GeoIP not working as expected

Hi, looking at this screenshot (modified so it’s easier to see) I’ve blocked many countries in the GeoIP addon, but they are still getting trough?

I’ve singles out one country as an example, but it seems as it’s just not filtering these supposedly blocked countries

Anything I could check to see if I’m doing something wrong?

DNAT is running before the Forward/Input chains so it display the DNAT decision also for blocked countries. The traffic will dropped later.

Same here, It’s a fresh install of IpFire 2.25 core 144,
I selected all the countries,
confirmed that “enable GeiIP based blocking” is set
rebooted (i havent found how to simply restart the firewall from the console)
…this has now effect…

Instead of reboot, I try /etc/init.d/network restart

Thanks Paul
for sure this will be quicker then a reboot…

As I already written It is normal that a NAT Rule will logged even if they came from a blocked coutry because NAT (Network Address Translation) is running before the Firewall. The traffic will still blocked in the Firewall even if they listed as NAT.