Using alias plus geolocation in a firewall ruse?

Started by blue_shift, March 15, 2025, 10:53:19 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 15, 2025, 10:53:19 AM
Hello,

I got a firewall rule with the condition "if not in alias, then allow" (that alias got filled with IP-adresses of a local fail2ban).
Now I would like to extend that rule with a geolocation information. Finally with the logic "if not in alias and location is ?"
then allow.

Is that somehow possible in OPNSense?

Thanks for your help! :)
March 15, 2025, 11:07:24 AM #1
Create geolocation alias, place first alias and geo alias in group, use that?

Haven't tried, honestly, but if it's possible, that's probably how to do it.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
March 15, 2025, 01:01:19 PM #2
Creating an Alias type Network Group would allow adding the GeoIP and another alias. Not to be confused with Firewall - Groups.

Arguably the same functionality could be achieved with reject/drop rules depending on the direction in a dedicated vlan - one for the geoblock and another for the alias, or with floating rules if the same alias+geoblock rule needs to be applied to multiple vlans
Print
Go Up Pages1
User actions