core icon indicating copy to clipboard operation
core copied to clipboard
verified publisher icon opnsense

The firewall passes packets from a country that is included in an alias used in a blocking rule

Open dca00 opened this issue 1 month ago • 0 comments

Important notices

Before you add a new report, we ask you kindly to acknowledge the following:

  • [ x] I have read the contributing guide lines at https://github.com/opnsense/core/blob/master/CONTRIBUTING.md
  • [ x] I am convinced that my issue is new after having checked both open and closed issues at https://github.com/opnsense/core/issues?q=is%3Aissue

Describe the bug

There is a GEO IP alias that includes Singapore. There is a rule that uses that alias as source. The rule is set to block IPv4. An IPv4 IP address that looks up to Singapore passes the rule.

Tip: to validate your setup was working with the previous version, use opnsense-revert (https://docs.opnsense.org/manual/opnsense_tools.html#opnsense-revert)

To Reproduce

Steps to reproduce the behavior:

  1. Take an IP address from a web site log
  2. Look it up in ANS databases
  3. Find that it belongs to Singapore

Expected behavior

The rule that is based on an alias that contains this country name should have blocked the connection.

Describe alternatives you considered

N/A

Screenshots

Image

Relevant log files

Image

Additional context

N/A

Environment

Software version used and hardware type if relevant, e.g.:

OPNsense 25.7.8 (amd64).

dca00 avatar Nov 26 '25 11:11 dca00