IPBan country block lists are a powerful way to protect your data center from botnets. By blocking several large and popular botnet countries, you can greatly reduce the attack footprint on your datacenter.
IPBan country blocking works by detecting any failed login on any client. The failed login is sent to the web admin utility, which does a fast country lookup. If the ip address is in a country block rule you have setup and is not whitelisted, an immediate ban message is sent to ALL connected clients telling them to immediately add the ip address to the firewall.
By keeping the country blocking logic on the web admin utility server only, each client saves on CPU, disk and RAM usage. If you have ever tried to add country block ranges to Windows firewall, you know what I mean. Between the high CPU usage, crashes and instability, it is much nicer to keep the country block logic away from the clients.
IP addresses that are blocked by a country ban list follow the same rules as a normal ip address that is banned because of too many failed login attempts. They can be unbanned after a specified timeframe in order to not grow the firewall rules too large.