GeoIP Rules Question

guyp2k · August 09, 2020, 03:26:54 PM

Would the following rules be sufficient for GeoIP?

Mondmann · August 09, 2020, 05:50:04 PM

Hello,
Although I'm a newcomer to OPNsense, I have this
via a floating rule for "all interfaces"
and therefore the rule should apply to incoming and outgoing traffic.
(Should my rule be faulty, I would be happy about further contributions...)
Greetings from Germany

lar.hed · August 09, 2020, 06:41:33 PM

Okay, let's combine both your efforts then: Floating rule for sure, and both destination and source, in and out.

Mondmann · August 09, 2020, 07:54:49 PM

@ lar.hed
Okay, understood, with the proposed rule
the source and/or destination (GeoIP) is blocked.

Got it corrected right in my floating.

Thanks! :)

guyp2k · August 09, 2020, 09:41:35 PM

Thanks for the replies and here are my GeoIP floating rules:

Mondmann · August 09, 2020, 10:37:09 PM

@guyp2k
I think more like this -> see attachment...
Direction in and out and do not forget the interfaces
...concerning the rule...

guyp2k · August 09, 2020, 11:33:50 PM

Thanks again, scaled down to 2 floating rules and added the interfaces, see attached.

Mondmann · August 09, 2020, 11:54:08 PM

@guyp2k
OK -> reduced to 2 floating rules and added the interfaces

Your rule is not OK yet -> please have a look at geoip_2.png again! (marked with RED) or from lar.hed BlockCountries.jpg...

you recognize your error :o

guyp2k · August 10, 2020, 12:10:28 AM

Updated, see attached.

Thanks

Mondmann · August 10, 2020, 12:18:58 AM

yes, and now take the correct description - >
Your No. 1 = Block Countries Destination
Your No. 2 = Block Countries Source

guyp2k · August 10, 2020, 01:18:24 AM

Thanks for all the help, new to opnsnese and still learning....

lar.hed · August 10, 2020, 08:59:04 AM

May I ask why you only like to run the floating rules on a specific interface?

In my case I run GeoIP block on ALL interfaces, in all directions, both source and target - since I never expect it to be there so to speak.

I also block ALL TOR exit nodes, in the same manner - All interfaces, All directions and both source and target.

Mondmann · August 10, 2020, 11:26:52 AM

@ lar.hed

I agree with this and have generally selected all interfaces.
in my attachment: geoip_3.png i only made my private entries unrecognizable...

* and excuse me i write my texts via translation tool

Greetings from Germany

lar.hed · August 10, 2020, 11:50:14 AM

No worries mate! I can read german, but it is way to long ago I wrote, so sorry I will save is all from even trying :-)

Julien · August 10, 2020, 08:41:16 PM

What countries are you blocking for in and out ?
i am just curious.

GeoIP Rules Question

guyp2k

August 09, 2020, 03:26:54 PM

Mondmann

August 09, 2020, 05:50:04 PM #1

lar.hed

August 09, 2020, 06:41:33 PM #2

Mondmann

August 09, 2020, 07:54:49 PM #3

guyp2k

August 09, 2020, 09:41:35 PM #4

Mondmann

August 09, 2020, 10:37:09 PM #5

guyp2k

August 09, 2020, 11:33:50 PM #6

Mondmann

August 09, 2020, 11:54:08 PM #7 Last Edit: August 10, 2020, 11:17:23 AM by Mondmann

guyp2k

August 10, 2020, 12:10:28 AM #8

Mondmann

August 10, 2020, 12:18:58 AM #9

guyp2k

August 10, 2020, 01:18:24 AM #10

lar.hed

August 10, 2020, 08:59:04 AM #11

Mondmann

August 10, 2020, 11:26:52 AM #12 Last Edit: August 10, 2020, 01:38:49 PM by Mondmann

lar.hed

August 10, 2020, 11:50:14 AM #13

Julien

August 10, 2020, 08:41:16 PM #14