Creating rule to block full IP range
Hi Guys,
I am trying to create a rule to block full IP range or ranges. So what I tried is to create a rule with "When senders IP matches some words" and enter the IP range as i.e. 192.119.111.1/24 (did not work) so tried it as 192.119.111.1-256 did not work either. in both cases I tried it with "matches (regex)" and "contains a value from a list" Action is set to delete.
Thanks
-
Running on Win Server 2016 Essentials, I've had better success at blocking IPs in the Windows firewall. I use the IW Authentication log to view IPs trying to log into my IW server then use an IP location finder to locate selected IP. (You can also find IPs in the Anti-Spam logs) Then I start backtracking the address range back to x.0.0.0 and if they're all located in China or Iran (lots of attempted hacks lately), then I block the whole /8 range or some smaller CIDR range. Then I configure the firewall log to record only DROP. It's very gratifying to see all those IPs get dropped.
As my server is running 25 users and an old dual-core Intel with 8gb RAM, I have to preserve every bit of performance I can. Biggest problem was the hammering of port 389 (used for reflective DDOS) and port 3389 (RDP). For the RDP block, I modified the existing rule to allow connection only from my WAN IP. They've since given up and now I'm blocking IPs that attempt to login to IW via port 25, 110 or 587 (FW drop logs show attempt port login).
I've also added Anti-virus extension filters and populated it with the Google and MS blocked extensions:
(https://support.google.com/chrome/a/answer/6177431?hl=en)
Best of luck....Tom
Please sign in to leave a comment.
Comments
1 comment