About first point, can long loading of rules selected by GeoIP be cause of not being able to connect to WUI or SSH from RED or from GREEN? After 15-20min, it seems that I can log in. My test machine isn't that capable, maybe it's loading thousands of IPs to block in iptables, and while loading, standard rules(eg. 444,222) are not being carried out, because firewall reload...

Internet from green works fine all the time.


From: blago.culjak@hotmail.com
To: development@lists.ipfire.org
Subject: Testing GeoIP based firewall
Date: Fri, 13 Mar 2015 13:24:24 +0100

Hello, been testing whole day, but I'm having some major trouble while doing so.

1. After enabling GeoIP, don't even select any country, apply rules, I can't connect to WUI or SSH from RED. At what position are GeoIP rules? Are they overriding rules made by Incoming Firewall Access?

2. Can the quick rules made in Firewall -> GeoIP block be visible in Firewall->Firewall Rules, so we can get a hang of it?

3. Seems that ping is working from RED from country added to list, so you do not block ICMP in quick rules made in Firewall -> GeoIP?