9.3X added access control to Site Path Routing: Access control: If selected, you can allow or block specific client networks for the Virtual Webserver. Clients only get access when their IPs are listed in the Allowed networks list. IPs in the Denied networks list will be blocked. If both lists are empty no one will be able to connect to the Virtual Webserver. If you want to block only specific networks, allow Any and select or add Denied networks. If you want to allow specific networks only, you need to select or add Allowed networks and leave Denied networks empty. The other method would be a blackhole DNAT. It's exactly the same as a regular DNAT, with two differences. "For traffic from", place a host definition for a single IP to be blocked or a network definition for a netblock. "Change the destination to", put a host definition for an address that does NOT exist on your network. If your network is 192.168.2.0/24, use 192.168.3.1, as an example. As the host doesn't exist, the traffic will go down a "blackhole". :)
↧