Did You Know? cPacket's Packet Brokers (cVu) Can Implement Black and White Lists for Advanced Traffic Filtering
Understanding Black & White Lists in Network Filtering
Black and white lists are common configurations in firewalls and security systems, providing selective control over network traffic.
• Blacklist Filtering: A blacklist contains one or more IP addresses, address ranges, or subnets that should be blocked. Any traffic originating from or directed to these addresses is dropped, while all other traffic is allowed.
• Whitelist Filtering: A whitelist consists of specific IP addresses, address ranges, or subnets that are explicitly allowed. Only traffic matching these criteria passes, while all other traffic is blocked.
• Combining Both Filters: It is possible to implement both a blacklist and a whitelist simultaneously. This is useful when a broader range of addresses needs to be blacklisted while ensuring that specific addresses within that range are still permitted.
How cPacket’s Packet Brokers (cVu) Implement Black & White Lists
cPacket’s Packet Brokers (cVu) leverage smart filters to enforce traffic policies based on black and white lists. These filters can be applied with various actions:
• Count – Monitor and log matching packets without blocking them.
• Pass – Allow specific traffic through.
• Drop – Block specific traffic.
• Balance – Distribute traffic efficiently across multiple paths.
Precedence of Actions in Filtering
When multiple smart filters match a packet, the precedence of actions determines its fate: PASS > DROP > BALANCE
• If a packet matches both a DROP rule and PASS rule, it passes.
• If a packet matches a BALANCE rule and a DROP rule, it is dropped.
Implementing Black & White Lists with cPacket Packet Brokers (cVu)
1. Blacklist Setup: Define a DROP action for the blacklisted addresses.
2. Whitelist Setup: Define a PASS action for the whitelisted addresses.
3. Combination Approach: If both filters are applied, the PASS action for whitelisted addresses will override the DROP action for blacklisted ranges.
Exclusion and Inclusion Lists with cVu
• Exclusion Lists (Blacklist Only): Drops traffic matching a specific IP or subnet while allowing all other traffic.
• Inclusion Lists (Whitelist Only): Passes only the traffic matching a specific IP or subnet, dropping all other traffic.
• Combining Exclusion & Inclusion Lists: Allows defining a blacklist for general traffic filtering while ensuring a whitelist overrides specific exceptions.
Example Configurations
1. Blocking a Subnet but Allowing Specific Addresses Within It
• Blacklist 192.168.1.0/24 (DROP)
• Whitelist 192.168.1.10 and 192.168.1.20 (PASS)
• Outcome: All traffic in the subnet is blocked except for 192.168.1.10 and 192.168.1.20.
2. Allowing Only Approved Traffic
• Whitelist 10.0.0.1/32, 10.0.0.2/32 (PASS)
• Apply a DROP-ALL rule as default
• Outcome: Only traffic from 10.0.0.1 and 10.0.0.2 is allowed.
Weak-Pass Filters for Special Use Cases
• When needing to allow general traffic except a few specific addresses, cPacket’s Packet Broker’s (cVu) Load-Balance filter can act as a "weak-pass."
• Example: Allowing all traffic to port 443 except traffic to specific blacklisted IPs.
- Load-Balance traffic to port 443.
- Drop traffic for blacklisted IPs.
- Outcome: Only traffic to port 443 that doesn’t match the blacklisted IPs is allowed.
Conclusion
cPacket’s Packet Brokers (cVu) provide powerful traffic filtering capabilities with black and white list configurations. By leveraging smart filters, network teams can ensure precise control over which traffic is passed, dropped, or balanced, enhancing security and optimizing network performance.
To learn more about how cPacket’s Packet Brokers (cVu) can enhance your network security and traffic management, contact cPacket today!
