Any idea on how to mass IP Blocking (Blacklisting)

[hitman]

Is it possible to add a blacklist of IP Address ranges to the UT Firewall? I have a need arising that has contractual agreements to block a large number of IP Addresses and I really do not want to have to put them in one by one. I have searched through the forums but have not had much luck on finding if this is possible through UT. The client really likes UT but with this new contract needs to know if this is possible or if a new product is needed.

Similar post: http://forums.untangle.com/firewall/...cklisting.html

Thanks everyone.

[dmorris]

create the ruleset in your favorite text editor and then import them into the firewall.

[hlarsen]

best thing to do would probably be to add a few rules the way you want them set up, then export the ruleset. from there you can take a look at how the file is laid out and figure out a way to automate entering the rest of them.

[sky-knight]

The firewall has an import feature written in JSON, if you can manipulate the IPs you want to block into a JSON format you could import them.

Note to self, refresh the thread before replying. LOL

[wharfratjoe]

This may help:
http://forums.untangle.com/firewall/...port-file.html

Firewall Generating App:
http://untangle.nu/gen/ --> Courtesy of WebFooL

IP Blocks (great reference site):
http://www.countryipblocks.net/

[jcoehoorn]

You can use cidr notation if the addresses are contiguous, but last I heard you could only have one cidr address per rule while you could string multiple single addresses together with commas in the same rule.