Can't get GeoIP Blocking to Work

Started by feerlessleadr, December 22, 2024, 06:59:33 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
December 22, 2024, 06:59:33 AM
Hi All - fairly new to opnsense but have been getting up to speed quickly.

I'm trying to setup geo-ip blocking on my WAN using aliases and firewall rules, but despite my best efforts IPs from countries I'm supposed to be blocking are still able to access services that I have externally exposed through caddy (hosted on a VM on proxmox behind OPNSense).

I followed the official documentation (here) to add maxmind db to opnsense, and everything updates correctly.

I then created an alias for the US (to test after I thought that the blocking wasn't working). I then created a firewall rule on my WAN (I have to use a vlan to connect to my fiber provider) and placed it at the top, with the attached settings. When I use my phone (not on wifi and not on VPN, located in the US), I'm still able to access all of my externally facing services.

Does anyone have an idea of what I'm doing wrong?

Thanks!

December 22, 2024, 09:31:22 PM #1 Last Edit: December 22, 2024, 09:37:09 PM by AhnHEL
Did you reset the State Table after creating your rules?

Firewall: Diagnostics: States: Reset State Table
AhnHEL (Angel)
December 23, 2024, 04:16:35 AM #2
Thanks for the suggestion - I tried doing that, but it still seems like my external services are visible from blocked countries.
December 23, 2024, 10:31:35 AM #3
And is the GeoIP table/Alias populated? or is it empty?

Regards,
S.
Networking is love. You may hate it, but in the end, you always come back to it.

OPNSense HW
APU2D2 - deceased
N5105 - i226-V | Patriot 2x8G 3200 DDR4 | L 790 512G - VM HA(SOON)
N100   - i226-V | Crucial 16G  4800 DDR5 | S 980 500G - PROD
December 23, 2024, 04:47:51 PM #4
If is the top rule, shouldn't the destination be the WAN address ?
Print
Go Up Pages1
User actions