Jump to content

Using IP blocklists with ESET firewall


Recommended Posts

I'd like to know if there is a way to import/use IP blocklists with the ESS Firewall. I have a couple of IP Blocklists related to Malware domains & Ads domains and would like to use them with ESS, but inputting the IP addresses one at a time, and doing it for hundreds of IP addresses is a chore I don't wanna do, especially since the lists update on a regular basis.

Link to comment
Share on other sites

You cab easily import an existing list of URL addresses using Eset's URL Address Management feature that is accessible from Web Access Management. Note: If the list you want to use is in hosts file format i.e prefixed by 0.0.0.0, you will have to remove those prior to specifying the existing list in URL Address Management.

Ref.: http://help.eset.com/ess/10/en-US/?idh_config_epfw_url_set_manager.htm

Link to comment
Share on other sites

Thanks for the reply.

Will the lists have to be URL's or can they be IP addresses as well? If later, will ESS block these IP addresses only for the web browser or will they be blocked for any app that tries to connect to these IP addresses?

I suppose a more direct question would be, can I do something similar in the Personal Firewall section as well?

Link to comment
Share on other sites

URL Address Management import lists have to be URLs. The URL lists in URL Address Management apply to any app that Web Filtering is protecting. By default those would be browsers, .pdf readers, and e-mail clients. If other apps are desired, they will have to manually added to Web Filtering protection. This also means they will be monitored for all activity that Web Filtering protects against. 

If you want to block by IP address, you would have to create a firewall rule to do so. As far as I am aware of there is no way to import a list of IP addresses in a firewall rule; each would have to added manually.

Link to comment
Share on other sites

That's a bummer. What I have is a list of IP addresses.

I have one last query. Is there a way to learn the format in which ESS saves its exported settings (which I am sure include Firewall rules) which I can then use to convert my IP list into a list of firewall rules and then just import them into ESS?

Link to comment
Share on other sites

The settings export file is in .xml format. Not recommended to modify the file unless you know what you are doing. Also will become obvious when viewing the export file, there is no easy way to add a list of IP addresses to it.

Link to comment
Share on other sites

  • Administrators

I think it's easily doable. Simply add a new zone (e.g. "IP block") with the IP addresses delimited by a comma. Then create a new blocking firewall rule that will have the zone listed on the Remote tab:ees6_ipblock1.png

 

ees6_ipblock2.png

Link to comment
Share on other sites

Yeah, that will work. You also don't need to create a new zone. I just tested by adding a list of IP addresses in a regular firewall rule.

All IP addresses added will have to be delimited by a comma. Also, I don't know if Eset has some internal limit on number of IP addresses that can be specified. The OP appears to want to add hundreds of then.

Also of consideration is the impact on web page rendering by Eset firewall when parsing such a large list?  

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...