Floating Rules for GeoIP Country Blocking Not Working

Amanaki · December 06, 2018, 04:10:32 PM

Hi all,

Have been tinkering with blocking known attack source countries but cannot seem to get this working as expected.

I read that the IDS method was essentially replaced with the alias method and have followed the guides I have found on this forum to try it out with no luck.

I have enclosed screenshots of my alias and firewall rules to help with identifying where I might be going wrong.

Any ideas?

Thanks,
Manaki

franco · December 07, 2018, 07:48:09 AM

Have you increased your Firewall Maximum Table Entries? Firewall: Settings: Advanced, set to 1000000 or more.

Cheers,
Franco

Julien · December 07, 2018, 09:07:37 AM

Curiousity hoe are you trying to block those countries ?
If you are gonna use a firewall rules on the wan make sure your firewall have enough resources.
I've tried it before and my firewall cpu was overloaded which causes voip phones issues

Amanaki · December 08, 2018, 11:53:34 PM

Hey Franco,

Thanks for that clarification. Seems it is working but as pointed out by Julien, there is an issue with memory. I have only 4GB/8GB allocated to my installation.

I know in the alias I provided, I have quite a few countries selected for blocking. Truth is, I only really care about blocking aggressive attack countries like 'CN', 'RU'.

Is there any other way to do it that is not so memory intensive?

Thanks,
Naki

Floating Rules for GeoIP Country Blocking Not Working

Amanaki

December 06, 2018, 04:10:32 PM

franco

December 07, 2018, 07:48:09 AM #1

Julien

December 07, 2018, 09:07:37 AM #2

Amanaki

December 08, 2018, 11:53:34 PM #3