Country Block
-
Use Firefox to see it.
-
I was about to kick myself in the head because I have become so accustomed to chrome and I forget I am using it. However, firefox yields the same results for me.
-
Are you rendering the page in FF or IE??
-
Ok this really goes in the DUR department. Refreshing the page works wonders lol. In both ff and chrome.
-
DUR?? Forgive for not beeing native to the lanquage ;)
Ok this really goes in the DUR department. Refreshing the page works wonders lol. In both ff and chrome.
-
not working on pfsense 2.0,.. can you please check? ???
-
I can't think of a reason why it wouldn't work, but then again I never bothered to test on 2.0 beta. Hopefully I will find sometime in the next couple of days to check it out.
I do need this package to work on 2.0 so I will get it working shortly.
-
Thanks Tomy :)
-
Really good package Tommy, thanks for your help.
-
I am currently running 1.2.3-RELEASE and thanks on the post with information on BlackBerry. I was able to find the CIDR range our BB are using for service. The only thing I am still trying to figure out is how to block the rest of the Country without manually creating an ALIAS list of CANADA IP's? I noticed that the texted is correct under the package interface when making a change to the firewall, that you must save/update the Country Block package to get it running again everytime you make a firewall change. Country Block itself seems to run good without the help of cron. What I think would be neat is to be able to do a block all country and then input an unblock CIDR option under the selected country, that way the whole country would be blocked other than a specified CIDR or list of CIDR's and ranges. Something else I think would be cool is having a log or barnyard dump of data so you can see statistics on blocked country IP's and where the major attacks and brech attempts are comning from.
The package itself is very cool and in early development, but yet is is so effective. I would love to see the Country Block package become a standard integrated part of the pfsense install along with a few other packages such as IP Block, SNORT, Deep Packet Inspection, and E-mail filtering forwarder.
Thanks for all the support and help on this package.
Matt
-
Why don't you locate the store for the canadian IPs on your local file system and remove the IP range in question?
-
g4m3c4ck
Not sure how to go about doing this? ???
Thanks,
Matt
-
Could it be setup so that those rules were applied at the end so that any allows above it in the firewall rules would allow the traffic. I am ssuming 2 things of course. 1. That the rules apply top down… 2. That the package can be configured as such.
Great package when I learned a couple of painful lessons.... ;D
-
g4m3c4ck
Not sure how to go about doing this? ???
Thanks,
Matt
Right now there is no really decent way to remove IPs from the countryblock table. I will have to make a whitelist addon for the package. Hopefully I can sit down and do that soon. I just haven't had the time.
-
This package has singlehandedly cut down 99,9% of all attemps to hack my SQL databases…. Now I just need the IE fix. Then I will have to promote Tommy to a godlike status.....:D
Thx buddy. This is absolutely one of the best features of PFSense !!
-
The hard way of solving your problem would be to ssh into your router or manually go to the computer and goto shell.
cd /usr/local/www/packages/countryblock/lists
cp countries.txt countries.txt.bak
nano countries.txt
then find the ip range in question and remove
Keep in mind changes in the country block package will revert these steps.
-
Encountered an error in the system logs:
php: /packages/countryblock/countryblock.php: The command 'sh execute.sh' returned exit code '2', the output was '0 table deleted. export: 4: bad variable name'
Country Block keeps on saying "Current Status = NOT running", pkg reinstall didnt do the trick.
(pfSense 2.0-BETA3 built on Fri Jun 25 16:38:53 EDT 2010) -
Is this in Firefox or IE?
Encountered an error in the system logs:
php: /packages/countryblock/countryblock.php: The command 'sh execute.sh' returned exit code '2', the output was '0 table deleted. export: 4: bad variable name'
Country Block keeps on saying "Current Status = NOT running", pkg reinstall didnt do the trick.
(pfSense 2.0-BETA3 built on Fri Jun 25 16:38:53 EDT 2010) -
Firefox.
-
Are you running any other packages on the box?
-
RRD Summary and snort
-
Make a backup and then uninstall Snort. Test again.
