Allow blocking of countries on QTS

Tell us your most wanted features from QNAP products.
fbernard
New here
Posts: 4
Joined: Wed Apr 26, 2017 9:15 pm

Allow blocking of countries on QTS

Postby fbernard » Fri Nov 09, 2018 4:02 am

Hello,

since I'm no subnetting expert, and the list of IP ranges for most countries can be fairly long (let's say Russia and China for example), and since I'm quite sure no-one needs to connect to my NAS from these countries, it would be nice to have either a white list (people can connect from countries in that list) or a black list (no connection from, say, Russia and China).

I'm kinda hoping my internet provider will include some of this functionality in the next version of its router, but that might be a nice addition to QTS.

For the moment, when I see a failed connection attempt in the warning logs, I check to see where it comes from (don't know why I still do that, it's always Russia), I find the corresponding IP range in a list such as this one :
https://www.wizcrafts.net/russian-iptab ... klist.html

and I convert the "92.37.128.0/17" line into 92.37.128.128.0/255.255.128.0 and enter that in the permanent ban list in QTS.

Now I know that in Apache for example, mod_security allows blocking whole country codes, using a freely available (and updated?) geolocation database (source : http://www.aboutdebian.com/security.htm, search for "Blocking Countries" )

If that was doable in QTS, it would make things far more secure in my opinion (and yes, I have enabled auto-banning after failed attempts, port 443 is the only port available from the outside)

dolbyman
Guru
Posts: 10483
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: Allow blocking of countries on QTS

Postby dolbyman » Fri Nov 09, 2018 4:05 am

best would be to NOT expose your NAS to the internet and use VPN (router or NAS based)

Pereto
Starting out
Posts: 15
Joined: Wed Apr 16, 2014 11:33 pm

Re: Allow blocking of countries on QTS

Postby Pereto » Mon Nov 12, 2018 4:46 pm

It would be great to have that functionality. On Synology equipment you can do


Return to “Features Wanted”

Who is online

Users browsing this forum: No registered users and 1 guest