Hello,
I've lot of trafic coming from 45.142.195.xx and despite GeoIp blocking all IP V4 trafic except FR, the trafic pass trough OpnSense. The smtp server is attacked massively.
2020-04-16T13:58:35 filterlog: 69,,,0,re0,match,pass,out,4,0x0,,57,39637,0,DF,6,tcp,60,45.142.195.xx,192.168.1.254,53080,25,0,S,1841383170,,29200,,mss;sackOK;TS;nop;wscale
I've check the CSV IPV4 file from GeoIp Zip file and I find 45.142.192.0/22.
So the subnet 45.142.192.0/24 , 45.142.193.0/24 , 45.142.193.0/24 and 45.142.193.0/24 are from Germany (Allemagne) , not FR, so the address must be blocked.
network geoname_id locale_code
45.142.192.0/22 2921044 Allemagne
45.142.196.0/22 248816 Jordanie
The parameters below seem to be good, but surely, something is wrong. Some help would be very appreciate.
I've define the Alias for GeoIP
(http://bruch05.free.fr/GeoIPAlias2.JPG)
Just unselect France (FR)
(http://bruch05.free.fr/GeoIPAlias.JPG)
and block all traffic on Wan If for GeoIPAlias
(http://bruch05.free.fr/GeoIpRule.JPG)
The DB seems to be correctly uploaded
(http://bruch05.free.fr/GeoIPDb.JPG)
Thanks by advance
Christophe