-
after deleting snort and reinstalling country block more errors:
Jun 27 20:10:42 php: /packages/countryblock/countryblock.php: The command 'sh execute.sh' returned exit code '2', the output was '0 table deleted. export: 4: bad variable name'
Jun 27 20:09:04 php: /packages/countryblock/countryblock.php: The command 'rm errorOUT.txt' returned exit code '1', the output was 'rm: errorOUT.txt: No such file or directory'
Jun 27 20:09:04 php: /packages/countryblock/countryblock.php: The command 'rm -R /usr/local/www/packages/countryblock/lists' returned exit code '1', the output was 'rm: /usr/local/www/packages/countryblock/lists: No such file or directory'
Jun 27 20:08:58 php: /packages/countryblock/countryblock.php: The command 'rm errorOUT.txt' returned exit code '1', the output was 'rm: errorOUT.txt: No such file or directory'
Jun 27 20:08:58 php: /packages/countryblock/countryblock.php: The command 'rm -R /usr/local/www/packages/countryblock/lists' returned exit code '1', the output was 'rm: /usr/local/www/packages/countryblock/lists: No such file or directory'
Jun 27 20:07:53 php: /pkg_mgr_install.php: Beginning package installation for Country Block. -
Can you make a clean install of PFsense and try again??? Just to exclude a corrupted install….
-
Now that you mentioned it, I did a fresh install a few hours ago, BUT I used an old config file from BETA-1 release so this could be the issue. I will reinstall tommorow and try country block before restoring the old config file again.
-
;)
-
Tommy - Get your butt moving man. We need to be able to edit the block lists. I know your just slacking at home. :o
-
lol. I know. It's hard to find time to sit down and get it done when I have other projects that require my attention. I'll sit down tonight and make some progress. Thanks for the motivation.
-
You know it browski. I really have to wonder if the tree raddled your brains. :o
-
after deleting snort and reinstalling country block more errors:
Jun 27 20:10:42 php: /packages/countryblock/countryblock.php: The command 'sh execute.sh' returned exit code '2', the output was '0 table deleted. export: 4: bad variable name'
Jun 27 20:09:04 php: /packages/countryblock/countryblock.php: The command 'rm errorOUT.txt' returned exit code '1', the output was 'rm: errorOUT.txt: No such file or directory'
Jun 27 20:09:04 php: /packages/countryblock/countryblock.php: The command 'rm -R /usr/local/www/packages/countryblock/lists' returned exit code '1', the output was 'rm: /usr/local/www/packages/countryblock/lists: No such file or directory'
Jun 27 20:08:58 php: /packages/countryblock/countryblock.php: The command 'rm errorOUT.txt' returned exit code '1', the output was 'rm: errorOUT.txt: No such file or directory'
Jun 27 20:08:58 php: /packages/countryblock/countryblock.php: The command 'rm -R /usr/local/www/packages/countryblock/lists' returned exit code '1', the output was 'rm: /usr/local/www/packages/countryblock/lists: No such file or directory'
Jun 27 20:07:53 php: /pkg_mgr_install.php: Beginning package installation for Country Block.New install on updated v 2.0 gives same result as seen by Novak. Reinstalled as check against bad install but no go…
-
after deleting snort and reinstalling country block more errors:
Jun 27 20:10:42 php: /packages/countryblock/countryblock.php: The command 'sh execute.sh' returned exit code '2', the output was '0 table deleted. export: 4: bad variable name'
Jun 27 20:09:04 php: /packages/countryblock/countryblock.php: The command 'rm errorOUT.txt' returned exit code '1', the output was 'rm: errorOUT.txt: No such file or directory'
Jun 27 20:09:04 php: /packages/countryblock/countryblock.php: The command 'rm -R /usr/local/www/packages/countryblock/lists' returned exit code '1', the output was 'rm: /usr/local/www/packages/countryblock/lists: No such file or directory'
Jun 27 20:08:58 php: /packages/countryblock/countryblock.php: The command 'rm errorOUT.txt' returned exit code '1', the output was 'rm: errorOUT.txt: No such file or directory'
Jun 27 20:08:58 php: /packages/countryblock/countryblock.php: The command 'rm -R /usr/local/www/packages/countryblock/lists' returned exit code '1', the output was 'rm: /usr/local/www/packages/countryblock/lists: No such file or directory'
Jun 27 20:07:53 php: /pkg_mgr_install.php: Beginning package installation for Country Block.New install on updated v 2.0 gives same result as seen by Novak. Reinstalled as check against bad install but no go…
I have the same problem!! :(
-
Nice package and great addition to pfSense!
I did have some trouble with the package starting, and after a little research found the problem in execute.sh:
This line:
export t=`grep -n 'User Aliases' /tmp/rules.debug |grep -o '[0-9]'`
I changed to:
export t=`grep -n 'User Aliases' /tmp/rules.debug |grep -o '[0-9]\{1,2\}'`
The service would fail to start otherwise. Running execute.sh (/usr/local/etc/rc.d/countryblock.sh) manually from CLI produced the error:
export: 0: bad variable name
and that's because the line number is actually 10 in my /tmp/rules.debug, but due to the regular expression grep was returning 1\n0 (one newline zero), so $t was being assigned "0" instead of "10."
