2
0
mirror of https://github.com/opnsense/docs synced 2024-10-30 21:20:20 +00:00

Remove documentation about GeoIP via IPS (#81)

This commit is contained in:
Michael Steenbeek 2018-12-24 12:25:15 +01:00 committed by Ad Schellevis
parent ea3f3e07e9
commit ae166ad3dc
3 changed files with 4 additions and 115 deletions

View File

@ -68,6 +68,8 @@ URL tables can be used to fetch a list of IP addresses from a remote server.
There are several IP lists available for free, most notably are the "Don't Route
Or Peer" lists from Spamhaus.
.. _aliases-geoip:
-----
GeoIP
-----

View File

@ -2,108 +2,6 @@
IPS GeoIP Blocking
==================
This tutorial explains how to setup the IPS system to block IPs based on their
geographic location. This option is made possible by the integration of the
Maxmind GeoLite2 Country database. More information can be found here: http://dev.maxmind.com/geoip/geoip2/geolite2/
This feature has been superseded by using aliases in 17.7.
-------------
Prerequisites
-------------
* Always upgrade to latest release first.
See :doc:`/manual/install` and/or upgrade to latest release:
**System->Firmware: Fetch updates**
.. image:: images/firmware.png
:width: 100%
* Minimum Advisable Memory is 2 Gigabyte and sufficient free disk space for
logging (>10 GB advisable).
* Disable all Hardware Offloading
Under **Interface-Settings**
.. image:: images/disable_offloading.png
:width: 100%
.. warning::
After applying you need to reboot OPNsense otherwise offloading may not
completely be disabled and IPS mode will not function.
To start go to **Services->Intrusion Detection**
|ids_menu|
------------
User defined
------------
Select the tab **User defined**.
|ids_tabs_user|
-----------------
Create a new Rule
-----------------
Select |add| to add a new rule.
Select Country:
.. image:: images/ips_rule_add_geoip.png
:width: 100%
We selected **Netherlands(not)** as this server needs to be accessible within
The Netherlands, this will drop all other traffic in both directions.
Select the Action (Alert or Drop):
.. image:: images/ips_action.png
:width: 100%
Add a description:
.. image:: images/ips_description_country.png
:width: 100%
And click **Save changes** |save|
---------------------------------------
Enable Intrusion Detection & Prevention
---------------------------------------
To enable IDS/IPS just go to Services->Intrusion Detection and select **enabled
& IPS mode**. Make sure you have selected the right interface for the intrusion
detection system too run on. For our example we will use the WAN interface, as
that will most likely be you connection with the public Internet.
.. image:: images/idps.png
:width: 100%
-------------------
Apply configuration
-------------------
If this is the first GeoIP rule you add then you need to **Download & Update Rules**
.. image:: images/downloadbtn.png
Then apply the configuration by pressing the **Apply** button at the bottom of
the form.
.. image:: images/applybtn.png
------------
Sample Alert
------------
See a sample of an alert message below.
.. image:: images/ips_geoip_alert.png
:width: 100%
.. |save| image:: images/ips_save.png
.. |ids_menu| image:: images/ids_menu.png
.. |ids_tabs_user| image:: images/ids_tabs_user.png
.. |add| image:: images/ids_tabs_user_add.png
Information on how to set up GeoIP blocking via aliases can be found in :ref:`the GeoIP section of the Aliases page <aliases-geoip>`.

View File

@ -64,17 +64,6 @@ compromised sites distributing malware.
See for details: https://urlhaus.abuse.ch/
------------------------
Maxmind GeoLite2 Country
------------------------
GeoLite2 databases are free IP geolocation databases comparable to, but less
accurate than, MaxMinds GeoIP2 databases. GeoLite2 databases are updated on the
first Tuesday of each month.
For more details see: http://dev.maxmind.com/geoip/geoip2/geolite2/
OPNsense has integrated GeoLite2 Country database support.
---------------
Finger Printing
---------------