Hi
Firewall - Geo IP
We use lots of CCR's and will use the new one when it comes out 72 core.
When our website customers get Dos attacked by Bot nets we can manage it often by moving them to Cloudflare if the attacks are massive, we can also do some Geo IP DNS stuff and BGP stuff but to make it much more manageable can we have:
Geo IP (Country) using Maxmind IP DB in the Firewall.
So example I add a rule to the fw:
Forward
tcp
80,443
xxx.xxx.xxx.xxx ---- Customer Website IP destination
drop
GeoIP - block russia, china etc when attacked
Forward
tcp
80,443
xxx.xxx.xxx.xxx --- Customer Website IP destination
accept
If the customer is attacked then I can expand and untick ( or other way round expand and tick to block) the countries where the bot nets are, for exampple other day one customer was attacked from Russia, China and some other countries in Eastern Europe, now nothing was coming from UK, Germany, Spain etc where all their orders come from.
So this would have meant we could have had 2 rules forward/drop & forward/accept. I could have dropped all the traffic originating from the countries the bot net hosts were in.
What I actually did was changed the DNS, ran nginx proxies off our network and dropped the traffic off our network using IP tables and MaxMind Country Database
Would be so nice to have this in Microtik on the CCR's
Thanks
Tony