1. Manuals
  2. Brands
  3. D-Link Manuals
  4. Firewall
  5. DFL-210 - NetDefend - Security Appliance
  6. User manual

Blacklisting Hosts And Networks - D-Link NetDefend DFL-210 User Manual

Network security firewall ver. 1.05
Hide thumbs Also See for NetDefend DFL-210:
Table of Contents

Advertisement

6.7. Blacklisting Hosts and Networks

6.7. Blacklisting Hosts and Networks
NetDefendOS implements a Blacklist of host or network IP addresses which can be utilized to pro-
tect against traffic coming from specific internet sources.
Certain NetDefendOS modules, specifically the Intrusion Detection and Prevention (IDP) module,
as well as Threshold Rules, can make use of the Blacklist when certain conditions are encountered,
such as traffic triggering a Threshold Limit rule.
Adding a host or network to the Blacklist can be enabled in IDP and in Threshold Rules by specify-
ing the Protect action for when a rule is triggered. Once enabled there are three Blacklisting op-
tions:
Time to Block Host/Network in
seconds
Block only this Service
Exempt already established con-
nections from Blacklisting
IP addresses or networks are added to the list and the traffic from these sources is then blocked for a
period of time. The Blacklist is maintained even if the D-Link Firewall shuts down or reboots.
Whitelisting
To ensure that "good" internet traffic sources are not blacklisted under any circumstances, a Whitel-
ist is also maintained by NetDefendOS. It can be advisable to add the D-Link Firewall itself to the
Whitelist as well as the IP addresses of all management workstations.
It is important to understand that although whitelisting prevents a source of network traffic being
blacklisted, it still doesn't mechanisms such as Threshold Rules from dropping or denying connec-
tions from that source. All whitelisting does is prevent a source being added to a blacklist if that is
the action a rule has specified.
For further details on usage see Section 6.3.7, "IDP Actions", Section 10.2.8, "Threshold Rule
Blacklisting" and Section 10.2, "Threshold Rules".
Note
Content filtering blacklisting is a separate subject and uses a separate logical list (see
Section 6.5, "Web Content Filtering").
The host or network which is the source of the traffic will
stay on the blacklist for the specified time and then be re-
moved. If the same source triggers another entry to the black-
list then the blocking time is renewed to its original, full value
(ie. it is not cumulative).
By default Blacklisting blocks all Services for the triggering
host.
If there are established connections that have the same source
as this new Blacklist entry then they won't be dropped if this
option is set.
159
Chapter 6. Security Mechanisms

Advertisement

Table of Contents
loading

Related Manuals for D-Link NetDefend DFL-210

Related Content for D-Link NetDefend DFL-210

This manual is also suitable for:

Dfl-800Dfl-1600Netdefend dfl-2500Netdefend dfl-260Netdefend dfl-860Netdefend dfl-800 ... Show all

Table of Contents