Hello all. Sorry to be a newbie but; I bought a couple of SG-1000 units hoping to install these on two satellite broadband connections which constantly get probes from hackers. All I want to do is silently reject any incoming IP address that is not in the UK. I just cannot even make a start on understanding this device......is there anyone out there who could set it up to do this for me?
Out of the box all unsolicited traffic is dropped, do you have some port forwards setup that you don't want outside of UK to access?
If so look into the pfblockerng package - it will allow you to create aliases based upon countries.
For the details of using pfsense
Thanks - yes the sat links are used to remote monitor some equipment, so we have port forwarding to about 4 devices attached to each router. That much I can understand, but can't get much further.
So you have those port forwards working let say its port 9999 to 192.168.1.100
So there is a rule on your wan that say port 9999 is allowed to 192.168.1.100 that was created when you created the port forward.
If you know where you monitor from you can just limit the source IP(s) in your portforward and firewall rule to be limited to the IPs you will be coming from to monitor and all others would be blocked.
If you only know you will be coming from the UK, then you can use the listings of country IPs in pfblocker to either just allow the UK, or above block all the countries you want to block.
Great - got pfblocker running and I can see a list of GEOIPs. So now just need to configure the rules.
The setup is something like this;
Satellite Modem - forwards everything to the current router
Router - all Port 80 (HTTP) and all port 21 (FTP) to one LAN address (192.168.0.131), and Port 2455 to another LAN address (192.168.0.111). That is all it does.
I want only UK (or perhaps EU) addresses to be allowed through. Because remote access to these ports is needed from varying addresses and mobile phones. Everything else can be blocked.
So - install the SG-1000 between the Sat Modem and the Router? And then configure rules to silently drop all unwanted incoming traffic. Anything outgoing is OK.
Question: Would this then stop any access to (say) non UK / EU hosted websites from inside the LAN? Probably I guess although not a great problem. But would be great if I could work out how to allow 'requested' data from anywhere, but block unsolicited IPs otherwise.