OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 18.7 Legacy Series »
  • Floating Rules for GeoIP Country Blocking Not Working
« previous next »
  • Print
Pages: [1]

Author Topic: Floating Rules for GeoIP Country Blocking Not Working  (Read 2200 times)

Amanaki

  • Newbie
  • *
  • Posts: 39
  • Karma: 2
    • View Profile
Floating Rules for GeoIP Country Blocking Not Working
« on: December 06, 2018, 04:10:32 pm »
Hi all,

Have been tinkering with blocking known attack source countries but cannot seem to get this working as expected.

I read that the IDS method was essentially replaced with the alias method and have followed the guides I have found on this forum to try it out with no luck.

I have enclosed screenshots of my alias and firewall rules to help with identifying where I might be going wrong.

Any ideas?

Thanks,
Manaki
Logged

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 13624
  • Karma: 1173
    • View Profile
Re: Floating Rules for GeoIP Country Blocking Not Working
« Reply #1 on: December 07, 2018, 07:48:09 am »
Have you increased your Firewall Maximum Table Entries? Firewall: Settings: Advanced, set to 1000000 or more.


Cheers,
Franco
Logged

Julien

  • Hero Member
  • *****
  • Posts: 651
  • Karma: 32
    • View Profile
Re: Floating Rules for GeoIP Country Blocking Not Working
« Reply #2 on: December 07, 2018, 09:07:37 am »
Curiousity hoe are you trying to block those countries ?
If you are gonna use a firewall rules on the wan make sure your firewall have enough resources.
I’ve tried it before and my firewall cpu was overloaded which causes voip phones issues
Logged
An intelligent man is sometimes forced to be drunk to spend time with his fool.

Amanaki

  • Newbie
  • *
  • Posts: 39
  • Karma: 2
    • View Profile
Re: Floating Rules for GeoIP Country Blocking Not Working
« Reply #3 on: December 08, 2018, 11:53:34 pm »
Hey Franco,

Thanks for that clarification. Seems it is working but as pointed out by Julien, there is an issue with memory. I have only 4GB/8GB allocated to my installation.

I know in the alias I provided, I have quite a few countries selected for blocking. Truth is, I only really care about blocking aggressive attack countries like 'CN', 'RU'.

Is there any other way to do it that is not so memory intensive?

Thanks,
Naki
Logged

  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 18.7 Legacy Series »
  • Floating Rules for GeoIP Country Blocking Not Working
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2