Create a black hole DNAT rule

Create a black hole rule to drop packets from unwanted sources from the internet.

To create the black hole rule, do as follows:

  1. Go to Rules and policies and click on NAT rules.
  2. Click Add NAT rule and then click New NAT rule.
  3. Configure the rule as follows:

    Rule name

    Enter a name

    Original source


    Original destination

    The WAN interface of your XG Firewall

    Original service

    Select a service

    Translated source (SNAT)


    Translated destination (DNAT)

    A dummy IP address (a host that does not exist)

    Translated service (PAT)


    Inbound interface


    Outbound interface


    See the following black hole rule example:

    Image showing example settings for a blackhole DNAT rule.
  4. Click Save.