Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
GeoIP - Subnet not correctly handled - Help :-)
« previous
next »
Print
Pages: [
1
]
Author
Topic: GeoIP - Subnet not correctly handled - Help :-) (Read 1740 times)
bruch05
Newbie
Posts: 16
Karma: 2
GeoIP - Subnet not correctly handled - Help :-)
«
on:
April 16, 2020, 02:33:50 pm »
Hello,
I've lot of trafic coming from 45.142.195.xx and despite GeoIp blocking all IP V4 trafic except FR, the trafic pass trough OpnSense. The smtp server is attacked massively.
2020-04-16T13:58:35 filterlog: 69,,,0,re0,match,pass,out,4,0x0,,57,39637,0,DF,6,tcp,60,45.142.195.xx,192.168.1.254,53080,25,0,S,1841383170,,29200,,mss;sackOK;TS;nop;wscale
I've check the CSV IPV4 file from GeoIp Zip file and I find 45.142.192.0/22.
So the subnet 45.142.192.0/24 , 45.142.193.0/24 , 45.142.193.0/24 and 45.142.193.0/24 are from Germany (Allemagne) , not FR, so the address must be blocked.
network geoname_id locale_code
45.142.192.0/22 2921044 Allemagne
45.142.196.0/22 248816 Jordanie
The parameters below seem to be good, but surely, something is wrong. Some help would be very appreciate.
I've define the Alias for GeoIP
Just unselect France (FR)
and block all traffic on Wan If for GeoIPAlias
The DB seems to be correctly uploaded
Thanks by advance
Christophe
«
Last Edit: April 16, 2020, 02:58:43 pm by bruch05
»
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
GeoIP - Subnet not correctly handled - Help :-)