Block multiple IP's at firewall level

gkuvin2016 · ‎04-12-2016

Hope I'm putting this int he right place. We have an RV325 and I would like to set up rules to block a relatively large list of ipv4 IP addresses from accessing our systems. I obtained these IP addresses from security logs on to our email server, for example (numerous failed attempts to log in within relatively short periods of time). Via the UI, it seems I can only enter one range at a time, which would be quite tedious in this instance.

Additionally, am I correct in assuming that I need to block these IP's as "Source IP"?

gkuvin2016 · ‎07-07-2016

I'll answer this myself, since I got no replies and have more or less figured this out.

There are apparently ways to interact with the router at a level that will allow this kind of "batching", but I didn't have the time or patience to learn for myself. I did try manually editing a configuration file myself to add additional access rules, but it threw an error when I tried to import. So I ended up manually entering each of the ranges, which wasn't as bad as it seemed it would have been at first. I have 34 ranges set up, it took me less than an hour to get all this done.

As for the "Source IP" question, and for anyone who needs help blocking specific IP's or IP ranges, here is how I am configuring mine:

Action: Deny

Service: All Traffic [TCP&UDP/1~65535]

Log: Log packets matching this rule

Source Interface: ANY

Source IP: (Single or Range, this will depend on your specific needs)

Destination IP: ANY

I don't do any scheduling, the rules I have put in place, need to be active 24/7. But, that part should be pretty self-explanatory.