It would be great if DigitalOcean maintained and updated a list of CIDR blocks for each country (from ARIN and the other world registries) which easily allowed a DO-customer to block entire countries as part of the firewall settings.
This could be implemented as just typing in a country name to the "source" field when adding a new firewall rule, then displaying a drop-down with the country name/details for the user to select. Maybe version 2 of this feature would be a clickable world map (enable/disable countries).
Many network administrators apply CIDR block IP blacklists to their servers to stop the flood of malicious traffic from areas their company does not serve. A more restrictive approach is to whitelist IP blocks for countries that they serve.
Providing this feature would allow admins to move this protection to the network edge and reduce their maintenance burden of a custom solution on their server.
You would probably have to provide API access to the country/CIDR list so companies can validate they aren't blocking their legitimate (known) customers by IP address when they apply the firewall rules by country name.
Yes, please! Same idea posted:Â https://ideas.digitalocean.com/ideas/FWX-I-3
Attachments Open full size