I would like to implement an IP block-list on multiple WR21 routers, as we are getting hundreds of hits captured by the firewall. What would be the fastest way of doing this, as there are too many addresses to enter as separate rules in the firewall.
the correct way if you have public addressable address would be to block by default and allow by exception.
so put permit rules that are more specific to the connecting device’s
so use the source address instead of any.
this is the main issue when using firewalls people let everything in and then try to block specific traffic
Thanks - that would be my usual plan however in this case the routers are used in mobile monitoring equipment and we will not know the source IP address to block (plus they may change). I suppose we could allow via UK allocated IP ranges, but same question then applies - how to enter multiple IP ranges in the firewall script.
this is why in this sort of situation is to use a private APN and a private VPN in to the operator or the monitoring station also uses cellular APN
second way would be to use vpn tunnels from the remote sites to a centrel point and do management from there over VPN
if you want to go the other way there are tables on the internet on ranges of IP in each country at least that will reduce the number of attampts.
Thanks again James, wherever possible I always use a VPN into the device but sometimes it’s not possible, then and only then as a last resort does a public IP get used.
I’d found the IP range tables on the internet, and my question was how to physically enter these multi-IP range tables into the firewall. When I tried using the “|” character as “or” (as shown in the manual - example block in log break end from 184.108.40.206/13 | 220.127.116.11/14…) the firewall rejects this.
So, just to clarify my question is physically how do I enter multiple IP ranges into firewall scripts?
Ok you would have to use a rule per block but you could also use the label feature too
pass in break Ports from 18.104.22.168/13 to any
pass in break Ports from 22.214.171.124/14 to any
pass in break Ports from y.y.y.y/x to any
block break end
Pass break end from any to any port=22
The firewall maintains a block list of source IP addresses that it’s blocking. When the firewall blocks a source IP address
if you face issue with your router get help from this