Why does csf define the IP address 130.0.234.147 as RU?

Post Reply
Sacrosanct
Junior Member
Posts: 2
Joined: 02 Jun 2024, 17:21

Why does csf define the IP address 130.0.234.147 as RU?

Post by Sacrosanct »

I apologize, but could you still explain how it turns out that in your database - /var/lib/csf/Geo/dbip-country-lite.csv it is written like this: 130.0.232.0,130.0.239.255,UA And in the logs it came: This is what the csf shows... Table Chain num pkts bytes target prot opt ​​in out source destination filter ALLOWIN 3 590 86236 ACCEPT tcp -- !lo * 130.0.234.147 0.0.0.0/0 tcp dpt:2829 IPSET: Set:cc_ru Match:130.0.234.147 Setting:CC_DENY Country:RU



Installed yum install jwhois on the server. I checked the IP address 130.0.234.147. Shows UA!!! Why is it that when we add CC_DENY = "CN,RU,VN,BY,NG,AF,PK,IR,KR,KH" to csf.conf, where there is no UA, there is no access from some UA IP addresses?
Sacrosanct
Junior Member
Posts: 2
Joined: 02 Jun 2024, 17:21

Re: Why does csf define the IP address 130.0.234.147 as RU?

Post by Sacrosanct »

In addition to the previous message, in order to exclude that the standard databases db-ip, ipdeny, iptoasn, through which CSF checks IP ownership, do not correctly determine the IP location, I connected another maxmind database
On the website https://www.maxmind.com/en/geoip-demo, when checking the location for IP 130.0.234.147, the country UA is displayed, that is, the information is correct.
When in CSF we enable blocking of countries CN, RU, VN, BY, NG, AF, PK, IR, KR, KH, IP 130.0.234.147 also falls under this blocking for some reason, here is the information from the log:

IPSET: Set:cc_ru Match:130.0.234.147 Setting:CC_DENY Country:RU

Why did CSF decide that this IP belongs to ru? The IP location database should be taken from maxmind, where the correct location for the address is displayed. Where does CSF get this incorrect information from then?
Post Reply