How to configure a country-based firewall rule

Using InControl version 2.8.2 and above, it is now possible to configure and deploy country-based firewall rules to Peplink routers running firmware 8.0.1 and above.

This feature can be used to block traffic from a specific country.

In the correct InControl2 organization in Group Level select Network settings > Firewall Rules .

Enable firewall rule management by InControl2

Before agreeing that the firewall rules will be governed by InControl2, make sure to plan carefully whether to clear or preserve firewall rules of devices that receive no firewall rules from IC2 upon policy removal. .

Create a new Rule Set and add an inbound firewall rule by clicking the add rule button.
Select Region as Source and select the county of choice and other required options and save the firewall rule.

Configure the required options for the Firewall Rule Set and save this ruleset.

Log on to the local router web admin console to check that the new firewall rule has been pushed to the local router.

For more information about firewall rules management using InControl2 (including importing existing firewall rules configured on the local device) read the following article


Hi Erik,

i’am a little bit confused about that function. Because when i block a specific ip in and out, it works for me well. But when i’am blocking a country, it will not work for me.

And the function to block ip’s from a specific country is really cool!

So what can i do? or what can be my failure?

Hi Dieter,

Can you post some screenshots of you configuration? Or, if you prefer not to share this information you can contact your Peplink partner or raise a ticket with Peplnk support.

Hi Erik,

thank’s for the quick respond.

Here are my config’s. I tried several Countrys and only one per entry. The one wich only includes the IP from NL (Netherland or other IP’s) still works.

Is there a way to block country’s on the SURF SOHO without incontrol? I know you can do it with a pi-hole. Maybe a billable feature?

Thanks in advance.


Country’s list of IP address is too dynamic that need to update from IC2 time to time. Any reason why you are not using IC2 ?

1 Like

I am a home user and do not require it at this time.


The rules only need to push from IC2 for 1 time will do.

1 Like