Geo Firewall

Technical Specifications

Latest release	2.37 , 22 Jan 2018 , [Change Log, Previous Releases]
Supported networking	Ethernet, IPv4, IPv6, TCP, UDP.
Traffic blocking engine	Kernel-mode network driver.
Prerequisites	.NET 4.0, up-to-date root certificates (or it will take 2 minutes to start).
Supported OSes	Windows 7*, 8, 8.1, 10, Server 2008 R2*, Server 2012, Server 2012 R2, Server 2016. *For Windows 2008 R2 and 7, required Service Pack 1 + KB3033929 (SHA-2 digital signing).
Recommended hardware	CPU 1GHz and above, modern graphics card.
Additional hardware required	none

Overview

Very few people realize that a large number of security threats comes from the limited number of countries that ignore cyber threats until they reach dangerous proportions. In such countries, web servers are frequently compromised and infected with various malware. As a consequence, everybody who visits them is running the risk of being infected. Quite often, Internet users are totally unaware of the location of servers just as they are unaware of where web links are pointing to. Geo Firewall shows which countries the computer is accessing or being accessed from. It allows to block geographical regions, individual countries, and custom networks.

Up until recently, the geographical blocking was only available to large companies with sophisticated and expensive hardware firewalls. Now, Geo Firewall allows to have it on a laptop, a desktop, a cloud or a home server. Once geographical blocking rules are set, the computer is protected from reaching the blocked territories. Geo Firewall is a defense system that allows to separate the countries that you trust from those that you don't. Moreover, Geo Firewall is compatible with lots of other security software. The more levels of defense there is, the harder it is to breach.

Geo Firewall

The operation of Geo Firewall is simplified to the maximum. The tree-like list contains geographical territories that are used for creating the rules: blocked (checked) or allowed (unchecked). The toolbar and the menu contain operations that can be performed on the territories. When applied, the rules affect all IP, TCP, and UDP communication.

Creating and Applying New Rules

Place the checkmark on geographical territories that you want to block. If you know the names of the countries, the text search bar is the best way to go. Click button on the toolbar and all the countries containing specified text would show up.

Rules are automatically applied after every change when auto-apply-rules is enabled in the Settings. If auto-apply is not enabled, the button applies all the changes. It takes a few seconds for the program to calculate and apply the new configuration. The new rules take effect immediately and stay in effect until the program is closed.

To protect rules from accidental changes, read-only mode can be activated with button.

Port Exceptions

Geo Firewall rules allow to block or to allow whole countries and networks. When used on servers, there are cases when computers from the blocked countries need to have access to only a certain range of TCP or UDP ports. In such cases, Port Exceptions allows to specify exclusions from the blocking rules. Each Port Exception can have multiple port ranges that allow network traffic to local TCP/UDP ports. Each Port Exception can also be bound to (associated with) multiple geographical territories, but a geographical territory can be bound to (associated with) only a single Port Exception.

The check marks on countries in Geo Bindings denote the presence of the binding (association). The Geo Bindings are persistent and do not change when associated countries change between blocked and allowed. However, they have effect only on countries that are blocked.

Reserved IPv4/IPv6 Networks

In addition to geographical territories, Geo Firewall also understands and works with reserved networks. These are the networks used by computers to communicate with other computers and routers on local networks. Reserved networks can be found under [Reserved Networks IPv4] and [Reserved Networks IPv6].

Reserved networks are pre-defined, and although they can be blocked or allowed, their definitions cannot be edited. It is highly recommended not to block them to avoid unusual networking situations.

Some may ask: what happens if [Reserved Networks] are blocked? Nothing dangerous, really. The computer would not be able to reach other computers around it, to obtain an IP address, or to resolve domain names.

Adding User-Defined Networks

In addition to pre-defined geographical territories and reserved IPv4/IPv6 networks, Geo Firewall allows to add user-defined networks. User-defined networks show up under [User-Defined Networks] region. User-defined networks are a part of rules (not a part of the program settings). They are saved an loaded together with the rules.

To edit user-defined networks, click on the toolbar. Since IPv4 and IPv6 networks have different formats of IP addresses, they are kept separately during editing.

When editing user-defined networks, the networks can overlap with other user-defined networks or with pre-defined geographical territories. In such cases, there is an order of precedence for determining which rules are actually in effect for a specific IP address. The more specific networks (those that have greater network mask) always take precedence over less specific networks.
For example, the network 192.168.1.1/32 is more specific than 192.168.0.0/16, hence the rules for 192.168.1.1/32 will take precedence during communication with 192.168.1.1.

IP Geo Lookup is a great way to determine which network rules take precedence.

Statistics

Statistics makes it easy to understand where the traffic is going to or coming from. Statistical data is accumulated since the start of the program. The settings for statistics can be adjusted to include or exclude non-country records. There can also be set an interval for detection of inactive items and their removal from display. The collection and visualization of statistical data has certain impact on CPU performance. Although on laptops it does not make a big difference, on servers that operate at high CPU usage and require high throughput of network data disabling statistics may improve performance.

Log

Logging helps to see the historical performance of rules. The refresh rate can be adjusted via settings. Just like with statistical data, logging has an impact on CPU performance. So, disabling it may reduce CPU usage and improve performance.

Settings

Geo Firewall settings can be changed via Settings dialog.

Command Line Parameters

Geo Firewall can also be started from a command line.

   GeoFirewall.exe [file_name] [/systray]

• "file_name" - the name of the file to load.
• "/systray" - the flag that hides the main window after placing an icon to the system tray.

One more thing to keep in mind is that this program contains network definitions for countries as of specific date (please see Help->About dialog). Periodically, new networks are allocated, the old ones are deallocated, and some networks may change their geographical affinity. Please check back periodically to update the program with new country and network definitions.

Notes:
* Windows^® is a registered trademark of the Microsoft Corporation.