Synology’s IP Block List is one of the best features of Synology NAS devices, made popular by its utility and ease of use. But is it really that easy to use? Does every Synology NAS user understand how the IP Block List works? In the past few months I have received countless e-mails from Synology NAS users complaining about how the IP Block List feature is bugged, isn’t working as it should (read: as they feel it should), doesn’t work past a certain number of entries, is missing some options they feel are pivotal and so on.
The truth of the matter is, right now, the Synology NAS IP Block List is one of its best, most successful features! Even users new to Synology NAS devices venture to use it and do so quite successfully, improving their device security tremendously with just a few clicks. Read on to find out how the Synology NAS IP Block List works and what you can and cannot do with it.
When you click on Block List, you’ll see you have 3 options: Create, Remove and Export. (The options are the same for the Allow List).
If you choose Add IP address, you will be adding one entry/one IP to the Block List.
If you choose Import IP address list, you will be adding multiple entries at once, so basically a list of IPs you want to block from accessing your Synology NAS. But here is where there may be some confusion: although it says Import IP address list, you are not actually importing a list, but multiple IPs at once (which are technically a list, but you’re still working with IPs).
After you click on Import IP address List, a window will appear where you have to choose the Expiration time for the block (either Forever or Unblock after (days)) and whether or not you want to Overwrite existing IP addresses on Block List and Allow List. The Overwrite option means you will be overwriting IPs that are already in your Block List so you don’t get doubles. The Synology NAS Block List works with IPs.
Note: Many people get confused by the name IP Block List. Yes, it’s a list in the sense that the blocked IPs make a list, since there’s more of them. But you’re working with IPs. Here are some examples to help you better understand how it works:
If you are importing an IP Block list with 1 (new) entry and you already have 20000 other entries (blocked malicious IPs), you will have 18001 entries. Why? Because you are importing that one IP, not a list.
If you are importing an IP Block list with 11 (new) entries and you already have 20000 other entries (blocked malicious IPs), you will have 18011 entries. Why? Because you are importing 11 new IPs, not a list.
If you are importing an IP Block List with 1 entry and you already have 20000 other entries (blocked malicious IPs), but that 1 entry is an IP that’s already in your Synology Block List, you will have 20000 entries. Why? Because the IP you were trying to block was already blocked, so it will be overwritten in your Synology Block List (if you check the option that says Overwrite existing IP addresses on Block List and Allow List).
If you’ve never known mariushosting.com, and never came across a deny IP list, you’ll realize your DSM has already automatically blocked malicious IPs for you and they will be in the Block List. Say, for example, you already have 500 blocked IPs. When you download and import the deny-ip-list from mariushosting.com which has over 20000 entries, these 20000 entries will be added to your 500 entries, resulting in a total of 20500 entries. If you take a look on your IP Block List screen and see you have less than 20500 entries, don’t worry, it means that there were some doubles/duplicate IPs that were overwritten automatically by the DSM system.
The Synology NAS Block List doesn’t work with lists per se, it works with individual IPs. Which means you’re adding, removing, overwriting IPs, not lists of IPs. When you’re importing the deny-ip-list on mariushosting.com, you’re actually importing malicious IPs that I have collected from multiple sources.
Important: A Synology NAS is a top of the range device, much more powerful than your ordinary computer, which means it’ll have no problem with blocking as many IPs as you need. Whether you have 10 IPs in your Block List or 10 000 or 100 000, your Synology NAS can take it.