Blocking based on GeoIP

Started by Taomyn, September 13, 2017, 05:43:09 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
September 13, 2017, 05:43:09 PM Last Edit: September 13, 2017, 05:49:50 PM by Taomyn
Hi,


I'm on 17.7.2 but since I stopped trying to use IDS/IPS in v16 (as it just didn't work) I thought I would revisit this. BTW. I am only worried about incoming connections below, not what I can connect to from inside my network.


Firstly, is there any chance of a decent way to choose GeoIPs? Every other firewall/applicance/service I have used allows me to pick the main geographic regions as an entire selection e.g. Europe, Oceania, and to also include/exclude countries within them. Unfortunately the way OPNsense does this makes it very difficult to maintain let alone to use.


For example, I tried in IDS to enter a rule of the countries I wanted blocked, the interface is very un-intuitive and it took some time to realise you have to enter the characters of a country to get to the others in the list. When this started to become a chore, I decided to try using the "not" countries to only allow incoming traffic the countries I wanted, but for some reason this instantly blocked access to the firewall internally and I was forced to restore a backup via the console. I can only assume that because my local network was not in the list of allowed source countries, I got blocked. So I disabled IDS/IPS to try using just a firewall.



So trying it as a firewall rule I hit against to issues. First, the same as above, the input of just countries is a problem, second, I added just 12 allowed countries, and the firewall now complains there is not enough memory to store the rule. It's just twelve entries and I'm not even finished. Can I fix this message?

There were error(s) loading the rules: /tmp/rules.debug:22: cannot define table Allowed_GeoIPs_IPv4: Cannot allocate memory - The line in question reads [22]: table <Allowed_GeoIPs_IPv4> persist file "/var/db/aliastables/Allowed_GeoIPs_IPv4.txt"

Also, I swore there used to be a function perhaps in the Firewall diagnostics section to reload the rules but I can't for the life of me find it. Can you tell me where it is?
September 13, 2017, 06:04:46 PM #1
This page has been dropped because it was redundant. You just have to reload the "pf" service.
Print
Go Up Pages1
User actions