GeoIP inverse rule not working

Started by wallaby501, March 27, 2021, 02:26:16 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 27, 2021, 02:26:16 AM Last Edit: March 27, 2021, 03:25:40 AM by wallaby501
Trying to configure GeoIP and am unsure what I am doing wrong.

I'm trying to make my firewall aliases smaller by selecting the countries I want to allow then just inverting them.
So I've selected maybe 15 countries and made a GeoIPv4 alias (only IPv4 entries).

I then go to make a rule on my LAN with
- reject
- ipv4
- in
- destination ! GeoIPv4

This does not work. It seems to just block any and all traffic on the LAN. I've upped the max firewall entries from 400k to 800k, recreated the alias etc. and nothing seems to work. My only real thought is I either need to make it out direction OR make a newer alias including GeoIPv4 and LAN in one (so I can hit my dns, etc.)
July 05, 2021, 08:45:17 PM #1
did you manage to solve this? I'm finding a similar behaviour.
July 09, 2021, 10:43:59 PM #2
I have Geoip Egress and Ingress rules working.  I believe you need to have them on the WAN interface.  Since the "next hop" for devices on the LANs is the OPNsense router itself.

At least that is what I found to work for me after much trial and error. 
Print
Go Up Pages1
User actions