OPNsense Forum

Archive => 20.7 Legacy Series => Topic started by: nivek1612 on July 31, 2020, 11:15:42 pm

Title: [SOLVED] GEOIP blocking no longer working 20.7
Post by: nivek1612 on July 31, 2020, 11:15:42 pm: Upgrade appeared to go to plan except for the following rules which used to allow traffic from just a few specific countries now block everything so no external access to my firewall.

I have disabled them and all traffic flows again

EDIT : After re-saving the GOIP alias it started working again
Title: Re: GEOIP blocking no longer working 20.7
Post by: 8191 on August 01, 2020, 12:20:16 pm: Hi,

I cannot confirm your problem on my OPNsense instance. It works for me.
Maybe your API key expired?

BR
Manuel
Title: Re: GEOIP blocking no longer working 20.7
Post by: hfvk on August 01, 2020, 01:15:39 pm: Hi,

Just upgraded two systems from 20.1 to 20.7 and I can also confirm that GEOIP is working.
Title: Re: [SOLVED] GEOIP blocking no longer working 20.7
Post by: Goldorak92 on August 02, 2020, 10:05:52 pm: Hi,

Same here, a GeoIp rule which was working before the 20.7 upgrade seems to change the drop actions.
I have a negate GeoIp rule (ie: "invert" + alias="my country" => drop) and even if I re-save the GeoIp alias, packets are dropped.
If I change the rule with a "allow" action, it works, but I can't see if other countries are dropped from this rule.

G.
Title: Re: [SOLVED] GEOIP blocking no longer working 20.7
Post by: baqwas on August 03, 2020, 01:55:46 am: I installed GeoIP for the the first time under 20.7. As a newbie, I was rather pleased that it worked once I used the right URL.

It is nice not to receive alerts from the mail server that some unsolicited logon attempt was being from an external address.

Kind regards.
Title: Re: [SOLVED] GEOIP blocking no longer working 20.7
Post by: saveka on August 05, 2020, 07:18:51 pm: the re-saving the alias it did NOT work for me. The GEOIP does NOT work properly for me after the upgrade.
Title: Re: [SOLVED] GEOIP blocking no longer working 20.7
Post by: FullyBorked on August 06, 2020, 10:12:34 pm: Quote from: saveka on August 05, 2020, 07:18:51 pm
the re-saving the alias it did NOT work for me. The GEOIP does NOT work properly for me after the upgrade.

Same for me, I've seen solved on two of these reports. I can't get mine to add a thing to my rules, key hasn't expired as the URL works fine in a browser and even shows that it's updated on 8-04. I've deleted aliases and started from scratch, I've tried manually adding IP's clearing and re-saving the alias, rebooting, nothing will bring it back to life on my install.
Title: Re: [SOLVED] GEOIP blocking no longer working 20.7
Post by: saveka on August 08, 2020, 10:38:11 am: it all started to work for me once I enabled the Destination / Invert in the rule (?!?!?)

Then checked the pftop and filtered by rules and immediately I start seeing they been populated with data, another check on my software and I saw correctly filtering by GeoIP.

anyone has any idea why is this happening and what Destination / Invert is doing ?

It seems to be working very well. I left it for one whole night and not even one issue with it ,the proper GeoIP IPs are being blocked , perfectly well but I still do not understand what this Destination / Invert is !?

I understand it is inverting the match you specify earlier but for me it should work the other way around!

Thanks
Vladi
Title: Re: [SOLVED] GEOIP blocking no longer working 20.7
Post by: Julien on August 10, 2020, 12:18:35 pm: Invert for me also not working.
i think this is a bug and has nothing to do with the invert.

It inverts the match. Say you add a rule allowing any source to destination 8.8.8.8, that allows traffic to 8.8.8.8. Change that to inverted destination and it's allow to destination not 8.8.8.8 - e.g. anything but 8.8.8.8.
Title: Re: [SOLVED] GEOIP blocking no longer working 20.7
Post by: Julien on August 10, 2020, 08:08:37 pm: I managed to get this resolved.

make sure to delete the existing ALIASE and create a new one, for me it loaded the rules and IP.

if you dont want to delete the aliase because it on plenty of rules, just unselect the countries, save it and readd them again and it should update.

if it will remain working i dont know, but ill report back after two days
Title: Re: [SOLVED] GEOIP blocking no longer working 20.7
Post by: saveka on August 10, 2020, 10:44:35 pm: I have already tried what you saying but it did not work for me. I even tried to delete all rules and all aliases I had but it did not work for me , many restarts , many firewall reloads and it did not work for me , the only thing that made it work was the do destination invert , nothing else worked for me ... I know what this does I was just wondering why would it work this way ....anyways thanks alot !
Title: Re: [SOLVED] GEOIP blocking no longer working 20.7
Post by: Julien on August 11, 2020, 02:00:49 pm: @saveka i had this done in 10 boxes already and its working for me.
PM me and i can have a look with you with teamviewer if you prefer.
otherwise see me at the IRC and i'll help you.
Title: Re: [SOLVED] GEOIP blocking no longer working 20.7
Post by: joseoliveirapt on September 11, 2020, 04:55:50 pm: Hi All,

My OPNSENSE 20.7.2 has GEOIP updated but rules aren't working...
Note: firewall is in bridge mode.

Any help is more than welcome.

Thank you,
Jose
Title: Re: [SOLVED] GEOIP blocking no longer working 20.7
Post by: Goldorak92 on September 11, 2020, 05:42:01 pm: Hi @joseoliveirapt,

As said in other threads, you just have to go to firewall=>settings=>advanced, and modify the max entries in firewall table up to 400.000 (default is 200.000), and save again your geoip aliases to apply.

Goldorak92