Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
24.1 Legacy Series
»
Question regarding GEOIP and floating rules
« previous
next »
Print
Pages: [
1
]
Author
Topic: Question regarding GEOIP and floating rules (Read 402 times)
afX33800
Newbie
Posts: 12
Karma: 1
Question regarding GEOIP and floating rules
«
on:
July 17, 2024, 11:40:16 am »
Hello,
I've an interrogation about GEOIP and floating rules.
I've installed GEOIP by Maxmind and Opnsense how to.
I blocked all of the world excepted Europe.
I don't understand why on Suricata I've plenty on entry log from IP "normally" blocked on Wan.
So I think about a misconfiguration on my rules, or on other problem.
I've joined my floating rules. If you can see and say if you detect an error.
I've 10 interfaces because of (WAN + LAN + VPN + VLANS).
thanks in advance !
Aurélien
Logged
Patrick M. Hausen
Hero Member
Posts: 6841
Karma: 574
Re: Question regarding GEOIP and floating rules
«
Reply #1 on:
July 17, 2024, 11:44:43 am »
If you run Suricata on WAN it will be applied before any firewall rules.
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
afX33800
Newbie
Posts: 12
Karma: 1
Re: Question regarding GEOIP and floating rules
«
Reply #2 on:
July 17, 2024, 01:57:39 pm »
Indeed with this information, it's more clear.
So other question :
What is the best security process ?
Run suricata on wan (like actually) or to be confident on DROP rules on wan side ?
Logged
Patrick M. Hausen
Hero Member
Posts: 6841
Karma: 574
Re: Question regarding GEOIP and floating rules
«
Reply #3 on:
July 17, 2024, 02:11:59 pm »
There is no "best" process. I personally don't believe in IDS and do not use any of them. I run Crowdsec, though.
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
24.1 Legacy Series
»
Question regarding GEOIP and floating rules