DigitalOcean home
  • Droplets
  • Spaces
  • Kubernetes
  • Tools & Integrations
  • One-click Apps
  • API Documentation
  • Community
  • Tutorials
  • Q&A
  • Projects
  • Meetups
  • Customers
  • Pricing
  • Docs
  • Support
  • DigitalOcean home
  • Products
    • Droplets

      Scalable compute services.

    • Spaces

      Simple object storage.

    • Kubernetes

      Run managed Kubernetes clusters.

    • Tools & Integrations

      Automate your infrastructure.

    • One-click Apps

      Deploy pre-built applications.

    • API Documentation
  • Customers
  • Community
    • Community Overview

      Connect, share and learn

    • Tutorials

      DevOps and development guides

    • Questions & Answers

      Development and systems Q&A

    • Projects

      Community-built integrations

    Get Involved
    Write for DOnations
    Join us at a Meetup
    Featured Post
    An Introduction to Kubernetes

    by Justin Ellingwood

  • Pricing
  • Docs
  • Support
    • Documentation

    • Contact Support

    • Network Status

  • Home /
  • NETSECX-I-4 /
  • New idea
5 Vote

Easily blacklist countries with DigitalOcean-managed CIDR blocks from the cloud firewall.

It would be great if DigitalOcean maintained and updated a list of CIDR blocks for each country (from ARIN and the other world registries) which easily allowed a DO-customer to block entire countries as part of the firewall settings.

This could be implemented as just typing in a country name to the "source" field when adding a new firewall rule, then displaying a drop-down with the country name/details for the user to select. Maybe version 2 of this feature would be a clickable world map (enable/disable countries).

Many network administrators apply CIDR block IP blacklists to their servers to stop the flood of malicious traffic from areas their company does not serve. A more restrictive approach is to whitelist IP blocks for countries that they serve.

Providing this feature would allow admins to move this protection to the network edge and reduce their maintenance burden of a custom solution on their server.

You would probably have to provide API access to the country/CIDR list so companies can validate they aren't blocking their legitimate (known) customers by IP address when they apply the firewall rules by country name.

  • Guest
  • Jul 24 2019
  • Needs review
Network Security
  • Comments (1)
  • Votes (5)
  • Attach files
  • Jason Marble commented
    30 Jul, 2019 04:04pm

    Yes, please! Same idea posted: https://ideas.digitalocean.com/ideas/FWX-I-3

    ×

    Attachments Open full size

Log in / Sign up

Identify yourself with your email address

Subscribe

You won't be notified about changes to this idea.

Related ideas

DigitalOcean home

© 2018 DigitalOcean, LLC. All rights reserved.
Proudly made in NY

  • Twitter
  • Facebook
  • Instagram
  • YouTube
  • LinkedIn
  • Glassdoor
Company
About
Leadership
Blog
Careers
Partner Network
Referral Program
Events
Press
Legal & Security
Products
Droplets
Spaces
Kubernetes
Tools & Integrations
One-click Apps
API
Pricing
Documentation
Release Notes
Community
Tutorials
Meetups
Q&A
Write for DOnations
Droplets for Demos
Hatch
Shop Swag
Research Program
Currents Research
Open Source
Support
Contact Support
FAQ
Network Status