This crowd-funding feature is supposed to make your firewall ruleset smaller and more effective with geographically based blocking: GeoIP Block
Attackers originate from all sorts of places in the world. Often huge networks of bots scan the entire Internet for services that are publicly accessible and possible to exploit. With GeoIP-based blocking it is possible to mitigate many of those scans to take off the load of the firewall engine and to secure the services your network is offering.
In short terms: All packets that originate from an IP network registered in that country are dropped. As an example, this enables you to allow connecting to your OpenVPN server just from your own country and not from anywhere else in the world. Outgoing connections will not be filtered so that surfing on foreign sites is not affected.
It will be possible to enable this feature globally for the entire firewall ruleset or for indiviual rules, incoming and outgoing at the same time. So here are some more pretty neat use cases:
The other features of the new firewall GUI and this new GeoIP-Block feature together make the IPFire firewall once again more powerful and enhance its use-case. Please help us implementing this feature with your donation.
Launched: January 15, 2015 at 12:00 am • This funding runs until the goal is reached.