Blocking of outgoing IP ranges

CJR
CJR Member, Beta Tester Posts: 3
First Comment Photogenic
Hi Fing,
Is it possible to let FingBox deny packages addressed to IP addresses within specific IP ranges?
I'd like to be able to select IP ranges to be blocked; as an example I'd like to ensure that my IoT equipment doesn't contact Russia, Africa etc.

Best Answer

Answers

  • Marc
    Marc Moderator, Beta Tester Posts: 2,652
    1,000 Likes 2500 Comments 100 Answers 250 Awesomes
    ✭✭✭✭✭✭
    Hi @CJR , that's more of a function for your router and or firewall.  Fingbox tends to specialize more on the ability to deny or allow hosts onto your network, along with looking out for certain external threats which it can identify or block.

     There are probably lots of people on these forums who could direct you to software or hardware solutions for what you are looking for.  @rooted
    @kltaylor @Pixelpopper etc...  Any thoughts here?
    Thats Daphnee, she's a good dog...
    [Deleted User]CiaranCJR
  • rooted
    rooted Gulf Coast, USModerator Posts: 872
    250 Likes 500 Comments 50 Answers 25 Agrees
    ✭✭✭✭✭

    That's a job for iptables, few standard routers will allow this type of filtering but any router running DD-WRT, LEDE, or OpenWRT will allow you to use iptables.

    CJR
  • [Deleted User]
    [Deleted User] Posts: 0
    100 Comments 25 Likes First Anniversary Member of the Month
    ✭✭✭
    edited January 24, 2020 #5
    Many standard, ISP supplied routers, are capable of blocking websites via the Parental Control functionality (This often includes additional customisable security options). Some ISPs spread these options between the router & web based accounts (BT use combined method for their U.K. customers) but check with your ISP for further details. Of course to block an entire nation’s websites will probably require some significant investment in time & cash. To restrict the scale of these investments you might consider monitoring which websites are being accessed from your network and then block those sites (not all Russian sites, for example, are attempting to defraud everyone).
    If the last sentence is of interest then the following link may be of interest.
    rootedCJR
  • CJR
    CJR Member, Beta Tester Posts: 3
    First Comment Photogenic
    Thanks for your answers! I agree that this might be out of scope for FingBox, although it might be fairly easy to block from there. Thanks for the DDOS link, seems that I should really dig into doing this from a router :-)
  • Ciaran
    Ciaran Administrator Posts: 1,180
    1000 Comments 250 Likes 50 Answers 100 Awesomes
    admin
    @CJR thank you for this question. @rooted , @Marc , @Pixelpopper really great input and advise offered here. @CJR , can you mark which ever response you found most useful as 'answered question' (that way it will help other users who experience a similar issue get to the answer quickly, and also give the responder kudos :smile:   )


    Ciaran (Admin at Fing)

    CJR
  • CJR
    CJR Member, Beta Tester Posts: 3
    First Comment Photogenic
    Done; although selecting only one isn't totally fair ;-)
    I'll check up on EdgeRouter X, which can do this :-) 

    Marc