Country IP Blocks Network Aggregation Beta
-
Greetings from Country IP Blocks
Country IP Blocks is beta testing our latest IPv4 Network Aggregation scripts. We would like to have some pfSense users test the scripts and give us feedback.
The current beta scripts aggregate networks in IP Range and PG2 format and will be available for the next few days.
Both scripts allow you to select from a list of nearly 250 countries (also includes bogon IPs) and aggregate the result. In some cases aggregation can reduce the size of your ACLs by nearly 90%. As an example, as of 1/2/2012 there are 46,805 IPv4 networks in the USA and Canada. Aggregating these networks will consolidate the result to 4,767 networks.
Here are the locations of the beta versions:
PG2 Format: http://www.countryipblocks.net/country_pg2_aggregate.php
IP Range Format: http://www.countryipblocks.net/country_range_aggregate.php
These and other scripts will become available to our members in the near future.
Please do us a favor and test these scripts and let us know how well they perform.
Stewart White
Country IP Blocks -
Hi countryipblocks,
Most use of ip lists from countryipblocks sites are used in pfBlocker package in continents tabs. This PG2 list will be also available to this type of lists?
-
We will be providing the data by country, continent and RIR.
-
I'm one of pfBlocker maintainers, how can I download these continent PG2 lists?
-
If you guys need them, we will write a beta script for you to test.
-
@countryipblocks:
If you guys need them, we will write a beta script for you to test.
It will be really helpfull :)
-
As promised, Country IP Blocks has Network Aggregation Lists by Continent Available for testing. These are only available in IP range (i.e, 41.0.0.0-41.57.79.255) at the moment.
WE will make these available for testing for one week. Please provide us with some feedback. And, if you like what Country IP Blocks is doing in providing this data please make a donation. Thanks.
Here are the test lists:
Africa
Asia
Europe
North America
South America
OceaniaThese aggregations will reduce the normal lists by up to 90%.
-
These scripts are coming down on Friday. If you have any feedback please let me know.
-
Is there a Way to PfBlocker send selected countries to your site and get fetch this agregation list?
If user makes a donation or subscribe, he will be able to update continent lists everyday for example.
Just like oincmaster for snort with free and paid subscription.
-
Chris and I were discussing something like that last week.
Our plan is to offer the more advanced services for a small subscription fee. Subscribers will be able to select and automate their data. For example, if a subscriber wanted to setup an access control list of 25 countries, they could login, select the countries and those lists would auto-generate each time we updated the database. They could then access the data through a personal link.
Currently the database is updated 1-4 times daily.
-
Can you install pfBlocker on a virtual machine to see how it works?
A free subscription to a weekly list update will be Nice.
If user needs or want to get more often updates or agregated lists, they change subscribe mode.
-
Send the info to us and I will see if we can set aside some development time to do some tests.
-
PfBlocker is a add-on package to pfSense firewall that include coutryblock lists as well option to include any blacklist in CIDR or p2p format.
The lists has an update frequency that every x hours pfBlocker re-downloads it and apply new config.
The country list for now are static, downloaded during install.
The idea is to include a subscription code from countryipblocks site to enable update schedules to country lists.
A Free subscription will be nice, so this open source firewall users could still use these list and update it every week for example.
A Paid subscription could include the ability to update lists every x hour(s) or days.
Countries in pfBlocker as you can see on screenshot are organized by continent, so firewall admin can choose some countries for a specific continent and apply rules based on country lists.
The Aggregation Lists could be obtained online with a paid subscription based on a url that pfbloker sends users subscription and continent countries selected by admin.
-
This looks easy enough. I'll send Chris a message about it and get back to you.
-
@countryipblocks:
This looks easy enough. I'll send Chris a message about it and get back to you.
We would need an API where a user could pass their subscription code to authenticate the higher frequency updates.
However, in order to move away from static country ranges we would need to have subscription-less access that could be limited to 1 download per day, or every other day. Stewart, if you setup a special download link for non-subscribers that could limit downloads, that is completely separate from normal downloads, then we could prevent over usage of your site while delivering dynamic lists to pfsense users.
Let me know what you think.
-
Tom:
I think we can do it. We are giving serious thought to moving to paid subscriptions as the donations are just too infrequent. So we will need to start covering our expenses more consistently. We like you guys so we can work something out. I think we need to get an idea of the participation level of paid subscriptions. Any projections?
-
@countryipblocks:
Tom:
I think we can do it. We are giving serious thought to moving to paid subscriptions as the donations are just too infrequent. So we will need to start covering our expenses more consistently. We like you guys so we can work something out. I think we need to get an idea of the participation level of paid subscriptions. Any projections?
We know our installs are past 100,000 but out of that number it's hard to tell. I have an idea that I think can make us both happy…
We won't have pfblocker and countryblock update their lists unless you subscribe. The static list with pfblocker and countryblock isn't that old and is perfectly capable of doing what pfblocker and countrblock were designed to do. If users need/want to have up-to-date country data then they can subscribe, and enter a subscription key that will be parsed by an API you provide.
This should grow your subscriptions, along side with your donations. The other thing we can do is post a bigger link to your site within our apps. Our users know that pfsense and its interoperability comes from other people's work and want to help out.
-
This sounds like something we need to discuss more formally.
