Skip to content
The XG Series hardware appliances will reach end-of-life (EOL) on March 31, 2025. Click here to see the XG to XGS migration documentation.

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/nsg/sophos-firewall/20.0/Help/en-us/webhelp/onlinehelp/index.html?contextId=rules-policies-firewall-create-black-hole-DNAT-rule

Create a black hole DNAT rule

Create a black hole rule to drop packets from unwanted sources from the internet.

To create a black hole rule, do as follows:

  1. Go to Rules and policies and click NAT rules.
  2. Click Add NAT rule and then click New NAT rule.

  3. Configure the rule as follows:

    Name Description
    Rule name Enter a name.
    Original source Any
    Original destination The WAN interface of your Sophos Firewall device.
    Original service Select a service.
    Translated source (SNAT) Original
    Translated destination (DNAT) A dummy IP address (a host that does not exist).
    Translated service (PAT) Original
    Inbound interface Any
    Outbound interface Any

    Here's an example of a black hole rule:

    Example settings for a blackhole DNAT rule.

  4. Click Save.