Blocking A Site Permanently - Watchguard Firebox X1000 User Manual

• Permanently blocked sites–which are listed in the
configuration file and change only if you manually
change them.
• Auto-blocked sites–which are sites the Firebox adds
or deletes dynamically based on default packet
handling rules and service-by-service rules for denied
packets. For example, you can configure the Firebox to
block sites that attempt to connect to forbidden ports.
Sites are temporarily blocked until the auto-blocking
mechanism times out.
For information on auto-blocking sites using the
protocol anomaly detection (PAD) feature, see
"Configuring the Incoming SMTP Proxy" on page 138.
Firebox System auto-blocking and logging mechanisms
can help you decide which sites to block. For example,
when you find a site that spoofs your network, you can
add the offending site's IP address to the list of perma-
nently blocked sites.
Note that site blocking can be imposed only to traffic on
the Firebox's external interface. Connections between the
trusted and optional interfaces are not subject to the
Blocked Sites feature.

Blocking a site permanently

You may know of hosts on the Internet that pose constant
dangers, such as a university computer that has been used
more than once by student hackers who try to invade your
network.
Use Policy Manager to block a site permanently. The
default configuration blocks three network addresses–
10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16. These are the
private ("unconnected") network addresses. Because they
are for private use, backbone routers should never pass
traffic with these addresses in the source or destination
field of an IP packet. Traffic from one of these addresses is
almost certainly a spoofed or otherwise suspect address.
RFCs 1918, 1627, and 1597 cover the use of these addresses.
User Guide
Blocking Sites
185