Theory of IP blocking

The router I am using does not have the ability to load a list of IPs known to be malicious. I am concerned about this. But, I hesitate to replace it as it’s part of TP-Link’s Omada system which makes it pretty easy to manage the whole network from a single controller.

After some thought, I wonder it that functionality is actually necessary. I’m thinking the only way I would access one of the listed sites is with my browser. Am I wrong about that? As Firefox is my default, I believe it has those block lists included.

So, my question is: Do I really need to change routers, or assuming I trust Firefox, is it not really necessary?

Well, it depends on what your use case or needs are for IP blocking. Firefox does have a phishing and malware feature that has lists that are updated every 30 minutes. But the purpose of that is to prevent you from accessing potentially malicious websites or download unwanted software.

But Firefox will not prevent illegitimate or malicious IP addresses from accessing your network. If your needs are that you don’t want to be potentially accessing malicious websites or downloading unwanted software from websites. Then you could just stick with Firefox.

That said, I would not recommend just trusting in Firefox. I would also recommend that you have a good Anti-Virus installed. Something like ESET Internet Security for home. But also investing in pfSense and adding pfBlockerNG and or other security packages will greatly enhance your network security. If network security is what you want.

I would generally say that if you don’t have ports forwarded to a server or other thing, then you don’t need to worry about IPs accessing you, they’ll hit the outside of the router and not get through the firewall because no ports are open or forwarded.

IP filtering matters when you do have a web server or such, because you’ll never be protected against every new attack that people come up with.

Having UPnP enabled counts as port forwarding, UPnP is just automated port forwarding. Exploits against games with open ports are rare but do happen - in January Dark Souls 3 had a Remote Code Execution vulnerability related to PvP, I don’t think that was related to the game opening ports but still things can happen with any network accessible program. Even SSH has had vulnerabilities in the past.

Thank you both for responding. Right now, I’m feeling pretty good about this whole mess. I finally have my network back up to an acceptable state. I’m using the Omada system with a hardware controller. I’m in a pretty good position as I have no worries about security problems from inside my network. My only concern is from the outside. I have no DMZ and about the only internet use is updates for the equipment, using the browser and email (hosted, not my server).

My router allows for URL filtering so I won’t need to worrry about fakebook, twitter, linkedin, tictock or a bunch of other sites.

So, today was a really good day!