Using Wireshark to Confirm GeoIP Firewall Rules Are Working

When configuring network security features like GeoIP blocking on a router (https://www.networkdatapedia.com/post/mastering-edgerouter-security-why-command-line-and-geoip-blocking-are-game-changers) , it's essential to verify that your setup is functioning as intended. This is where Wireshark (https://www.wireshark.org/)  becomes an invaluable tool. Wireshark is a free, open-source packet analyzer that captures and displays traffic on your network in real time. With its deep inspection capabilities, you can see exactly which connections are being made, from where, and to where — offering a clear window into your network's behavior.

In this video, I use Wireshark to observe my Ubiquiti router's GeoIP-based firewall settings in action. GeoIP blocking is designed to prevent traffic from specific geographic regions, and while the configuration may seem straightforward on the router interface, real-world validation is critical. By capturing packets and inspecting the source IP addresses, I’m able to confirm that traffic from blocked regions is not getting through, while allowed traffic proceeds normally. This hands-on verification helps ensure that my firewall rules are not only active but also effective.

Using Wireshark for tasks like this provides more than just peace of mind — it enhances your troubleshooting skills and deepens your understanding of how your network equipment operates. Instead of relying solely on status lights or log summaries, Wireshark lets you drill down into the raw data, identify any misconfigurations, and proactively monitor for unexpected behavior. Whether you're a seasoned network engineer or an enthusiastic home user, incorporating Wireshark into your toolkit adds a powerful layer of transparency and control to your network management.