Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    GeoIP blocking incoming traffic from specific countries to specific destination ports on my WAN interface

    pfBlockerNG
    1
    1
    51
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      anagardsys last edited by

      Hello,

      I want to block income traffic to my WAN interface for destination ports I use for port forwarding, since I learned that GeoIP blocking is useful only if you have open ports on the WAN interface.

      In future I'm planing to use whitelists for selecting countries, but for now I am sticking with blacklist countires.

      I selected the desired countries in the GeoIP section with List Action: Deny Inbound
      and Advanced Inbound Firewall Rule with Custom DST Port enabled and alias name WAN_ports defined in Firewall/Aliases containing the destination ports I want to block, also Custom Protocol is set to TCP/UDP.

      I have Firewall rule on my WAN interface looking like this:
      34df2523-ce98-4094-b4c0-c64d8520b742-image.png
      On my dashboard I have:
      c2750118-4fc9-4f35-93a8-04ed08b2e52c-image.png

      And packets having destination ports on my wan interface not defined in alias WAN_ports, and also in my Firewall logs I have denying traffic to destination ports on my WAN interface not defined in the alias but blocked by pfB_Top_v4 auto rule

      1 Reply Last reply Reply Quote 0
      • First post
        Last post

      Products

      • Platform Overview
      • TNSR
      • pfSense
      • Appliances

      Services

      • Training
      • Professional Services

      Support

      • Subscription Plans
      • Contact Support
      • Product Lifecycle
      • Documentation

      News

      • Media Coverage
      • Press
      • Events

      Resources

      • Blog
      • FAQ
      • Find a Partner
      • Resource Library
      • Security Information

      Company

      • About Us
      • Careers
      • Partners
      • Contact Us
      • Legal
      Our Mission

      We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

      Subscribe to our Newsletter

      Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

      © 2021 Rubicon Communications, LLC | Privacy Policy