GeoIP blocking - how to "not block the world"?
-
I'm running pfBlockerNG-devel 3.1.0_1 and want to only allow inbound traffic from my own country. My initial idea was to "Deny Inbound" for all regions except for my region where I would deselect my own country.
However, in the help text on the GeoIP page says:
"Its also not recommended to block the "world", instead consider rules to "Permit" traffic to/from selected Countries only."So my question is how should I only permit traffic from my own country while blocking all other traffic? Or am I misunderstanding the thing about "not recommended to block the "world"?
Please help me understand what is meant with the text and guidance on how to only allow inbound traffic from my country.
Any help is highly appreciated.
-
@runevn You could do it like this:
Then you make this alias the source of your existing wan-pass-rule.
-
@runevn I actually do what you describe. I have some inbound WAN rules that I only wanted accessed from UK based addressing.
I don't create any specific block rules, I just created a WAN INGRESS IPV4 alias which has GEOIP lists from the UK (generated by PFblocker). I then apply that Alias as a source to the existing NAT/Filter rule and it's worked like a charm for me.
-
@bob-dig Thanks a lot! That's was all I needed. Highly appreciated.
-
If anyone is looking for a Youtube guide I just saw this newly published video on this approach on not to "block the world".
-
Do not use top Spammer list from geo blocking
Strange things are happening means that legit and clean ranges are blockedBR np