Floating Rules for GeoIP Country Blocking Not Working

Started by Amanaki, December 06, 2018, 04:10:32 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
December 06, 2018, 04:10:32 PM
Hi all,

Have been tinkering with blocking known attack source countries but cannot seem to get this working as expected.

I read that the IDS method was essentially replaced with the alias method and have followed the guides I have found on this forum to try it out with no luck.

I have enclosed screenshots of my alias and firewall rules to help with identifying where I might be going wrong.

Any ideas?

Thanks,
Manaki
December 07, 2018, 07:48:09 AM #1
Have you increased your Firewall Maximum Table Entries? Firewall: Settings: Advanced, set to 1000000 or more.


Cheers,
Franco
December 07, 2018, 09:07:37 AM #2
Curiousity hoe are you trying to block those countries ?
If you are gonna use a firewall rules on the wan make sure your firewall have enough resources.
I've tried it before and my firewall cpu was overloaded which causes voip phones issues
DEC4240 – OPNsense Owner
December 08, 2018, 11:53:34 PM #3
Hey Franco,

Thanks for that clarification. Seems it is working but as pointed out by Julien, there is an issue with memory. I have only 4GB/8GB allocated to my installation.

I know in the alias I provided, I have quite a few countries selected for blocking. Truth is, I only really care about blocking aggressive attack countries like 'CN', 'RU'.

Is there any other way to do it that is not so memory intensive?

Thanks,
Naki
Print
Go Up Pages1
User actions