How to set the Firewall Rule with Country Object to restrict the reachable IP address by country?

Vigor router supports Country Object to let network administrator manage the destination IP by country since Vigor2926 3.8.8 version firmware. With this feature, it will be easier for network administrator to manage the network by allowing or blocking the access to specific country. For example, network administrator can block certain countries from connecting port to access internal server, in order to prevent attacks. Or, to restrict the destination IP to the selected countries only that LAN users can access to. This note demonstrates how to allow the LAN hosts to access to UK websites only.

Create Country Object

Go to Objects Setting >> Country Object page,

  1. Click an available index
  2. Give a profile Name and select Country
   

To block all websites except those in UK, we will need to create two firewall rules, the first one is blocking all websites, the second one is allow the LAN users to access the websites in UK.

1. Create the rule blocks all websites, go to Firewall >> Filter Setup >> Default Data Filter set, and click an available rule.

  1. Select Any as Source IP, Destination IP and Service Type
  2. Select Block if no further Match as Action, so the router will check the other rules first
   

2. Create the rule which allow the users access the websites in UK, go back to Default Data Filter page, and click an available rule which follows behind the rule created in previous step.

  1. Click Edit behind the Destination IP/Country to select Country Object created in previous step
  2. Select Pass Immediately as Action
   

Now we can try to access few websites to verify the firewall setting.

www.draytek.de

   

www.draytekusa.com

   

www.draytek.co.uk

   
Was this article helpful?