Hi,
I don’t know if anybody else is experiencing this but I thought I ask around.
Since the change from “Geoblock” to the “Location Filter” a lot of IPs get through my country filter which were being successfully blocked before. For example: within a short period several different IPs originating from China Backbone servers (AS4134) came through.
180.124.79.223
49.81.236.202
49.88.64.119
180.124.78.133
180.127.78.244
180.124.14.201
113.118.123.2
Just to name a few.
I looked up a few of those numbers on ipdeny.com but they were not listed in the cn.zone file. But DNSLYTICS, Cisco Talos Intelligence and Ultratools list them all as originating from China.
But also from other blocked countries IPs were not blocked as accurate as before: AU, PK, BR aso.
To be honest I can’t remember any country I had blocked got thru before.
As I don’t know where the original data being now used comes from I can only speculate but that won’t help me solve this problem.
As this is a major change of how countries are being blocked the information used as it seems is not accurate - whereever.
May be I only looked up the IPs at the wrong places?
The new location database is not fit for purpose. I have been using GeoIP in IPFire since first implemented, and have been happy with stability and accuracy.
However, the new implementation has been nothing but trouble for me. My country IPs still wrongly classified bar one, which required amending all my firewall rules for local incoming traffic. My firewalls all running 2.25 150 BTW.
Then this morning I found my network kaput, and soon got calls from all my businesses that their networks kaput. They have lost time and money due to this, as well as me (and yes I do donate to IPFire project). My day has been lost traveling around disabling GeoIP block on all my firewalls.
I did mention in bugzilla that I though it was a bad idea to check for location database updates so frequently (https://bugzilla.ipfire.org/show_bug.cgi?id=12484).
I am now thinking I would prefer manual update only, via a check button in the Firewall > Location Block page. That way, any changes can be rolled out in a controlled manner. We all want stability as well as security.
Then this morning I found my network kaput, and soon got calls from all my businesses that their networks kaput. They have lost time and money due to this, as well as me (and yes I do donate to IPFire project). My day has been lost traveling around disabling GeoIP block on all my firewalls.
first, please refer to this post for further information on that issue. We are aware of it and working on a hot fix.
(By the way: Thanks for donating. )
The new location database is not fit for purpose. I have been using GeoIP in IPFire since first implemented, and have been happy with stability and accuracy.
However, the new implementation has been nothing but trouble for me. My country IPs still wrongly classified bar one, which required amending all my firewall rules for local incoming traffic. My firewalls all running 2.25 150 BTW.
Second, you are mixing up different issues here. Please try to keep them apart and open up or participate in different threads, so we can deal which each one more precisely.