I have a client who has a successful e-commerce site behind a Sonicwall TZ 190 Enhanced Firewall. The web/email server is on the OPT (DMZ) interface.
After a lengthy discussion, the client has indicated they would like to block WEB and SMTP access from certain problematic countries. Bottom line--sales are not coming from these geographic regions... but a lot of SPAM and HACKING IS.
What is the best/easiest way to block ports 80 and 25 for only a specific number of countries?
I looked into blocking IP ranges but the ip-country database, available here: http://ip-to-country.webhosting.info/
is quite lengthy. There appears to be A LOT of IP ranges to enter into the firewall even to just block a few nations. Any better ideas?