[SOLVED] Geo blocking

[marjohn56]

I like the new way of selecting countries to block, however I get an 'error cannot allocate memory'.

Now, this may be down to me being very anti social and blocking everywhere except the three IP addresses in the Faroe islands! 

It appears that I get the memory error until I reduce the number of countries I am blocking and that means the number of IP addresses or ranges.

I've not looked any deeper as this may mean something to the Devs, and may need just an increase in the allocation size.

[guest16985]

How are you doing the blocking? Aliases or the IPS settings? What hardware are you running? How much ram do you have? What version of OPNsense?

[marjohn56]

17.7.11

Using Aliases.

8 Gb RAM

Try adding all countries, leave one small one out for a test and see what happens.

[mimugmail]

You could try to increase the table size via advanced settings but from a performance perspective you should really consider block ANY and only allow the small country in front of the block rule

[marjohn56]

@mimugmail

Thank you..

Increased it to 300000 and solved my problem.

I was not really trying to block the world and just allow one small island, but I do run a very limited access to servers on my network.

Actually, it was easier just to select the allowed countries and then do an invert on the firewall rule, used tunnel bear to check it and it works like a charm.

Anyway, that solved it so thanks again!

[opnsense-user123]

...if I have found this setting correctly, to help others, it is:

Firewall -> Settings -> Advanced and look for "Firewall Maximum Table Entries".