Regional filtering is a vital feature that enables users to control Internet access based on geographic criteria. Individuals and organizations can manage which regions or countries their network traffic can interact with or be accessed from.
This feature serves various purposes, including enhancing network security by limiting exposure to certain regions known for cyber threats.
Regional Filtering with Firewalla
Firewalla provides two forms of regional filtering.
- Regional blocks at the IP layer (based on IP addresses) – Firewalla keeps a running database of each IP's location and can use this information to block IPs from certain regions.
- Top-Level Domain (TLD) blocks – Firewalla can use custom Target Lists or individual rules to block domains based on region.
Regional IP Blocks
To block regions at the IP layer, just create a rule blocking a certain region. Tap Rules on your box's main page and tap Add Rule. For the rule's target, tap Region, then select a region.
- Regional IP blocks are based on IP address, so it doesn't matter what the domain is. For example, firewalla.com represents a US-based company mapped to a Shopify domain. Since Shopify is Canadian, its IPs belong to Canada. If you block IPs from Canada, firewalla.com will be blocked.
- IP addresses may not always be accurate so we advise you to block as few countries as possible. The more regions you block, the more problems and false positives you may experience.
- The geographic information of each IP address is always changing, so you may still see traffic from the blocked region from time to time.
- This feature is only available on Blue, Blue Plus, Purple, and Gold units. Blue units can block up to 3 regions, Blue Plus and Purple can block up to 10, and Gold has no limit.
Top-Level Domain (TLD) Country Blocks
To block regions based on domain, create a blocking rule for a domain suffix. For example, .nl is the suffix for domains based in the Netherlands. Enter the domain suffix in one of the following formats (using Netherlands as an example):
To block multiple domain suffixes, you can create a Target List in Firewalla MSP or https://my.firewalla.com. Click Target List from the left navigation bar, then click Create Target List. Enter all your targets line by line. When entering suffixes in a Target List, you must enter each suffix in the format *.[suffix], e.g. *.nl. Click Create when you're done. You can use your new Target List when creating blocking rules in MSP or my.firewalla.com.
Firewalla will treat these strings as wildcards, meaning the rule will target all matching subdomains ending with this suffix. In the rules page, the target will just be shown as the plain suffix – the app will automatically remove *. for consistency. You can find each country's TLD here: https://en.wikipedia.org/wiki/Country_code_top-level_domain
- Not all domains can be mapped to a country. For example, shopify.com is in Canada, but the domain isn't explicitly Canadian.
- TLD blocks are very broad, so they may block legitimate traffic needed to run your software or IoT devices. If you encounter issues after implementing a TLD block, consider making exceptions using allow rules.
TLD Risky Domains
TLDs can be used to block countries, but they can also block questionable businesses. Some domains to look out for include:
Disclaimer: This list (example) is just a suggestion that combines research from a few different sources (including Reddit). Please use it at your discretion.
According to Bleeping Computers:
"Those that fair the worse [sic] in the ‘cumulative distribution’ category are .xyz, .icu, .ru, .cn, and tk. This means that most of the bad stuff circulating the web in terms of volume comes from these domains... " (source)
Note: not all domains that have a suspicious suffix are necessarily dangerous. Use TLD blocking at your discretion, and remember that you may need to access domains with a risky suffix occasionally.
Can I block all countries and only allow traffic from the USA?
You can, but you shouldn't. Here is why:
- The Internet is distributed globally, so blocking everything will cause issues.
- Important sites may be based in countries you don't expect. For example, shopify.com, which supports many e-commerce stores, is Canadian. If you block Canada, you will block firewalla.com (and many other shopping sites)
- IP-to-location information changes frequently. If this info is outdated or wrong, you may occasionally block regions you didn't mean to block.
- Firewalla has a built-in ingress firewall that blocks all incoming traffic, so you never have to worry about traffic from the outside breaking into your network.