Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Firewall WAN rules not working
« previous
next »
Print
Pages: [
1
]
Author
Topic: Firewall WAN rules not working (Read 1650 times)
bnason
Newbie
Posts: 3
Karma: 0
Firewall WAN rules not working
«
on:
October 09, 2022, 11:32:00 pm »
I've setup GeoIP and created an Alias called 'allowed_counties' which includes only the countries I want to connect to. I then created 2 WAN Firewall Rules, 1 for in and 1 for out. But they don't seem to be working. I can still contact IPs outside the country list. Any help would be greatly appreciated!
Rules:
* Block Not Allowed Countries In
Action: Block
Interface: WAN
Direction: In
Source / Invert: Checked
Source: allowed_countries
* Block Not Allowed Countries Out
Action: Block
Interface: WAN
Direction: Out
Destination / Invert: Checked
Destination: allowed_countries
Logged
Demusman
Sr. Member
Posts: 304
Karma: 13
Re: Firewall WAN rules not working
«
Reply #1 on:
October 09, 2022, 11:48:45 pm »
You would have to create the rule on the LAN, not WAN.
"In" is traffic FROM the connected network into the interface it's connected to.
"Out" is traffic from the interface TO the connected network.
You would hardly ever need an "Out" rule.
Logged
bnason
Newbie
Posts: 3
Karma: 0
Re: Firewall WAN rules not working
«
Reply #2 on:
October 10, 2022, 02:58:44 pm »
Which rule should be on the LAN? My thought behind the OUT rule was that if a program directly has an IP for a country that should be blocked, it would still be able to make a connection to it. Are you saying the IN rule would block that?
BTW, this is the guide I followed to setup everything (except the out rule)
https://techlabs.blog/categories/how-to-guides/set-up-maxmind-geoip-blocking-in-opnsense
«
Last Edit: October 10, 2022, 03:50:06 pm by bnason
»
Logged
bnason
Newbie
Posts: 3
Karma: 0
Re: Firewall WAN rules not working
«
Reply #3 on:
October 10, 2022, 05:16:59 pm »
So I believe the WAN IN Geo Blocking rule is working, though it's hard to test. I found 2 port checker websites and the one from the US showed an open port and the one outside showed a closed port.
Now I'm trying to figure out a good way to block outgoing traffic as well. Currently there is just the "Default Allow LAN to any rule" and when I added my "Block Not Allowed Countries" rule, it blocked all traffic. I'm assuming that's because it's now blocking local network traffic as well. I'm not sure the best way to work around that as I can't add the local net to my 'allowed_countries' alias (as far as I know)
Logged
Demusman
Sr. Member
Posts: 304
Karma: 13
Re: Firewall WAN rules not working
«
Reply #4 on:
October 10, 2022, 06:29:28 pm »
"which includes only the countries I want to connect to."
This means traffic originating from you, correct?
Then the rule goes on the LAN not WAN.
All traffic is blocked on the WAN by default, ie No rules = all blocked.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Firewall WAN rules not working