Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pfBlocker configuration for MaxMind GeoIP

    Scheduled Pinned Locked Moved pfBlockerNG
    2 Posts 2 Posters 299 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      Jabiru
      last edited by

      I seem to be havng trouble correctly configuring pfBlocker for access to MaxMind GeoIP downloads.

      I have been successfuly using MaxMind GeoIP GeoLite2 Country CSV for some time using pfBlockerNG-devel. I am now on pfsense 2.7.2 (with all patches applied) and pfblocker v3.2.0_20. My last successful automated Maxmind GEOIP download with pfBlocker was Aug 26 2024. Since then I have been getting automated download failures. It is uncler to me if I inadvertently changed something in pfblocker or something happened on the other end.

      I can successfully access my MaxMind account and can manually download the DB from a web browser, so I know it's not something on the MaxMind side, so it must be in pfBlocker.

      I am getting an "authorization" error in the update log:

      [ MaxMind_GeoLite2_Country_CSV_v4 ] Downloading update [ 01/6/25 08:15:46 ] .. 401 Unauthorized

      [ pfB_PRI3_v4 - MaxMind_GeoLite2_Country_CSV_v4 ] Download FAIL [ 01/6/25 08:15:47 ]

      DNSBL, Firewall, and IDS (Legacy mode only) are not blocking download.

      The Following List has been REMOVED [MaxMind_GeoLite2_Country_CSV_v4 ]

      I have verified both my account ID and my MaxMind Key
      being valid in the pfBlocker IP/IPv4MaxMind GeoIP configuration.

      The rule is carried under "{PRI3 - Collection of Feeds from
      Tertiary Tier providers" and the settings are: Format: Auto,
      State: On, Source: https://download.maxmind.com/geoip/databases/GeoLite2-Country-CSV/download?suffix=zip,
      Header: MaxMind_GeoLite2_Country_CSV.

      The action setting is set to "Deny Inbound", but I've tried
      "Deny Both" and neither one seems to affect the outcome.

      Should this be set to a different setting?

      Does anyone have any idea of why this is happening and a solution?

      Thanks ahead of time,

      Jabiru

      GertjanG 1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan @Jabiru
        last edited by Gertjan

        @Jabiru

        Be aware that this exists : Update Frequency of GeoIP do you can't update their lists xx hours, you will be punished (== blocked). As most lists don't even change each week, a weekly update is more then enough.

        Also, visit the https://www.maxmind.com/en/account/sign-in and check your account. Didn't they change something last year, so you had to 'redo' ( ? ) your registration (get new codes etc - can't recall )

        edit : this :

        @Jabiru said in pfBlocker configuration for MaxMind GeoIP:

        401 Unauthorized

        smells like a account problem.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.