Salutations --
I have a feeling I'm missing something super-obvious, but I can't find it.
I defined a firewall alias named GEO_US_v4, Type GeoIP / IPv4, where Content selects only my country of residence (US). I used this alias as a Source in a port forward rule to allow connections to one port. I created a similar alias for IPv6, and applied it to a rule on the tunnel V6 interface. Unfortunately, in both cases, it does not match traffic which I know is US-based.
If I change only the Source in those rules to be 'Any' instead of my alias GEO_US_v[46], then traffic is allowed -- so I know that the traffic is reaching this rule, and I've not blocked it some other way. The alias must be wrong somehow.
Is there something else I should consider here, or other information I can provide to help illuminate what I'm sure is my mistake?
Thank you...
I think there was a problem with aliases in port forwarding. Maybe you have the same problem.
https://forum.opnsense.org/index.php?topic=12002.0 (https://forum.opnsense.org/index.php?topic=12002.0)
should be fixed in 19.1.5
Hmm ... I don't think that's it, because the same behavior is seen with IPv6, which is a simple firewall rule where port forwarding is not involved. As with the v4 rule, if I change 'GEO_US_IPv6' to 'All', then traffic is passed.