So I wanted to block some malicious IPs and I placed a block rule at the top of my firewall rule list. Then I discovered to my surprise that the traffic wasn't being blocked. This is because I am using DNAT with Automatic Firewall Rule checked. Therefore, the traffic was being allowed before my block rule ever applied.
So upon perusing the forum, I see that there are two ways around this:
1) Add a blackhole NAT rule as the first DNAT
2) Stop using automatic firewall rules and add separate firewall rules for each NAT entry.
So my question is, are there any pros/cons to each approach? I have about 40 DNAT rules setup, so that is a lot of firewall rules I'd have to add. But if that is a better way of doing things, I'll change it. Any thoughts/advice? Thanks.
Matt
P.S. Where does Country Blocking fall in w/r to DNAT?
This thread was automatically locked due to age.
Help us enhance your Sophos Community experience. Share your thoughts in our Sophos Community survey.
