Geo IP block

General questions.
Post Reply
jauro
Posts: 1
Joined: September 20th, 2017, 2:26 pm

Geo IP block

Post by jauro » September 20th, 2017, 2:57 pm

Hi all,
I have such a problem: I have activated the geoip with block for many nations, for example the Czech republic and it works perfectly.
But if I create a rule where as a source is a ip of a Czech republic and destination to a webserver behind ipfire I can not reach the site.
The rule is at the top of the list.
It means that the geoip wins over the rule?
ipfire 2.19 103
Thanks

User avatar
H&M
Posts: 380
Joined: May 29th, 2014, 9:38 pm
Location: Europe

Re: Geo IP block

Post by H&M » October 19th, 2017, 6:59 pm

Hi,

In order to solve it more data is needed:
1. Did you use/activated proxy/squid? If yes - need to create the rule with source = Firewall: source of traffic to Czech server will be kernel/firewall.
2. GeoIP - did you use it for not directions - in and out traffic?

I have blocked incoming traffic from all the world except a few IPs - literally I blocked all countries
I have blocked exit traffic to 70%-80% of the countries - except DE, US and a few more.

I had same problems until I created rules for both firewall as source - I use proxy in transparent mode.

Hope it helps,
H&M

Post Reply

Who is online

Users browsing this forum: No registered users and 2 guests