hosting image
Do you need to block malicious IPs on your firewall?

Image Credits: sdecoret

Do you need to block malicious IPs on your firewall?

Why do we need a list of IP addresses to block them?

The first defense barrier in any system are firewalls. This type of device, whether hardware or software, allows us to block or allow the different connections that come from the Internet. Although we generally have systems for detecting viruses, Trojans, and malware in general, and we even have systems for detecting and preventing intrusions, etc. A very good security policy is to block all traffic from all IP addresses, except what we do want to allow. But if due to our architecture and needs, we must allow access from everyone, then it is absolutely necessary to have certain lists of Public IP addresses that are classified as malicious, in order to adequately protect our systems.

Using IP address blocklists is highly recommended, these IP address lists are designed by the community, and it is that sharing knowledge among us that is essential to fight against cybercriminals, in this way, we can effectively block all scammers and attackers who try to harm our company or services.

In the event that you have to leave the firewall open for all countries in the world, then you will have to configure specific ipsets of iptables, adding all the malicious IP addresses that are known. In this GitHub repository, you can find a huge list of IPv4 addresses that is updated weekly. In this list you can find IP addresses to block with the minimum number of false positives possible. This list is created to be used directly using hash type ipset: net, but you could also use it in any other firewall using the complete list of IP addresses and subnets that we have available.

In the event that you are interested in configuring your firewall with IP addresses with a specific use, such as blocking everything related to the Bitcoin network blocking the Blockchain network, you can also do it easily and quickly, accessing the official GitHub repository of Firehol. In this complete repository we have lists of public IP addresses of all kinds:

  • IP addresses cataloged by AlienVault
  • Bambenek
  • Threat pfBlockerNG IP addresses
  • Bitcoin and Blockchain in general
  • Blocking lists of bots, attackers who brute force different services such as FTP, IMAP, Email, SIP, SSH, and other protocols.

We recommend you access the repository where you will find all the lists, and you can also see a lot of information for each list, such as the evolution of IP addresses added or removed, the map of the geolocation of IP addresses, since when is an IP address in this list, the retention policy of IP addresses and even if a specific IP matches other lists that we currently have. Finally, we can see user comments in case there is any problem when using them.