I have begun to start blacklisting IP addresses in my Sophos XG Firewall.  I needed a more powerful firewall than what I was currently using due to a few services I have been running.  So far I’ve had the new router live for just a few weeks.  The firmware is still new and certainly isn’t bug free.  The biggest issues are lots of false positives and the ability to stream media on non computer devices.  The latter is fixed by creating a policy to white list the devices.  I did this by listing their MAC addresses.  I am also having a few http and https issues with sites not always working on the first attempt.  This includes my own sites and even my bank.  Not sure if it is the router or not.

As far as blacklisting IP Addresses using policies I have deemed four IP addresses so far to be excessive.

  • 120.150.140.168
  • 195.222.58.189
  • 148.0.143.137
  • 108.59.4.195

Each IP address listed above attacked a different part of my network.  Some tried brute-force attacks while others just used scripts.  I’ve now setup a report that I will review each morning to make sure the really bad ones are taken care of.

One other way to do this is to setup fail2ban but that only works with linux based systems.  I have that setup on two systems but prior to the new router I couldn’t drop the packets before they hit my network.  Sometimes I would get thousands of hits from the same IP and that was just worrisome and scary to think that they may actually get through.