Country vs Registered country
-
@pierr0t Care to share a few of the ip addresses you checked against?
-
For example the one I am currently using, Mulvad VPN Zürich Switzerland, this is the answer from GeoLite:
curl -u "xxxxxxx:xxxxxxxxx" \ "https://geolite.info/geoip/v2.1/country/193.32.127.221?pretty" { "continent": { "code": "EU", "geoname_id": 6255148, "names": { "ru": "Европа", "zh-CN": "欧洲", "de": "Europa", "en": "Europe", "es": "Europa", "fr": "Europe", "ja": "ヨーロッパ", "pt-BR": "Europa" } }, "country": { "iso_code": "CH", "geoname_id": 2658434, "names": { "pt-BR": "Suíça", "ru": "Швейцария", "zh-CN": "瑞士", "de": "Schweiz", "en": "Switzerland", "es": "Suiza", "fr": "Suisse", "ja": "スイス連邦" } }, "registered_country": { "is_in_european_union": true, "iso_code": "SE", "geoname_id": 2661886, "names": { "ja": "スウェーデン王国", "pt-BR": "Suécia", "ru": "Швеция", "zh-CN": "瑞典", "de": "Schweden", "en": "Sweden", "es": "Suecia", "fr": "Suède" } }, "traits": { "ip_address": "193.32.127.221", "network": "193.32.127.0/24" } }%Mulvad tells me I am in Switzerland but I have to authorize Sweden to go through pfBlockerNG :-)
Pierre -
Regarding this specific remark (about denying all and just authorizing specific country): I know, I just have to do it ... but it's a very low traffic firewall so I'm in no hurry ...
Pierre.
-
andyk@mac-pro ~ % whois 193.32.127.221 % IANA WHOIS server % for more information on IANA, visit http://www.iana.org % This query returned 1 object refer: whois.ripe.net inetnum: 193.0.0.0 - 193.255.255.255 organisation: RIPE NCC status: ALLOCATED whois: whois.ripe.net changed: 1993-05 source: IANA # whois.ripe.net inetnum: 193.32.127.0 - 193.32.127.255 netname: NET-31173-193-32-127 country: CH geoloc: 47.3631 8.5414 language: de descr: 31173 Services AB infrastructure in Zurich, Switzerland. org: ORG-SS1087-RIPE admin-c: SS36127-RIPE tech-c: SS36127-RIPE abuse-c: SS36127-RIPE status: ASSIGNED PA mnt-by: ESAB-MNT created: 2020-05-04T09:36:06Z last-modified: 2020-05-05T11:40:13Z source: RIPE organisation: ORG-SS1087-RIPE org-name: 31173 Services Switzerland org-type: OTHER geoloc: 47.3631 8.5414 language: de address: 31173 Services AB address: c/o Interxion address: S?gereistrasse 35 address: Glattbrugg address: 8152 Opfikon address: Switzerland admin-c: SS36127-RIPE tech-c: SS36127-RIPE mnt-by: ESAB-MNT mnt-ref: ESAB-MNT created: 2020-05-04T09:00:26Z last-modified: 2020-05-05T11:29:32Z source: RIPE # Filtered role: 31173 Services Switzerland address: 31173 Services AB address: c/o Interxion address: S?gereistrasse 35 address: Glattbrugg address: 8152 Opfikon address: Switzerland abuse-mailbox: abuse-cust-ch@31173.se admin-c: NEMO1-RIPE tech-c: KPE-RIPE nic-hdl: SS36127-RIPE mnt-by: ESAB-MNT created: 2020-05-04T08:48:30Z last-modified: 2020-05-04T08:48:30Z source: RIPE # Filtered % Information related to '193.32.127.0/24AS39351' route: 193.32.127.0/24 origin: AS39351 mnt-by: ESAB-MNT created: 2019-11-03T16:35:41Z last-modified: 2020-05-04T09:37:52Z source: RIPE % This query was served by the RIPE Database Query Service version 1.106.1 (ABERDEEN) andyk@mac-pro ~ %Go here and pop in the IP address or AS number:-
https://hackertarget.com/as-ip-lookup/
The whois reports Services AB infrastructure in Zurich, Switzerland and the IP/ASN reports ESAB-AS, SE.
When you do the AS number it reports 193.32.127.0/24 as belonging to ESAB-AS, SE to the right.
Looks to me like its a Swedish company hosting a server in Switzerland.
-
Yes exactly, IP is being used in Switzerland but was purchased in Sweden (Mulvad being a swedish company).
Maxmind reports it properly, the question is how does pBlockerNG use that info, for me it should use the "country" info instead of the "registered_country" info ... but I guess that only the author of pfBlockerNG could tell me if my diagnostic is true or not.
Pierre
-
@pierr0t If BBCan177 doesn't find this thread you could create a bug/feature request at redmine.pfsense.org. If it's not a bug, possibly it could be added as a separate list like "rep" is separate, although it would basically double the size of the existing "all IPs in ___" list if they are listed twice and people allow two. A bit more flexible but more confusing.
IOW does the Swedish company just happen to put their servers in a data center in Switzerland and they are using it? Is a particular block from an ISP that works across borders? Many possibilities.
Allowing your own IP is a bit easier...can be done for one, if you create a dynamic DNS hostname and allow the hostname.
-
@nogbadthebad You could maybe use the providers ASN number, they only use 4 providers in Switzerland:-
-
Yes but at the same time, it's not really me, it's pfBlockerNG ... I understand I could create rules using the ASN but if I use pfBlockerNG it would be nice if they were using "country" instead of "registered_country" ... Anyway I will try to open a feature request/bug as suggested by @SteveITS :-)
Thks.
Pierre -
-
Interesting, yes that would allow me to use all Mulvad's IP's to go through the firewall, thanks.
I did a feature request here: https://redmine.pfsense.org/issues/14324
Pierre
