From ae166ad3dcb07ed2749365f133646bd5b7e6fa31 Mon Sep 17 00:00:00 2001 From: Michael Steenbeek <42928941+MichaelDeciso@users.noreply.github.com> Date: Mon, 24 Dec 2018 12:25:15 +0100 Subject: [PATCH] Remove documentation about GeoIP via IPS (#81) --- source/manual/aliases.rst | 2 + source/manual/how-tos/ips-geoip.rst | 106 +--------------------------- source/manual/ips.rst | 11 --- 3 files changed, 4 insertions(+), 115 deletions(-) diff --git a/source/manual/aliases.rst b/source/manual/aliases.rst index 6b70267..166c305 100644 --- a/source/manual/aliases.rst +++ b/source/manual/aliases.rst @@ -68,6 +68,8 @@ URL tables can be used to fetch a list of IP addresses from a remote server. There are several IP lists available for free, most notably are the "Don't Route Or Peer" lists from Spamhaus. +.. _aliases-geoip: + ----- GeoIP ----- diff --git a/source/manual/how-tos/ips-geoip.rst b/source/manual/how-tos/ips-geoip.rst index dfdc269..9bd9a63 100644 --- a/source/manual/how-tos/ips-geoip.rst +++ b/source/manual/how-tos/ips-geoip.rst @@ -2,108 +2,6 @@ IPS GeoIP Blocking ================== -This tutorial explains how to setup the IPS system to block IPs based on their -geographic location. This option is made possible by the integration of the -Maxmind GeoLite2 Country database. More information can be found here: http://dev.maxmind.com/geoip/geoip2/geolite2/ +This feature has been superseded by using aliases in 17.7. -------------- -Prerequisites -------------- -* Always upgrade to latest release first. - See :doc:`/manual/install` and/or upgrade to latest release: - **System->Firmware: Fetch updates** - -.. image:: images/firmware.png - :width: 100% - -* Minimum Advisable Memory is 2 Gigabyte and sufficient free disk space for - logging (>10 GB advisable). - -* Disable all Hardware Offloading - Under **Interface-Settings** - -.. image:: images/disable_offloading.png - :width: 100% - -.. warning:: - - After applying you need to reboot OPNsense otherwise offloading may not - completely be disabled and IPS mode will not function. - -To start go to **Services->Intrusion Detection** - -|ids_menu| - ------------- -User defined ------------- - -Select the tab **User defined**. - -|ids_tabs_user| - ------------------ -Create a new Rule ------------------ - -Select |add| to add a new rule. - -Select Country: - -.. image:: images/ips_rule_add_geoip.png - :width: 100% - -We selected **Netherlands(not)** as this server needs to be accessible within -The Netherlands, this will drop all other traffic in both directions. - -Select the Action (Alert or Drop): - -.. image:: images/ips_action.png - :width: 100% - -Add a description: - -.. image:: images/ips_description_country.png - :width: 100% - - -And click **Save changes** |save| - - ---------------------------------------- -Enable Intrusion Detection & Prevention ---------------------------------------- -To enable IDS/IPS just go to Services->Intrusion Detection and select **enabled -& IPS mode**. Make sure you have selected the right interface for the intrusion -detection system too run on. For our example we will use the WAN interface, as -that will most likely be you connection with the public Internet. - -.. image:: images/idps.png - :width: 100% - -------------------- -Apply configuration -------------------- -If this is the first GeoIP rule you add then you need to **Download & Update Rules** - -.. image:: images/downloadbtn.png - -Then apply the configuration by pressing the **Apply** button at the bottom of -the form. - -.. image:: images/applybtn.png - - ------------- -Sample Alert ------------- -See a sample of an alert message below. - -.. image:: images/ips_geoip_alert.png - :width: 100% - - -.. |save| image:: images/ips_save.png -.. |ids_menu| image:: images/ids_menu.png -.. |ids_tabs_user| image:: images/ids_tabs_user.png -.. |add| image:: images/ids_tabs_user_add.png +Information on how to set up GeoIP blocking via aliases can be found in :ref:`the GeoIP section of the Aliases page `. \ No newline at end of file diff --git a/source/manual/ips.rst b/source/manual/ips.rst index df97de7..273c417 100644 --- a/source/manual/ips.rst +++ b/source/manual/ips.rst @@ -64,17 +64,6 @@ compromised sites distributing malware. See for details: https://urlhaus.abuse.ch/ ------------------------- -Maxmind GeoLite2 Country ------------------------- -GeoLite2 databases are free IP geolocation databases comparable to, but less -accurate than, MaxMind’s GeoIP2 databases. GeoLite2 databases are updated on the -first Tuesday of each month. - -For more details see: http://dev.maxmind.com/geoip/geoip2/geolite2/ - -OPNsense has integrated GeoLite2 Country database support. - --------------- Finger Printing ---------------