IP-RBLs for firewalls

Showing results for 
Search instead for 
Did you mean: 

IP-RBLs for firewalls

L3 Networker

Riddle me this…

We have issues with malicious traffic coming from Open Proxies, Known Bad Hosts, etc.

Is there such thing as an all IP, Realtime Blacklist for firewalls. There are certain external servers I dont want to be accessible by known bad networks.

I’d love to write a rule like this:

Source = RBL-or-Block-of-BAD-IPs-maintained-by-someone-else             Destination=Important Server         Action=Drop

And no, I don’t want to buy a million dollar IPS. Isn’t there something in the Linux world called IP Tables.



L4 Transporter

I'll try to find a firewall specific realtime black list, but funny you should mention this, in PANOS 5.0 Palo Alto added something called "Dynamic Block Lists" that do exactly what you describe.

Dynamic Block Lists.jpg

That is cool. I would assume this works with the SpamHaus "DROP" Dont Route or Peer list. For sure and idea whose time has come. I'd also like to put in all TOR endpoints.

Here's an example of a block list... SANS' DSHield has a Recommended Block List. I figured the list would be a bit bigger and more comprehensive though honestly:


#    This list summarized the top 20 attacking class C (/24) subnets
#   over the last three days. The number of 'attacks' indicates the 
#   number of targets reporting scans from this subnet.
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!