Country Block
-
So far seems to be working good. Also thanks for the whitelist feature. That really helps me a lot.
One other thing or request if you ever get free time to do so, I was wondering if you could make a log section that would either dump to the firewall log or maybe just within the package itself that would show the IP's that are being blocking by specificly the Country Block package?
Currently I don't believe the blocks show up in the firewall logs for either a block or whitelist pass.
Then down the road maybe the logging could generate reports on the CIDRS and pin-point a list of attacks and blocks from the countries and the IP's they belong to.
Thanks for all your hard work on this package. As far as running the IP-Block and Country Block together, all seems to work well.
Again Thanks,
Matt
-
That actually sounds like a good idea. I will start work immediately.
-
Excellent work Tom, this package is wonderfull, but sometimes when I've forbidden countries like Pakistan my access was stopped (I live in France), but it's not a problem at the moment.
The idea to see with the firewall log the country where is situated the IP is wonderfull and with this your package will be perfect :P
Thanks again Tom !
-
First off, thank you for creating this package. It is very helpful to me in dealing with the worst spam offenders.
That said, I have noticed a few typos in the country names, and a few missing countries (unless I have missed something myself). This list is probably not complete, but they are the most recent examples that come to mind for me.
Typos:
Burkia Faso –> Burkina Faso
Argentia --> ArgentinaMissing countries:
Montenegro
IndiaAgain, thank you for creating this!
-
HoTWiReZ
WOW and I mean 01010111 01001111 01010111
tommyboy180, you be the man…
-
Tommyboy, this is one of the most useful packages I have installed so far. You sir, have made my life worth living again. :)
Although, I really hate the idea that someday these type of blocks will become more common where we just get sick of countries who have such a high fraud profile that we simply block the entire country, I have to admit that since I never to ANY business with about 90% of them that I don't feel bad about personally blocking them. I can, however, imagine a world of elitists where we block internet traffic from the majority of the developing world due to endless waves of spam and sniffing.
I guess the burden of this future will be more in the hands of those who prosecute the developing world's abuses rather than those who defend their equipment against it.
-
Tommyboy, this is one of the most useful packages I have installed so far. You sir, have made my life worth living again. :)
Although, I really hate the idea that someday these type of blocks will become more common where we just get sick of countries who have such a high fraud profile that we simply block the entire country, I have to admit that since I never to ANY business with about 90% of them that I don't feel bad about personally blocking them. I can, however, imagine a world of elitists where we block internet traffic from the majority of the developing world due to endless waves of spam and sniffing.
I guess the burden of this future will be more in the hands of those who prosecute the developing world's abuses rather than those who defend their equipment against it.
Thank you.
You are right. Unfortunately, I don't feel bad. A country constantly scanning me or sending SPAM needs to be blocked on my network. I don't want them looking at my website, searching for vulnerabilities, or constantly trying to brute force my SSH server. I made it easy for me and those who get frustrated with trying to minimize the damage caused by these countries. Blocking the entire country could affect them, but I don't see how. If you did business with that country then you wouldn't block them but if you have no business then no harm done.
Maybe more tools like this will cause countries to enforce laws more in the future. Who knows… -
I run my own postfix mail server. Probably 80% of the spam comes from russia, china, korea or japan. I get no legitimate mail from anyone in those countries. So, I will be installing this ASAP :)
-
Thank you.
You are right. Unfortunately, I don't feel bad. A country constantly scanning me or sending SPAM needs to be blocked on my network. I don't want them looking at my website, searching for vulnerabilities, or constantly trying to brute force my SSH server. I made it easy for me and those who get frustrated with trying to minimize the damage caused by these countries. Blocking the entire country could affect them, but I don't see how. If you did business with that country then you wouldn't block them but if you have no business then no harm done.
Maybe more tools like this will cause countries to enforce laws more in the future. Who knows…Where feasible, it's sensible security policy regardless of where you are in the world - if you don't have to allow something, don't allow it. Many companies do no business outside of their own country or a select few countries, so why allow the entire Internet? As useful as it is for those in this thread, who look to be largely in the US, it's just as useful to those in countries some US companies may want to block. Abuse isn't limited to any particular country, it comes from all over. A Russian company that does no business in the US could drop off their spam and hack attempts considerably by blocking the US, where it's sensible for some US companies to do the opposite. The same way those of us in the US see all these attacks from Russia, China, India, Nigeria, and elsewhere, people in those countries see just as much abuse from hosts in the US and see it the same way in the same circumstances - unnecessary traffic that can be blocked entirely. This isn't limited to any country, and isn't that much about enforcing sensible policies on Internet users. That's largely done in the US, but a large portion of the spam and hack attempts we see come from the US.
