#1  
Old October 30th, 2013, 12:56 PM
pjw73nh pjw73nh is offline
Junior Member
NETGEAR Newbie
 
Join Date: Aug 2007
Posts: 8
pjw73nh is on a distinguished road
Default FVX538 How to block specific inbound IP addresses

I have a situation where my superiors are asking me to block all inbound traffic from a few very specific external IP addresses. I can't seem to find where this is done in the interface.

I found this: But it doesn't look like what I am trying to accomplish.

http://interface.netgear-forum.com/F...dd_inbound.htm

Or if it IS where I need to be, I am unsure what to fill in for the various fields. The help text is confusing as well. It starts by saying:

"Add LAN WAN Service
Inbound Service
This page is used for setting up a firewall rule for traffic coming from the LAN to the WAN".

Of course I am looking to block from the WAN to the LAN (or actually, DROP at the WAN interface) but I find this still a bit confusing.

Assume I want to block 194.128.174.119. If someone knows how to accomplish this, can they please reply by telling me specifically, what I use for the "WAN Destination IP" drop down, and what IP address (if any I use to the right of it), then what I use from the "WAN USERS" drop down, and what IP if any to the right of THAT entry.

Any help appreciated.

Thanks.
Reply With Quote
  #2  
Old October 30th, 2013, 02:05 PM
adit's Avatar
adit adit is offline
Moderator
NETGEAR Fanatic
 
Join Date: Nov 2006
Location: USA
Posts: 5,331
adit is on a distinguished road
Default Re: FVX538 How to block specific inbound IP addresses

Create an Inbound "ANY" Rule, and add that IP in the WAN Users field. This Rule should be placed at the top of the list, as they are processed from the top down.
Reply With Quote
  #3  
Old October 30th, 2013, 05:04 PM
fordem fordem is offline
Moderator
NETGEAR Fanatic
 
Join Date: Nov 2006
Posts: 7,488
fordem is on a distinguished road
Default Re: FVX538 How to block specific inbound IP addresses

Just so you're aware of it - by default ALL incoming traffic is blocked unless you specifically allow it by creating a rule.
__________________
Give a man a fish, feed him for a day
Teach a man to fish, feed him for life.
Reply With Quote
  #4  
Old October 30th, 2013, 10:32 PM
adit's Avatar
adit adit is offline
Moderator
NETGEAR Fanatic
 
Join Date: Nov 2006
Location: USA
Posts: 5,331
adit is on a distinguished road
Default Re: FVX538 How to block specific inbound IP addresses

True, but if you have any Inbound Rules with WAN Users set to Any (which is the default), the traffic is passed thru the router to the LAN.

Inbound I only use the ANY Rule for blocking SPAM and DoS attacks.
Reply With Quote
  #5  
Old November 1st, 2013, 09:26 AM
pjw73nh pjw73nh is offline
Junior Member
NETGEAR Newbie
 
Join Date: Aug 2007
Posts: 8
pjw73nh is on a distinguished road
Default Re: FVX538 How to block specific inbound IP addresses

Thanks for the responses folks. I'll give that a try.

I do understand that the default is "inbound blocked, unless invited", but I think what they are trying to accomplish is relative to the Cryptolocker virus, and its method of infection and encryption.

So assuming the malware gets in somehow, these IP address are confirmed to be relevant to Cryptolocker servers. If the malware asks the infected device to go to one of these IP addresses, the firewall would consider it an "invited" request and allow the reply to pass inbound. If I block it unconditionally, I would hope that it would not allow it back in whether invited or not.

Thanks again.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



All times are GMT -8. The time now is 01:32 AM.