Author Topic: ( Solved )Block USA (Read 7857 times)

Julien · « **on:** April 21, 2018, 10:04:34 pm »

Hi Guys,
We are willing to block USA on the IDS.
Wenever we Block USA on the IDS the emails are originally from Office 365 and Outlook/Gmail stops arriving.
is there is a way to get those working with blocking USA ?

bartjsmit · « **Reply #1 on:** April 22, 2018, 09:36:18 am »

Hi Julien,

Point your MX record to a mail filter in the DMZ and don't IDS that traffic. Something like https://efa-project.org/

Bart...

mimugmail · « **Reply #2 on:** April 22, 2018, 11:03:48 am »

Block via GeoIP Alias. You can allow SMTP globally and then deny USA

Julien · « **Reply #3 on:** April 22, 2018, 10:30:47 pm »

Quote from: mimugmail on April 22, 2018, 11:03:48 am

Block via GeoIP Alias. You can allow SMTP globally and then deny USA

the IP of the spam filter is a virtual IP which is pointing to the spam filter internally. so when the IDS is active it does apply on the both interfaces.
i would love to know how to configure this mimugmail.
do you have somewhere a tutorial or something ?

Julien · « **Reply #4 on:** April 24, 2018, 01:25:08 am »

Quote from: bartjsmit on April 22, 2018, 09:36:18 am

Hi Julien,

Point your MX record to a mail filter in the DMZ and don't IDS that traffic. Something like https://efa-project.org/

Bart...

Hi Bart,
We do have two WANS.
WAN1 . using for internet / VPN / OWA
WAN2. using for the mx records and pointing to the spam filter

WAN1 is a physical NIC and WAN2 is Virtual IP configured.
whenever we enable the IDS we include both WAN1 and LAN but somehow WAN2 is reacting on the block.

is this the right way of doing things ?

mimugmail · « **Reply #5 on:** April 24, 2018, 06:19:30 am »

WAN2 is a Virtual IP and sitting on which physical interface?

Geoblocking with IPS is not the right way doing things (since 17.7.x).

Use GeoIP Alias, it's easier and more powerful, just try it.

Julien · « **Reply #6 on:** April 24, 2018, 06:15:06 pm »

Quote from: mimugmail on April 24, 2018, 06:19:30 am

WAN2 is a Virtual IP and sitting on which physical interface?

Geoblocking with IPS is not the right way doing things (since 17.7.x).

Use GeoIP Alias, it's easier and more powerful, just try it.

Hi Mimugmail
thank you for your continue support
the virtual IP is on the WAN interfaces nested see attached screenshot.

When we block UK the websites that are hosted in the UK won't open ?

Can you explain how to get the GeoIP Alias configured ?

mimugmail · « **Reply #7 on:** April 24, 2018, 08:14:32 pm »

https://docs.opnsense.org/manual/aliases.html

Then set up a firewall rule with this alias.

Julien · « **Reply #8 on:** April 24, 2018, 09:07:54 pm »

Quote from: mimugmail on April 24, 2018, 08:14:32 pm

https://docs.opnsense.org/manual/aliases.html

Then set up a firewall rule with this alias.

Thank you for your answer,
are you suggesting to turn off the Intrusion Detection (GeoIP/Country ) and use GeoIP ( firewall Rules ) to block countries ?

mimugmail · « **Reply #9 on:** April 24, 2018, 09:42:29 pm »

Yes, it's way more flexible and delivers better performance.

Julien · « **Reply #10 on:** April 24, 2018, 09:53:58 pm »

Quote from: mimugmail on April 24, 2018, 09:42:29 pm

Yes, it's way more flexible and delivers better performance.

Thank you for the answer,
the GeoIP does the job. however i cannot seem to see the countries that are blocked on the firewall >> Diagnostic >>>PFtables...

Author Topic: ( Solved )Block USA (Read 7857 times)

Julien

( Solved )Block USA

bartjsmit

Re: Block USA

mimugmail

Re: Block USA

Julien

Re: Block USA

Julien

Re: Block USA

mimugmail

Re: Block USA

Julien

Re: Block USA

mimugmail

Re: Block USA

Julien

Re: Block USA

mimugmail

Re: Block USA

Julien

Re: Block USA