Is there any way to block inbound traffic by domain name?
This is an extremely desired and required capability. Blocking inbound only by IP range is extremely cumbersome, especially since there is no way to import or batch edit blocked IP ranges. We get a huge amount of SPAM even with a well-configured Barracuda and would like to block certain domains and geographic regions (countries). For example, we do not wish to receive ANY traffic from .ru or .co. This would be so much simpler than manually and individually inputting 100’s of IP range blocks.
Because we have multiple WAN inputs, if we cannot do it with the Balance 580, we would have to put an additional firewall on every incoming WAN and redundantly configure each one - extremely inefficient.
You have outgoing domain blocks - why not incoming also?
We would like to block specific countries and domains. For example, block *.xyz
block *.biz
block spammer.com
block *.ru
We do not want any traffic from Russia, Brazil, Turkey, etc.
Almost all other firewalls can do this. I expect it would require a DNS lookup
It is very tedious to manually enter and drag to sort hundreds of blocked IPs. It would be great if we could import IP range blocks and also batch edit, rather than input and edit and sort one at a time. There are many websites that can generate standard IP Country Block lists in delimited text format for importing.
Geo-Location blocking by country make sense here. We may consider the feasibility.
Regarding to domain blocking by source, this seem invalid for the IP base blocking. Do consider scenario below:
*.ru domain may not hosted in Russia. It can be simply hosted anywhere in public cloud. Thus blocking the domain by source doesn’t actually applicable for this.
As mention earlier, source IP/ sender IP used for internet browsing doesn’t register for a domain name, thus blocking source IP by domain won’t help for this also.
For the SPAM issue, i believe you may need to get a proper spam solution to actually block on the mention SPAM issue.
SPAM solution usually will have the following:
Real time SPAM blacklist IP (Sender IP)
Blocking by Domain - Sender Email Domain
The above feature should be valid for application level blocking but not on network level as this may cause false positive for the blocking.
Importing firewall blocked IP list make sense here. We may consider the feasibility.
Thank you for your reply. Perhaps it was not clear, but in my first msg, I wrote that we have a Barracuda. This is a full, multi-thousand dollar full-time dedicated SPAM appliance. It has spam blocks for countries, RBLs, IP ranges and domains. It works but only for email.
Of greater concern to us are hackers who try 24x7 to access our LAN and servers. Yes, we have closed ports but we want to eliminate the attempts- they waste bandwidth and network resources.
With regards to blocking a country, if we are getting hacking attempts from .ru, I want to block those regardless of where it is hosted. However, if a country’s domain extension is not hosted in that country, it would be a great exception. I am not worried about a few exceptions. I would like to block the 98% that are not exceptions.
Base on the above description, the request is more on the solution for Intrusion Prevention System (IPS) . You may need to have a IPS solution to actually block on the mention hacking attempts.