My company has a Google Compute Engine server hosted in North America. We get so many Chinese IP addresses sending requests to port 11 that it is costing us money for the ingress. Our firewall blocks all connections to China already as they have no business having access to our applications.
Is there a way to completely ignore these connections or have them blocked in such a way that they will not eat up bandwidth?
Best Answer
Firewalls have two main choices when receiving unwanted connection attempts.
unavailable
The words REJECT/DROP aren't standard or used across all firewalls but the difference between the concepts behind the two possible actions will be there. You want to do the equivalent of DROP so there is no outbound traffic. As mentioned by others inbound traffic incurs no charges.