 AM Reply Quote 0
                      • ?
                        A Former User @SteveITS
                        last edited by Feb 7, 2021, 1:27 AM

                        @teamits okkkkk :-)

                        1 Reply Last reply Reply Quote 0
                        • ?
                          A Former User @RonpfS
                          last edited by Feb 20, 2021, 1:14 PM

                          @ronpfs thank you :-)

                          1 Reply Last reply Reply Quote 0
                          • ?
                            A Former User @Gertjan
                            last edited by Feb 20, 2021, 1:16 PM

                            @gertjan ok thank you :-)

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.