Text only | Text with Images

OPNsense Forum

Archive => 20.7 Legacy Series => Topic started by: jimk2048 on January 02, 2021, 05:07:10 PM

Title: Block outbound connections to China
Post by: jimk2048 on January 02, 2021, 05:07:10 PM
Does OPNsense have any features or plugins that would block outbound connections to China?  In case I use compromised devices that want to phone home.
Title: Re: Block outbound connections to China
Post by: gpb on January 02, 2021, 05:43:23 PM
Yeah, search for GeoIP.  You'd create an alias with countries you want to block, then use that alias in a firewall rule.  Prior to that you'll need to set up an account (free) with maxmind. 

See here: https://docs.opnsense.org/manual/how-tos/maxmind_geo_ip.html
Aliases: https://docs.opnsense.org/manual/aliases.html
Title: Re: Block outbound connections to China
Post by: bartjsmit on January 03, 2021, 10:03:38 AM
CDN's are eroding the value of GeoIP and you may be better off internally segregating the devices you don't control - like IoT - with separate VLAN and stricter firewall rules.

Bart...
Text only | Text with Images