OPNsense Forum
Archive => 20.1 Legacy Series => Topic started by: anomaly0617 on February 26, 2020, 07:41:59 pm
-
Hi all,
I was referencing this documentation (https://docs.opnsense.org/manual/how-tos/maxmind_geo_ip.html) the other day to get up country-based IP filtering.
The documentation states "In OPNsense, goto Firewall:Aliases and select the GeoIP settings tab. Enter the URL you have created into the URL box and click Apply, and that’s it."
When I go to Firewall:Aliases on an OpnSense v20.1 server, I see this tab. However, on a v19.7.6 firewall, there is no GeoIP tab. On this one, when you create an alias you can choose GeoIP as an alias type, and then from there select the countries you want to block. Then, in theory, you make a block rule in Firewall:Rules:Floating, selecting all of your outside interfaces, and then block anything with a source of the GeoIP Alias.
I see that in v20 I can still do this with the aliases, as type GeoIP.
So, I'm just looking for clarification. Is the Alias method OK to use? Is the GeoIP method the one we're supposed to use? I don't want to assume that the alias method is working to block inbound traffic from undesirable countries and then find out that it doesn't actually work without MaxMind and the GeoIP tab.
Thanks, in advance!
-
Due to changes in how MaxMind provides the GeoIP database, you need your own API key. That's what the documentation is there to show you.
Earlier versions of OPNsense do not have the corresponding settings needed to put in your own API key.
If you try to use GeoIP with these older versions of OPNsense, the feature will not work. Any GeoIP alias will act as if it were empty.