Table of Contents
Click an item to jump directly to that question.
- What apps/services can utilize the Gelocation options?
- I blocked China outright but I just looked up this IP and it's from China. How did it pass?
- I blocked all non-US traffic and now none of my users have internet access?
- How do I allow a specific WANIP address from a foreign country to pass through the Untangle while blocking all other traffic from that foreign country?
- How do I create rules to block traffic coming from certain countries or going to certain countries?
- What's the difference between server country and client country?
You can utilize the Geolocation options in the Firewall application and the Policy Manager service.
Sometimes proxies and cloud services can cause no country to be listed and thus not blocked as expected using the Firewall application. A country must be listed for the Untangle to recognize its origin.
This is because your local traffic going outbound will not have a source country listed. You will want to create another Firewall rule appearing above the rule that blocks all non US based traffic to allow your LAN traffic to still work as expected.
4. How do I allow a specific WANIP address from a foreign country to pass while blocking all other traffic from that foreign country?
You first create a Firewall rule to block traffic coming from a specific country using the client country is condition. Then create an allow Firewall rule and use the source ip address condition and enter the ip from the country you just blocked with your previous firewall rule. Lastly make sure your allow rule appears above your country block rule as these rules are evaluated in top down order.
5. How do I create rules to block traffic coming from certain countries or going to certain countries?
Please see the article found here - How To Block Traffic Coming From Or Going To Foreign Countries
The server country firewall rule condition applies to traffic leaving your local network and going out to the internet. The client country firewall rule condition applies to inbound traffic coming in to your network.