Remove GeoIP config from Suricata IDS (#2890)

2026-03-13 08:09:41 +00:00 · 2018-11-09 15:39:51 +01:00 · 2018-11-09 15:39:51 +01:00 · 4854625f6e
commit 4854625f6e
parent a83e72acf1
4 changed files with 1 additions and 29 deletions
--- a/src/opnsense/mvc/app/controllers/OPNsense/IDS/forms/dialogUserDefined.xml
+++ b/src/opnsense/mvc/app/controllers/OPNsense/IDS/forms/dialogUserDefined.xml
@ -23,18 +23,6 @@
        <type>text</type>
        <help>The SSL fingerprint, for example "B5:E1:B3:70:5E:7C:FF:EB:92:C4:29:E5:5B:AC:2F:AE:70:17:E9:9E".</help>
    </field>
-    <field>
-        <id>rule.geoip</id>
-        <label>GeoIP/Country</label>
-        <type>select_multiple</type>
-        <help>Countries to alert or block using GeoIP.</help>
-    </field>
-    <field>
-        <id>rule.geoip_direction</id>
-        <label>GeoIP/Direction</label>
-        <type>dropdown</type>
-        <help>Connections coming from (src) or going to (dst) listed countries, default selects both.</help>
-    </field>
    <field>
        <id>rule.action</id>
        <label>Action</label>
--- a/src/opnsense/mvc/app/models/OPNsense/IDS/IDS.xml
+++ b/src/opnsense/mvc/app/models/OPNsense/IDS/IDS.xml
@ -43,20 +43,6 @@
                    <mask>/^([0-9a-fA-F:]){59,59}$/u</mask>
                    <ValidationMessage>A SSL fingerprint should be a 59 character long hex value.</ValidationMessage>
                </fingerprint>
-                <geoip type="CountryField">
-                    <Required>N</Required>
-                    <Multiple>Y</Multiple>
-                    <AddInverted>Y</AddInverted>
-                </geoip>
-                <geoip_direction type="OptionField">
-                    <Required>N</Required>
-                    <BlankDesc>Both</BlankDesc>
-                    <default></default>
-                    <OptionValues>
-                        <src>Source</src>
-                        <dst>Destination</dst>
-                    </OptionValues>
-                </geoip_direction>
                <description type="TextField">
                    <Required>Y</Required>
                    <mask>/^([\t\n\v\f\r 0-9a-zA-Z.\-,_\x{00A0}-\x{FFFF}]){1,255}$/u</mask>
--- a/src/opnsense/service/conf/actions.d/actions_ids.conf
+++ b/src/opnsense/service/conf/actions.d/actions_ids.conf
@ -65,7 +65,7 @@ type:script_output
 message:get suricata daemon status

 [update]
-command:/usr/local/opnsense/scripts/suricata/rule-updater.py && /usr/local/opnsense/scripts/suricata/installRules.py && /usr/local/bin/geoipupdate.sh && pkill -USR2 suricata
+command:/usr/local/opnsense/scripts/suricata/rule-updater.py && /usr/local/opnsense/scripts/suricata/installRules.py && pkill -USR2 suricata
 parameters:
 type:script
 message:update and reload intrusion detection rules
--- a/src/opnsense/service/templates/OPNsense/IDS/OPNsense.rules
+++ b/src/opnsense/service/templates/OPNsense/IDS/OPNsense.rules
@ -11,8 +11,6 @@
 {{rule.action}}{% if rule.fingerprint|default('') != ""
      %} tls {% else %} ip {% endif %} {% if rule.source|default('') != "" %} {{ rule.source }} {% else %} any {% endif %} any -> {% if rule.destination|default('') != "" %} {{ rule.destination }} {% else %} any {% endif %} any (msg:"{{rule.description.replace('"','\"')}}"; {%
      if rule.fingerprint|default('') != "" %} tls.fingerprint:"{{rule.fingerprint.lower()}}";{% endif
-      %}{%
-      if rule.geoip|default('') != ""%} geoip:{% if rule.geoip_direction|default('') != '' %}{{rule.geoip_direction}},{% endif %}{{rule.geoip}} ;{% endif
      %} sid:{{
      4294967295 - loop.index
      }}; rev:1;)