Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
GeoIP URL / IP Exclusion
« previous
next »
Print
Pages: [
1
]
Author
Topic: GeoIP URL / IP Exclusion (Read 251 times)
ceejay111
Newbie
Posts: 2
Karma: 0
GeoIP URL / IP Exclusion
«
on:
November 12, 2024, 09:21:27 pm »
Version: OPNsense 24.7.7-amd64
I am currently utilizing the GeoIP settings to block the top countries based on malicious actors.
I would like to add the Netherlands to this block list, but cannot since opnsense.org is hosted there. Is it possible to create some type of rule above my country block that would exclude the opnsense.org domain? I tried doing this via host and IP aliases, but it didn't seem to work.
Any assistance would be greatly appreciated.
Logged
AdSchellevis
Administrator
Hero Member
Posts: 907
Karma: 184
Re: GeoIP URL / IP Exclusion
«
Reply #1 on:
November 13, 2024, 10:00:39 am »
Hi,
You can nest aliases and exclude addresses in the inherited alias, see
https://docs.opnsense.org/manual/aliases.html#nesting
(and the FireHOL_with_exclusions example)
Best regards,
Ad
Logged
ceejay111
Newbie
Posts: 2
Karma: 0
Re: GeoIP URL / IP Exclusion
«
Reply #2 on:
November 13, 2024, 06:57:59 pm »
Thank you for this information, I was able to create a Nested Group with my GeoIP alias and IP_Whitelist alias which worked.
My next question is, can an alias be created to exclude hostnames instead?
For example, my IP_White list has "!178.162.131.118" which currently excludes opnsense.org from the GeoIP block. I've seen documentation that says you should be able to do "!opnsense.org", but I get an invalid hostname when trying to save it.
Logged
AdSchellevis
Administrator
Hero Member
Posts: 907
Karma: 184
Re: GeoIP URL / IP Exclusion
«
Reply #3 on:
November 14, 2024, 08:11:22 am »
You can not, but as far as I can find the documentation also doesn't suggest you can.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
GeoIP URL / IP Exclusion