Too many inbound firewall rules?


#1

I’ve been using a PepLink Balance 300 for many years now. Recently, I started blocking IP addresses in the Inbound Firewall section when receiving brute force attacks.

The more rules I added, the slower the Inbound Firewall page became. This is the one that lists all the rules and allows you to delete and modify them.

For a while, I had to request the page 2-3 times (or more) before seeing anything on screen. Now, I constantly get a network timeout. I’ve tried several computers and several browsers, but the result is always the same.

Luckily, I had bookmarked the page to add a rule for direct access. I can still add new inbound rules, with the exception that I cancel my form request after about 5 seconds. The router still recorded my rule, so when I activate changes, everything works fine.

All other parameters are normal and the router is performing as it always as. So, my questions are:

Is there a way I can fix the main Inbound Firewall page to show me the list of rules?
Is there any other way I can manage these rules other than by the web interface? Maybe an SSH connetion not in the docs?

Although I keep a list of blocked IP addresses in a separate document, I sometimes replaces several addresses with a single network mask, but I need to see the list to delete the obsolete rules.

Hopefully, someone has come across this kind of problem before and can help me out.

Many thanks!

  • Rush

#2

I haven’t had this issue, but you should go through your list and see which ones are Dynamic addresses. Lots of dynamic ranges use very generic reverse lookup entries. Chances are you were blocking virus activity from some poor soul that no longer has that address.

Once you prune down the list a bit, the engineers may be able to assist you replace one rule set with the new one. Fingers crossed!