Server Blocking By Country Use/Hardening?

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
View previous topic :: View next topic  
Author Message
pcloadlettertf
DD-WRT Novice


Joined: 08 Mar 2026
Posts: 1
PostPosted: Sun Mar 08, 2026 5:42    Post subject: Server Blocking By Country Use/Hardening? Reply with quote
What is the function supposed to be and how are you supposed to correctly use the section labeled "Server Blocking by Country" in Access Restriction -> WAN Access?

I have searched and haven't found anything that clearly documents/explains this. Standard country codes don't appear to do anything.

Is there a simple way to geoblock? A large amount of problematic access attempts come from a fairly short list of countries.

Also is there any log system that flags IP's from behavioral analysis or like an opnsense "lite" version if that makes sense?

Any integration with various threat intelligence feeds?

I would appreciate any insights and apologies if these are dumb questions.[/img]

Screenshot From 2026-03-07 23-38-07.png
 Description:
 Filesize:  17.38 KB
 Viewed:  407 Time(s)

Screenshot From 2026-03-07 23-38-07.png
Back to top View user's profile Send private message
Sponsor
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 16919
Location: Texas, USA
PostPosted: Sun Mar 08, 2026 6:15    Post subject: Reply with quote
There was nothing added to the onboard help file about it, it's a relatively new feature...
_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
RSS feed for DD-WRT releases (2025)
RSS feed for DD-WRT releases (2024)
RSS feed for DD-WRT releases (2023)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Back to top View user's profile Send private message Visit poster's website
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 7161
Location: UK, London, just across the river..
PostPosted: Sun Mar 08, 2026 6:35    Post subject: Reply with quote
Not long ago I did try this option and it was bugging my XR500 to a point of no internet...at all
I used/tried with capital letters or small, and selected very few country codes...or just one
_________________
Atheros
TP-Link WR1043NDv2 -DD-WRT 62606 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear R7800 -OpenWRT Kong 25.12
Netgear XR500 -DD-WRT 64453 GTW/SmDNS/DoT,AD-Blk,Forced DNS,AP&Net Isolation,x2VLAN,Vanilla
Netgear R7800 --DD-WRT 64453 Gateway/DNSCryptv2,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla,VPN cli
Netgear R9000 --DD-WRT 64137 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Dynalink DL-WRX36-DDWRT 64137
Broadcom
Netgear R7000 --DD-WRT 64453 GTW/DNScrypt-proxy2/AD-Block,IPset Firewall,Forced DNS,x4VLAN,VPN cli
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Back to top View user's profile Send private message
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 16919
Location: Texas, USA
PostPosted: Sun Mar 08, 2026 6:53    Post subject: Reply with quote
Needs to be ISO country codes, and comma separated, I presume (I am sure that I am missing some info here, but):

https://svn.dd-wrt.com/changeset/60531
https://svn.dd-wrt.com/changeset/60541
https://svn.dd-wrt.com/changeset/60542
https://svn.dd-wrt.com/changeset/60543
https://svn.dd-wrt.com/changeset/60544
https://svn.dd-wrt.com/changeset/60557
https://svn.dd-wrt.com/changeset/60560
https://svn.dd-wrt.com/changeset/60561
https://svn.dd-wrt.com/changeset/60562
https://svn.dd-wrt.com/changeset/60563
_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
RSS feed for DD-WRT releases (2025)
RSS feed for DD-WRT releases (2024)
RSS feed for DD-WRT releases (2023)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Back to top View user's profile Send private message Visit poster's website
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 7161
Location: UK, London, just across the river..
PostPosted: Sun Mar 08, 2026 11:14    Post subject: Reply with quote
on My R7000(63790) Tried few and still the same result, router is not operational, loosing WiFi connectivity while wired is working, but no Internet...so link the dots...noting in the logs...
tried iso alpha 2: CN, IR, IN, IL or the same without intervals..same result..so this option is not working for me... Confused
_________________
Atheros
TP-Link WR1043NDv2 -DD-WRT 62606 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear R7800 -OpenWRT Kong 25.12
Netgear XR500 -DD-WRT 64453 GTW/SmDNS/DoT,AD-Blk,Forced DNS,AP&Net Isolation,x2VLAN,Vanilla
Netgear R7800 --DD-WRT 64453 Gateway/DNSCryptv2,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla,VPN cli
Netgear R9000 --DD-WRT 64137 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Dynalink DL-WRX36-DDWRT 64137
Broadcom
Netgear R7000 --DD-WRT 64453 GTW/DNScrypt-proxy2/AD-Block,IPset Firewall,Forced DNS,x4VLAN,VPN cli
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Back to top View user's profile Send private message
itwontbewe
DD-WRT User


Joined: 29 Sep 2020
Posts: 274
PostPosted: Mon Mar 09, 2026 21:04    Post subject: Reply with quote
maybe with the .iv ?

