Feature #14324
open
pfBlockerNG to use geoLite "country" instead of "registered_country"
0%
Description
Hello,
Explanations here: https://forum.netgate.com/topic/179567/country-vs-registered-country/4?_=1682682466761
I am using a Mulvad VPN to test pfBlockerNG (up to date). If I choose a Swiss (Zürich, ip 193.32.127.221) out on the Mulvad network, and if I authorize Switzerland I cannot go through. In order to be able to go through I have to authorize Sweden.
I made some manual queries on the GeoLite2 Maxmind database (used by pfBlockerNG if I understand correctly) for that IP and the database is returning the following information:
- country: Switzerland
- registered_country: Sweden
So it seems that pfBlockerNG is using the "registered_country" information instead of the "country" information. The "registered_country" is the country where the IP was purchased, the "country" information being the country where the IP is really used. Mulvad is a swedish company, they probably purchased a lot op IP's in Sweden but are using them everywher in the world ...
So my idea is that pfBlockerNG shoud use the "country" information, not the "registered_country" ... well if that's the case and if my tests do make sense ...
Thanks for listening,
Pierre.
Updated by Ben Lel 5 months ago
Hello,
Any updates on this? I also have currently the problem that my IP is located in Austria while it is registered in South Africa. MaxMind reports the correct country while pfBlocker uses the wrong one, so it would also make sense to me, that at least you should be able to switch which field to be used, as it is provided anyhow for every IP / IP-Range.
Furthermore, this could also lead to a malicious actor just needing to buy an IP from a non-blocked registered country and he would be able to simply bypass pfBlocker very easily rendering the extension practically useless.
Thx,
Belnen