I set the firewall up implemented geoip and spamhaus filters.
Last evening, I started, getting spam from 157.52.235.0/24. LayerHost, LA, CA, USA
I created an Alias called spam_block URL IPtable
I created a rule identical to the spamhaus one
I had created a blacklist called spammers.txt.
I copied this to one of my servers. I added the subnet to the txt file and set it to refresh at 30 minute intervals.
If I go to the URL of my server, I can read the list without problems.
This morning, I have >20 spam mails each one from a different IP in that subnet range.
I'm obviously doing something wrong. This is serious. Everyone is getting spam again. I had no option bur ro close down OPNsense and revert back to Smoothwall Express. This has stopped the spam
What am I doing wrong. This MUST be fixed or I have to stay with Smoothwall Express
I copied this to one of my servers. I added the subnet to the txt file and set it to refresh at 30 minute intervals.
Have you verified that your list has been imported? Look under Firewall -> Aliases -> Diagnostics -> Aliases. If they have not been imported, check URL availability, IP/subnet syntax, line endings a.s.o.
If the alias has been imported correctly, check your firewall rules, enable statistics for your alias and try an IP range which you can check in order to verify that it is blocked.