IP table block rule not working, clone of working geoip rule.

[XOIIO]

Hi all, so having an issue getting a blacklist I set up to work, I set up an alias as an ip list, cloned my geopip rule, which is working as I can see it in the live log, and selected my new blacklist as the source, unfortunately it doesn't seem to be working and I'm not sure why. I've uploaded some screenshots hoping people can maybe give me more info.

Also for some reason it took ages for my router to actually reboot after I applied the rules, and now there are loads of "default deny rule" entries showing in the live feed that weren't there before.

Weird but those don't appear to be affecting anything from a cursory glance.

https://imgur.com/a/nJ6VkhG

[XOIIO]

Really, no ideas from anyone?

[marjohn56]

Firstly do these:


1. disable your rule and see if things default to their previous state. Does it?
2. disable default block rule logging in system->settings->logging.


Is it possible that entries in your rule list are already being handled by either the geoip or default rules? For example if your list contains entries from addresses in china, but you already block those addresses in your GeoIP list AND the GeoIP list is higher in the firewall rules list, then you won't see your rule in the logs.