Given current world events, it’s in the best interest of many companies to block traffic from Russian sources. Here are some basic steps you can take to block Russian IP addresses from your systems and prevent foreign attacks.
Where to Start
If you want to block Russian IP addresses from accessing your systems, you should start with the following 4 main IP ranges:
Where you put these IP addresses depends on what systems you’re running and where you want the blocks applied.
For example, you could put these blocks in your website config to block Russia-based users from your public websites. You could also put these blocks in your firewall, email security system, and systems management tools to prevent Russia-based users from accessing the system in any way.
Note: You might end up blocking some IP ranges that aren’t assigned to the Russian Federation. But attacks can come from anywhere just as easily. It’s common for attackers to use VPNs, spoof IP addresses, or use a botnet (a network of connected devices infected with malicious software and controlled as a group).
How to do the blocking:
If you have the time and expertise available, you should go even further and block more IP ranges. The total list of IP ranges used by Russia is extensive, and it changes often. Keeping a manual list up to date can be a chore.
The best advice: don’t use manual lists. Instead, use a commercial firewall with the built-in Geo IP ability to block by country.
How to do it manually:
If you have no other choice, you can block IP addresses manually. Here are some ways to go about this.
Some sites will generate a list of IP addresses if you enter the country you wish to block. These lists come in various formats for use in LINUX iptables, Firewall ACLs, web config files, and more.
The following sites can help:
How to block by country with commercial firewall Geo Blocking:
Many commercial firewalls can block traffic from specific countries. This article explains how to enable such a feature on a SonicWall firewall. shows how to enable this feature on a SonicWall firewall. You can also enable this feature on a Fortinet firewall, as explained here.
It’s best to have a commercial firewall in place to simplify this type of geo blocking. This is much easier than managing a manual list of IP addresses, especially as lists change over time. Keeping up with manual lists quickly becomes a daunting task for any IT admin.
How Core can help
Here at Core Business Solutions, we have SME’s on staff to help you make this work. In many cases, we can help enable these Geo blocks on your existing firewall. We can also help you upgrade to a more modern firewall if needed. We also have the ability to audit your existing firewall configuration to find other areas for improvement, and we can build a plan to make those improvements happen.
Firewall assistance is just one piece of a larger cyber solution offered by Core. We can help in other areas as well, including:
– Patch management
– Endpoint protection
– Email security
– Security awareness training
– Phishing testing
– Two-factor authentication (2FA)
– Mobile device management (MDM)
– Policy development
– Directory services
– Data Backup
– Cloud computing
– Managed security
– Incident response
– and More
Contact us today to learn how Core Business Solutions can make cybersecurity simple and effective for your business.