[Solved]Geoip

Started by bmail, September 14, 2019, 06:34:58 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
September 14, 2019, 06:34:58 PM Last Edit: September 14, 2019, 08:24:57 PM by bmail
Hello,

I use 19.7.4 and Maltrail.

Could somebody explain to me how  does the geoip database is updated ?

I used (since OPNsense 18.1) to use Geoip with an alias and a rule for indound wan interface in first position. And now, I try Maltrail  and I notice lots of "malicious traffic" coming from China and Russia... However, nothing personal, but my geoip alias and firewall rule is supposed to block these countries.

I wonder if my firewall rule is really applied ... Or if these ip are recently affected to these countries and my geoip database is not really updated.

Does Geoip database is updated with the cron task "update and reload firewall aliases" ?  I've already got this cron task.
Is it relative with GeoLite Legacy databases discontinued on January 2 ?

Thanks a lot for any advice.
Bertrand
September 14, 2019, 07:22:50 PM #1
The bpf capture of maltrail happens before pf filter, keep cool and Safe :)
September 14, 2019, 08:23:24 PM #2
Hi mimugmail,

Thanks a lot for this explanation.

Phew !

best regards,
Bertrand
Print
Go Up Pages1
User actions