Community discussions

MUM Europe 2020
 
NodeMax
newbie
Topic Author
Posts: 38
Joined: Sun Sep 22, 2013 11:39 am

GeoIP (Country - Max Mind) in Firewall CCR

Sat Nov 15, 2014 10:56 am

Hi

Firewall - Geo IP

We use lots of CCR's and will use the new one when it comes out 72 core.

When our website customers get Dos attacked by Bot nets we can manage it often by moving them to Cloudflare if the attacks are massive, we can also do some Geo IP DNS stuff and BGP stuff but to make it much more manageable can we have:

Geo IP (Country) using Maxmind IP DB in the Firewall.

So example I add a rule to the fw:

Forward
tcp
80,443
xxx.xxx.xxx.xxx ---- Customer Website IP destination
drop
GeoIP - block russia, china etc when attacked

Forward
tcp
80,443
xxx.xxx.xxx.xxx --- Customer Website IP destination
accept

If the customer is attacked then I can expand and untick ( or other way round expand and tick to block) the countries where the bot nets are, for exampple other day one customer was attacked from Russia, China and some other countries in Eastern Europe, now nothing was coming from UK, Germany, Spain etc where all their orders come from.

So this would have meant we could have had 2 rules forward/drop & forward/accept. I could have dropped all the traffic originating from the countries the bot net hosts were in.

What I actually did was changed the DNS, ran nginx proxies off our network and dropped the traffic off our network using IP tables and MaxMind Country Database

Would be so nice to have this in Microtik on the CCR's

Thanks

Tony
 
User avatar
koshak83
just joined
Posts: 19
Joined: Wed Feb 05, 2014 4:33 pm
Location: Russian Federation, NWFD, Saint-Petersburg Federal City

Re: GeoIP (Country - Max Mind) in Firewall CCR

Sun Nov 30, 2014 6:27 pm

Ban all world ip and sleep well. :mrgreen:
 
NodeMax
newbie
Topic Author
Posts: 38
Joined: Sun Sep 22, 2013 11:39 am

Re: GeoIP (Country - Max Mind) in Firewall CCR

Sun Nov 30, 2014 8:08 pm

Why ban them just un-plug it ....

no Joking aside!

GeoDNS is becoming quite big now.

How useful would Geo Firewall be in a CCR and Geo Routing?

So could have it in the firewall
Use it for MPLS or routing decisions based on Country....

The Maxmind db is just a binary DB sure you could upload that to the CCR file list and Microtik could interface that for routing and firewall functions.

You could not only ban IP ranges, slow them down, change routing decisions, if required for a timespan i.e if GeoIP says its traffic from UK add to SlowUKDownAddressList speed up Asia for example.

Route UK traffic this way and Asia traffic that way... I can see this would be useful for anycast networks.

So imagine the neat stuff you could do in a super powerful CCR with GeoIP (MaxMind) DB put in the Firewall.

regards

Tony

Who is online

Users browsing this forum: darkprocess, ryba84, valerm and 119 guests