Feature Request - Import Firewall Rules via CSV (like static DHCP does)

basically the request is simple

Were being overrun by Russian, Bulgarian and Dutch brute force hackers hitting our Peplinks non stop 24/7/365, since the “block access by country” seems like its still in “someday” stage, can we at least add the functionality to import the firewall inbound blocking rules in a manner that doesn’t require 20 seconds per rule to add?

I was thinking of adding them the same way we currently add Static DHCP leases, when you press the ? on the DHCP lease page you get an option where the menu converts to text, and you can cut/paste hundreds/thousands of DHCP IP reservations in an instant.

Could we enable something like this for the firewall block rules page? it doesn’t seem like it would be a terribly difficult thing to implement and it would definitely make a difference

Ive just spent the past 6 hours adding country block rules one by one to every single one of our customers 43 routers, and its something I would care never again to repeat if possible.

Now if i could do it via incontrol as a mass policy push… I would literally fly to your HQ and give you a hug or in covid times a bottle of tequila.

Just wanted to leave this out here

1 Like

i could use this too, perhaps a large copy and paste if a import can’t be done.

Hi @Alvaro_Cortes ,

the first import of your rules you have to do manually (in the moment - hopefully we’ll get a csv import in the future). After that is done, you can export the complete router-config, open InControl2 Network - Firewall and import this config file. After the import all your rules are in IC2 available and can be pushed to the devices in your group. E.g. all devices with the Tag Hackerprevention :wink:

Hope this helps

Oh wow, ok its not a fix but definitely helps a ton propagating the rules to multiple devices, thanks Dennis!

I wonder if there’s a way to do it via the “Device IP settings”
( https://earth.ic.peplink.com/o/(YourOrgID)/n/10/device_ip_settings ) page

it looks like it accepts console commands, but doesn’t say anything about firewalls, maybe it does work but the commands are not shown as options?

The other option i was exploring was the web CLI,
( https://(yourdeviceid).rwa10.peplink.com/cgi-bin/MANGA/webcli.cgi )

There’s an option to send configs there but i have no idea of the syntax to set firewalls, maybe someone with more skill can chime in on how we could possibly do this via serial command.

Ideally what I would try to achieve is a point where we could post our blocks here as text in peplink CLI readable format, so we can do modifications or add/delete them as required and just open the CLI, copy and paste into it directly from the web and done the rules are all set.

Any further changes could be done via the normal UI

It seems like its possible, its just beyond my capabilities, I hope someone can shed some light on how could we possibly go about doing this.

Thanks everyone for the assistance

Hey Alvaro,
the Device IP settings are a cool tool for mass roll outs. There you can configure many of the network settings of the deivice. If you download the example csv, you’ll find all things you can set with this, sorry firewall is not included (at my last usage) :wink:
In the cli you will also not find the firewall settings.
IC2 is the only (for me known) fuction to bring firewall roules on multiple devices.

Maybe @TK_Liew knows a secret to make it easier


Hello @Alvaro_Cortes,
We use InControl2 to transfer firewall rules between Peplink models; this has been working well for us. Generally, once we move a devices firewall settings to InControl2, we leave them as managed from InControl2 as we can add in the additional cloud-powered firewall features.

With the country blocking, again, we have that all managed from InControl2.
The two images show everything from outside of Australia getting blocked.

In essence, the features you are requesting already exist within InControl2. It is not practical to do the country filtering without InControl2 due to the large and ever-changing landscape. As IPV6 becomes more of a player globally, the massive processing required will only get done from the cloud with platforms like InControl2.

Here is a simplified method that may help you:

  1. Create the rules (a base) on a Peplink router or Pepwave router using either the device web admin interface or the InControl2 interface.
  2. Save the configuration file for the device from either the device web admin interface or through the InControl2 interface.
  3. Import the configuration into InControl2 and edit with TAGs to assign to required devices.

These three steps we hope can help you in admistering several organisations and various router models.

Happy to Help,
Marcus :slight_smile: