Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Block all of China!!??

    Scheduled Pinned Locked Moved Firewalling
    9 Posts 4 Posters 6.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jjj
      last edited by

      Anyone know of an easy way to block all the IPs listed here? We would also like to block some other countries as well. It would be nice to easily add all of these to an alias without having to type them all in one-by-one. Any ideas? Thanks

      1 Reply Last reply Reply Quote 0
      • S
        Supermule Banned
        last edited by

        It would be a nice feature, to be able to select IP blocking by country…. Thereby taking the top off all of the spoofing, DoS asf......

        1 Reply Last reply Reply Quote 0
        • D
          danswartz
          last edited by

          @Supermule:

          It would be a nice feature, to be able to select IP blocking by country…. Thereby taking the top off all of the spoofing, DoS asf......

          For my pbx in a flash box, I found a package someone had called ip country - which has IP ranges by country code.  I didn't use it for that (blocking SIP calls inbound), but rather for my postfix smtp server config (to block various countries.)  The list is in a mysql table by address range (rather than netblock) so you can do a query like "ip >= X && ip <= Y".  Not sure how useful for a firewall, for dynamically looking up stuff, but maybe for generating the initial tables?

          1 Reply Last reply Reply Quote 0
          • J
            jjj
            last edited by

            Anyone know if the Aliases are stored in some plain text file that could be modified without breaking anything?

            1 Reply Last reply Reply Quote 0
            • J
              jigpe
              last edited by

              @jjj

              Where do you get this http://okean.com/sinokoreacidr.txt  ?

              Also, how to know that there are china,korea etc that access the pf box?

              jigp

              1 Reply Last reply Reply Quote 0
              • J
                jjj
                last edited by

                @jipg

                Google it….

                I know because we log the source IP of the attacks. They are mostly registered in China says whois.

                1 Reply Last reply Reply Quote 0
                • J
                  jigpe
                  last edited by

                  @jjj

                  I mean how to log them or how to monitor the logs at the webgui? Ive checked features of webgui but nothing there. Firewall logs are stated just "X" …

                  1 Reply Last reply Reply Quote 0
                  • J
                    jjj
                    last edited by

                    The logs are not in pfSense, they're in our application.

                    As for finding events in the pfSense log… go into any Firewall Rule, tic "Log packets that are handled by this rule", then go into Status > System Logs > Firewall.

                    If you have shell access, they're also located in /var/log/filter.log, etc....

                    1 Reply Last reply Reply Quote 0
                    • J
                      jigpe
                      last edited by

                      Thanks jjj - i dont see any intruders /var/log/filter.log :)
                      I noticed that i disabled the firewall default rule :)
                      you should try to disable too maybe it can help :)

                      jigp

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.