Trying to configure GeoIP and am unsure what I am doing wrong.
I'm trying to make my firewall aliases smaller by selecting the countries I want to allow then just inverting them.
So I've selected maybe 15 countries and made a GeoIPv4 alias (only IPv4 entries).
I then go to make a rule on my LAN with
- reject
- ipv4
- in
- destination ! GeoIPv4
This does not work. It seems to just block any and all traffic on the LAN. I've upped the max firewall entries from 400k to 800k, recreated the alias etc. and nothing seems to work. My only real thought is I either need to make it out direction OR make a newer alias including GeoIPv4 and LAN in one (so I can hit my dns, etc.)
did you manage to solve this? I'm finding a similar behaviour.
I have Geoip Egress and Ingress rules working. I believe you need to have them on the WAN interface. Since the "next hop" for devices on the LANs is the OPNsense router itself.
At least that is what I found to work for me after much trial and error.