Part of the NXTools Collection by NX1X
Block all countries (IPv4 + IPv6) using pfBlockerNG, with daily Slack reports showing per-interface breakdowns, country attribution, and port scanner detection.
- Blocks 175,000+ IPv4 ranges and 85,000+ IPv6 ranges from 250+ countries
- Daily Slack report: per-interface/direction breakdown, top countries, port scanners
- Country lookup via MaxMind GeoLite2 (bundled with pfBlockerNG)
- Smart context: shows destination country for outbound LAN blocks, source country for inbound WAN attacks
- Port scanner detection: flags external IPs probing 4+ distinct ports
- Works alongside pfBlockerNG threat intel feeds (CINS, Emerging Threats, BlockListDE, ISC)
- Slack notifications on update success or failure
| Script | Purpose | Default Schedule |
|---|---|---|
update-all-countries.sh |
Downloads IPv4 + IPv6 country IP lists and updates the blocklist | Daily at 7 AM |
geo-block-report.sh |
Parses firewall logs and sends a daily block summary to Slack | Daily at 8 AM |
# 1. Download scripts
mkdir -p /root/scripts
curl -o /root/scripts/update-all-countries.sh https://raw.githubusercontent.com/NX1X/pfsense-geo-block/main/update-all-countries.sh
curl -o /root/scripts/geo-block-report.sh https://raw.githubusercontent.com/NX1X/pfsense-geo-block/main/geo-block-report.sh
chmod 750 /root/scripts/*.sh
# 2. Set up Slack webhook (optional)
echo 'WEBHOOK="https://hooks.slack.com/services/YOUR/WEBHOOK/URL"' > /usr/local/etc/geoblock-webhook.conf
chmod 600 /usr/local/etc/geoblock-webhook.conf
# 3. Run initial update
sh /root/scripts/update-all-countries.sh
# 4. Configure pfBlockerNG — see GUIDE.md
# 5. Set up cron jobs (System > Cron in pfSense UI)
# 7 AM → sh /root/scripts/update-all-countries.sh
# 8 AM → sh /root/scripts/geo-block-report.sh- Setup Guide — full installation, pfBlockerNG IPv4/IPv6 rules, threat feeds, cron setup
- Troubleshooting — common issues and fixes
- Changelog — version history
- pfSense 2.7+ (tested on 2.8.1)
- pfBlockerNG-devel installed
- Internet connectivity for updates
- Firewall Maximum Table Entries set to
600000(System > Advanced > Firewall & NAT)
Apache 2.0 — Free to use and modify. See LICENSE for details.
- IPDeny.com for country IP data
- pfBlockerNG team
- MaxMind for GeoLite2 database
Last Updated: March 2026