GeoIP problems

[athurdent]

My GeoIP database is downloading fine, using the new method, see screenshot below. I'm using the latest version of OPNsense.

It seems there is no error handling if something goes wrong, or tables end up empty. I might be missing some settings here though, new to OPNsense.

Sometimes an error is logged in syslog, e.g. selecting Asia/IPv4 results in an empty table:

Code Select Expand

configd.py: encode idna: unable to decode AE#012AF#012AM#012AZ#012BD#012BH#012BN#012BT#012CN#012CY#012GE#012HK#012ID#012IL#012IN#012IQ#012IR#012JO#012JP#012KG#012KH#012KP#012KR#012KW#012KZ#012LA#012LB#012LK#012MM#012MN#012MO#012MY#012NP#012OM#012PH#012PK#012PS#012QA#012SA#012SG#012SY#012TH#012TJ#012TL#012TM#012TW#012UZ#012VN#012YE, return source

Another example, this one seems OK for IPv4 but is empty for IPv6: US,BE,DE,FR,GB,IE,NL

Problems arise when using GeoIP as suggested in the manual, by allowing access only for selected countries, and not blocking every unwanted country on top of the ruleset:

If the above mentioned IPv6 table ends up empty for some reason, an allow rule with that table as source has no effect and access is blocked because there is any empty table, which does not contain "any" as failsafe it seems.