Add Firewall to allow specific IP address from Country X while blocking Country X - GeoIP

UF_DC · March 10, 2025, 7:19pm

Hello.

We have an external facing Website at our Corp HQ location. We have been blocking country X via Geo IP Based filtering on a Meraki MX. Unfortunately, the Meraki MX does NOT have the capability to ‘whitelist’ an IP address or multiple IP addresses from Country X as the L7 Geo IP based filter will still block the traffic and we have recently found out that some small locations in country X need access to our website.

We are considering a Netgate PfSense firewall and are wondering if we can ‘whitelist’ an IP address inside of Country X while still blocking Country X with PFBlockerNG - GeoIP rules. I hope this is clear.

Thank you for your time!
Dan

xerxes · March 10, 2025, 8:17pm

You can do this in pfBlocker-NG, just make a custom list of IPs that you want to allow. pfBlocker will put allow rules above the geoip block rules.

I have just now tested this for you.

LTS_Tom · March 10, 2025, 8:18pm

Yes, with pfsense you can create custom allow/deny using pfblocker. It takes a few extra settings to get rules in the right order but should work for your use case.

UF_DC · March 10, 2025, 8:21pm

Great! That is what I was hoping to hear! Thanks for the response.

UF_DC · March 10, 2025, 8:22pm

Thanks @LTS_Tom for the response!! Much appreciated. That is what I was hoping to hear.