GeoIP - Subnet not correctly handled - Help :-)

[bruch05]

Hello,

I've lot of trafic coming from 45.142.195.xx and despite GeoIp blocking all IP V4 trafic except FR, the trafic pass trough OpnSense. The smtp server is attacked massively.

2020-04-16T13:58:35   filterlog: 69,,,0,re0,match,pass,out,4,0x0,,57,39637,0,DF,6,tcp,60,45.142.195.xx,192.168.1.254,53080,25,0,S,1841383170,,29200,,mss;sackOK;TS;nop;wscale

I've check the CSV IPV4 file from GeoIp Zip file and I find 45.142.192.0/22.
So the subnet 45.142.192.0/24 , 45.142.193.0/24 , 45.142.193.0/24  and 45.142.193.0/24 are from Germany (Allemagne) , not FR, so the address must be blocked.

network   geoname_id   locale_code
45.142.192.0/22   2921044   Allemagne
45.142.196.0/22   248816   Jordanie

The parameters below seem to be good, but surely, something is wrong. Some help would be very appreciate.

I've define the Alias for GeoIP



Just unselect France (FR)



and block all traffic on Wan If for GeoIPAlias



The DB seems to be correctly uploaded



Thanks by advance
Christophe