Firewall CIDR /24 IP blocking didn't work?

I couldn’t get IP range blocking to work - not sure why. I was hit by a malicious crawler, from several ip addresses, so I put in what I thought was a firewall rule to block them… but it didn’t seem to have an effect.

Did I set something up incorrectly? See screenshots - the name of the rule is “temp ip block”. Many ips got through - for example: Is my IP notation wrong?

The expression looks good to me and your notation is fine.
How many rules do you have and what are rule 1-5 for?

Hi Mark,

Thanks for your response. I’ve got a total of 7 rules. This is the last one. Of the 6 rules before this one, 4 are blocks, and two are Allows, which are based on unrelated ips (see screenshots)

How quickly does it take for a new Firewall rule to activate? I was assuming it would be active within a minute or so.

Are those block rules the same as rule 7, only ips? In this case i’d merge them.

Usually within a few seconds but it can take up to 60 seconds.

Just to be sure, your origin only accepts connections from these ranges?

My origin accepts connections from all IPs… and now that I look it the two rules that are “allows” are obsolete, so I’ve deleted them.

But I don’t understand how those rules would have affected anything, since they didn’t match the incoming attackers IP range.

The other rules are all blocks, so doesn’t that mean that if they applied at all, they would have blocked the incoming traffic?

is it possible a badly formed rule can somehow derail the firewall?

Maybe I should have placed the IP block rule first?

This topic was automatically closed after 30 days. New replies are no longer allowed.