Is there a way to easily block a range of IP addresses so the packets get dropped even before the firewall NAT rules are processed, similar to the Country blocking?
One of my firewalls is getting consistently probed for vulnerabilities, and all of it is coming from a few addresses within a single subnet. The IPS is doing its job and dropping the packets each time. I have sent the logs to AT&T which owns the IP range, but in the mean time if I could just blacklist this whole subnet at least I know the attack attempts have stopped.
I've tried a simple firewall rule, in position 1 that says traffic from Source [the subnet in question] using Any service, to Destination Any of my external IPs -> block. But this is not working and the IPS continues to see the intrusion attempts.
I do understand that the IPS is doing exactly what I want it to do, dropping the packets but it makes me nervous that it just continues and continues...
This thread was automatically locked due to age.
