Work around high miss ratio of maxmind geoip

Started by Jyling, July 20, 2025, 10:46:48 PM

Previous topic - Next topic
Print
Go Down Pages 1 2 3
User actions
August 22, 2025, 12:17:40 AM #30 Last Edit: August 22, 2025, 12:20:21 AM by BrandyWine
Quote from: Jyling on August 21, 2025, 03:24:37 AMI have no way of knowing whether the IP could have changed its location in MaxMind DB between the moment in time when a hacker tries to break in and when I check MaxMind,
There's always a way. ;)
1st, does the maxmind db live on the fw and it gets incremental updates? Seems plausible.
2nd, can we query that db from the cli? If so we can write a script for cron that looks for your problem IP and log the results to a file. cron every 1min and let that run for about 1wk (10,080 entries). Then analyze the log file.
3rd, what you get from the log file might explain issue as coming from maxmind, or, it's not a maxmind issue and you have to go digging elsewhere.

When the tool doesn't provide you exactly what you need, you have to go beyond the tool.

Quote from: ddg aiManually Querying MaxMind Database on OPNsense
Overview

Yes, you can manually query the MaxMind database on the OPNsense firewall. This involves setting up the database and using the appropriate client libraries to perform queries.
Steps to Set Up and Query

    Install the MaxMind Database
        Sign up for a MaxMind account and generate a license key.
        Download the GeoIP database in MMDB or CSV format.

    Configure OPNsense
        Go to the OPNsense interface.
        Navigate to Firewall > Aliases and select the GeoIP settings tab.
        Enter the URL for the GeoIP database you downloaded.

    Use Client Libraries
        Install the MaxMind GeoIP client library for your programming environment (e.g., Python, PHP, etc.).
        Configure the database reader to access the MaxMind database file.

Example Code Snippet

Here's a simple example in Python:

python

from geoip2.database import Reader

# Open the database
reader = Reader('/path/to/GeoLite2-City.mmdb')

# Query the database
response = reader.city('128.101.101.101')
print(response.country.iso_code)

Important Notes

    Ensure the database file is accessible on your filesystem.
    Use the correct method to query based on the database type (e.g., city or country).
    Handle exceptions for failed lookups appropriately.

By following these steps, you can effectively query the MaxMind database on your OPNsense firewall.
Print
Go Up Pages 1 2 3
User actions