OPNsense Forum

English Forums => Intrusion Detection and Prevention => Topic started by: Julien on April 21, 2018, 10:04:34 pm

Title: ( Solved )Block USA
Post by: Julien on April 21, 2018, 10:04:34 pm: Hi Guys,
We are willing to block USA on the IDS.
Wenever we Block USA on the IDS the emails are originally from Office 365 and Outlook/Gmail stops arriving.
is there is a way to get those working with blocking USA ?
Title: Re: Block USA
Post by: bartjsmit on April 22, 2018, 09:36:18 am: Hi Julien,

Point your MX record to a mail filter in the DMZ and don't IDS that traffic. Something like https://efa-project.org/

Bart...
Title: Re: Block USA
Post by: mimugmail on April 22, 2018, 11:03:48 am: Block via GeoIP Alias. You can allow SMTP globally and then deny USA
Title: Re: Block USA
Post by: Julien on April 22, 2018, 10:30:47 pm: Quote from: mimugmail on April 22, 2018, 11:03:48 am
Block via GeoIP Alias. You can allow SMTP globally and then deny USA
the IP of the spam filter is a virtual IP which is pointing to the spam filter internally. so when the IDS is active it does apply on the both interfaces.
i would love to know how to configure this mimugmail.
do you have somewhere a tutorial or something ?
Title: Re: Block USA
Post by: Julien on April 24, 2018, 01:25:08 am: Quote from: bartjsmit on April 22, 2018, 09:36:18 am
Hi Julien,

Point your MX record to a mail filter in the DMZ and don't IDS that traffic. Something like https://efa-project.org/

Bart...
Hi Bart,
We do have two WANS.
WAN1 . using for internet / VPN / OWA
WAN2. using for the mx records and pointing to the spam filter

WAN1 is a physical NIC and WAN2 is Virtual IP configured.
whenever we enable the IDS we include both WAN1 and LAN but somehow WAN2 is reacting on the block.

is this the right way of doing things ?
Title: Re: Block USA
Post by: mimugmail on April 24, 2018, 06:19:30 am: WAN2 is a Virtual IP and sitting on which physical interface?

Geoblocking with IPS is not the right way doing things (since 17.7.x).

Use GeoIP Alias, it's easier and more powerful, just try it.
Title: Re: Block USA
Post by: Julien on April 24, 2018, 06:15:06 pm: Quote from: mimugmail on April 24, 2018, 06:19:30 am
WAN2 is a Virtual IP and sitting on which physical interface?

Geoblocking with IPS is not the right way doing things (since 17.7.x).

Use GeoIP Alias, it's easier and more powerful, just try it.
Hi Mimugmail
thank you for your continue support
the virtual IP is on the WAN interfaces nested see attached screenshot.

When we block UK the websites that are hosted in the UK won't open ?

Can you explain how to get the GeoIP Alias configured ?
Title: Re: Block USA
Post by: mimugmail on April 24, 2018, 08:14:32 pm: https://docs.opnsense.org/manual/aliases.html

Then set up a firewall rule with this alias.
Title: Re: Block USA
Post by: Julien on April 24, 2018, 09:07:54 pm: Quote from: mimugmail on April 24, 2018, 08:14:32 pm
https://docs.opnsense.org/manual/aliases.html

Then set up a firewall rule with this alias.
Thank you for your answer,
are you suggesting to turn off the Intrusion Detection (GeoIP/Country ) and use GeoIP ( firewall Rules ) to block countries ?
Title: Re: Block USA
Post by: mimugmail on April 24, 2018, 09:42:29 pm: Yes, it's way more flexible and delivers better performance.
Title: Re: Block USA
Post by: Julien on April 24, 2018, 09:53:58 pm: Quote from: mimugmail on April 24, 2018, 09:42:29 pm
Yes, it's way more flexible and delivers better performance.
Thank you for the answer,
the GeoIP does the job. however i cannot seem to see the countries that are blocked on the firewall >> Diagnostic >>>PFtables...