Create a black hole DNAT rule

Create a black hole rule to drop packets from unwanted sources from the internet.

To create the black hole rule, do as follows:

  1. Go to Rules and policies and click on NAT rules.
  2. Click Add NAT rule and then click New NAT rule.
  3. Configure the rule as follows:
    OptionDescription

    Rule name

    Enter a name

    Original source

    Any

    Original destination

    The WAN interface of your XG Firewall

    Original service

    Select a service

    Translated source (SNAT)

    Original

    Translated destination (DNAT)

    A dummy IP address (a host that does not exist)

    Translated service (PAT)

    Original

    Inbound interface

    Any

    Outbound interface

    Any

    See the following black hole rule example:


    Image showing example settings for a blackhole DNAT rule.
  4. Click Save.