GeoIP - Subnet not correctly handled - Help :-)

Started by bruch05, April 16, 2020, 02:33:50 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
April 16, 2020, 02:33:50 PM Last Edit: April 16, 2020, 02:58:43 PM by bruch05
Hello,

I've lot of trafic coming from 45.142.195.xx and despite GeoIp blocking all IP V4 trafic except FR, the trafic pass trough OpnSense. The smtp server is attacked massively.

2020-04-16T13:58:35   filterlog: 69,,,0,re0,match,pass,out,4,0x0,,57,39637,0,DF,6,tcp,60,45.142.195.xx,192.168.1.254,53080,25,0,S,1841383170,,29200,,mss;sackOK;TS;nop;wscale

I've check the CSV IPV4 file from GeoIp Zip file and I find 45.142.192.0/22.
So the subnet 45.142.192.0/24 , 45.142.193.0/24 , 45.142.193.0/24  and 45.142.193.0/24 are from Germany (Allemagne) , not FR, so the address must be blocked.

network   geoname_id   locale_code
45.142.192.0/22   2921044   Allemagne
45.142.196.0/22   248816   Jordanie

The parameters below seem to be good, but surely, something is wrong. Some help would be very appreciate.

I've define the Alias for GeoIP



Just unselect France (FR)



and block all traffic on Wan If for GeoIPAlias



The DB seems to be correctly uploaded



Thanks by advance
Christophe
Print
Go Up Pages1
User actions