The situation of network security is becoming increasingly severe. When the Internet applications of enterprises and institutions suffer from network security emergencies such as network attacks, how to effectively block malicious attacks from the Internet in time, reduce or even eliminate the impact of network attacks on Internet applications, and ensure the normal operation of enterprises and institutions business, is particularly important. This paper proposes an optimized interception scheme based on the firewall IP blacklist function and access control policy, and has been deployed in the actual network. Compared with the existing mainstream interception scheme, this scheme is not restricted by the border router, and will not produce a large number of policy entries, which will interfere with the daily configuration and operation of the firewall and bring pressure on the performance of the firewall. The practical results show that the scheme can effectively intercept malicious IPv4/IPv6 in real time, so as to greatly improve the network security defense capabilities of enterprises and institutions.