Keep in mind this can help a lot, but if you're being specifically targeted, may not provide the level of assurance you think it does. Every country has plenty of compromised hosts, or hosts that can be compromised, to use to launch attacks. It's a good measure to drop off things you know have no place being on your network, but still leaves plenty of exposure.
-
to th enewbie guy, country block in the 1.23 packages not installed (if you're using 1.2.3 pfsense release).
-
I'm having trouble with this package. After I click save, it says "Current status = Running". But a few minutes later it will stop running. Any ideas on how to debug this?
FYI, I only have the "Top Spammers" checked.
-
I'm having trouble with this package. After I click save, it says "Current status = Running". But a few minutes later it will stop running. Any ideas on how to debug this?
FYI, I only have the "Top Spammers" checked.
Are you making changes to firewall settings? Please read the FAQ on the first post.
-
No, this happens without making any firewall changes.
-
No, this happens without making any firewall changes.
To help you better I need more info.
Version of pfsense:
packages installed:
How you applying the package:
After it's running, when do you notice it's not: -
I'm using pfsense 1.2.3.
I installed the package with the web interface. When configuring it, I click enable, commit, and save. However, usually after clicking commit, it disables the Enable checkbox. So it's more like enable, commit, enable, save.
I notice it's not running after waiting a few minutes then going back to the Country Block configuration page.
# pkg_info arc-5.21o_1 Create & extract files from DOS .ARC files arj-3.10.22_1 Open-source ARJ arj-3.10.22_3 Open-source ARJ bandwidthd-2.0.1_1 Tracks bandwidth usage by IP address clamav-0.96.1 Command line virus scanner written entirely in C cyrus-sasl-2.1.22_1 RFC 2222 SASL (Simple Authentication and Security Layer) cyrus-sasl-2.1.23 RFC 2222 SASL (Simple Authentication and Security Layer) denyhosts-2.5 Script to thwart ssh attacks gd-2.0.35,1 A graphics library for fast creation of images gdbm-1.8.3_3 The GNU database manager havp-0.91_1 HTTP Antivirus Proxy jpeg-6b_4 IJG's jpeg compression utilities lha-1.14i_6 Archive files using LZSS and Huffman compression (.lzh file libiconv-1.11_1 A character set conversion library lightsquid-1.7.1_1 A light and fast web based squid proxy traffic analyser mysql-client-5.1.44_1 Multithreaded SQL database (client) ntop-3.3.8 Network monitoring tool with command line and web interface openldap-client-2.4.10 Open source LDAP client implementation openldap-client-2.4.11 Open source LDAP client implementation openldap-client-2.4.22 Open source LDAP client implementation p5-GD-2.39 A perl5 interface to Gd Graphics Library version2 pcre-7.9 Perl Compatible Regular Expressions library pcre-8.00 Perl Compatible Regular Expressions library pcre-8.02 Perl Compatible Regular Expressions library perl-5.10.1 Practical Extraction and Report Language perl-5.10.1_1 Practical Extraction and Report Language perl-5.8.8_1 Practical Extraction and Report Language perl-5.8.9_3 Practical Extraction and Report Language python24-2.4.3_3 An interpreted object-oriented programming language snort-2.8.6_1 Lightweight network intrusion detection system squid-2.7.9 HTTP Caching Proxy squid_radius_auth-1.10 RADIUS authenticator for squid proxy 2.5 and later stunnel-4.25 SSL encryption wrapper for standard network daemons unzoo-4.4_2 A zoo archive extractor
From the web interface: Country Block Dashboard Dashboard Widget: Antivirus Status Dashboard Widget: HAVP Dashboard Widget: Snort HAVP antivirus Lightsquid OpenVPN Status bandwidthd ntop snort squid stunnel
All the latest versions except squid, which looks like it was updated today.
-
Something is regenerating your firewall settings I think. Every time rules.debug is run your country block package stops running. I have been running country block for a month now without errors or interruption.
Start to eliminate variables. Disable packages and services and start to narrow it down. If you want to help me get to the bottom of this now email me your config and I can probably give you an answer within the hour.
-
Ok I'll start disabling packages and see what happens. If I can't figure it out I'll send you my config.
-
I disabled everything I could and no luck. What sections of the config should I send you?
Thanks for offering to look at it for me.
-
If you don't mind just send me the entire config.
-
That's fine. Just got to edit the config. I'll send it to you in a sec.
Edit: Sent. Thanks!