Menu
What's new
By:
Filters Better Search

Port forwarding and geoblock

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

P

peter

New Around Here
I am using port forwarding to my local network (NAS,satbox) and I would like to extend security with geoblocking.
Is it possible "forwarded port" to allow only for specific country via geo-block in ip-tables? How?
 
peter said:
Is it possible "forwarded port" to allow only for specific country via geo-block in ip-tables? How?
Click to expand...

Assuming you have created an appropriate IPSET containing the banned IP addresses (BlockedCountries) you wish to block
e.g.
Code: 
ipset list BlockedCountries

Name: BlockedCountries
Type: hash:net
Revision: 0
Header: family inet hashsize 1024 maxelem 65536
Size in memory: 8500
References: 10109
Members:

./IPSET_List.sh BlockedCountries

IPSET BlockedCountries==>
     1.0.1.0/24      1.0.2.0/23      1.0.8.0/21     1.0.32.0/19      1.1.0.0/24      1.1.2.0/23      1.1.4.0/22      1.1.8.0/24      1.1.9.0/24     1.1.10.0/23     1.1.12.0/22     1.1.16.0/2    1.1.32.0/19      1.2.0.0/23      1.2.2.0/24      1.2.4.0/24      1.2.5.0/24      1.2.6.0/23      1.2.8.0/24      1.2.9.0/24     1.2.10.0/23     1.2.12.0/22     1.2.16.0/20     1.2.32.0/1    1.2.64.0/18      1.3.0.0/16      1.4.1.0/24      1.4.2.0/23      1.4.4.0/24      1.4.5.0/24      1.4.6.0/23      1.4.8.0/21     1.4.16.0/20     1.4.32.0/19     1.4.64.0/18      1.6.0.0/1     1.8.0.0/16     1.10.0.0/21     1.10.8.0/23    1.10.11.0/24    1.10.12.0/22    1.10.16.0/20    1.10.32.0/19    1.10.64.0/18     1.12.0.0/14     1.22.0.0/15     1.24.0.0/13     1.38.0.0/1    1.45.0.0/16     1.48.0.0/15     1.50.0.0/16     1.51.0.0/16     1.56.0.0/13     1.68.0.0/14     1.80.0.0/13     1.88.0.0/14     1.92.0.0/15     1.94.0.0/15    1.116.0.0/14    1.180.0.0/1   1.184.0.0/15    1.186.0.0/16    1.187.0.0/16    1.188.0.0/14    1.192.0.0/13    1.202.0.0/15    1.204.0.0/14     14.0.0.0/21    14.0.12.0/22     14.1.0.0/22    14.1.24.0/22    14.1.96.0/2

<snip> etc.

see https://www.snbforums.com/threads/h...ng-ipset-firewall-addition.16798/#post-115872

Then you should be able to code a single rule
e.g.
Code: 
iptables -I VSERVER -t nat -m set ! --match-set BlockedCountries src -p tcp -m tcp --dport 12345 -j DNAT --to 172.16.0.12:34567


iptables -nvL VSERVER --line -t nat

Chain VSERVER (1 references)
num   pkts bytes target     prot opt in     out     source               destination
1        0     0 DNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            ! match-set BlockedCountries src tcp dpt:12345 to:172.16.0.12:34567

or you could obviously create an IPSET containing only the allowed IP addresses (AllowedCountries) and remove the "not match" '!' logic from the VSERVER rule whilst referencing this allowed IPSET etc.

P.S. Personally, I'm not sure if this is worth the effort since SmartDNS/VPNs etc. can mask the country of origin?
 
Last edited:
You must log in or register to reply here.

Similar threads

waldo43
Solved Port Forwarding Issue
Replies
6
Views
720
waldo43
waldo43
Nas.CloudBusinessPortal
Certificates
Replies
1
Views
279
RMerlin
RMerlin
A
DSL-AX82U HTTP/HTTPS Port Forwarding
Replies
7
Views
371
AX82U-user-2k
A
T
Open ports on WAN for service running on the router
Replies
8
Views
745
ColinTaylor
C
H
Can no longer get OpenVPN Server to work
Replies
4
Views
534
hvoorend
H
Similar threads
Thread starter Title Forum Replies Date
adri Firewall, Port Forwarding, and DoS Question Asuswrt-Merlin 6
C Can port forwarding do failover to an alternative server? Asuswrt-Merlin 2
A DSL-AX82U HTTP/HTTPS Port Forwarding Asuswrt-Merlin 7
waldo43 Solved Port Forwarding Issue Asuswrt-Merlin 6
docta_v Is there any VPN provider with easy setup for port forwarding on Merlin? Asuswrt-Merlin 5
GShlomi Sharing my DualWan with port forwarding and DDNS experience Asuswrt-Merlin 0
GShlomi Two WANs but not dual-WAN, with port-forwarding Asuswrt-Merlin 7
Mr Solis Enabling NAT Acceleration (CTF) breaks Port Forwarding? (RT-AC68U w/ 386.12_4) Asuswrt-Merlin 17
A PS5 port forwarding and VPN rules Asuswrt-Merlin 4
SA_booley Port forwarding only works on LAN Asuswrt-Merlin 10

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 735 (members: 22, guests: 713)
Top