11.9. Firewall Rules Advanced¶
You can find the Advanced Settings at Firewall → Rules → Advanced.
11.9.1. Geo Blocking¶
Enabling Geo Blocking will download the Geo IP List (IPv4 + IPv6) and generate Network Objects with IPs for each country and continent that you can use in Firewall Rules. This helps with filtering/blocking IP addresses from specific countries/regions.
Update Interval is set to weekly by default and can be changed to daily or monthly.
This product includes GeoLite2 data created by MaxMind, available from http://www.maxmind.com.
11.9.2. Office 365¶
Enabling Office 365 will download the Office 365 IP List (IPv4 + IPv6) and generate Network Objects with IPs for each service that you can use in Firewall Rules. The available services to choose from are: All, Exchange, Skype, Sharepoint and Common.
Update Interval is set to weekly by default and can be changed to daily or monthly.
You can find more information about the ipranges at http://aka.ms/ipurlws.
11.9.3. Amazon Web Services¶
Enabling Amazon Web Services will download the Amazon Web Services IP List (IPv4 + IPv6) and generate Network Objects with IPs for each service that you can use in Firewall Rules.
Update Interval is set to weekly by default and can be changed to daily or monthly.
You can find more information about the aws ipranges at https://docs.aws.amazon.com/general/latest/gr/aws-ip-ranges.html.
11.9.4. Google¶
Enabling Google will download the Google IP List (IPv4 + IPv6) and generate one Network Object for all Google IPs.
Update Interval is set to weekly by default and can be changed to daily or monthly.
11.9.5. Miscellaneous¶
Reload Firewall can be enabled or disabled. When enabled it will reload Firewall Rules if a hostname is used that needs to be resolved to an IP.
Reload Firewall Interval is the Reload Firewall Interval in hours. Default is 24.
Rules Default Page defines the default landing page for Firewall > Rules.
Firewall Default Policy can be either drop or accept. It is drop by default.
11.9.6. Custom Rules¶
Custom nftables rules can be defined here, one per line. They must match the nftables syntax and they will be imported before any rule of the WebGUI is added. Please be careful as syntax errors will lead to errors on loading the firewall rules and no new rules can be added.