OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 18.7 Legacy Series »
  • Floating Rules for GeoIP Country Blocking Not Working
« previous next »
  • Print
Pages: [1]

Author Topic: Floating Rules for GeoIP Country Blocking Not Working  (Read 1078 times)

Amanaki

  • Newbie
  • *
  • Posts: 35
  • Karma: 2
    • View Profile
Floating Rules for GeoIP Country Blocking Not Working
« on: December 06, 2018, 04:10:32 pm »
Hi all,

Have been tinkering with blocking known attack source countries but cannot seem to get this working as expected.

I read that the IDS method was essentially replaced with the alias method and have followed the guides I have found on this forum to try it out with no luck.

I have enclosed screenshots of my alias and firewall rules to help with identifying where I might be going wrong.

Any ideas?

Thanks,
Manaki
Logged

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 10043
  • Karma: 758
    • View Profile
Re: Floating Rules for GeoIP Country Blocking Not Working
« Reply #1 on: December 07, 2018, 07:48:09 am »
Have you increased your Firewall Maximum Table Entries? Firewall: Settings: Advanced, set to 1000000 or more.


Cheers,
Franco
Logged

Julien

  • Hero Member
  • *****
  • Posts: 596
  • Karma: 31
    • View Profile
Re: Floating Rules for GeoIP Country Blocking Not Working
« Reply #2 on: December 07, 2018, 09:07:37 am »
Curiousity hoe are you trying to block those countries ?
If you are gonna use a firewall rules on the wan make sure your firewall have enough resources.
I’ve tried it before and my firewall cpu was overloaded which causes voip phones issues
Logged

Amanaki

  • Newbie
  • *
  • Posts: 35
  • Karma: 2
    • View Profile
Re: Floating Rules for GeoIP Country Blocking Not Working
« Reply #3 on: December 08, 2018, 11:53:34 pm »
Hey Franco,

Thanks for that clarification. Seems it is working but as pointed out by Julien, there is an issue with memory. I have only 4GB/8GB allocated to my installation.

I know in the alias I provided, I have quite a few countries selected for blocking. Truth is, I only really care about blocking aggressive attack countries like 'CN', 'RU'.

Is there any other way to do it that is not so memory intensive?

Thanks,
Naki
Logged

  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 18.7 Legacy Series »
  • Floating Rules for GeoIP Country Blocking Not Working
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2021 All rights reserved
  • SMF 2.0.17 | SMF © 2019, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2