1
18.1 Legacy Series / GeoIP aliases not correctly updated.
« on: June 27, 2018, 12:42:37 pm »
Hello,
I use production version up to date to 18.1.10.
I defined severals aliases based with geoip countries to restrict wan lan and dmz accesses.
To optimize this config aliases are defined like this.
1- allow some countries from europe
2 - disallow the rest of world.
All works fine except when i modify the aliases (countries included in aliases)
Example :
In my Europe allowed alias i check a new country aallowed, save the alias and save also the rules which use this alias to update the pftable.
When i look the pktable content to verify the modification, content is not updated and the rule is now wrong.
Is i do a mistake or is there is a problem with real-time update of pftables or other kind of error ?
I use this procedure to allow or disallow one or more countries for a small lap of time (temporary access to a country)
Second question : Is there a plugin or procedure to block in realtime an ip in response to an event (DDOS or ...) like fail2ban does with iptables and ipset tables.
thanks to your help
Best regards to all
Thanks fo
I use production version up to date to 18.1.10.
I defined severals aliases based with geoip countries to restrict wan lan and dmz accesses.
To optimize this config aliases are defined like this.
1- allow some countries from europe
2 - disallow the rest of world.
All works fine except when i modify the aliases (countries included in aliases)
Example :
In my Europe allowed alias i check a new country aallowed, save the alias and save also the rules which use this alias to update the pftable.
When i look the pktable content to verify the modification, content is not updated and the rule is now wrong.
Is i do a mistake or is there is a problem with real-time update of pftables or other kind of error ?
I use this procedure to allow or disallow one or more countries for a small lap of time (temporary access to a country)
Second question : Is there a plugin or procedure to block in realtime an ip in response to an event (DDOS or ...) like fail2ban does with iptables and ipset tables.
thanks to your help
Best regards to all
Thanks fo