Page 1 of 1
Geoblock country but allow IP
Posted: Wed Feb 25, 2015 2:42 pm
by gaia
Ukraine is geoblocked, but I would like to allow a single IP thru, without whitelisting it. Is this possible?
Thanks in advance.
Re: Geoblock country but allow IP
Posted: Wed Feb 25, 2015 7:11 pm
by scott
Is it for just one service, or multiple ones?
Re: Geoblock country but allow IP
Posted: Wed Feb 25, 2015 8:03 pm
by gaia
scott wrote:Is it for just one service, or multiple ones?
only for port 443 and 22.
Re: Geoblock country but allow IP
Posted: Thu Feb 26, 2015 9:06 am
by prupert
You could insert firewall rules in INPUT before ASL-GEO-BLACKLIST .
Re: Geoblock country but allow IP
Posted: Thu Feb 26, 2015 9:12 am
by scott
Thats definitely one way, another is to do 2 per-port ACL's
Re: Geoblock country but allow IP
Posted: Thu Feb 26, 2015 9:33 am
by gaia
So one firewall rule in INPUT before geoblock allowing access to those two ports?
Re: Geoblock country but allow IP
Posted: Thu Feb 26, 2015 12:10 pm
by scott
Right, an "insert" means put on the top of a list, and "add" means add to the bottom. Just like you're in a spreadsheet. You want your rule to appear ahead of the drop rule.
Re: Geoblock country but allow IP
Posted: Thu Feb 26, 2015 12:12 pm
by gaia
scott wrote:Right, an "insert" means put on the top of a list, and "add" means add to the bottom. Just like you're in a spreadsheet. You want your rule to appear ahead of the drop rule.
how do i add more than one port per rule? tried space, comma without spaces and dashes.
Re: Geoblock country but allow IP
Posted: Thu Feb 26, 2015 12:45 pm
by mikeshinn
Re: Geoblock country but allow IP
Posted: Thu Feb 26, 2015 2:47 pm
by gaia
thanks, but the referenced "Per Port ACLs" section does not mention the syntax for multiple ports.
additionally, i was looking to do this via the GUI, IF possible.
Re: Geoblock country but allow IP
Posted: Thu Feb 26, 2015 4:24 pm
by scott
That mechanism is for single ports at a time, so you'd need to make 2 lists.