OPNsense Forum
Archive => 19.7 Legacy Series => Topic started by: dcol on October 14, 2019, 05:54:54 pm
-
If I want to block all but 2-3 countries from accessing particular ports, is it better to select all the countries in the alias, or just select the 3 or 4 and use invert (Not) in the rule. I would assume less resources are used with invert.
What is recommended?
My reasoning is to block IMAP and webmail from all countries except mine (USA). While allowing SMTP.
-
always invert with such a setup .. otherwise memory will explode :)
-
I've got a GeopIP block rule and I have all the countries I want blocked selected, is there an Easier/cleaner way to do this? If so how would one do the "Invert" - Example of the rule perhaps? I've got an GeoIPblock alias and an GeoIPAllow and my first rule is to block anything in the Block alias. Then any Allow rules I have.. I use the Allow alias. It works for me and haven't seen any adverse reactions. Is this the wrong way to do this if Memory will blow up? My server is running on a bare metal with 12gb of Ram.
-
I've got a GeopIP block rule and I have all the countries I want blocked selected, is there an Easier/cleaner way to do this? If so how would one do the "Invert" - Example of the rule perhaps? I've got an GeoIPblock alias and an GeoIPAllow and my first rule is to block anything in the Block alias. Then any Allow rules I have.. I use the Allow alias. It works for me and haven't seen any adverse reactions. Is this the wrong way to do this if Memory will blow up? My server is running on a bare metal with 12gb of Ram.
If you want to block everything except America .. you create a GeoIP Alias with america selected, then create your drop rules with source America and hit the checkbox "Invert" .. then everything other than America is dropped.
-
I used the invert with one country (US) and it works like a charm with very little memory usage.
Very helpful when I want to prevent anyone outside the US to use IMAP on my email server.