• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

GeoIP blocking - how to "not block the world"?

Scheduled Pinned Locked Moved pfBlockerNG
6 Posts 4 Posters 1.1k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • R
    runevn
    last edited by Mar 6, 2022, 8:02 PM

    I'm running pfBlockerNG-devel 3.1.0_1 and want to only allow inbound traffic from my own country. My initial idea was to "Deny Inbound" for all regions except for my region where I would deselect my own country.

    However, in the help text on the GeoIP page says:
    "Its also not recommended to block the "world", instead consider rules to "Permit" traffic to/from selected Countries only."

    So my question is how should I only permit traffic from my own country while blocking all other traffic? Or am I misunderstanding the thing about "not recommended to block the "world"?

    Please help me understand what is meant with the text and guidance on how to only allow inbound traffic from my country.

    Any help is highly appreciated.

    B C 2 Replies Last reply Mar 6, 2022, 8:18 PM Reply Quote 0
    • B
      Bob.Dig LAYER 8 @runevn
      last edited by Bob.Dig Mar 6, 2022, 8:19 PM Mar 6, 2022, 8:18 PM

      @runevn You could do it like this:

      Capture.PNG

      Then you make this alias the source of your existing wan-pass-rule.

      R 1 Reply Last reply Mar 6, 2022, 9:10 PM Reply Quote 2
      • C
        crucialguy @runevn
        last edited by crucialguy Mar 6, 2022, 8:24 PM Mar 6, 2022, 8:24 PM

        @runevn I actually do what you describe. I have some inbound WAN rules that I only wanted accessed from UK based addressing.

        I don't create any specific block rules, I just created a WAN INGRESS IPV4 alias which has GEOIP lists from the UK (generated by PFblocker). I then apply that Alias as a source to the existing NAT/Filter rule and it's worked like a charm for me.

        1 Reply Last reply Reply Quote 1
        • R
          runevn @Bob.Dig
          last edited by Mar 6, 2022, 9:10 PM

          @bob-dig Thanks a lot! That's was all I needed. Highly appreciated.

          1 Reply Last reply Reply Quote 0
          • R
            runevn
            last edited by runevn Mar 11, 2022, 1:10 PM Mar 11, 2022, 1:09 PM

            If anyone is looking for a Youtube guide I just saw this newly published video on this approach on not to "block the world".

            N 1 Reply Last reply Mar 11, 2022, 7:32 PM Reply Quote 1
            • N
              noplan @runevn
              last edited by Mar 11, 2022, 7:32 PM

              Do not use top Spammer list from geo blocking
              Strange things are happening means that legit and clean ranges are blocked

              BR np

              1 Reply Last reply Reply Quote 0
              6 out of 6
              • First post
                6/6
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                This community forum collects and processes your personal information.
                consent.not_received