[SOLVED] Help with outbound GEO Blocking

Started by DNE, February 26, 2025, 04:37:46 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 26, 2025, 04:37:46 PM Last Edit: February 26, 2025, 06:26:59 PM by DNE
I have just setup a new system so might be missing something.

Versions
OPNsense 25.1.1-amd64
FreeBSD 14.2-RELEASE-p1
OpenSSL 3.0.16

I have setup GEO Blocking with MaxMind, the alias has been populated with IPv4 and IPv6 addresses.

I have then created an outbound block rule [LAN]>[In} with the alias as the destination.

When I go to https://www.apsystems.cn/ the webpage loads, however logfiles > liveview shows:

Action: Block Label:Country Block Outbound

I believe I have setup my rules correctly but can still access that website.
February 26, 2025, 04:48:15 PM #1
Added Screenshots.
February 26, 2025, 04:55:53 PM #2
Try a DNS resolution and you will immediately find that this domain is being hosted on Cloudfront.net, which is hosted anywhere (usually in a location near you). For me, the IPv4 is in Germany, the IPv6 in India. So, with IPv6 being higher in priority, probably that would first get blocked if I block India and then IPv4 kicks in, allowing the traffic.
Intel N100, 4 x I226-V, 16 GByte, 256 GByte NVME, ZTE F6005

1100 down / 770 up, Bufferbloat A
February 26, 2025, 05:25:29 PM #3
Thanks meyergru,

I was just looking into that and the site is being loaded from 2600:9000:2062:9c00:1d:3366:ad80:93a1 which is an Amazon Datacenter in the United States.

Thanks
Print
Go Up Pages1
User actions