Configure a denylist
The Network interfaces page lets you configure denylists.
In the Denylist section, you can upload a text file that contains a denylist. This can contain a list of internet protocol (IP) addresses that are explicit, or with netmasks, or wildcards, that Guardian will not process. A wildcard in digit 2, 3 or 4 is equivalent to a /8, /16 or /24 netmask. The effect is similar to that of a Berkeley Packet Filter (BPF), however a denylist can handle tens of thousands of IP addresses, which is beyond the capabilities of a BPF.
-
In the top navigation bar, select
The administration page opens.
-
In the System section, select Network
interfaces.
The Network interfaces page opens.
-
To the left of the applicable interface, select the icon.
A dialog shows.
-
In the Label field, enter a label for the interface.
Note: The label will show instead of the network interface name in all areas of the user interface. - Optional: To disable the network interface from sniffing traffic, select the toggle to OFF.
-
In the Denylist section, set the Enable
denylist toggle to on.
-
Choose a method to upload the denylist file:
- Drag the denylist file into the Drop a file here or click to upload field
- Click in the Drop a file here or click to upload field and located the file to be uploaded
Note: A denylist must contain:- One entry per line
- A dash (-) followed by a space and an IP address. Optionally, it can contain a wild card or a netmask.
Note: The maximum file size is 2 gigabyte (GB). The supported file type is text files (.txt).