GeoIP not working? Where is rule?
-
I have recently installed pfBlockerNG devel and am having a problem with GeoIP. I set it to deny inbound for every region except North America, where I am located, because I am running a small, limited-purpose web server for just two users and have a WAN port open. The problem is that I don't think GeoIP is actually blocking requests from outside North America. For one thing, there is no firewall rule created by pfBlockerNG for WAN, and the only floating rule is limited to LAN. So how could it possibly be blocking anything coming from outside North America or anywhere else since there are no associated firewall rules?
Also, I looked in the web server log and could see that it received a request from the European region, so it appears that the WAN port is still open from all regions. (Incidentally, I do have a MaxMind license which I applied.)
Does anyone have any thoughts about how to get this working? It seems something must be wrong with my setup.
-
@patrick999 OK, I solved this on my own. I simply wasn't understanding the interface. I hadn't realized that selecting continents to block is insufficient. It's necessary to also choose specific countries within each continent. After I did that, the firewall rules were generated.
-
Perhaps nice to know for you too.
pfBlockerNG MaxMind Registration required to continue to use the GeoIP functionality! -
@patrick999 said in GeoIP not working? Where is rule?:
I set it to deny inbound for every region except North America
It should take less resources to do it the other way, allow North America. I usually use Alias Native and then can use it in my own rules, such as the Source on a NAT rule.