EDIT: Are my changes to execute.sh persistent? Eg, if I reboot will I need to edit again?
On another note the countryipblock.net web site states that no automated process may be used to download the list and may not be redistributed. (see Policies Affecting Access and Use of the Website and Database) Not that it's really any of my business and I am not affiliated with countryipblocks.net, but I thought I would mention it since it's not exactly visible on the web site unless you look for it. I don't know if this affects the package or not. (I hope not!)
Anyway, thanks Tom for this awesome package!
-Rich
- 7 days later
-
Nice package and great addition to pfSense!
I did have some trouble with the package starting, and after a little research found the problem in execute.sh:
This line:
Code:
export t=grep -n 'User Aliases' /tmp/rules.debug |grep -o '[0-9]'
I changed to:
Code:
export t=grep -n 'User Aliases' /tmp/rules.debug |grep -o '[0-9]\{1,2\}'
The service would fail to start otherwise. Running execute.sh (/usr/local/etc/rc.d/countryblock.sh) manually from CLI produced the error:
Code:
export: 0: bad variable nameand that's because the line number is actually 10 in my /tmp/rules.debug, but due to the regular expression grep was returning 1\n0 (one newline zero), so $t was being assigned "0" instead of "10."
EDIT: Are my changes to execute.sh persistent? Eg, if I reboot will I need to edit again?
On another note the countryipblock.net web site states that no automated process may be used to download the list and may not be redistributed. (see Policies Affecting Access and Use of the Website and Database) Not that it's really any of my business and I am not affiliated with countryipblocks.net, but I thought I would mention it since it's not exactly visible on the web site unless you look for it. I don't know if this affects the package or not. (I hope not!)
Anyway, thanks Tom for this awesome package!
-Rich
I had the same issue as netritious and his fix worked for me.
-
Same issue as as motersho and netritious, the grep rewrite fixed me as well.
VERY grateful. You got me past a head banging problem.
NV
-
Nice package and great addition to pfSense!
I did have some trouble with the package starting, and after a little research found the problem in execute.sh:
This line:
export t=`grep -n 'User Aliases' /tmp/rules.debug |grep -o '[0-9]'`
I changed to:
export t=`grep -n 'User Aliases' /tmp/rules.debug |grep -o '[0-9]\{1,2\}'`
The service would fail to start otherwise. Running execute.sh (/usr/local/etc/rc.d/countryblock.sh) manually from CLI produced the error:
export: 0: bad variable name
and that's because the line number is actually 10 in my /tmp/rules.debug, but due to the regular expression grep was returning 1\n0 (one newline zero), so $t was being assigned "0" instead of "10."
EDIT: Are my changes to execute.sh persistent? Eg, if I reboot will I need to edit again?
On another note the countryipblock.net web site states that no automated process may be used to download the list and may not be redistributed. (see Policies Affecting Access and Use of the Website and Database) Not that it's really any of my business and I am not affiliated with countryipblocks.net, but I thought I would mention it since it's not exactly visible on the web site unless you look for it. I don't know if this affects the package or not. (I hope not!)
Anyway, thanks Tom for this awesome package!
-Rich
Excellent! I have been working on some fixes and you have saved me some time. This will be in my next commit. Your changes to the script will be persistent.
Thank you for pointing out the notice that I was not aware of. I will do some work in the next couple of days (hopefully) and make this package independent.
Thanks Rich!
- 7 days later
-
New Version released. Version 1.3 is out!
Fixed GUI menu tile images
Working on pfsense BETA 2 x86 and x64 now
Fixed a rare glitch - Thank you netritious!
Added a whitelist feature
also removed 'bogon' from the list to prevent this ->http://forum.pfsense.org/index.php/topic,26226.0.html from happeningThanks for your support all.
-
/tmp/rules.debug:117: cannot load "/usr/local/www/packages/countryblock/countries-white.txt": No such file or directory
I get this after update….
-
Whitelist.php not found….. Who the hell has fucked up this package??? GRRRRRRRRRRRR!!!!#¤%&
-
Hey Supermule,
I think you grabbed the update a little to fast. When I updated the package two files were not uploaded right away. Completely uninstall the package and re-install it for me please.I think you will be pleased.
-
Looking great tommyboy180!
ty :)