Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Strange GEO Blocking Issue - PFBlockerNG

    Scheduled Pinned Locked Moved Firewalling
    4 Posts 3 Posters 154 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      scharbag
      last edited by

      So, I just started to have issues with GeoBlocking with PFBlockerNG using the Top Spammers list.

      e31f9da7-1b10-40a3-9cf1-675ef1b8bf15-image.png

      It seems to clearly show that the address being blocked is from Canada... After going through each country one by one, I figured out that it is this entry that is causing the issue:

      f1576c9c-6ad7-4d14-ae70-abcef92b48f9-image.png

      As soon as I enable this country to be blocked, my system starts blocking my Docker VPN connection (Nord) and shows it in the report as being from Canada... This is really odd, and quite confusing.

      Anyway, any chance anyone knows what I am doing wrong here? Am I doing something wrong here?

      Thanks for any help you can give.

      Cheers,

      S 1 Reply Last reply Reply Quote 0
      • bmeeksB
        bmeeks
        last edited by

        This is one of the issues with Geoblocking. The lists are not always accurate. IPv4 address space is like gold, so if a company has a wee bit extra they are eager to sell it as the price they can command is attractively high. This generates quite a bit of "churn" in the IPv4 marketplace as IPv4 subnets are bought, sold, and traded around the globe.

        The poor third-party IPv4 geolocation databases have a hard time keeping up with the changes. Thus they might report an IPv4 address block's location incorrectly for some period of time. After all, maybe last week it really was in Canada but this week it's been sold and is in use somewhere else in the world.

        1 Reply Last reply Reply Quote 1
        • S
          SteveITS Galactic Empire @scharbag
          last edited by

          @scharbag See if you have deduplication checked and if so uncheck it. It dedupes across lists so might yield unexpected results.

          IIRC the Top Spammer list, despite the name, is just entire countries. “Rep” I think is things like military bases and embassies so it might actually be in Canada.

          Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
          When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
          Upvote 👍 helpful posts!

          S 1 Reply Last reply Reply Quote 0
          • S
            scharbag @SteveITS
            last edited by

            @SteveITS
            Still odd that it seems to KNOW it is in Canada and I did not see the IP range that was being blocked in the list...

            Oh well, it is working so that is good.

            Cheers,

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.