Block traffic with IP from the black list (not only spam)

WebGregGit · ‎10-11-2022

Hi

I have FortiGate 200F.

I detect various disturbing connections from different addresses. At the moment, the intense ones - I manually add to the blocked. Unfortunately, it is not effective and very engaging.

These addresses are usually on some blacklists, such as zen.spamhaus.org. I am sure that a device of this class can automate the blocking of traffic coming from addresses on blacklists. But I don't know how to set it up. Any advice?

Security Profiles > DNS Filter > profile > External IP Block Lists options.

Is this the right direction?

Do you have any addresses attached to them that you can share?

dairu · ‎10-12-2022

I believe only plain text file format are accepted if you use IP Address External Connector, that's why it says bad format.

As for the huge traffic on port 53, as @gfleming mentioned, if you do not need the inbound access to port 53, you may want to consider to disabled it.

Are you somehow allowing external access to your internal resources like a webserver or application server ? if yes, I suggest to only open the needed ports like 80, 443, etc.

scan888 · ‎10-12-2022

Hi @WebGregGit

As @dairu mention, only plain text with one IP or FQDN per line is accepted.

all other formats are invalid.

At home I are using the following lists:

https://lists.blocklist.de/lists/all.txt

https://gist.githubusercontent.com/BBcan177/4a8bf37c131be4803cb2/raw

https://iplists.firehol.org/files/firehol_level1.netset

I hope that helps.

- Have you found a solution? Then give your helper a "Like" and mark the solution.

Block traffic with IP from the black list (not only spam)

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website