Reply

Blocking inbound traffic by IP address

feldon30
Luminary

Blocking inbound traffic by IP address

 
Just got an Orbi and am astonished that it is not possible to block inbound traffic by IP address, either explicitly (as a range), or from IP blacklists available from spam blocking lists. Being able to block incoming traffic by geographic region can be incredibly helpful, as many attacks originate in Russia in China. The fact that Orbi has DoS detection and gives me log entries like this "DoS Attack: SYN/ACK Scan" and no way to stop it is amazing.
 
This topic has been raised in the past and it always gets closed with the statement that this is "beyond the scope" of a consumer level router and that only $1,000+ enterprise routers can do it. Bull.
 
A $35 Linksys WRT54G running the open source DD-WRT firmware can do iptables blocks of IP addresses and ranges. A $250 Orbi should be able to do this without breaking a sweat.
Message 1 of 4
schumaku
Guru

Re: Blocking inbound traffic by IP address

Same feature does not exist on the Nighthawk routers, too.  

 

Why does a consumer device have the Block Services - what does essentially the very same for _outgoing_ connections based on the source IP on the LAN - but not what we're asking here for blocking source IP addresses from the WAN?

 

Fully agree with you, including the B***.

Message 2 of 4
tsig
Luminary

Re: Blocking inbound traffic by IP address

so put that $35 router in front of your Orbi and run it in AP mode.  Easy enough. 

RBR50, 2 RBS50's AP Mode, wireless backhaul
Message 3 of 4
schumaku
Guru

Re: Blocking inbound traffic by IP address

Message 4 of 4
Top Contributors
Discussion stats
  • 3 replies
  • 2834 views
  • 5 kudos
  • 3 in conversation
Announcements

Orbi WiFi 6E