Text only | Text with Images

OPNsense Forum

English Forums => 25.1, 25.4 Production Series => Topic started by: blue_shift on March 15, 2025, 10:53:19 AM

Title: Using alias plus geolocation in a firewall ruse?
Post by: blue_shift on March 15, 2025, 10:53:19 AM
Hello,

I got a firewall rule with the condition "if not in alias, then allow" (that alias got filled with IP-adresses of a local fail2ban).
Now I would like to extend that rule with a geolocation information. Finally with the logic "if not in alias and location is ?"
then allow.

Is that somehow possible in OPNSense?

Thanks for your help! :)
Title: Re: Using alias plus geolocation in a firewall ruse?
Post by: Patrick M. Hausen on March 15, 2025, 11:07:24 AM
Create geolocation alias, place first alias and geo alias in group, use that?

Haven't tried, honestly, but if it's possible, that's probably how to do it.
Title: Re: Using alias plus geolocation in a firewall ruse?
Post by: newsense on March 15, 2025, 01:01:19 PM
Creating an Alias type Network Group would allow adding the GeoIP and another alias. Not to be confused with Firewall - Groups.

Arguably the same functionality could be achieved with reject/drop rules depending on the direction in a dedicated vlan - one for the geoblock and another for the alias, or with floating rules if the same alias+geoblock rule needs to be applied to multiple vlans
Text only | Text with Images