Hello,
I use 19.7.4 and Maltrail.
Could somebody explain to me how does the geoip database is updated ?
I used (since OPNsense 18.1) to use Geoip with an alias and a rule for indound wan interface in first position. And now, I try Maltrail and I notice lots of "malicious traffic" coming from China and Russia... However, nothing personal, but my geoip alias and firewall rule is supposed to block these countries.
I wonder if my firewall rule is really applied ... Or if these ip are recently affected to these countries and my geoip database is not really updated.
Does Geoip database is updated with the cron task "update and reload firewall aliases" ? I've already got this cron task.
Is it relative with GeoLite Legacy databases discontinued on January 2 ?
Thanks a lot for any advice.
Bertrand
The bpf capture of maltrail happens before pf filter, keep cool and Safe :)
Hi mimugmail,
Thanks a lot for this explanation.
Phew !
best regards,
Bertrand