edit: I rephrased the GM Business question, you already answered it, but it reads better now.

I have found a few posts concerning geoblocking lists, so I will paste a few links in here after I've narrowed down the useful ones

I understood from your comments; that you could individually add IP's via the installation of the "Egress Firewall" App in Marketplace; thank you for that. As you acknowledged, realistically, we all use appropriate lists.

The reason I never installed Egress Firewall, Is it specifically states that "the exception rules are based on destination port or hostname". No where in the "learn more" does it even mention you can add IP's.


Should I put the ability to manage blacklists into Egress Firewall as a feature request?
Where should I post about the text addition in Egress's "learn more" pages, Website changes?


I absolutely agree and understood what clearOS offers with its niche combination of:
Next-Gen Firewall; via Gateway Management product, particularly the business variant $400 , but seemingly not available on clearOS home, which includes DTTS: "the blanket IP block overridden by the IP Whitelist feature".
The multiple Servers all readily available via Marketplace, and dependant on your version of home, you get can get Serviio and Plex included.
User Management/ grouping, and by way of flex share you can assign shared or private folders to them
You even have Backup for PC's built-in (again dependant on variant)

In fact, after using PfSense for two years and also testing OPNSense, NethServer, Sophos XG, MerlinWRT, AsusWRT, Zentyal.
The only competitor with a like for like offering is Zentyal.

I deliberately chose clearOS not only given what the company stands for, but it is very clean on the interface. I know you all think the menu's could do with work. It would also be good to also have more theme's.

Thanks Nick

Confused. You can block through the webconfig as I mentioned. It is just that it is more efficient to use ipset for blocking and in the past I have done some very aggressive blocking so had big lists.

AFAIK GM does not do IP blocking as it is a DNS product. It will, however, do DNS blocking in a way that the firewall can't.

Please also remember that ClearOS is a jack-of-all-trades solution. It is not specifically a firewall, so some firewall features you may want are not covered by the webconfig. OTOH, ClearOS can easily be configured as mail server, web server, torrent client, file server and so on which dedicated firewall solutions cannot do.

ummmm lol

That's fantastic as a one-off thing, but let's be honest, I'm never going to remember that, and there's no way my wife could do that.

I am concerned I will have to log in to the forum and search my posts anytime I need to append to the list.
Is there nothing we can implement (what I would hope we agree) is a pretty standard default feature normally in GUI?
Or can you enable this by the Gateway Management for Business GUI ($400)?

Thanks Nick

I was going to reply that it is multicast.

There is a big forum thread with geo-blocking (I think search country block), but it is a manual set up.

You can block individual IP's in the Egress Firewall, but personally I set up an ipset list and use my own file in /etc/clearos/firewall.d (/etc/clearos/firewall.d/95-custom_blocks):

if [ "$FW_PROTO" == "ipv4" ]; then true

    ipset create custom-block hash:net -exist

    ipset flush custom-block



    #$IPTABLES -I INPUT -m set --match-set custom-block src -m state --state NEW -j DROP

    $IPTABLES -I INPUT -m conntrack --ctstate NEW -m set --match-set custom-block src -j DROP

    #$IPTABLES -I INPUT -m conntrack --ctstate NEW -m set --match-set custom-block src -j LOG --log-prefix "Custom_Block"



    <snip>



    # Added 07/02/2021 - persistant connect/disconnect

    ipset add -exist custom-block 141.98.10.136

    ipset add -exist custom-block 141.98.10.143

    ipset add -exist custom-block 141.98.10.183



    # Added 21/02/2021 - persistant e-mail attempts

    ipset add -exist custom-block 185.244.41.0/26



fi

ah, for gawd sake, its bloomin multicast isnt it...
I really miss being able to drill down in GUI...
Interesting though that the SKYTV box is multicasting when it's in Standby Mode?

Is there anything that can be installed to do some base analysis?
The question still stands with how do I add to a blocklist for when I need to?
How would we add a GeoBlock as well please?

Thanks