No announcement yet.

If TP handles a threat, should I bother creating a firewall rule for it?

  • Filter
  • Time
  • Show
Clear All
new posts

  • If TP handles a threat, should I bother creating a firewall rule for it?

    I run a Plex and Emby server that sit behind Untangle. I see entries like this in the TP Non-Web Blocked Events log for hostile countries:

    Click image for larger version

Name:	image.png
Views:	140
Size:	7.7 KB
ID:	396042

    .... I'm going to look into Fail2ban but in the mean time.... since TP is blocking these, should I bother with creating a firewall rule that blocks their originating country? (I know.... geo blocking isn't the end all be all for blocking hack attempts but if I can erect a roadblock or two, it will make me feel better )

    Side note.... I've also seen a few legit IPs from my friends in here and it says the same...."Blocked = True". I've reached out to one of them to see if he is indeed having problems. I was thinking.... create a TP rule to bypass/not flag Plex Emby traffic but I'm guessing if I did that, and a bad actor is indeed hammering away at those ports, TP has been neutralized and I'd be weakening my own protection. Correct?

  • #2
    It shouldn't hurt anything to create Firewall app rules in addition to IPS: it might catch things that IPS doesn't.

    It's also worth noting that unless you have the expectation of legitimate connections from the country (or countries) in question, I don't think there's any downside to blocking them anyway.
    Græme Ravenscroft • Technical Marketing Engineer
    ('gram', like the unit of measurement)
    How can we make Arista ETM products better?