[GH-ISSUE #1013] Feature Request: Add Region-Based IP Access Control #38519

Closed
opened 2026-06-22 01:40:45 -05:00 by GiteaMirror · 2 comments
Owner

Originally created by @Nick390 on GitHub (Jul 5, 2025).
Original GitHub issue: https://github.com/fosrl/pangolin/issues/1013

First, thank you for this fantastic project. I’ve previously tried building similar tunnel solutions, and it would have taken five different tools to achieve what you've done with Pinglin. Impressive work.

Now to the request:

I'd like to suggest a feature that allows region-based IP access control. Specifically, it would be great if administrators could specify allowed countries or regions so that only IPs from those areas are granted access through the tunnel.

Because IPs frequently change or shuffle across regions (especially in shared hosting or cloud networks), the best implementation would likely be to integrate with a geo-IP database provider, such as:

  • MaxMind (GeoLite2 or GeoIP2)
  • IP2Location
  • DB-IP

💡 How it could work:

  • On first setup, the user specifies allowed countries (e.g., SA, US, DE).
  • The tool fetches the IP ranges for those countries from the chosen provider.
  • These IP ranges are then written to the traffic allowlist (e.g., traefik, iptables, or internal ACL).
  • A scheduled sync updates the list monthly or on a configurable interval.
  • Optionally, users could select the provider (MaxMind, DB-IP, etc.) via config.

Benefits:

  • Clean country-level access control
  • Works great for compliance and internal tools
  • Improves security posture for sensitive tunnels

Would be happy to contribute or assist with implementation or design if needed.

Thanks again for the amazing work.

Originally created by @Nick390 on GitHub (Jul 5, 2025). Original GitHub issue: https://github.com/fosrl/pangolin/issues/1013 First, thank you for this fantastic project. I’ve previously tried building similar tunnel solutions, and it would have taken five different tools to achieve what you've done with Pinglin. Impressive work. Now to the request: I'd like to suggest a feature that allows **region-based IP access control**. Specifically, it would be great if administrators could specify allowed countries or regions so that only IPs from those areas are granted access through the tunnel. Because IPs frequently change or shuffle across regions (especially in shared hosting or cloud networks), the best implementation would likely be to **integrate with a geo-IP database provider**, such as: * MaxMind (GeoLite2 or GeoIP2) * IP2Location * DB-IP ### 💡 How it could work: * On first setup, the user specifies allowed countries (e.g., SA, US, DE). * The tool fetches the IP ranges for those countries from the chosen provider. * These IP ranges are then written to the traffic allowlist (e.g., `traefik`, `iptables`, or internal ACL). * A scheduled sync updates the list monthly or on a configurable interval. * Optionally, users could select the provider (MaxMind, DB-IP, etc.) via config. ### ✅ Benefits: * Clean country-level access control * Works great for compliance and internal tools * Improves security posture for sensitive tunnels Would be happy to contribute or assist with implementation or design if needed. Thanks again for the amazing work.
Author
Owner

@devdracon commented on GitHub (Jul 6, 2025):

Nick, maybe this plugin will satisfy your needs?

https://docs.fossorial.io/Community%20Guides/geoblock

<!-- gh-comment-id:3041254067 --> @devdracon commented on GitHub (Jul 6, 2025): Nick, maybe this plugin will satisfy your needs? https://docs.fossorial.io/Community%20Guides/geoblock
Author
Owner

@oschwartz10612 commented on GitHub (Jul 6, 2025):

^^^ this is a good way to set it up for now. We do have an open feature request for this which is quite popular and we will definitely be adding it sooner rather than later!

Thanks for the request! I am going to close for now as a duplicate as we have some other open requests but feel free to reopen if we missed something! https://github.com/orgs/fosrl/discussions/590

https://github.com/orgs/fosrl/discussions/769

<!-- gh-comment-id:3042186821 --> @oschwartz10612 commented on GitHub (Jul 6, 2025): ^^^ this is a good way to set it up for now. We do have an open feature request for this which is quite popular and we will definitely be adding it sooner rather than later! Thanks for the request! I am going to close for now as a duplicate as we have some other open requests but feel free to reopen if we missed something! https://github.com/orgs/fosrl/discussions/590 https://github.com/orgs/fosrl/discussions/769
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/pangolin#38519