pfSense Support Subscription

Author Topic: IP Country Block {Now $150}  (Read 11333 times)

0 Members and 1 Guest are viewing this topic.

Offline Farsheed

  • Newbie
  • *
  • Posts: 10
    • View Profile
IP Country Block {Now $150}
« on: June 02, 2009, 02:42:22 am »
One very helpful feature will be to create firewall rules based on a country's IP address. I am currently using aliases to do this but this is a tedious work specially since there is a limit in the number entries in an alias. So if someone can create a module for this I am willing to put $100 into it. I imagine the UI would have a drop down option to pick a country. It would be great for the list of IPs to be editable so it can be updated if needed. I currently use the following website http://www.countryIPblocks.net/ to get my IP list and it seems to be very accurate.
« Last Edit: June 16, 2009, 09:13:42 am by submicron »

Offline kapara

  • Sr. Member
  • ****
  • Posts: 503
    • View Profile
Re: IP Country Block {$100}
« Reply #1 on: June 03, 2009, 11:47:54 pm »
What type of traffic are youtrying to stop?  Inbound?  Outbound?  HTTP?  SMTP?  A decent firewall is going to do a good job and throw in proper spam filtering or opendns web filtering and you have a good enough system in place without the need of tediously blocking subnets.  I also read that this is not accurate since proxy's can be used to circumvent this.  By the fact that there is no interest makes me think that this is easier to accomplish with other products which most people implement to protect their networks....
Skype ID:  Marinhd

Offline Farsheed

  • Newbie
  • *
  • Posts: 10
    • View Profile
Re: IP Country Block {$100}
« Reply #2 on: June 04, 2009, 12:21:23 am »
I am using it to block all traffic from specific countries. You are absolutely right people get around IP address restrictions by using proxies or many other clever tools/methods however I can tell you from analyzing my own traffic that after I blocked a few countries the number of attacks reported by my IDS as well as the amount of spam has significantly decreased. It does not mean that I don't get attacks or spam but the number has been reduced substantially and the load on the servers has decreased substantially. In any case, I felt like maybe the community could benefit from this feature. I think pfSense is an awesome firewall, I have recently started using it and I love to see it grow quickly.

Offline kapara

  • Sr. Member
  • ****
  • Posts: 503
    • View Profile
Re: IP Country Block {$100}
« Reply #3 on: June 04, 2009, 10:32:10 am »
Your reasoning makes sense.  ;D
Skype ID:  Marinhd

Offline jigpe

  • Sr. Member
  • ****
  • Posts: 371
    • View Profile
Re: IP Country Block {$100}
« Reply #4 on: June 05, 2009, 04:28:27 am »
Is this possible in pfsense 1.2.2?

jigp
Davao City

Offline ermal

  • Administrator
  • Hero Member
  • *****
  • Posts: 3352
    • View Profile
Re: IP Country Block {$100}
« Reply #5 on: June 05, 2009, 05:25:29 am »
I would do a package for this when i find time.

Offline 0tt0

  • Full Member
  • ***
  • Posts: 257
    • View Profile
Re: IP Country Block {$100}
« Reply #6 on: June 07, 2009, 11:22:07 am »
One very helpful feature will be to create firewall rules based on a country's IP address. I am currently using aliases to do this but this is a tedious work specially since there is a limit in the number entries in an alias. So if someone can create a module for this I am willing to put $100 into it. I imagine the UI would have a drop down option to pick a country. It would be great for the list of IPs to be editable so it can be updated if needed. I currently use the following website http://www.countryIPblocks.net/ to get my IP list and it seems to be very accurate.

Is such a service really correct enough?


Offline Farsheed

  • Newbie
  • *
  • Posts: 10
    • View Profile
Re: IP Country Block {$100}
« Reply #7 on: June 07, 2009, 11:02:50 pm »
To the best of my knowledge it is. IANA assigns address blocks to Regional Internet Registries. ISP's then apply for their IP block from their Local Internet Registry http://www.iana.org/numbers/. Such allocation is kept in a database (updated regularly) which can be downloaded from the appropriate Regional Registry ftp://ftp.arin.net/pub/stats/.

Offline 0tt0

  • Full Member
  • ***
  • Posts: 257
    • View Profile
Re: IP Country Block {$100}
« Reply #8 on: June 11, 2009, 12:48:31 pm »
To the best of my knowledge it is. IANA assigns address blocks to Regional Internet Registries. ISP's then apply for their IP block from their Local Internet Registry http://www.iana.org/numbers/. Such allocation is kept in a database (updated regularly) which can be downloaded from the appropriate Regional Registry ftp://ftp.arin.net/pub/stats/.

Ok, if this works not only in theory but also in practice it's obviously a very handy feature for any FW-admin.

Cheers,


Offline cheesyboofs

  • Full Member
  • ***
  • Posts: 297
    • View Profile
Re: IP Country Block {$100}
« Reply #9 on: June 16, 2009, 05:08:43 am »
+1 for this feature,

Spam is my biggest bug bare ATM, I can filter it out but not stop the initial connection to my graylist server - this feature would help greatly.

I could imagine a GUI page of flags where by you would tick a check box next to the flag of the countries you would like to block.

Cheers
Author of pfSense theme: CODE-RED

Offline submicron

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 741
  • I like pie!
    • View Profile
    • BSDPerimeter
Re: IP Country Block {$100}
« Reply #10 on: June 16, 2009, 09:09:34 am »
Please do not make feature requests or comments on the bounty unless you are contributing money to the bounty. 
I do not respond to PMs demanding help.

Offline cheesyboofs

  • Full Member
  • ***
  • Posts: 297
    • View Profile
Re: IP Country Block {$100}
« Reply #11 on: June 16, 2009, 09:11:40 am »
OK + {$50} then.
Author of pfSense theme: CODE-RED

Offline jamesdean

  • Global Moderator
  • Sr. Member
  • *****
  • Posts: 354
    • View Profile
Re: IP Country Block {Now $150}
« Reply #12 on: June 19, 2009, 02:54:58 am »
Perfect timing.....

Right now I have scripts that do what you guys want.
My scripts download blacklists and inject them into the firewall.

OpenBSD keeps a country black list somewhere, I could easily add those.
For example they have a black list of all of China and Korea.

I could make it into a package with a gui if you guys want, I'm really busy with work right now so I cant give you a date.

James
« Last Edit: June 19, 2009, 02:58:12 am by jamesdean »
PLease post your Pfsense Version and Snort Version when asking questions. Thank you.

Offline tommyboy180

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 976
    • View Profile
    • TomSchaefer.org
Re: IP Country Block {Now $150}
« Reply #13 on: August 19, 2011, 09:06:46 pm »
This bounty is complete with the countryblock package
-Tom Schaefer
SuperMicro 1U 2X Intel pro/1000 Dual Core Intel 2.2 Ghz - 2 Gig RAM
TomSchaefer.org/pfsense
Please support Countryblock | IP-Blocklist | File Browser | Strikeback Here