Hi @AntonV 

Thanks for posting in our business forum.

1. This might be the scan from the Internet. This is expected to be normal. IPv4 scans are very common though some are dangerous. If you don't open any port or leave any loophole, it should be fine.

2. If you don't expect any IP address to access your network, you can set up ACL to block them.

Automatically blocking is a good idea but does not seem to be a proper way in the networking as most stuff should be manually configured. That's what IT does every day. Manually configure via the CLI.

Hi @AntonV 

Thanks for posting in our business forum.

AntonV wrote

  @Clive_A The catch is not to do it manually. I don't want to block ips for ever, but i want them to be blocked for a while. Doing it manually it is simply...

 

Alternative, can be a rule(s) on Firewall since you are suggesting it... some kind of a script languager if you wish... you know do it smart, versus do it hard...

 

Plus i am sure most people don't have time to keep looking into logs.. so something along You are touching my router in a way i don't like... you are banded...

 

 

I understand what you are looking for. Fully automated. Script based automation. Something like this. Like smart defense by triggering the access too much. Like DDOS defense.

My point is that we don't support that and don't plan to do this in the short term.

And this should be what IT guy does if you run the system. Frequent checks on your device is necessary unless you are setting it up for home purposes as long as it works, got no sever issues, and people don't bother looking at it after it completes the setup. But I don't agree with this at all because if you run a server or on public IP, you should pay attention to your security instead of passing this over to someone and expect them to work. Unless you hire somebody like "Cloudflare" to defend you by masking your IP address.

How many other vendors provide such a feature for free? What would be the name of the feature? I need to do some research on its terms and mechanisms based on what you suggested before I write my report/feedback to the team.

I am aware of the script thing but we don't intend to do so in the roadmap we have for V5. Even if there is a script system, the system has to support it - "trigger and ban" before you can even script it.

ACL can block geo IP now. You can filter at least countries where they scan or maybe attack you.