GEOIP Blocking



  • I would assume the rules created to Block need to be located before rules for Pass is this correct



  • It depends on what you're trying to do.  First-match wins.  Btw there are a couple of packages that handle Geo-blocking: pfBlocker, Suricata and Snort.  Configure those and they will add the needed rules.



  • If you us pfBlocker ng you can set the order of the rules there. PfBlocker will then automatically place the rules in the order of you preference.

    Also consider, if and what you want to log.

    E.g.
    I allow and log OpenVPN connections from 1 country only.
    But I also log other countries trying to access the my OpenVPN port. They're mostly just drive-by's but I've also observed snow shoe attacks coming from 4 diffetent countries at the same time.
    E.g. Once in a while there are 4 different hosts from 4 different countries trying to access OpenVPN within 2 minutes.
    Then its quiet for weeks…