Firewall management

Similar subject: Block registration from the country by removing it from registration list

Firewall uses subdomain lists we will use example domain market.com :

• List "common" - common subdomains like www.market.com, market.com,sandbox.market.com etc
• List "admin" - admin.market.com access
• Optional lists: admin2, admin3 etc to granulate access for multiple admin servers in different countries/continents

If you need to further granulate the access to subdomains - let us know

Each list has default value:

• allow (allow all except blocked)
• deny (block all except allowed)
• removed (default settings deactivated)

Lists are executed in order: (example for admin):

1. admin.country
2. admin.range (overrides country!!!)

!!! IMPORTANT !!! DONT USE DEFAULT in range list without fully understanding the implications In most cases you will be OK just deactivating ranges default altogether.

• admin.country - irrelevant, you can leave it as is.
• admin.range - default deny, 123.123.12.12 allow (country settings will be completely overridden)

• admin.country - default inactive, removed entries with deny
• admin.range - default inactive, removed entries with deny

• admin.country - default deny, UK allow
• admin.range - default inactive, removed UK entries with deny

• admin.country - default deny, UK allow
• admin.range - default inactive, 110.23.23.23 deny

• admin.country - default allow, UK deny
• admin.range - default inactive, removed entries with deny

• admin.country - default allow, UK deny
• admin.range - default inactive, 110.23.23.23 allow

• Country GeoIP databases certainly lags behind with updates
• Proxy and VPN providers might have misleading location info
• GeoIP will not protect against reserved/military/governmental/corporate IPs
• GeoIP doesnt work on local networks, company VPN infrastructure etc.
• GeoIP doenst work on internal IP ranges.