Hi there,
I'm wondering if the functionality exists to blacklist IP addresses based on the destination port that they attempt to connect to our UTM (9.4) with.
For example, we've just set up our UTM on a temporary ADSL net connection while migrating and tuning our rules prior to migration to a production environment.
I'm seeing a constant flow of connection attempts to ports which are obviously attempts to compromise the system - eg port 22 and 23, random high RPC ports and others like DNS etc. This traffic is obviously dropped, and the connection attempt is logged.
We would only ever intend to publish a very strict set of ports externally, for example https.
Is there a way to automatically blacklist IP addresses that attempt to communicate with the UTM on ports which are intended as attack ports? It seems logical to me that if an IP address has attempted to communicate over SSH then in future it should be prevented from communicating with any published ports as well (like https, which would otherwise be permitted).
Thanks!
This thread was automatically locked due to age.
