Allow/block by country on a per rule basis
-
What I'd like to be able to do is blacklist or whitelist certain countries within a firewall rule. Specifically I'm trying to lock down SIP to an Asterisk server to only allow SIP connections in from our home country. I've got Country Block installed already but that's a blanket thing, I'd like to be able to specify per rule.
I've already taken all the other security precautions like secure SIP passwords etc but if I could block every other country but ours, it minimizes the risk that much more.
The only way I can see to do this is to create an alias that lists all the address blocks allocated to our country and then allow that. That's a pretty big list already and I'm not sure how well pfsense would handle it (probably perfectly well), it also lacks the flexibility of selectively blocking traffic from other countries per rule.
Anyone have any better suggestions?
Thanks
-
And to answer my own question.
Create a URL Table alias and use this site http://www.ipdeny.com/ipblocks/ and point the alias to the zone file you want to use.
I experimented with adding all the IP's to a backed up config then importing it, and while it works, the WebGUI really isn't designed to handle editing it.
With nested aliases you can even allow or block multiple countires per rule.
From another post these aliases aren't updated automatically but it's coming (can't find the damn post now though that said that)