25.7.11 GeoIP [SOLVED]

[MoonbeamFrame]

Following a 25.7.11 build and config restoration I'm not seeing any of my rules trigger that use GeoIP aliases.

I originally thought it might be an issue with the IPinfo feed but I see the same behavior when I use the Maxmind data.

Both sources report the expected number of number ranges:

Maxmind

Last updated 2026-01-16T09:38:04    
Total number of ranges    1255047



IPinfo

Last updated 2026-01-17T17:26:22.321535    
Total number of ranges 4464742


Any ideas?

[Patrick M. Hausen]

Edit and save the alias again, possibly?

[MoonbeamFrame]

Thanks Patrick

I had created a new GeoIP alias. Which triggered the download of the respective GeoIP data.

I had also tried editing and saving all the original aliases.

[zyon]

The free version of the Maxmind database is only updated on Mondays and Fridays, I believe, right?

[MoonbeamFrame]

Maybe, but the current dataset was reported to have downloaded.

For both datasets the expected number of ranges are shown in the GeoIP settings tab.

[meyergru]

Maybe you wanted to block certain regions from accessing your forwarded ports and forgot that implicit NAT rules are prioritized over interface rules?

In order to make that work, you need to create floating block rules for your WAN interface or use the inverted range in the source part of your NAT rules.

[MoonbeamFrame]

Did I miss some changes between 25.7.10 and 25.7.11?

The restored config was running as expected on 25.7.10.

[meyergru]

No, no change there. Yet, for me, GeoIP works fine.

[MoonbeamFrame]

And it is working fine for the other firewalls that I already upgraded to 25.7.11

But I won't be doing the rest until I have this one working.

[MoonbeamFrame]

OK. Now resolved. The problem was caused by the rebuild order.

I did the initial rebuild from a fresh download of the installation sources. Restored the config, then applied updates.

Doing the rebuild, then applying the updates, then restoring the backup works.