pfBlockerNG blocks Greek IPs from StarLink as IP located in North America

manval

I have a customer in Greece which use Starlink. The IP address of the internet connection is 129.222.69.121. This IP is registered to Greece, https://ipinfo.io/129.222.69.121.
Maxmind has also registered this IP to Greece, as you can see from my screenshot:

pfSense also has this IP in Greece in it's logs:

But pfSense firewall blocks this IP as an N.America IP.

Why this happens?

johnpoz

@manval what is the actual rule? If its bang (!) rule it would block anything that is not from NA.

Can you post a screenshot of the rule on the firewall.

manval

Correct, it blocks all N.American IPs. See the screenshot from pfBlogerNG > IP > GeoIP > North America.

But 129.222.69.121 is Greek IP (Europe). And IPs from Greece is permitted.

Why pfSense blocks this IP as N.America IP?

johnpoz

@manval the only thing I see allowed is your whitelist alias.

Why are you trying to block the world? Just allow what you want, if its not allowed then its blocked by default deny.

Look in your pfb_NA alias in the table.

I don't see that IP in my NA table.

manval

Yes, I want to block worldwide except Greece and Germany.

Why do you have 180,109 records in your NA Table? My NA Table only has 28,503 records

129.222.69.121 is not in my NA Table either!

I checked all the tables and I didn't find this IP. !

Which version of pfBlockerNG are you using?

michmoor

@manval said in pfBlockerNG blocks Greek IPs from StarLink as IP located in North America:

Yes, I want to block worldwide except Greece and Germany.

So why not just create an Alias that permits only Greece and Germany?

johnpoz

@manval said in pfBlockerNG blocks Greek IPs from StarLink as IP located in North America:

My NA Table only has 28,503 records

Did you go in and alter the NA list. You clearly have edited your EU one.

I'm on

And as @michmoor mentioned if you only want Greece and DE then just either allow those 2 individually or create a alias that just has those 2 in them.. So for example - For my plex server I only allow US and Belgium

But yeah its odd that you don't show it in your table - but that is what is shown triggering.. Not sure how that could happen.

I would prob update to latest Dev version.. Since I know there was some changes done at some point not that far back that changed where the geoip was pulled? I pretty sure something about using ip info or something site.

I don't use any auto rules - I just use pfblocker to create native aliases and then use those. Not saying auto rules are not fine, I am just not a fan of any sort of auto anything in firewall rules, other than updating say a fqdn to a IP or via an alias I created.

manval

@johnpoz said in pfBlockerNG blocks Greek IPs from StarLink as IP located in North America:

Did you go in and alter the NA list. You clearly have edited your EU one.

I haven't manually edited any lists. I don't know how to do that.

I have an other pfSense firewall with pfBlockerNG 3.2.0_8 and the NA Table has 229,142 records including 129.222.69.0/24

I think is something going wrong with my setup. I will try to delete pfBlockerNG 3.2.0_8 and add pfBlockerNG_devel.

I have configured many other pfsense the same way (using automatic rules from GEO IP) and never had a similar problem.