I think that the actual implementation of geoblocking in v8 is quite useless. At the moment there is no possibility to add any type of exceptions. So if you decide to block "China", all traffic from and to china is blocked (you cannot define the direction of block ie LAN to WAN / WAN to LAN, web proxy exceptions, smtp proxy exceptions, ecc)

http://www.astaro.org/astaro-beta-versions/asg-v8-public-beta/32518-7-921-question-answered-exceptions-country-blocking.html

geo-ip isn't all that acc urate unless youa re in a large city. If you geo-block me you actually are covering over 50 square miles of farmlands that aren't near me..hagerstown isn't even my county..but that's where geo-ip puts me most times.

I have read that this feature will be added to v8

The greatest benefit will come from having the most flexibility.
I like Cameron's comments.
I need this feature to be flixible so that I can apply it to any service (smtp, http(s), ftp, etc.
I also like the suggestion about nested groups (i.e. asia, vs russia). If the logic follows the same set up as the NIC's (apnic, afinic, etc...) that would be great.

Nice feature, but in this way the time spent in geo-localization slow down the rules execution, isn't it?

is this planned for v7 or v8?

I also feel this should not just be for anti-spam. I currently have definitions and rules to block http(s) from many countries as well.

I have to agree w/ BarryG, the majority of my customer's ASGs deflected spam are originating from Europe, Korea, and China. Most of them don't do any business out of the U.S.

Just because SOME companies do business with Chine doesn't imply everyone wants to get attacked by them. The proposal wouldn't be limited to China, but could include ant country. My customers don't do business outside my state. Being able to block ANY or ALL other countries would be great for me.

Why is everybody here talking only about spam. Antispam feature of Astaro is IMO ok as it is. I would like to have the geo ip blocking option as simple way to block attacks to my network at low level, so that Astaro rejects or drops connection attempts from these sources. A lot of Intrusion attempts here are sourced by chinese, russian and some american servers. Because I don't have contact to most of these countries, it would be a simple and effective way to prevent attacks from such sources.

People wishing to just stop email by country can do this now using RBLs. Just google for country code rbl and you should find a few hints.

Not necessarily just for spam control on the GeoIP. Many ecommerce sites are country specific and would like to limit the connections to their online shops to a specific country only. As such an IP range should be selectable for either allow or deny access to your webserver.

BTW, my proposal below won't work well without nested groups (which is another feature request here).

I get a lot of spam from China and Eastern block, but USA is usually listed at #1

Anyhow, I just don't think it's that critical an item to be listed so high, but, thats my personal opinion and what voting points are for :) Cheers.

Simon, I'm getting a LOT of spam from "Eastern Block" countries.

ISTM the best way for Astaro to implement this would be to use the GeoIP data (already in Astaro for reporting), create an interface allowing countries to be checked... once they're checked, definitions and groups should be automatically added to Network Definitions.
Then, the user could create rules to block those countries using those defs.

*When GeoIP data is updated, the NetDefs should be automatically updated.*

Waste in my opinion, considering many businesses are now working with companies like China. Most spam seems to originate in the USA these days!