[alephnerd]

At the router level you can do Geographic IP filtering, and for protecting your core router there will almost always be some firewalling (eg. pfSense) but it ain't foolproof.

A WAF and any other Perimeter security product can be used to enforce geoblocking (and other sorts of filtering) from an inbound standpoint at L7 (and why they are increasingly being subsumed under the API Security/Gateway segment or the SSE segment if you want to merge L3/4 and L7 security capabilities)

> I think either you misunderstand me or I misunderstand you

Probably on my end.

[immibis]

This entire discussion is about the Internet itself, not companies that connect to it: how does the Internet know which direction to send traffic in? It's managed by a protocol called BGP. Other countries can say your addresses are present in that country, and steal your traffic.