Country IP Block



  • Hello,

    I'm using the VK-T40E and on 2.1.5-RELEASE and would like to know how I can configure Country IP blocks to block China, Korea and various other countries attempting to connect, I would want to do this in the GUI interface a step by step guide would be highly appreciated.


  • Rebel Alliance Developer Netgate

    The "country ip blocks" package is old/outdated and should be removed. It has been replaced by pfBlocker.

    The data in both of them is quite old, however, and not very accurate. pfBlocker would be better to try, there are other threads around with how-tos for setting that up.



  • We actually had to remove pfBlocker from our 2.1.5 install as for some reason it started blocking all outbound traffic from our Lan. I'm not sure if pfBlocker has a bug with the latest version of pfsense.

    Paul.



  • Hello jimp, first of all thanks for your response, would you happen to know if there actually is a bug in this version of pfBlocker as ukhost4u has stated ?

    Thanks very much


  • Rebel Alliance Developer Netgate

    I'm not aware of any bug like that. It may be possible to accidentally set pfBlocker to have more list items than your firewall is configured to allow, which would result in a failed ruleset load, but that can be fixed by increasing the allowed number of table entries under System > Advanced on the Firewall tab.



  • It might also be possible that all of the countries were selected in each of the continent tabs and deny both or deny outbound was selected as the action to enforce.


  • Moderator

    By any chance are you guys using pfBlocker with Squid as a proxy?

    Some of the Block Lists can contain 127.0.0.1 which can cause issues.



  • I am not utilizing Squid.  I am utilizing pfBlocker with action alias only and creating firewall rules on interfaces as needed.  I have not had any issues outside of the maximum table entries issue mentioned earlier in the thread which I was able to adjust and then all loaded appropriately.



  • Thank you all I found this an easy tutorial to initially setup and served my purpose for the "top spammers"

    Youtube Video



  • pfblock is working fine, on the new release,
    this how to configure it
    https://doc.pfsense.org/index.php/Pfblocker


Log in to reply