Blocking inbound WAN IP addresses with Layer 7 rule
So we have some certain ports being forwarded to an internal server and we have to use the "Any" tag to allow all clients to connect due to the clients being on dynamic WAN IP addresses. However, occasionally I see foreign source country IP attempts at connecting on this port and I want to block these ranges but not the entire country.
The only place I see where I might be able to do this is the Layer 7 rules with Deny Remote IP Range. I can't find any documentation on exactly what this option does if it is outbound only or both inbound and outbound. Is that what this option is used for?
If not, is there any other way to "blacklist" incoming wan ip addresses in the "Allowed remote IPs" on the port forwarding section? IE, could I use something like "any, not 123.456.789"?