GeoIP block- MaxMind GeoIP

What is MaxMind GeoIP?

MaxMind GeoIP is a suite of products and services that provide IP geolocation and intelligence data. It’s essentially a way to identify where in the world a particular internet-connected device is located based on its IP address. This information can be used for a variety of purposes, such as:

Personalizing user experiences: Websites and apps can use GeoIP data to customize content and language based on the user’s location. For example, an e-commerce site might show different products or prices to users in different countries.
Targeting advertising: Advertisers can use GeoIP data to target their ads to specific demographics or geographic regions.
Preventing fraud: Businesses can use GeoIP data to identify and block fraudulent activity that originates from certain countries or regions.
Complying with regulations: Some regulations, such as those related to data privacy, require businesses to know the location of their users. GeoIP data can help businesses comply with these regulations.

MaxMind GeoIP is available in a variety of formats, including:

Databases: These are downloadable files that contain GeoIP data for all of the world’s IP addresses. They can be integrated into applications and systems.
Web services: These are APIs that allow you to query GeoIP data on demand. This is a good option for applications that don’t need to store large amounts of data.
JavaScript libraries: These libraries allow you to easily add GeoIP functionality to your web pages.

Goal:

Utilize MaxMind GeoIP database inside OPNsense. OPNsense’s action to block a country will take reference from Maxmind’s database.

MaxMind Account registration

1. Create An Account

Go to https://www.maxmind.com/en/geolite2/signup and create your account. Note that the email address you provide will be used to send you the link you will need to enter in OPNsense, so make sure it’s a real account.

2. Generate License Key

Once you have created an account you’ll need to create a license key. Click in the “My License Key” link and generate a key. When asked if you use “geoipupdate”, choose “no”. Save the key ID somewhere safe!!!

You do not need to download the config at this point.

3. Create Link

Now we need to create the link we’ll need in OPNsense, all you need to do now is to replace the ‘My License key’ part of the link below with your license key.

https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-Country-CSV&license_key=My_License_key&suffix=zip

You can check that you have done it correctly by just pasting the link into a browser, it should download the zip file.

OPNsense Setup

Set the GeoIP database to MaxMind by going to firewall > Aliases > GeoIP setting.

The url is the url listed above in step 3.

Go to Alias > Select GeoIP under type > select the country to block.

Create firewall rule on LAN side to drop any outgoing packets from devices on LAN. By default, external facing firewall will drop any incoming packets. It is better to block traffic to those countries by the source, which are devices in LAN. Apply this rule to any vlan as well.