Location Block blocking safe IP's

First post so please be kind.
I have been using IPFire in several sites over the last year or so. Never had a problem and it is easy to setup and runs without any issues. Being a non-Linux user, worked in Windows only environments for 35 years, I found it exceptionally well suited to smaller businesses. Lately, after the change to the Location Block component I have started having trouble with a certain IP address i.e. 116.50.57.190 which is Forcepoint Cloud Ltd located in Hong Kong. This IP gets blocked whenever the Location Block is active regardless of what countries are selected. This IP is for a mail cluster that is used by Forcepoint for larger companies in Australia as a mail forwarder.
Any ideas on how to solve? At the moment I have turned off Location Block on the relevant firewalls.
Thanks in advance.

Looks like IP 116.50.57.190 is not on the DROP list, but it is running a bunch of mailservers.

Can you post some logs, showing IP being blocked?

This is a copy of the firewall log from this morning. I have noticed that any 116.50.x.x IP gets blocked. This range is all owned by Forcepoint. They all DNAT but not Forward.

image

Hi,

does this problem persist with Core Update 167, released yesterday?

I believe you suffer from this bug, where a quirk in libloc lead to flattening not working properly. Since the supernet of 116.50.57.0/24 is located in another country, that case appears to apply to you.

Um, just for my understanding, could you please post a screenshot of the correspondent firewall rule here?

A short comment regarding the thread title: Location-based firewalling generally does not indicate whether an IP address or network is “safe”, dangerous, or has any reputation issues whatsoever. It is always tempting to assign a reputation to a country, but technically speaking, that’s not true. :slight_smile:

(An exception is XD, the special country code we use for the “drop hostile” feature.)

Thanks, and best regards,
Peter MĂĽller

Hi Peter
These are the entire rules active without Location Block. IPFire is primarily used to filter traffic to a mail server and other traffic.

I will update the version over the weekend and test.

Thanks
Craig.

1 Like

The update appears to have fixed the problem. 116.50.58.190 is now passing through OK, which was one of the affected addrs.
Thanks for the help.
Craig