Junos OS

Back to discussions
Expand all | Collapse all

Blocking IP addresses by country in SRX Series

Jump to Best Answer

  • 1.  Blocking IP addresses by country in SRX Series

    Posted 11-17-2018 23:53

    I want to block visitors by certain country. I can export and save the list https://www.ip2location.com/free/visitor-blocker by selecting the country and file format. What should I do next to enable the blocking in firewall?

     

    Below is the sample list:

    # -------------------------------------------------------
# Free IP2Location Firewall List by Country
# Source: https://www.ip2location.com/free/visitor-blocker
# Last Generated: 18 Nov 2018 07:50:16 GMT
# [Important] Please update this list every month
# -------------------------------------------------------
set 202.144.196.0/24


  • 2.  RE: Blocking IP addresses by country in SRX Series
    Best Answer

     
    Posted 11-18-2018 06:13

    Create a security policy with the address set containing the ip address list.

     

    --address entry per prefix

    set security zones security-zone untrust address-book address country1 192.168.1.0/24

     

    --add all to the address set

    set security zones security-zone untrust address-book address-set CountryBlock address country1

     

    ---create block policy and put first on the untrust to trust  (or whatever internal zone) policy list

    set security policies from-zone untrust to-zone trust policy CountryBlock match source-address CountryBlock
    set security policies from-zone untrust to-zone trust policy CountryBlock then reject