Inscrit le: 16 Mar 2018
|Posté le: Sam 19 Mai - 09:25 (2018) Sujet du message: Block country IPs on all ports
Just want to run this by you guys to see if I'm thinking correctly.
Let's say I want to block all incoming connections from IP#s originating from a specific country called "A". I update the countries list and add the correct ountry A to the groups list.
Under the "All Services" I put the group "Country A" in the blocked section.
I now add, lets say, a torrent service, defining ports 6881:6889, and under the Allowed section I enter "Everybody".
The torrent service comes after the "All services" service.
Country A is no longer blocked on the ports defined in the torrent service, correct?
To make sure Country A is blocked on all ports I would have to create a "custom all services" on ports 1:65535 and add it to the end of the managed inbound services and put Country A in the blocked section. Correct?
A solution to this problem would be to add "quick" to the block section of the built in "All Services" service. Or if i could manually edit the expanded PF configuration for specific rules and add the quick part there.
Originally I was sure that if I added specific IPs to the block section of All services they would be blocked completely but when playing around and testing on the outgoing port 80 I found this not to be true, as the last rule is the one that wins unless keyword "quick" is not present.
Any help will be apprecited.
I didn't find the right solution from the Internet.