Incontrol2 Firewall Rule - Region blocking - slow to load

soylentgreen · March 9, 2026, 2:29am

I’m trying to deal with a SYN reflection attack which appears to be coming from Brazil. I have a Balance One running latest firmware (8.5.4 build 5808)

Here’s what I did:

enrolled my device in Incontrol2
set up a regional firewall rule to block all 443 traffic from Brazil:

image1460×1006 65.7 KB
saved and waited until the rules were loaded to my device:

image1658×190 39.3 KB

However, I check the logs and nothing is being blocked - the firewall event log is empty:

and I see the SYN attack is still ongoing on my servers:

I also have a coworker in Brazil, and they report they can still access the website.

soylentgreen · March 9, 2026, 2:37am

I notice something weird - on the Balance One, the firewall rule says “Source: Unknown” which doesn’t seem correct.

I tried manually adding a firewall rule to block that /16 network using Incontrol2, and that works perfectly.

It seems like this Region-based firewall is not working properly.

Edit to add: I see another thread discussing this. Link
and in that thread, the firewall rule on the Peplink web UI does show the country name:

soylentgreen · March 9, 2026, 2:41pm

This is weird. I woke up this morning and now it’s working:

And I see packets from other Brazilian IP ranges being blocked properly:

And my colleague in Brazil confirms they can no longer reach the website from a Brazilian ISP, but they can if they use a VPN from USA.

Perfect!

@Michael @sitloongs - any explanation why it wasn’t working last night, but magically works today? Did you guys fix something?

sitloongs · March 10, 2026, 3:04am

@soylentgreen ,

Based on the screenshot provided, the Source IP showing “Unknown” may indicate that the device is still downloading the GeoIP database. This may occur when the feature is first enabled.

Once the GeoIP database is fully downloaded, the Source IP will be displayed correctly according to the configured countries.

soylentgreen · March 10, 2026, 3:30am

That makes sense. Is it one database for all regions? Or, if I change to block a different region would it have to download a different database?

sitloongs · March 10, 2026, 3:51am

@soylentgreen

When the feature is first enabled, the device downloads a GeoIP database covering all regions. The database will be updated automatically when changes are available.

After the initial download, you should not normally see “Unknown”.

soylentgreen · March 10, 2026, 2:47pm

@sitloongs : it might be better if the UI shows Loading... rather than Unknown in this situation.

Please consider this a feature request, thanks!