Block all GEO IPs execpt one

PeterHer
PeterHer Posts: 18  Freshman Member
First Comment Fifth Anniversary
Hi All,

Is it possible to block all GEO IPs except one?
I know it is possible to deny a GEO IP, but I have to add all of them, which is very cumbersome.

I have an USG40 and USG210.
I hope someone can help me.

Thanks in advance.
Peter

Accepted Solution

  • p4_greg
    p4_greg Posts: 14  Freshman Member
    First Comment Friend Collector Second Anniversary
    Answer ✓
    If you want to allow only USA IPs(for example), you can do it with 2 firewall rules.
    The first rule allows all USA GEO-IPs, the second rule blocks all other IPs.

    Rule #1:
    From: WAN
    To: LAN
    Source: USA_GEO_IPs
    Action: Allow

    Rule #2:
    From: WAN
    To: LAN
    Source: any
    Action: Deny

All Replies

  • p4_greg
    p4_greg Posts: 14  Freshman Member
    First Comment Friend Collector Second Anniversary
    Answer ✓
    If you want to allow only USA IPs(for example), you can do it with 2 firewall rules.
    The first rule allows all USA GEO-IPs, the second rule blocks all other IPs.

    Rule #1:
    From: WAN
    To: LAN
    Source: USA_GEO_IPs
    Action: Allow

    Rule #2:
    From: WAN
    To: LAN
    Source: any
    Action: Deny

  • mMontana
    mMontana Posts: 1,380  Guru Member
    50 Answers 1000 Comments Friend Collector Fifth Anniversary
    @PeterHer would you please articulate/expand a bit more your question?
  • PeterHer
    PeterHer Posts: 18  Freshman Member
    First Comment Fifth Anniversary
    edited February 2022
    Well I only want to give Dutch IP addressees access to my server, which is behind an USG210.
    I want to block all other IP addresses. But with the above suggestion and this video (https://support.zyxel.eu/hc/nl/articles/360001378533-Hoe-de-Geo-IP-functie-te-gebruiken), it seems that this problem has been solved.

    Thank you.




  • mMontana
    mMontana Posts: 1,380  Guru Member
    50 Answers 1000 Comments Friend Collector Fifth Anniversary
    edited February 2022
    Not all the community is familiar with spoken Dutch, so I will try to simplify how this goal could be achieved.
    Rule #1:
    From: WAN
    To: LAN
    Source: Allowed IP Address
    Action: Allow

    GeoIP should not be necessary if you're allowing only one (or some) ip addresses, unless there are some more angles and rules about it.

Security Highlight