Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
17.1 Legacy Series
»
Suricata:User defined Rule (GeopIP Blocking) not working
« previous
next »
Print
Pages: [
1
]
Author
Topic: Suricata:User defined Rule (GeopIP Blocking) not working (Read 4065 times)
tcmax
Newbie
Posts: 8
Karma: 1
Suricata:User defined Rule (GeopIP Blocking) not working
«
on:
April 29, 2017, 10:51:38 am »
Hello,
OPNSense 17.1.5 up went through without problems, but now in the the logs i find mit (previous working)
rule GeoIP blocking being allowed instead of dropped.
I checked the settings, but verything seems to be ok.
IPS disabled, user defindes rule with a bunch of countries and default action "dropped".
I restartet the servie serveral times, reboot the whole machine, disabled / enabled the rule - no effect.
In the logs i read e.g. Rule Geoip blocking Dest: 123.207.241.38 (china, of course) an action: allowed
Why?
Any idea?
P.S: When IPS enabled, it changes to "blocked" - so far so good, but in the previous opnsense version IPS disabled still
uses my user defined rule, without using e.g. ET rules. Now opnsense seems to use my rule only, when ips enabled.
Disadvantage: IPS enabled hits my performance - throughput drops from 11,5 mb/sec to max 7.6 ...
«
Last Edit: April 29, 2017, 11:18:23 am by tcmax
»
Logged
Noctur
Jr. Member
Posts: 79
Karma: 4
Re: Suricata:User defined Rule (GeopIP Blocking) not working
«
Reply #1 on:
April 29, 2017, 06:35:19 pm »
Two thoughts... Are you shure you've changed the IPS rule from Allow to Block? Sorry if this is a basic question for you.
And, you could set up a China GEOIP blocking rule with a FW Alias and block there without neeting IPS.
Logged
overkill: Dell SFF i5, 16gb, 120gb SSD, 4x gb NICs
OPNsense 21.1.x
tcmax
Newbie
Posts: 8
Karma: 1
Re: Suricata:User defined Rule (GeopIP Blocking) not working
«
Reply #2 on:
April 29, 2017, 07:04:54 pm »
Yes, it´s set to drop.
The same rule worked the last months without any change and the log files said correctly: dropped.
It´s not just china, a dozend or more... and very comfortable to edit...
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
17.1 Legacy Series
»
Suricata:User defined Rule (GeopIP Blocking) not working