Geolocation ACL is not working
Geolocation ACL is not working
Hello,
I have an OMADA ER7206 V1 1.4.1
i am constantly receiving WAN PING ATTACKS from China.
I have put in an ACL that blocks all protocols from location "china" WAN IN, "Ipgroup-all" and yet I am still receiving the alerts.
The IP is a fixed line ISP in China, so any networking provider that gives you geo-data on IPs should have it accurate.
Why would that be? Please let me know how to fix this.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
@GRL
Thanks for the confirmation.
However, that doesn't seem to fully block everything.
Just today, I had a blocked attack on my NGINX:
time="2025-04-28T05:17:07+02:00" level=info msg="(localhost/crowdsec) crowdsecurity/http-sensitive-files by ip 193.24.123.65 (RU/200593) : 4h ban on Ip 193.24.123.65"
RU has both an ACL Deny for the Management page, as well as for Ipgroup_any. Yet it still makes it through my router onto my NGINX server.
So either the geo-matching is not done 100% correctly, or the ACL doesn´t seem to work.
Edit: Nevermind, my order is off. The Gateway Management Deny should be on top. Currently, it was at the bottom because I created it last.
It would be a really nice-to-have if blocked attempts got logged somewhere. (I haven´t enabled IPS/IDS on the ER707-M2 because it completely tanks the speed down to 200Mbps from 1Gbps).
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 1022
Replies: 12
Voters 0
No one has voted for it yet.