NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Reposting here as a new idea, based upon recommendations from a separate discussion thread...
I am asking for a feature that selectively blocks inbound traffic that would otherwise be allowed, based on set of IP address ranges. This is a standard feature in all commercial-grade firewalls, and it's used almost ubiquitously for a variety of reasons. It's all about defense in depth -- mitigating the effect of other weaknesses and holes.
One such use case has to do with uPnP. Practically speaking, since the uPnP service is enabled by default, inbound traffic is NOT effectively blocked by default. In today's homes, there are often one or more devices that will open up the LAN to inbound traffic via uPnP, when available. While I would argue that uPnP is a bad idea and should simply be disabled (at least by default), the ability to block inbound IP addresses would be useful in locking down uPnP without disabling it completely, especially if you could selectively block IP ranges by inbound service type.
It would also be useful if such a feature allowed specifying the IP addresses to be blocked both explicitly (as a range) and by consulting with some of the readily available blocklists. For example, some of the spamblocking lists are things like dialup networks, which as a class might be good to block, depending upon your needs. Also blocking by geographic region can be immensely helpful, as so many attacks originate in Russia and China.
There are many other good reasons for this feature, including to provide some protection against bugs in Netgear's code.
So, please consider adding this feature. It is much needed!
Thanks!
18 Comments
PLEASE, PLEASE, PLEASE implement this !!!!!
I have Russian and Chinese IP incessantly hitting my network. I am trying to have a few ports that I can access outside my home network and even after shutting them down, they continue to HAMMER my router. It is constant, and even with using IpTables on the target with all the published IP ranges for Russia/China and even quite a few more, the attempts keep coming.I couldn't agree more. Please implement the WAN IP Blocking feature !!!! Use a country filter !
I am getting as all other spammed with all kind of strange port scan / DDOS attack
Thanks
This subject has been open for the better part of two years, When are we going to get a response from Netgear, so that we can move on and either load third party router software to mediate our bad decision to buy Netgear or give another router developer our business when its time to buy another router. I have three of your routers, one R9000 and two R8000. You are wearing my patience thin with the disregard for customer requests.
Come on Netgear, you should keep your users informed - are you actually looking at this?
I am constantly getting attacks/probes from the likes of Russia and would like to block the IP range by country and also by specific IP address.
Are we going to get a solution or do we need to look at products from other companies which all seem to have this as standard?
Really need this feature badly. The (RAX80 in my case but should apply to all routers) router logs show IPs that are attempting to attack my network yet this same router provides no functionality to block those IPs or subnets. Excellent request
So, here is it 2022, and it's still not possible to instruct my Orbi to block any incoming traffic originating in Russia or China.
It can't be THAT difficult, and it's needed now more than ever.
Please fix this!
What needs to be done to get a response from Netgear! This has been open for far too long without a response. This is an abject failure on the part of Netgear and frankly this community. What good is this community if they never respond to these requests? Time to move on to another provider that provides better security and probably more importantly listens to their customers.