Networking: Block/Blacklist IP Globally
A method is needed to quickly add an IP address or range to a "Deny Access" list.
Currently you have to create a new network definition for each bad host and then drag and drop it on a group that is used to deny access. The number of entries in the network definition page can therefore get very large.
There are several possible ways of implementing this:
1. Have a "Deny Access" tab under Network Security that contains a group definition for denied hosts or IP ranges to which you can quickly add entries.
2. Add a new type of group under Network Definitions which would allow multiple hosts/ranges to be specified. This entry could then be used in packet filter rule to deny access.
Rich Sorensen
shared this idea
4 comments
-
Naveed
commented
BOB Think of this : I have an IP that is only trying to access RDS on one Server behind firewall it is not a attack but I need to stop that IP and the script it is running. So we do need some sort of Quick block of certain IP's.
-
michel
commented
Hi, I think that this MUST be implemented. Under Definition, Network, should we see in a future release, a GROUP that we can create to regroup individual network definitions globally. This would reduce significantly the Network Security Filters firewall rules... I Agree with that and personnaly think that this is a must.
-
Ed
commented
Makes only sense, especially if you get a notification that someone is just scanning your network and you want to quickly block all traffic for the specific IP or network. At this state it is almost a admin nightmare.
-
Bob Alfson
commented
I don't understand how this would be possible... I mean, the packets have to be blocked somewhere - if not before they reach the Astaro, then the Astaro will see them. If you don't want your packet filter log to be full of "default drop" messages, then you can create an explicit PF "Drop" rule that isn't logged. Or maybe I'm not understanding...
Cheers - Bob
