[SOLVED] GEOIP blocking no longer working 20.7

Started by nivek1612, July 31, 2020, 11:15:42 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
July 31, 2020, 11:15:42 PM Last Edit: August 02, 2020, 01:02:31 PM by nivek1612
Upgrade appeared to go to plan except for the following rules which used to allow traffic from just a few specific countries now block everything so no external access to my firewall.

I have disabled them and all traffic flows again


EDIT : After re-saving the GOIP alias it started working again 


OPNsense 24.7.* on Qotom i5-5250U with AAISP FTTP 900/120
OPNsense 24.7.* on Qotom i7-4500U with Orange FR FTTP 1000/400

Team Rebellion Member
One of Marjohns TESTERS :-)
August 01, 2020, 12:20:16 PM #1
Hi,

I cannot confirm your problem on my OPNsense instance. It works for me.
Maybe your API key expired?

BR
Manuel
August 01, 2020, 01:15:39 PM #2
Hi,

Just upgraded two systems from 20.1 to 20.7 and I can also confirm that GEOIP is working.
August 02, 2020, 10:05:52 PM #3 Last Edit: August 02, 2020, 10:14:07 PM by Goldorak92
Hi,

Same here, a GeoIp rule which was working before the 20.7 upgrade seems to change the drop actions.
I have a negate GeoIp rule (ie: "invert" + alias="my country" => drop) and even if I re-save the GeoIp alias, packets are dropped.
If I change the rule with a "allow" action, it works, but I can't see if other countries are dropped from this rule.

G.
August 03, 2020, 01:55:46 AM #4
I installed GeoIP for the the first time under 20.7. As a newbie, I was rather pleased that it worked once I used the right URL.

It is nice not to receive alerts from the mail server that some unsolicited logon attempt was being from an external address.

Kind regards.
August 05, 2020, 07:18:51 PM #5
the re-saving the alias it did NOT work for me. The GEOIP does NOT work properly for me after the upgrade.
August 06, 2020, 10:12:34 PM #6
Quote from: saveka on August 05, 2020, 07:18:51 PM
the re-saving the alias it did NOT work for me. The GEOIP does NOT work properly for me after the upgrade.

Same for me, I've seen solved on two of these reports.  I can't get mine to add a thing to my rules, key hasn't expired as the URL works fine in a browser and even shows that it's updated on 8-04.  I've deleted aliases and started from scratch, I've tried manually adding IP's clearing and re-saving the alias, rebooting, nothing will bring it back to life on my install. 
August 08, 2020, 10:38:11 AM #7
it all started to work for me once I enabled the Destination / Invert in the rule (?!?!?)

Then checked the pftop and filtered by rules and immediately I start seeing they been populated with data, another check on my software and I saw correctly filtering by GeoIP.

anyone has any idea why is this happening and what Destination / Invert is doing ?

It seems to be working very well. I left it for one whole night and not even one issue with it ,the proper GeoIP IPs are being blocked , perfectly well but I still do not understand what this Destination / Invert is !?

I understand it is inverting the match you specify earlier but for me it should work the other way around!

Thanks
Vladi
August 10, 2020, 12:18:35 PM #8 Last Edit: August 10, 2020, 12:23:21 PM by Julien
Invert for me also not working.
i think this is a bug and has nothing to do with the invert.

It inverts the match. Say you add a rule allowing any source to destination 8.8.8.8, that allows traffic to 8.8.8.8. Change that to inverted destination and it's allow to destination not 8.8.8.8 - e.g. anything but 8.8.8.8.
DEC4240 – OPNsense Owner
August 10, 2020, 08:08:37 PM #9 Last Edit: August 10, 2020, 08:51:46 PM by Julien
I managed to get this resolved.

make sure to delete the existing ALIASE and create a new one, for me it loaded the rules and IP.

if you dont want to delete the aliase because it on plenty of rules, just unselect the countries, save it and readd them again and it should update.

if it will remain working i dont know, but ill report back after two days
DEC4240 – OPNsense Owner
August 10, 2020, 10:44:35 PM #10
I have already tried what you saying but it did not work for me. I even tried to delete all rules and all aliases I had but it did not work for me , many restarts , many firewall reloads and it did not work for me , the only thing that made it work was the do destination invert , nothing else worked for me ... I know what this does I was just wondering why would it work this way ....anyways thanks alot !
August 11, 2020, 02:00:49 PM #11
@saveka i had this done in 10 boxes already and its working for me.
PM me and i can have a look with you with teamviewer if you prefer.
otherwise see me at the IRC and i'll help you.
DEC4240 – OPNsense Owner
September 11, 2020, 04:55:50 PM #12
Hi All,

My OPNSENSE 20.7.2 has GEOIP updated but rules aren't working...
Note: firewall is in bridge mode.

Any help is more than welcome.

Thank you,
Jose
September 11, 2020, 05:42:01 PM #13
Hi @joseoliveirapt,

As said in other threads, you just have to go to firewall=>settings=>advanced, and modify the max entries in firewall table up to 400.000 (default is 200.000), and save again your geoip aliases to apply.

Goldorak92
Print
Go Up Pages1
User actions