The menu System/IP Sets allows you to control lists of IP-addresses that can be blacklisted or whitelisted. The built-in lists enable you to block or allow countries, and in addition to this we also added a list of know VoIP abusers, to help protect you against VoIP Fraud and other harmful traffic to your PBX.
How to use the default IP Sets
ipv4:country:nl
This is a list of all IP-addresses of most countries of the world. It is composed on the basis of the RIPE database. You can use this list to compose your own country-lists. Ipv6:country is the same list but for the new generation IP-addresses.
For your convenience we already made the Dutch subset of the list.This is sets:nl. Now you can allow (or block) all Dutch IP-addresses in your firewall at once,
Ipv4:mobiledata is the list with (dynamic) IP-addresses assigned by mobile operators if internet is used on phones. When using the mobile app, you can use this list to allow, for instance, only these IP addresses in the firewall, instead of ALL Dutch IP addresses.
These five predefined lists are enabled by default, so you can use these in the firewall. You can see that they are enabled by the green icon on the left of each item.
Enabled IP Sets can then be added to the firewall as allowed or blocked using the ‘add’ action and then choosing ‘IPset’ instead of IP address.
Note: IP sets used in firewall rules cannot be disabled.
The whole ipset ID, e.g. ‘ipv4:definition:variant’ can not be longer than 24 characters. Allowed are letters, digits and ‘_’ only.
Create your own IP Sets
You can create your own IP Sets that are specifically important to you and add these to your firewall. For this purpose you create a text file with all IP addresses, one per line.
In this example we will show you how we created IPv4:mobiledata. Go to System/IP Sets and click Add. At type, Choose IPv4, a name and a clear description. In the URL-field you refer to the text file on your webserver. In the url you use {variant}; in this set we want NL so we filln nl in the variant-field.
You could create another list with, for instance, all German mobile data by only filling ‘DE’ in the {variant}-field.
Click OK, The IP Set is in the list. You now need to activate it. Select the IP Set and fold it out. Select the subset and click ‘Enable’, then ‘Refresh’. The little ball will be green now.
How to create a country subset
Axeos created the Dutch subset, but you can create your own subsets of countries. you can do this for example for the countries you have offices in or do business with. In this example we create a German subset.
Go to System/IP Sets and click Add. At type choose ‘Set’. Give it a clear name, e.g. ‘de’. You can leave the other fields blank. Go to the tab Entries, click on Add. You now can open the country list and look for .de. Choose it by clicking it,
Click OK. The set is now created and needs to be activated. Select the new IP Set, expand it and select the subset. Select the subset and click ‘Enable’, then ‘Refresh’. The little ball will be green now.
Using IP Sets in your firewall
You can add activated IP Sets in the firewall. Go to System/Firewall and click on Add.
If you want to add the blacklist, you leave the switch ‘Allow’ OFF (to block). At type you choose IPSet after which you can select the correct IP Set. At Service, in this example, you choose ‘All’. Give the rule a clear description. Click OK. You now can see the new rule added. It should be on top of all rules, the order is important.