Text only | Text with Images

OPNsense Forum

English Forums => General Discussion => Topic started by: DNE on February 26, 2025, 04:37:46 PM

Title: [SOLVED] Help with outbound GEO Blocking
Post by: DNE on February 26, 2025, 04:37:46 PM
I have just setup a new system so might be missing something.

Versions
OPNsense 25.1.1-amd64
FreeBSD 14.2-RELEASE-p1
OpenSSL 3.0.16

I have setup GEO Blocking with MaxMind, the alias has been populated with IPv4 and IPv6 addresses.

I have then created an outbound block rule [LAN]>[In} with the alias as the destination.

When I go to https://www.apsystems.cn/ the webpage loads, however logfiles > liveview shows:

Action: Block Label:Country Block Outbound

I believe I have setup my rules correctly but can still access that website.
Title: Re: Help with outbound GEO Blocking
Post by: DNE on February 26, 2025, 04:48:15 PM
Added Screenshots.
Title: Re: Help with outbound GEO Blocking
Post by: meyergru on February 26, 2025, 04:55:53 PM
Try a DNS resolution and you will immediately find that this domain is being hosted on Cloudfront.net, which is hosted anywhere (usually in a location near you). For me, the IPv4 is in Germany, the IPv6 in India. So, with IPv6 being higher in priority, probably that would first get blocked if I block India and then IPv4 kicks in, allowing the traffic.
Title: Re: Help with outbound GEO Blocking
Post by: DNE on February 26, 2025, 05:25:29 PM
Thanks meyergru,

I was just looking into that and the site is being loaded from 2600:9000:2062:9c00:1d:3366:ad80:93a1 which is an Amazon Datacenter in the United States.

Thanks
Text only | Text with Images