( Solved )Block USA

Started by Julien, April 21, 2018, 10:04:34 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
April 21, 2018, 10:04:34 PM Last Edit: April 26, 2018, 03:29:21 PM by Julien
Hi Guys,
We are willing to block USA on the IDS.
Wenever we Block USA on the IDS the emails are originally from Office 365 and Outlook/Gmail stops arriving.
is there is a way to get those working with blocking USA ?
DEC4240 – OPNsense Owner
April 22, 2018, 09:36:18 AM #1
Hi Julien,

Point your MX record to a mail filter in the DMZ and don't IDS that traffic. Something like https://efa-project.org/

Bart...
April 22, 2018, 11:03:48 AM #2
Block via GeoIP Alias. You can allow SMTP globally and then deny USA
April 22, 2018, 10:30:47 PM #3
Quote from: mimugmail on April 22, 2018, 11:03:48 AM
Block via GeoIP Alias. You can allow SMTP globally and then deny USA
the IP of the spam filter is a virtual IP which is pointing to the spam filter internally. so when the IDS is active it does apply on the both interfaces.
i would love to know how to configure this mimugmail.
do you have somewhere a tutorial or something ?

DEC4240 – OPNsense Owner
April 24, 2018, 01:25:08 AM #4
Quote from: bartjsmit on April 22, 2018, 09:36:18 AM
Hi Julien,

Point your MX record to a mail filter in the DMZ and don't IDS that traffic. Something like https://efa-project.org/

Bart...
Hi Bart,
We do have two WANS.
WAN1 . using for internet / VPN / OWA
WAN2. using for the mx records and pointing to the spam filter

WAN1 is a physical NIC and WAN2 is Virtual IP configured.
whenever we enable the IDS we include both WAN1 and LAN but somehow WAN2 is reacting on the block.

is this the right way of doing things ?
DEC4240 – OPNsense Owner
April 24, 2018, 06:19:30 AM #5 Last Edit: April 24, 2018, 06:21:14 AM by mimugmail
WAN2 is a Virtual IP and sitting on which physical interface?

Geoblocking with IPS is not the right way doing things (since 17.7.x).

Use GeoIP Alias, it's easier and more powerful, just try it.
April 24, 2018, 06:15:06 PM #6 Last Edit: April 24, 2018, 06:32:26 PM by Julien
Quote from: mimugmail on April 24, 2018, 06:19:30 AM
WAN2 is a Virtual IP and sitting on which physical interface?

Geoblocking with IPS is not the right way doing things (since 17.7.x).

Use GeoIP Alias, it's easier and more powerful, just try it.
Hi Mimugmail
thank you for your continue support
the virtual IP is on the WAN interfaces nested see attached screenshot.

When we block UK the websites that are hosted in the UK won't open ?

Can you explain how to get the GeoIP Alias configured ?

DEC4240 – OPNsense Owner
April 24, 2018, 08:14:32 PM #7
https://docs.opnsense.org/manual/aliases.html


Then set up a firewall rule with this alias.
April 24, 2018, 09:07:54 PM #8
Quote from: mimugmail on April 24, 2018, 08:14:32 PM
https://docs.opnsense.org/manual/aliases.html


Then set up a firewall rule with this alias.
Thank you for your answer,
are you suggesting to turn off the Intrusion Detection (GeoIP/Country  ) and use GeoIP ( firewall Rules ) to block countries ?
DEC4240 – OPNsense Owner
April 24, 2018, 09:42:29 PM #9
Yes, it's way more flexible and delivers better performance.
April 24, 2018, 09:53:58 PM #10 Last Edit: April 28, 2018, 12:03:07 AM by Julien
Quote from: mimugmail on April 24, 2018, 09:42:29 PM
Yes, it's way more flexible and delivers better performance.
Thank you for the answer,
the GeoIP does the job. however i cannot seem to see the countries that are blocked on the firewall >> Diagnostic >>>PFtables...
DEC4240 – OPNsense Owner
Print
Go Up Pages1
User actions