firewall allow via GEO isn't working

[osn1803]

Salutations --

I have a feeling I'm missing something super-obvious, but I can't find it. 

I defined a firewall alias named GEO_US_v4, Type GeoIP / IPv4,  where Content selects only my country of residence (US).   I used this alias as a Source in a port forward rule to allow connections to one port.   I created a similar alias for IPv6, and applied it to a rule on the tunnel V6 interface.   Unfortunately, in both cases, it does not match traffic which I know is US-based. 

If I change only the Source in those rules to be 'Any' instead of my alias GEO_US_v[46], then traffic is allowed -- so I know that the traffic is reaching this rule, and I've not blocked it some other way.   The alias must be wrong somehow.

Is there something else I should consider here, or other information I can provide to help illuminate what I'm sure is my mistake?

Thank you...

[hbc]

I think there was a problem with aliases in port forwarding. Maybe you have the same problem.

https://forum.opnsense.org/index.php?topic=12002.0

should be fixed in 19.1.5

[osn1803]

Hmm ... I don't think that's it, because the same behavior is seen with IPv6, which is a simple firewall rule where port forwarding is not involved.  As with the v4 rule, if I change 'GEO_US_IPv6' to 'All', then traffic is passed.