Create Firewall rules to restrict LAN to WAN access to specific countries by using country codes

Vigor router supports Country Object. With this feature, it will be easier for the network administrator to allow or block access to an IP address of a specific country. For example, the network administrator can block certain countries from connecting the port to access the internal server to prevent attacks. Or, to restrict the destination that LAN users can access to the selected countries only. This note demonstrates how to allow the LAN hosts to access the UK websites only.

Note: DrayTek Routers includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com.

1. Create a Country Object. Go to Objects Setting >> Country Object page. Click an available index, give a profile Name and select Country.

To block all websites except for those in the UK, we will need to create two firewall rules. The first one to block all websites, and the second to allow access to websites in the UK.

2. Create the rule blocks all sites, go to Firewall >> Filter Setup >> Default Data Filter Set, and click an available rule to edit.

1. Select "Any" for Source IP, Destination IP, and Service Type
2. Select "Block if no further Match" for Action, so the router will check the other rules first　 　

3. Create another rule to allow access to the websites of the UK. Go back to Default Data Filter page, and click an available rule which follows behind the rule created in the previous step.

1. Click Edit behind the Destination IP/Country to select Country Object created in the first step
2. Select "Pass Immediately" for Action

Now we can try to access a few websites to verify the firewall setting.

www.draytek.de

www.draytekusa.com

www.draytek.co.uk