Hi!
Just wondering if it makes any sense to use IP Block Lists on WAN interface having no open ports at all?
What’s your opinion?
The IP Address Blocklists block both incoming and outgoing. So it might still be worth having enabled.
You should look at which sort of IP Blocklist makes sense for outgoing protection for your specific network, dependent on its critical aspects. Then you can turn on those IP Blocklists and see what sort of outgoing hit rate you get from the IP Blocklists Logs and based on that decide if you keep using the blocklist or not for your particular network circumstances.
1 Like
But such a config will only protect malware infected internal clients from connecting bot’s hosts. Will not strengthen WAN interface (so LAN) against incoming threats.
That is correct.
But it would… at least let you know you had bots attempting to communicate.
Moreover, if you have a lot of IoT devices on the green, blue, orange, etc. rails, you will see what they are actually using/communicating on, no?
1 Like
Yes, you may try to find a list covering servers for little staff like WiFi plugs or lamps.