Can pfSense Dynamically block IP addresses ?
-
Hello,
Does pfSense have the capability to dynamically block IP addresses based on criteria such as port scans, attempts to connect to unauthorized ports, malformed packets, attacks etc?If not natively, is there a add on package that does this?
I'm used to watchGuard fireboxes and over the years, that has been a critical feature that has helped protect my server(s).
By blocking a connection that is attempting to connect to a port that they should not, BEFORE they can even find out if that port was open or not goes a long way in thwarting attacks.I'm having trouble imagining a serious firewall that cannot do that.
-
You can install either of the IPS packages Snort or Suricata
-
Further information on both packages @johnpoz listed can be found in this sub-forum: https://forum.netgate.com/category/53/ids-ips.
And here is some specific documentation created for the Snort package: https://docs.netgate.com/pfsense/en/latest/ids-ips/setup-snort-package.html.