OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 17.1 Legacy Series »
  • Pfblocker on opnsense
« previous next »
  • Print
Pages: [1]

Author Topic: Pfblocker on opnsense  (Read 6644 times)

Julien

  • Hero Member
  • *****
  • Posts: 651
  • Karma: 32
    • View Profile
Pfblocker on opnsense
« on: February 12, 2017, 09:01:30 pm »
Hi Guys,
Are we seeing Pfblocker somewhere soon on the opnsense 17.x ?
I would like to block countries we don't log from. like China, Russia...
thank you
Logged
An intelligent man is sometimes forced to be drunk to spend time with his fool.

fabian

  • Hero Member
  • *****
  • Posts: 2768
  • Karma: 199
  • OPNsense Contributor (Language, VPN, Proxy, etc.)
    • View Profile
    • Personal Homepage
Re: Pfblocker on opnsense
« Reply #1 on: February 12, 2017, 10:44:27 pm »
Use IPS instead or a country alias. It will not come.
Logged

Julien

  • Hero Member
  • *****
  • Posts: 651
  • Karma: 32
    • View Profile
Re: Pfblocker on opnsense
« Reply #2 on: February 13, 2017, 02:35:13 pm »
Quote from: fabian on February 12, 2017, 10:44:27 pm
Use IPS instead or a country alias. It will not come.
thank you Fabian for your answer.
do you mean with country alias https://docs.opnsense.org/manual/aliases.html?highlight=country%20alias ? or something else ?

thank you
Logged
An intelligent man is sometimes forced to be drunk to spend time with his fool.

Wayne Train

  • Full Member
  • ***
  • Posts: 194
  • Karma: 12
    • View Profile
Re: Pfblocker on opnsense
« Reply #3 on: February 13, 2017, 10:00:32 pm »
Nope,
I think he means this one: https://docs.opnsense.org/manual/how-tos/ips-geoip.html
Regards,
CS
Logged

Julien

  • Hero Member
  • *****
  • Posts: 651
  • Karma: 32
    • View Profile
Re: Pfblocker on opnsense
« Reply #4 on: February 13, 2017, 10:59:24 pm »
Quote from: cs on February 13, 2017, 10:00:32 pm
Nope,
I think he means this one: https://docs.opnsense.org/manual/how-tos/ips-geoip.html
Regards,
CS
thank you,
not country means that country would not access the firewall or the other way around ?
Logged
An intelligent man is sometimes forced to be drunk to spend time with his fool.

Wayne Train

  • Full Member
  • ***
  • Posts: 194
  • Karma: 12
    • View Profile
Re: Pfblocker on opnsense
« Reply #5 on: February 14, 2017, 01:37:46 pm »
Hi,
"COUTRYNAME not" does the reverse. For example if ou choose "china not" your IPS will block everything except traffic going to and coming from china. I just selected the countries that most attacks originate from. According to symantec and other snakeoil-companies, this is russia, china and the greater trump-reich ;-) and some more... For testing purpose I selected russia and tried to surf to vkontakte which was succesfully blocked. Don't forget to click update & download rules after setting up your configuration. Otherwise your Geo-Block won't work.
Hope this helps.
Best regards,
CS
Logged

Julien

  • Hero Member
  • *****
  • Posts: 651
  • Karma: 32
    • View Profile
Re: Pfblocker on opnsense
« Reply #6 on: February 15, 2017, 12:03:00 am »
Quote from: cs on February 14, 2017, 01:37:46 pm
Hi,
"COUTRYNAME not" does the reverse. For example if ou choose "china not" your IPS will block everything except traffic going to and coming from china. I just selected the countries that most attacks originate from. According to symantec and other snakeoil-companies, this is russia, china and the greater trump-reich ;-) and some more... For testing purpose I selected russia and tried to surf to vkontakte which was succesfully blocked. Don't forget to click update & download rules after setting up your configuration. Otherwise your Geo-Block won't work.
Hope this helps.
Best regards,
CS
thank you for your explanation, can show a picture of the IPS rules ?
which countries are those according to Symantec ?

is the below screenshots the correct one to block traffic from in and to china ?
one issue after I enable the IPS my internet connections just drops fully, my internet goes down.
I've followed this link.https://docs.opnsense.org/manual/how-tos/ips-feodo.html
I noticed when I disable the rule for the USA on the Intrusion Detection and user diffened .
am I forced to not block the USA ?
thank you
« Last Edit: February 15, 2017, 01:13:47 am by Julien »
Logged
An intelligent man is sometimes forced to be drunk to spend time with his fool.

Julien

  • Hero Member
  • *****
  • Posts: 651
  • Karma: 32
    • View Profile
Re: Pfblocker on opnsense
« Reply #7 on: February 17, 2017, 01:27:08 am »
is this even possible ?
to block all countries at once ?
and allow only the one I need to open ?
Logged
An intelligent man is sometimes forced to be drunk to spend time with his fool.

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 13671
  • Karma: 1175
    • View Profile
Re: Pfblocker on opnsense
« Reply #8 on: February 17, 2017, 10:11:23 am »
Hmm, just to make sure: we have two GeoIP databases, one for the IPS another for the Aliases. I recommend the latter. Create an alias, chose the respective type and compile your country list. You can use these aliases freely in the firewall rules (and even invert your selection).


Cheers,
Franco
Logged

pgras

  • Newbie
  • *
  • Posts: 3
  • Karma: 0
    • View Profile
Re: Pfblocker on opnsense
« Reply #9 on: February 17, 2017, 11:26:28 am »
Quote from: franco on February 17, 2017, 10:11:23 am
Hmm, just to make sure: we have two GeoIP databases, one for the IPS another for the Aliases. I recommend the latter. Create an alias, chose the respective type and compile your country list. You can use these aliases freely in the firewall rules (and even invert your selection).


Cheers,
Franco

Hello Franco,

How would your rule(s) look like?
Thnx!
Logged

Julien

  • Hero Member
  • *****
  • Posts: 651
  • Karma: 32
    • View Profile
Re: Pfblocker on opnsense
« Reply #10 on: February 20, 2017, 09:22:27 pm »
Quote from: franco on February 17, 2017, 10:11:23 am
Hmm, just to make sure: we have two GeoIP databases, one for the IPS another for the Aliases. I recommend the latter. Create an alias, chose the respective type and compile your country list. You can use these aliases freely in the firewall rules (and even invert your selection).


Cheers,
Franco
thank you Franco for your answer.
do you guys have a tutorial or some document to follow ?
I really did not understand the GEOIP yet,
enabling it to block top 10 spammers countries causes us not receiving emails from our customer.

do we have to use ( our country not ) when activating this ?
« Last Edit: February 20, 2017, 09:28:58 pm by Julien »
Logged
An intelligent man is sometimes forced to be drunk to spend time with his fool.

  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 17.1 Legacy Series »
  • Pfblocker on opnsense
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2