Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
16.7 Legacy Series
»
[SOLVED] Country Blocks
« previous
next »
Print
Pages: [
1
]
Author
Topic: [SOLVED] Country Blocks (Read 21256 times)
Julien
Hero Member
Posts: 666
Karma: 33
[SOLVED] Country Blocks
«
on:
July 09, 2016, 12:24:50 am »
Hi Guys,
we got a lot of chines, Russian Deny attempt in the firewall.
i want to block those attempt .
i found this tutorial
https://docs.opnsense.org/manual/how-tos/ips-geoip.html
the issue i have now is the firewall doesn't have a HDD but a 64GB SD.
is this even still possible or the IP GEOIP need right to writ to the SD which is not possible with SD ?
thank you
«
Last Edit: July 11, 2016, 11:11:20 am by franco
»
Logged
OPNsense 23.1.7_3-amd64
FreeBSD 13.1-RELEASE-p7
OpenSSL 1.1.1t 7 Feb 2023
franco
Administrator
Hero Member
Posts: 17656
Karma: 1610
Re: Country Blocks,
«
Reply #1 on:
July 11, 2016, 11:11:09 am »
Hi Julien,
The Intrusion Detection GeoIP is not the most useful we have found.
There's a better country-block option using Firewall: Aliases, just take a look there... very easy to configure and to be used in the firewall rules. (Make sure you are on the latest version.)
Cheers,
Franco
Logged
Julien
Hero Member
Posts: 666
Karma: 33
Re: [SOLVED] Country Blocks
«
Reply #2 on:
July 11, 2016, 05:22:34 pm »
thank you Franco.
do you guys have some manual for this IP GEO ?
i would appreciate it
Logged
OPNsense 23.1.7_3-amd64
FreeBSD 13.1-RELEASE-p7
OpenSSL 1.1.1t 7 Feb 2023
franco
Administrator
Hero Member
Posts: 17656
Karma: 1610
Re: [SOLVED] Country Blocks
«
Reply #3 on:
July 11, 2016, 06:40:03 pm »
Hey Julien,
Not at this point. It's on our schedule, but not before 16.7 is out. It's the holiday season after all.
The usage is simple: Add a new alias, enter a name, select "GeoIP" from the types, select the IP protocol (IPv4 is the default), pick a number of Countries from the list and save when you're done. Afterwards, you'll be able to reference the alias from the firewall rules under source or destination.
Cheers,
Franco
Logged
nrf
Newbie
Posts: 12
Karma: 0
Re: [SOLVED] Country Blocks
«
Reply #4 on:
July 12, 2016, 03:41:18 am »
nice, but could be more efficient to be able to specify both ipv4 and ipv6 or at least clone/copy one to a new one so that can be tweaked.
just a suggestion from someone who now is making two very long lists and hoping they are the same.
nrf
Logged
franco
Administrator
Hero Member
Posts: 17656
Karma: 1610
Re: [SOLVED] Country Blocks
«
Reply #5 on:
July 12, 2016, 06:34:08 am »
Hi nrf,
I agree. The lists are separated as globally as IPv4 and IPv6, so that design choice was made so, but I think we should be able to get a "both" option too by merging both lists. We'll look into this, thanks.
Cheers,
Franco
Logged
nrf
Newbie
Posts: 12
Karma: 0
Re: [SOLVED] Country Blocks
«
Reply #6 on:
July 12, 2016, 12:41:47 pm »
thanks for your kind consideration. given it is kind of a one-time thing I will be patient for such an improvement!
Logged
nrf
Newbie
Posts: 12
Karma: 0
Re: [SOLVED] Country Blocks
«
Reply #7 on:
July 14, 2016, 01:28:13 am »
so a guy has to ask, given that either intrusion prevention or firewall rules can do this, are there any pros/cons to one or the other? importantly, performance differences?
thanks for your participation in this forum!
Logged
franco
Administrator
Hero Member
Posts: 17656
Karma: 1610
Re: [SOLVED] Country Blocks
«
Reply #8 on:
July 16, 2016, 09:38:46 pm »
The intrusion detection feature was added earlier to allow users to employ geolocation-based policies.
But as we later found that Suricata integration for GeoIP in OPNsense is not as useful as we wanted it to be as it does not tie into our normal firewall rules, we decided to allow geolocation-based aliases in the firewall itself.
Both features use the same database, but the latter is more flexible and capable.
Logged
ajzimme
Newbie
Posts: 8
Karma: 0
Re: [SOLVED] Country Blocks
«
Reply #9 on:
February 24, 2017, 04:42:34 am »
Hi, I don't see any option to select aliases in the rule creation page.
Logged
AdSchellevis
Administrator
Hero Member
Posts: 907
Karma: 184
Re: [SOLVED] Country Blocks
«
Reply #10 on:
February 24, 2017, 08:41:35 am »
Just check your source and/or destination, the aliases are in the list (for both addresses and ports).
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
16.7 Legacy Series
»
[SOLVED] Country Blocks