Astaro Gateway Feature Requests Forum

Log in or Sign up |

125 votes
Vote

Framework: Location (GeoIP) Blocking

Implement a mechanism to allow definitions based on GeoIP/location, which can be worked with and referenced.. Allows for blacklisting in Mail by country, and blocking of certain types of traffic in the packetfilter. Eg, it might be used to automatically drop/block all traffic from "China&quo... more

Status: planned

This is planned for ASG V8.000

Default-avatar Gert Hansen Admin
  1. Comments
  1. 3 Default-avatar

    The greatest benefit will come from having the most flexibility.
    I like Cameron's comments.
    I need this feature to be flixible so that I can apply it to any service (smtp, http(s), ftp, etc.
    I also like the suggestion about nested groups (i.e. asia, vs russia). If the logic follows the same set up as the NIC's (apnic, afinic, etc...) that would be great.

  2. Default-avatar

    Nice feature, but in this way the time spent in geo-localization slow down the rules execution, isn't it?

  3. Default-avatar

    is this planned for v7 or v8?

  4. 2 Default-avatar

    I also feel this should not just be for anti-spam. I currently have definitions and rules to block http(s) from many countries as well.

  5. Default-avatar

    I have to agree w/ BarryG, the majority of my customer's ASGs deflected spam are originating from Europe, Korea, and China. Most of them don't do any business out of the U.S.

  6. 1 Default-avatar

    Just because SOME companies do business with Chine doesn't imply everyone wants to get attacked by them. The proposal wouldn't be limited to China, but could include ant country. My customers don't do business outside my state. Being able to block ANY or ALL other countries would be great for me.

  7. Default-avatar

    Why is everybody here talking only about spam. Antispam feature of Astaro is IMO ok as it is. I would like to have the geo ip blocking option as simple way to block attacks to my network at low level, so that Astaro rejects or drops connection attempts from these sources. A lot of Intrusion attempts here are sourced by chinese, russian and some american servers. Because I don't have contact to most of these countries, it would be a simple and effective way to prevent attacks from such sources.

  8. Default-avatar

    People wishing to just stop email by country can do this now using RBLs. Just google for country code rbl and you should find a few hints.

  9. N711961256_979

    Not necessarily just for spam control on the GeoIP. Many ecommerce sites are country specific and would like to limit the connections to their online shops to a specific country only. As such an IP range should be selectable for either allow or deny access to your webserver.

  10. 2 Default-avatar

    BTW, my proposal below won't work well without nested groups (which is another feature request here).

  11. Default-avatar

    I get a lot of spam from China and Eastern block, but USA is usually listed at #1

    Anyhow, I just don't think it's that critical an item to be listed so high, but, thats my personal opinion and what voting points are for :) Cheers.

  12. 2 Default-avatar

    Simon, I'm getting a LOT of spam from "Eastern Block" countries.

  13. 2 Default-avatar

    ISTM the best way for Astaro to implement this would be to use the GeoIP data (already in Astaro for reporting), create an interface allowing countries to be checked... once they're checked, definitions and groups should be automatically added to Network Definitions.
    Then, the user could create rules to block those countries using those defs.

    *When GeoIP data is updated, the NetDefs should be automatically updated.*

  14. Default-avatar

    Waste in my opinion, considering many businesses are now working with companies like China. Most spam seems to originate in the USA these days!

Log in to leave a comment

powered by UserVoice