Really good point. I can definitely restrict to one country and anyone using their own VPNs/TOR/whatever will be sophisticated enough to understand why its restricted and how to keep their access.
Comment on Securing a 'public' service for family
Cyber@feddit.uk 2 days ago
GeoIP blocking
You mention a firewall, but for any open ports still restrict the source IPs to limited ranges not “all”.
Personally, at my home’s edge firewall I have pfSense with pfBlocker and that uses a GeoIP database, so I can just pick the countries I want to allow in… you want to block as early as possible (ie at the VPS?), so you might have to look at options
If your family are in the same region, then it should be relatively easy to limit to a few ranges on the VPS
Here’s a quick search result: lite.ip2location.com/ip-address-ranges-by-country
IanTwenty@lemmy.world 2 days ago
glizzyguzzler@piefed.blahaj.zone 2 days ago
Just came back to say the same thing, I use this for geo ip blocking and it’s so well featured it’s insane. Any VPS, just make sure to clear local IPs (incl. docker range if using docker - though it’s been improving so much it may handle that automatically now)
https://github.com/friendly-bits/geoip-shell
IanTwenty@lemmy.world 2 days ago
Super useful thanks!