Firewall
Firewall is an Enterprise module that provides application-level IP blocking with flexible response actions. Block individual IPs or entire CIDR ranges and choose how HomeDock OS responds to blocked requests.
Dashboard Overview
Section titled “Dashboard Overview”The Firewall dashboard displays real-time statistics:
| Metric | Description |
|---|---|
| IPs | Total individual IPs blocked |
| Ranges | Total CIDR ranges blocked |
| Blocks | Total block events (hits) recorded |
Block Actions
Section titled “Block Actions”Choose how HomeDock OS responds to blocked IPs:
| Action | Response | Use Case |
|---|---|---|
| Block | Returns 403 Forbidden | Standard blocking, client knows they’re blocked |
| Redirect | Redirects to custom URL | Send attackers to a honeypot or info page |
| Tarpit | Slow response (~30s) | Waste attacker resources, slow down scanners |
| Drop | No response (timeout) | Stealth mode, appear offline to attacker |
Adding Rules
Section titled “Adding Rules”Block a Single IP
Section titled “Block a Single IP”- Select Single IP mode
- Choose the desired action (Block, Redirect, Tarpit, or Drop)
- Enter the IP address (e.g.,
192.168.1.100) - Optionally add a reason for documentation
- If using Redirect, enter the destination URL
- Click Add Rule
Block an IP Range
Section titled “Block an IP Range”- Select IP Range (CIDR) mode
- Choose the desired action
- Enter the CIDR notation (e.g.,
192.168.1.0/24) - Optionally add a reason
- Click Add Rule
CIDR notation allows blocking entire subnets. For example, /24 blocks 256 addresses, /16 blocks 65,536 addresses.
Managing Blocked IPs
Section titled “Managing Blocked IPs”The interface displays two tables:
Blocked IPs Table
Section titled “Blocked IPs Table”Shows individual blocked IP addresses with:
- IP Address: The blocked IP
- Action: Current response action
- Reason: Why it was blocked
- Blocked At: When the rule was created
- Hits: Number of blocked requests from this IP
Blocked Ranges Table
Section titled “Blocked Ranges Table”Shows blocked CIDR ranges with the same information plus the number of IPs covered by the range.
Unblocking
Section titled “Unblocking”To remove a block:
- Find the IP or range in the appropriate table
- Click the green checkmark button
- The rule is immediately removed
Use Cases
Section titled “Use Cases”Blocking Malicious Actors
Section titled “Blocking Malicious Actors”After identifying attack patterns in Audit Trail, block the source:
- Use Block for immediate denial
- Use Tarpit to slow down automated attacks
Geo-blocking
Section titled “Geo-blocking”Block entire IP ranges from regions you don’t serve:
- Add CIDR ranges for unwanted regions
- Use Drop to appear offline
Honeypot Redirection
Section titled “Honeypot Redirection”Redirect attackers to a monitoring endpoint:
- Use Redirect action
- Point to a honeypot URL for analysis
Rate Limit Enforcement
Section titled “Rate Limit Enforcement”Complement Shield Mode with permanent blocks:
- Block IPs that repeatedly trigger Shield Mode
- Add reason for audit purposes
Be careful when blocking IP ranges. Verify the CIDR notation to avoid accidentally blocking legitimate users.