Question about the GeoIP Block database

Hey all!

I have a gerneral question about the GeoIP Block database.

First: I am still running the version 2.23 core 139. The GeoIP Block setting blocks each country - accept of Germany.
Since one week I have I have two portscanners “hitting” the ipfire and get rejected:

45.136.109.251
45.136.110.25

As I checked the last time it was the network of the company COMTRADE LLC in Nürnberg/Germany - so far so normal that the GEOIP Block will not catch it.

Know I checked both IPs again and the are part of the OOO Network of data-centers Selectel in Moscow/Russia.

Shouldnt the GeoIP Block catch this before it hits the firewall?
Is this due to the outdated IP database in my core update? (You guys mentioned something like this some weeks ago?)

Thanks in advance!
Kind regards,
Andreas

Because license changes of Maxmind we cannot ship databases newer than Dec 2019.
We work on a own replacement.

1 Like

Hey Arne!
Thanks a lot for your fast answer.

So until there is no new database replacement (many thanks a lot at this point for the ipfire again!), the update to core 141 will not solve this “problem” because the IPs will still trespass the GeoIP Block because it does not recognize that the IPs are from Russia now!?

Kind regards,
Andreas