Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    can i restrict access to be only from my country IP range

    Scheduled Pinned Locked Moved Firewalling
    5 Posts 4 Posters 266 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      engomar
      last edited by

      Dears,

      can i have a way to can i restrict access to be only from my country IP range. all other IPs will be dropped?

      BR

      chpalmerC 1 Reply Last reply Reply Quote 0
      • chpalmerC
        chpalmer @engomar
        last edited by

        @engomar Yes! But question.. Are you running some kind of services that need open ports? If not then everything is blocked by the firewall from outside by default..

        Otherwise look up the PFBlocker package.

        Triggering snowflakes one by one..
        Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

        E 1 Reply Last reply Reply Quote 0
        • E
          engomar @chpalmer
          last edited by

          @chpalmer how I can do this task?

          S 1 Reply Last reply Reply Quote 0
          • S
            SteveITS Galactic Empire @engomar
            last edited by

            @engomar from memory….

            You will need a free MaxMind account. See link and MaxMind fields in pfBlocker.

            Run one update in pfBlocker to download country data.

            On the IPv4 tab create a GeoIP entry. Use type Alias Native which does not create a rule.

            Create your own rule or NAT rule with your country alias.

            Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
            When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
            Upvote 👍 helpful posts!

            johnpozJ 1 Reply Last reply Reply Quote 2
            • johnpozJ
              johnpoz LAYER 8 Global Moderator @SteveITS
              last edited by

              @SteveITS ^ exactly, I do this for services I share to the internet.. Works great.

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 24.11 | Lab VMs 2.8, 24.11

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.