Black List
The Black List service stores a list of IP Addresses which corresponds to Host or networks you may consider harmful.
The blacklist is useful to store the IP address of spammers, sources of DoS (denial of services) attacks, or crackers you have discovered trying to get unauthorized access.
When you save an IP address in the black list, the Firewall system will deny any inbound or outbound connection to it: even access to public services will be blocked.
Add IP/Network to the blacklist
Click on the option Firewall>Black list from the left menu.
Click the New Host or Net... button and add the new IP/Network to block.
- Click on the OK button. (Do not forget to Commit
your changes)
- It is possible to add IPv4 or IPv6 addresses.
Most common uses of a Blacklist
As a server administrator, it is your responsibility to
continuously check the operating system logs of your virtual
machines looking for any suspicious activities. Once you have a
possible attacker's IP you can add it in the blacklist.
You should look for:
- Many failed authentication attempts.
- DoS attempts detected. (For example an abnormal number of
accesses to a particular resource)
- Spammers (IPs sending bulk email).
- IPs performing port scanning.