cancel
Showing results for 
Search instead for 
Did you mean: 

Blocking inbound WAN IP addresses with Layer 7 rule

Conversationalist

Blocking inbound WAN IP addresses with Layer 7 rule

So we have some certain ports being forwarded to an internal server and we have to use the "Any" tag to allow all clients to connect due to the clients being on dynamic WAN IP addresses.  However, occasionally I see foreign source country IP attempts at connecting on this port and I want to block these ranges but not the entire country.

 

The only place I see where I might be able to do this is the Layer 7 rules with Deny Remote IP Range.  I can't find any documentation on exactly what this option does if it is outbound only or both inbound and outbound.  Is that what this option is used for?

 

If not, is there any other way to "blacklist" incoming wan ip addresses in the "Allowed remote IPs" on the port forwarding section?  IE, could I use something like "any, not 123.456.789"?

1 REPLY
Building a reputation

Re: Blocking inbound WAN IP addresses with Layer 7 rule

Yes, that's what the layer 7 deny rule for remote ip range is for. I don't think you can do anything in the forwarding section for this though.