RU.iv4, RU.iv6
Back to top View user's profile Send private message
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 16919
Location: Texas, USA
PostPosted: Mon Mar 09, 2026 23:01    Post subject: Reply with quote
There is a possibility that whitespace is not considered.
_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
RSS feed for DD-WRT releases (2025)
RSS feed for DD-WRT releases (2024)
RSS feed for DD-WRT releases (2023)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Back to top View user's profile Send private message Visit poster's website
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 7161
Location: UK, London, just across the river..
PostPosted: Thu Mar 12, 2026 18:31    Post subject: Reply with quote
looking at the last SVN changeset-63982 https://svn.dd-wrt.com/changeset/63982
i guess the spelling should be ...
4AD or 6AD

will try on the next build...

and does it require portscan option in security tab to be enabled...??
_________________
Atheros
TP-Link WR1043NDv2 -DD-WRT 62606 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear R7800 -OpenWRT Kong 25.12
Netgear XR500 -DD-WRT 64453 GTW/SmDNS/DoT,AD-Blk,Forced DNS,AP&Net Isolation,x2VLAN,Vanilla
Netgear R7800 --DD-WRT 64453 Gateway/DNSCryptv2,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla,VPN cli
Netgear R9000 --DD-WRT 64137 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Dynalink DL-WRX36-DDWRT 64137
Broadcom
Netgear R7000 --DD-WRT 64453 GTW/DNScrypt-proxy2/AD-Block,IPset Firewall,Forced DNS,x4VLAN,VPN cli
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Back to top View user's profile Send private message
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 16919
Location: Texas, USA
PostPosted: Thu Mar 12, 2026 18:57    Post subject: Reply with quote
The OP was referring to WAN Access Restrictions. Nothing in the Firewall configs.

I guess you can find out for us and let us know Cool Twisted Evil Arrow
_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
RSS feed for DD-WRT releases (2025)
RSS feed for DD-WRT releases (2024)
RSS feed for DD-WRT releases (2023)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Back to top View user's profile Send private message Visit poster's website
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 7161
Location: UK, London, just across the river..
PostPosted: Tue Mar 17, 2026 9:10    Post subject: Reply with quote
on 64022 still not working..on R7000 just tested it, nothing in the logs, policy is enabled .... https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=340908

nor anything shows filtered packets (access restrictions) for the policy so, no idea how those work if work at all, range is selected and mac address too, along with few risk, L7 and other services to filter/block... Cool
_________________
Atheros
TP-Link WR1043NDv2 -DD-WRT 62606 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear R7800 -OpenWRT Kong 25.12
Netgear XR500 -DD-WRT 64453 GTW/SmDNS/DoT,AD-Blk,Forced DNS,AP&Net Isolation,x2VLAN,Vanilla
Netgear R7800 --DD-WRT 64453 Gateway/DNSCryptv2,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla,VPN cli
Netgear R9000 --DD-WRT 64137 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Dynalink DL-WRX36-DDWRT 64137
Broadcom
Netgear R7000 --DD-WRT 64453 GTW/DNScrypt-proxy2/AD-Block,IPset Firewall,Forced DNS,x4VLAN,VPN cli
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Back to top View user's profile Send private message
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 16919
Location: Texas, USA
PostPosted: Tue Mar 17, 2026 16:09    Post subject: Reply with quote
I saw some commits related to country codes that may be involved in fixing it earlier. You know that new features sometimes take some time to get the kinks unkinked.
_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
RSS feed for DD-WRT releases (2025)
RSS feed for DD-WRT releases (2024)
RSS feed for DD-WRT releases (2023)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Back to top View user's profile Send private message Visit poster's website
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 7161
Location: UK, London, just across the river..
PostPosted: Tue Mar 17, 2026 18:52    Post subject: Reply with quote
kernel-panic69 wrote:
I saw some commits related to country codes that may be involved in fixing it earlier. You know that new features sometimes take some time to get the kinks unkinked.


o yea...i would love to trade country codes towards fixing of SmartDNS...indeed Cool
_________________
Atheros
TP-Link WR1043NDv2 -DD-WRT 62606 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear R7800 -OpenWRT Kong 25.12
Netgear XR500 -DD-WRT 64453 GTW/SmDNS/DoT,AD-Blk,Forced DNS,AP&Net Isolation,x2VLAN,Vanilla
Netgear R7800 --DD-WRT 64453 Gateway/DNSCryptv2,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla,VPN cli
Netgear R9000 --DD-WRT 64137 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Dynalink DL-WRX36-DDWRT 64137
Broadcom
Netgear R7000 --DD-WRT 64453 GTW/DNScrypt-proxy2/AD-Block,IPset Firewall,Forced DNS,x4VLAN,VPN cli
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Back to top View user's profile Send private message
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum