GeoIP URL / IP Exclusion

Started by ceejay111, November 12, 2024, 09:21:27 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
November 12, 2024, 09:21:27 PM
Version: OPNsense 24.7.7-amd64

I am currently utilizing the GeoIP settings to block the top countries based on malicious actors.

I would like to add the Netherlands to this block list, but cannot since opnsense.org is hosted there. Is it possible to create some type of rule above my country block that would exclude the opnsense.org domain? I tried doing this via host and IP aliases, but it didn't seem to work.

Any assistance would be greatly appreciated.
November 13, 2024, 10:00:39 AM #1
Hi,

You can nest aliases and exclude addresses in the inherited alias, see https://docs.opnsense.org/manual/aliases.html#nesting (and the FireHOL_with_exclusions example)

Best regards,

Ad

November 13, 2024, 06:57:59 PM #2
Thank you for this information, I was able to create a Nested Group with my GeoIP alias and IP_Whitelist alias which worked.

My next question is, can an alias be created to exclude hostnames instead?

For example, my IP_White list has "!178.162.131.118" which currently excludes opnsense.org from the GeoIP block. I've seen documentation that says you should be able to do "!opnsense.org", but I get an invalid hostname when trying to save it.
November 14, 2024, 08:11:22 AM #3
You can not, but as far as I can find the documentation also doesn't suggest you can.
Print
Go Up Pages1
User actions