Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
20.1 Legacy Series
»
GeoIP Firewall Question, v19 vs v20?
« previous
next »
Print
Pages: [
1
]
Author
Topic: GeoIP Firewall Question, v19 vs v20? (Read 1988 times)
anomaly0617
Jr. Member
Posts: 50
Karma: 0
GeoIP Firewall Question, v19 vs v20?
«
on:
February 26, 2020, 07:41:59 pm »
Hi all,
I was referencing
this documentation
the other day to get up country-based IP filtering.
The documentation states "In OPNsense, goto Firewall:Aliases and select the GeoIP settings tab. Enter the URL you have created into the URL box and click Apply, and that’s it."
When I go to Firewall:Aliases on an OpnSense v20.1 server, I see this tab. However, on a v19.7.6 firewall, there is no GeoIP tab. On this one, when you create an alias you can choose GeoIP as an alias type, and then from there select the countries you want to block. Then, in theory, you make a block rule in Firewall:Rules:Floating, selecting all of your outside interfaces, and then block anything with a source of the GeoIP Alias.
I see that in v20 I can still do this with the aliases, as type GeoIP.
So, I'm just looking for clarification. Is the Alias method OK to use? Is the GeoIP method the one we're supposed to use? I don't want to assume that the alias method is working to block inbound traffic from undesirable countries and then find out that it doesn't actually work without MaxMind and the GeoIP tab.
Thanks, in advance!
Logged
pv2b
Newbie
Posts: 16
Karma: 5
Re: GeoIP Firewall Question, v19 vs v20?
«
Reply #1 on:
February 26, 2020, 09:36:35 pm »
Due to changes in how MaxMind provides the GeoIP database, you need your own API key. That's what the documentation is there to show you.
Earlier versions of OPNsense do not have the corresponding settings needed to put in your own API key.
If you try to use GeoIP with these older versions of OPNsense, the feature will not work. Any GeoIP alias will act as if it were empty.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
20.1 Legacy Series
»
GeoIP Firewall Question, v19 vs v20?