Messages

So I believe the WAN IN Geo Blocking rule is working, though it's hard to test. I found 2 port checker websites and the one from the US showed an open port and the one outside showed a closed port.

Now I'm trying to figure out a good way to block outgoing traffic as well. Currently there is just the "Default Allow LAN to any rule" and when I added my "Block Not Allowed Countries" rule, it blocked all traffic. I'm assuming that's because it's now blocking local network traffic as well. I'm not sure the best way to work around that as I can't add the local net to my 'allowed_countries' alias (as far as I know)

Which rule should be on the LAN? My thought behind the OUT rule was that if a program directly has an IP for a country that should be blocked, it would still be able to make a connection to it. Are you saying the IN rule would block that?

BTW, this is the guide I followed to setup everything (except the out rule) https://techlabs.blog/categories/how-to-guides/set-up-maxmind-geoip-blocking-in-opnsense

I've setup GeoIP and created an Alias called 'allowed_counties' which includes only the countries I want to connect to. I then created 2 WAN Firewall Rules, 1 for in and 1 for out. But they don't seem to be working. I can still contact IPs outside the country list. Any help would be greatly appreciated!

Rules:
* Block Not Allowed Countries In
Action: Block
Interface: WAN
Direction: In
Source / Invert: Checked
Source: allowed_countries

* Block Not Allowed Countries Out
Action: Block
Interface: WAN
Direction: Out
Destination / Invert: Checked
Destination: allowed_countries