Add a function to Botnet detection to block TOR exit nodes inbound
Various lists are available for TOR exit nodes which can be formatted as an alias lists but it is difficult to manually stay on top of such resources. Making it a service function that updates regularly would be appreciated
Sign In to comment.
Sorry to resurrect an old feature request but I think that this is important. I'm seeing more scripts hit Github with the ability to fire off payloads dynamically through TOR exit nodes and individually creating alias's across all clients that we manage will requires significant time and upkeep.
If there was either an option to block TOR (similar to Geo blocking - maybe even incorporate it into the Geo blocking function), or even better if there was a way to leverage an API to pull in custom IP lists on a scheduled basis that would also be good.
We have several clients that are using Fortigate firewall and it was 30sec job for me to create a firewall policy to deny Tor exit node compared to the manual upload of alias lists if I were to create the same rule via WG. As the Fortigate offer a wide range of internet services that contains thousands of IPs, so instead of adding the alias manually, I could simply add the applicable services and it is something that WG perhaps can incorporate in the future releases.
There is a feature request FBX-5140 to add an optional subscription to block TOR Exit nodes as part of BotNet subscription. You could open a case to add a "me too" to this RFE.
It looks like v12.8.1 now has this:
Policies, Proxies, and Subscription Services