Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    GeoIP blocking incoming traffic from specific countries to specific destination ports on my WAN interface

    Scheduled Pinned Locked Moved
    pfBlockerNG
    1
    1
    97
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      anagardsys
      last edited by

      Hello,

      I want to block income traffic to my WAN interface for destination ports I use for port forwarding, since I learned that GeoIP blocking is useful only if you have open ports on the WAN interface.

      In future I'm planing to use whitelists for selecting countries, but for now I am sticking with blacklist countires.

      I selected the desired countries in the GeoIP section with List Action: Deny Inbound
      and Advanced Inbound Firewall Rule with Custom DST Port enabled and alias name WAN_ports defined in Firewall/Aliases containing the destination ports I want to block, also Custom Protocol is set to TCP/UDP.

      I have Firewall rule on my WAN interface looking like this:
      34df2523-ce98-4094-b4c0-c64d8520b742-image.png
      On my dashboard I have:
      c2750118-4fc9-4f35-93a8-04ed08b2e52c-image.png

      And packets having destination ports on my wan interface not defined in alias WAN_ports, and also in my Firewall logs I have denying traffic to destination ports on my WAN interface not defined in the alias but blocked by pfB_Top_v4 auto rule

      1 Reply Last reply Reply Quote 0
      • First post
        Last post