This morning I updated to 25.7.4 and everything seemed fine, until later I noticed my phone's wireguard connection home wasn't working.
I checked the logs and saw that it was being blocked by my GeoIP firewall rule. Disable the rule and can connect again.
Enabled the rule again, tested a few other connection attempts and all were blocked. I have a basic WAN rule to block incoming from ! US and Canada, and it's been working fine for a pretty long time. I tested more with a VPN and the rule is blocking everything it seems, regardless of country.
Another fix I tried, was to create a non-inverted source rule, with everything other than US/CA selected. This rule blocked nothing I tested with.
I'm tempted to revert the update but I'm curious for any other ideas before I do.
I'd check the alias, assuming it's readable - first under "Firewall: Aliases" (to see if it's populated), then under "Firewall: Diagnostics: Aliases".
I don't have any personal experience with OPNsense's geoip features, but folks who do may want to know specifics, e.g. db provider, rules, etc.
My alias is just using GeoIP with US and Canada selected, and in GeoIP settings it's using a maxmind URL I setup a while back. Shows it has ranges and has been recently updated.
Under Diagnostics: Aliases - the alias is in the drop-down but nothing is listed when selected. Granted, I never looked at this section while the rule had been working.
Did another test with the existing rule - while inverted source it's blocking everything I test with, and when I untick invert source on the same rule, nothing is blocked.
I use GEOP IP filtering as well, and under Diagnostics, Aliases mine is populated with ip/s info so I'm guessing you have an issue with your Alias perhaps? Also when you goto diagnostics, make sure you are picking the proper Alias name at the top, IE mine is labeled GEOIpBlock
So I noticed an error when disabling/enabling the alias: Error loading alias [us_canada]: Invalid argument. {current_size: 0, new_size: 537865}
I removed Canada from my alias, save/enable. Then I added Canada, save/enable. No error. The diagnostics for the alias populates now, and my testing all works again.
Weird - wonder what caused it originally. Anyway, thanks for the suggestions!