Hot Downloads



The forum is in read only mode.
Welcome, Guest
Username: Password: Remember me

TOPIC: Firewall that blocks connections by country?

Re: Firewall that blocks connections by country? 14 years 7 months ago #8153

Hmm yknow, perhaps it might be worth your while to consider not using the firewall as a mechanism for access control...

The reason is simple..... the basic concept of a firewall is that it either allows or doesn't allow. This means that you need to

a) Know *precisely* what you're allowing in, or *precisely* what you're denying

b) Have a security policy which decides this beforehand as you cannot decide on the fly

The task you're attempting is very administratively intensive - not to mention I haven't a clue how these personal firewalls will react to huge rule sets.. they were not designed for performance.. this is especially true of the Windows XP SP2 firewall..

I suggest you add some authentication mechanism to the application you're using. Make it something that you can rely on... IP addresses are a bad way to authorize individuals.. and geographic location is even worse.

A quote from 'Firewalls & Internet Security' comes to mind -- If you have more than around 30 rules (even in a large enterprise) you're doing something too complicated.

Just imagine, each of those rules represents a policy decision.. there are very few places where a firewall needs to implement 30 different business decisions....

Think outta the box.
Sahir Hidayatullah. Staff - Associate Editor & Security Advisor
Time to create page: 0.096 seconds


Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V


  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup