Block all of China!!??



  • Anyone know of an easy way to block all the IPs listed here? We would also like to block some other countries as well. It would be nice to easily add all of these to an alias without having to type them all in one-by-one. Any ideas? Thanks


  • Banned

    It would be a nice feature, to be able to select IP blocking by country…. Thereby taking the top off all of the spoofing, DoS asf......



  • @Supermule:

    It would be a nice feature, to be able to select IP blocking by country…. Thereby taking the top off all of the spoofing, DoS asf......

    For my pbx in a flash box, I found a package someone had called ip country - which has IP ranges by country code.  I didn't use it for that (blocking SIP calls inbound), but rather for my postfix smtp server config (to block various countries.)  The list is in a mysql table by address range (rather than netblock) so you can do a query like "ip >= X && ip <= Y".  Not sure how useful for a firewall, for dynamically looking up stuff, but maybe for generating the initial tables?



  • Anyone know if the Aliases are stored in some plain text file that could be modified without breaking anything?



  • @jjj

    Where do you get this http://okean.com/sinokoreacidr.txt  ?

    Also, how to know that there are china,korea etc that access the pf box?

    jigp



  • @jipg

    Google it….

    I know because we log the source IP of the attacks. They are mostly registered in China says whois.



  • @jjj

    I mean how to log them or how to monitor the logs at the webgui? Ive checked features of webgui but nothing there. Firewall logs are stated just "X" …



  • The logs are not in pfSense, they're in our application.

    As for finding events in the pfSense log… go into any Firewall Rule, tic "Log packets that are handled by this rule", then go into Status > System Logs > Firewall.

    If you have shell access, they're also located in /var/log/filter.log, etc....



  • Thanks jjj - i dont see any intruders /var/log/filter.log :)
    I noticed that i disabled the firewall default rule :)
    you should try to disable too maybe it can help :)

    jigp


Log in to reply