Pfblocker on opnsense

[Julien]

Hi Guys,
Are we seeing Pfblocker somewhere soon on the opnsense 17.x ?
I would like to block countries we don't log from. like China, Russia...
thank you

[fabian]

Use IPS instead or a country alias. It will not come.

[Julien]

Use IPS instead or a country alias. It will not come.

thank you Fabian for your answer.
do you mean with country alias https://docs.opnsense.org/manual/aliases.html?highlight=country%20alias ? or something else ?

thank you

[Wayne Train]

Nope,
I think he means this one: https://docs.opnsense.org/manual/how-tos/ips-geoip.html
Regards,
CS

[Julien]

Nope,
I think he means this one: https://docs.opnsense.org/manual/how-tos/ips-geoip.html
Regards,
CS

thank you,
not country means that country would not access the firewall or the other way around ?

[Wayne Train]

Hi,
"COUTRYNAME not" does the reverse. For example if ou choose "china not" your IPS will block everything except traffic going to and coming from china. I just selected the countries that most attacks originate from. According to symantec and other snakeoil-companies, this is russia, china and the greater trump-reich ;-) and some more... For testing purpose I selected russia and tried to surf to vkontakte which was succesfully blocked. Don't forget to click update & download rules after setting up your configuration. Otherwise your Geo-Block won't work.
Hope this helps.
Best regards,
CS

[Julien]

Hi,
"COUTRYNAME not" does the reverse. For example if ou choose "china not" your IPS will block everything except traffic going to and coming from china. I just selected the countries that most attacks originate from. According to symantec and other snakeoil-companies, this is russia, china and the greater trump-reich ;-) and some more... For testing purpose I selected russia and tried to surf to vkontakte which was succesfully blocked. Don't forget to click update & download rules after setting up your configuration. Otherwise your Geo-Block won't work.
Hope this helps.
Best regards,
CS

thank you for your explanation, can show a picture of the IPS rules ?
which countries are those according to Symantec ?

is the below screenshots the correct one to block traffic from in and to china ?
one issue after I enable the IPS my internet connections just drops fully, my internet goes down.
I've followed this link.https://docs.opnsense.org/manual/how-tos/ips-feodo.html
I noticed when I disable the rule for the USA on the Intrusion Detection and user diffened .
am I forced to not block the USA ?
thank you

[Julien]

is this even possible ?
to block all countries at once ?
and allow only the one I need to open ?

[franco]

Hmm, just to make sure: we have two GeoIP databases, one for the IPS another for the Aliases. I recommend the latter. Create an alias, chose the respective type and compile your country list. You can use these aliases freely in the firewall rules (and even invert your selection).


Cheers,
Franco

[pgras]

Hmm, just to make sure: we have two GeoIP databases, one for the IPS another for the Aliases. I recommend the latter. Create an alias, chose the respective type and compile your country list. You can use these aliases freely in the firewall rules (and even invert your selection).


Cheers,
Franco

Hello Franco,

How would your rule(s) look like?
Thnx!

[Julien]

Hmm, just to make sure: we have two GeoIP databases, one for the IPS another for the Aliases. I recommend the latter. Create an alias, chose the respective type and compile your country list. You can use these aliases freely in the firewall rules (and even invert your selection).


Cheers,
Franco

thank you Franco for your answer.
do you guys have a tutorial or some document to follow ?
I really did not understand the GEOIP yet,
enabling it to block top 10 spammers countries causes us not receiving emails from our customer.

do we have to use ( our country not ) when activating this ?