Networking: Block/Blacklist IP Globally
A method is needed to quickly add an IP address or range to a "Deny Access" list.
Currently you have to create a new network definition for each bad host and then drag and drop it on a group that is used to deny access. The number of entries in the network definition page can therefore get very large.
There are several possible ways of implementing this:
1. Have a "Deny Access" tab under Network Security that contains a group definition for denied hosts or IP ranges to which you can quickly add entries.
2. Add a new type of group under Network Definitions which would allow multiple hosts/ranges to be specified. This entry could then be used in packet filter rule to deny access.
Create the ability to block WAN IP addresses completely. Using the BLackhole route doesn't seem to work to block IP's that are consistently and constantly Port Scanning the WAN interface. Going to the ISP to block IP's is not acceptable especially if you have multiple ISP's.
BOB Think of this : I have an IP that is only trying to access RDS on one Server behind firewall it is not a attack but I need to stop that IP and the script it is running. So we do need some sort of Quick block of certain IP's.
Hi, I think that this MUST be implemented. Under Definition, Network, should we see in a future release, a GROUP that we can create to regroup individual network definitions globally. This would reduce significantly the Network Security Filters firewall rules... I Agree with that and personnaly think that this is a must.
Makes only sense, especially if you get a notification that someone is just scanning your network and you want to quickly block all traffic for the specific IP or network. At this state it is almost a admin nightmare.
Bob Alfson commented
I don't understand how this would be possible... I mean, the packets have to be blocked somewhere - if not before they reach the Astaro, then the Astaro will see them. If you don't want your packet filter log to be full of "default drop" messages, then you can create an explicit PF "Drop" rule that isn't logged. Or maybe I'm not understanding...
Cheers - Bob