Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 2 subscribers
  • Views 5129 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Country Blocking & False Positives.

dimaestro
Has anyone else experienced false positives for country blocking within the past week?

I found that my UTM was blocking all communication with any google servers, claiming that they were based in china (Yes, I block all comms to china).

Anyone else see this?


This thread was automatically locked due to age.
Parents
  • 0
    Apparently, conntrack takes effect before country blocking, so just blocking traffic "From" China should allow responses to your requests to Google.  Any luck?

    Cheers - Bob

    Sorry for any short responses.  Posted from my iPhone.
  • 0 in reply to BAlfson
    Thanks, teched and BAlfson, for the information. I appreciate it.

    When the next geoip update window rolled around on the 11/12th of the month and the UTM continued to block access to accounts.google.com I did some checking using some geoip services. None of the services I tried
    placed the IP for accounts.google.com in China.

    So I changed Country Blocking for China from "All" to "From," and I can confirm that access to the formerly blocked Google services has been restored, BAlfson.

    For what it is worth, here is full log entry from the UTM for a blocked request to a Google domain when I had Country Blocking set to "All" for China: 

    2014:05:10-02:55:49 remote ulogd[4401]: id="2021" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped (GEOIP)" action="drop" fwrule="60019" initf="eth0" outitf="eth1" srcmac="[REDACTED]" dstmac="0:15:5d:1d:4f:3" srcip="192.168.2.54" dstip="74.125.70.84" proto="6" length="52" tos="0x00" prec="0x00" ttl="127" srcport="51029" dstport="443" tcpflags="SYN" 
Reply
  • 0 in reply to BAlfson
    Thanks, teched and BAlfson, for the information. I appreciate it.

    When the next geoip update window rolled around on the 11/12th of the month and the UTM continued to block access to accounts.google.com I did some checking using some geoip services. None of the services I tried
    placed the IP for accounts.google.com in China.

    So I changed Country Blocking for China from "All" to "From," and I can confirm that access to the formerly blocked Google services has been restored, BAlfson.

    For what it is worth, here is full log entry from the UTM for a blocked request to a Google domain when I had Country Blocking set to "All" for China: 

    2014:05:10-02:55:49 remote ulogd[4401]: id="2021" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped (GEOIP)" action="drop" fwrule="60019" initf="eth0" outitf="eth1" srcmac="[REDACTED]" dstmac="0:15:5d:1d:4f:3" srcip="192.168.2.54" dstip="74.125.70.84" proto="6" length="52" tos="0x00" prec="0x00" ttl="127" srcport="51029" dstport="443" tcpflags="SYN" 
Children
No Data