Country Block
-
With CountryBlock you can block any country you want at the Firewall level. You can optionally block access to as well as access from.
Info:
This package uses pf (pfctl) to block country CIDR ranges pulled from http://www.countryipblocks.net/. Each CIDR range is added to a list and processed as a pf table. The table will automatically be added to your Firewall in the background. By default all traffic originating from your selected countries will be blocked. You can can also block access to these countries.
Tested on 1.2.2, 1.2.3, and 2.0 with FF and Chome. IE not supported.Version:
2.4Version Highlights:
Blocked countries are applied on start-up
cron job compatible
Option to log attempts
Option to block or allow outbound access
Select all countries checkbox
Option to specif interfaces
Total number of blocked networks is reported
Whitelist CIDR rangeLimits:
IE does not work with this package.How to:
1. First select the countries you want to block and if you want to block outbound access or log attempts as well.
2. Press "Commit Countries"
3. Enable the package and press "Save/Update"FAQ:
Q: How do I know if the list got applied?
A: The package web interface will display the current status.Q: I have the "Enable" check box checked but I don't think its blocking any Countries.
A: Any Errors will be at the bottom of the page when you press Save/UpdateQ: I just want to block countries that SPAM the most.
A: The first list includes the Top SPAM'ing countries.Q: How do I update the countries?
A: Press "Save/Update" - keep in mind that countries ranges RARELY change, therefore updating is not necessary.Q: I think I can improve your package or add features, how can I help?
A: Send me a PMFor troubleshooting see: http://forum.pfsense.org/index.php/topic,25732.msg166474.html#msg166474
-
That is just SO nice!!!!
Thx Tom for all your hard work and dedication to PFSense and making it a lot easier to be an network admin!! :)
Keep up the good work….. If yhou end up in Denmark by mistake some day, give me a call.....I would be happy to sponsor a shitload of beer.....:D
-
Wow Tom exactly what pfsense needs!
-
Will there be a way to only ALLOW certain countries and deny all others?
-
Will there be a way to only ALLOW certain countries and deny all others?
I will add a 'check all box' that way you can check all countries and remove the ones you want to allow.
-
great! any eta on a release?
-
Soon. (Less than 2 days)
I have a stable working version that I am testing now.
-
great package idea!
-
Has the package been made available for PFsense users via the webgui for install??
-
an info, for pfsense 2.0? when can we DL?
-
will this run on 2.0 beta? can i block all countries except the US without running into performance/memory issues running an ALIX board?
-
Forget I said anything….. ::) :D Mixed up the DNS Blacklist package with the Countryblock package.......
will this run on 2.0 beta? can i block all countries except the US without running into performance/memory issues running an ALIX board?
-
Use the whitelist feature instead ;)
will this run on 2.0 beta? can i block all countries except the US without running into performance/memory issues running an ALIX board?
Im new with pfsense. Is whitelist a feature in country block? I have not installed it yet since I am on 2.0 beta and wasnt sure if it will work.
-
will this run on 2.0 beta? can i block all countries except the US without running into performance/memory issues running an ALIX board?
If you are running embedded you may; by that I mean I don't test on embedded if that is what you run. As far as ALIX goes you should have almost 0 performance interference from this package.
This will run on 2.0, 32bit and 64bit. Hopefully a package commit will be completed here soon.
-
So a new guy question, where do i go to install it. I dont see it in my 1.2.3 package list.
-
Countryblock is now a package!
-
running V123 don't see it in the list.
I have lusca cache installed Is that Why Maybe? -
I see it in the list…..running 1.2.3. Is there a way to make it keep running even if states and rules change??? Something like a Fire and Forget missile??? :D
That would be good.....:)
-
When a firewall rule change is made, /tmp/rules.debug is re-generated. The problem is that /tmp/rules.debug isn't written to, its generated. To overcome this my two firewall packages inject the tables and rules into the file and then apply without regenerating.
If I were to make it so you can fire and forget then I would have to make significant pfsense system changes which would do more harm then good, especially if something were to go wrong.
What's nice is that it runs on start-up if enabled. With that being said, you can create a cron job to execute the package every hour, or five mins. This would be an easy and safe way of ensuring its running all the time.
-
This package sounds sweet!!! Do you have maybe a writeup on creating the cron job to start the package every hour?