Setting Up A Geolocation Filter - D-Link NetDefendOS User Manual

connections. This will exclude traffic from the specified areas.
Selecting a Geographic Area
The area selected in an IP Policy object as a filter can be one of the following two types:
• A predefined region
NetDefendOS provides a predefined list of large world regions. These regions consist of the
following:
• Africa
• Antartica
• Asia
• Europe
• North America
• Oceana
• South America
By default, no filter is selected, which means that all regions are allowed (Anywhere).
• An administrator defined Geolocation Filter object
For finer control of the targeted geographic are, the administrator can create a Geolocation
Filter object which consists of one or more targeted countries. This object can then be used as
a value for the Geolocation property of an IP Policy.
In addition to specifying countries for a Geolocation Filter object, or instead of countries, the
following two additional options can be added to the filter:
i. Match Private Networks - This includes the IP addresses used for private networks. This
includes the IPv4 networks 10.0.0.0/, 172.16.0.0/12, 192.168.0.0/16 and the IPv6 network
fd00::/8. Although this option is not directly related to geolocation and could be
implemented through address book, it is provided as a convenience.
ii. Match Unclassified Networks - This will match any IP address that is public but does not
has a known country association.
Tip: A web interface flag icon indicates geolocation is set
In the IP rule set summary which is displayed in the Web Interface, there is no separate
column to indicate that geolocation is set on an IP policy. Instead, a flag icon will appear
to the right of the IP network value in the Src Net and Dest Net columns.
Example 3.37. Setting up a Geolocation Filter
This example will set up an IP Policy object that will drop all Internet traffic coming from the
mythical country of Hackerland. This is done by first creating a Geolocation Filter that includes
only Hackerland. An IP Policy object is then set up which uses this filter as its source.
In addition, the IP Policy will also drop traffic that comes from any IP address that is not known to
be associated with a country.
Note that the country Hackerland does not appear in the predefined list of countries and is only
249
Chapter 3: Fundamentals