diff --git a/index.js b/index.js
index 76590f8..4ca64c1 100644
--- a/index.js
+++ b/index.js
@@ -744,19 +744,19 @@ app.post('/api/v1/user/dir/newEntry', async (req, res) => {
 				[name, number, route.id]).then(() => {
 					res.json({ message: 'Updated' });
 				}
-			).catch(err => {
-				console.error('Error updating directory entry:', err);
-				res.status(500).json({ error: 'Internal server error' });
-			});
+				).catch(err => {
+					console.error('Error updating directory entry:', err);
+					res.status(500).json({ error: 'Internal server error' });
+				});
 		} else {
 			pool.query('INSERT INTO directory (number, name, route) VALUES (?, ?, ?)',
 				[number, name, route.id]).then(() => {
 					res.status(201).json({ message: 'Created' });
 				}
-			).catch(err => {
-				console.error('Error creating directory entry:', err);
-				res.status(500).json({ error: 'Internal server error' });
-			});
+				).catch(err => {
+					console.error('Error creating directory entry:', err);
+					res.status(500).json({ error: 'Internal server error' });
+				});
 		}
 	}).catch(err => {
 		console.error('Error checking for existing directory entry:', err);
@@ -770,13 +770,13 @@ app.delete('/api/v1/user/dir/deleteEntry/:number', async (req, res) => {
 		res.status(401).json({ error: 'API Key is required!' });
 		return;
 	}
-	
+
 	const routeData = await pool.query("SELECT * FROM routes WHERE apiKey = ?", [apiKey]);
 	if (!routeData || routeData.length === 0) {
 		res.status(401).json({ error: 'Unauthorized' });
 		return;
 	}
-	
+
 	const route = routeData[0];
 	const number = Number(req.params.number);
 	if (!number) {
@@ -831,7 +831,7 @@ app.post('/api/v1/user/dir/massUpdate', async (req, res) => {
 			return;
 		}
 	}
-	if(replace) {
+	if (replace) {
 		// Delete all existing entries for this route
 		await pool.query('DELETE FROM directory WHERE route = ?', [route.id]);
 	}
@@ -1071,22 +1071,44 @@ const genCall = (req, res, apiKey, ani, number) => {
 
 			conn.query('SELECT * FROM routes WHERE block_start <= ? AND block_start + block_length >= ?', [number, number]).then((rows) => {
 				const row = rows[0];
-				if (row) {
-					// Check if the ANI is within the block range
-					// If it is, return `local`
-					console.log(`New Call: ${ani} -> ${number}`);
-					logCall(ani, number);
-					// incriment estCallsMade analytics
-					addAnalytic("estCallsMade");
-					dailyAnalytic("dailyCallsMade");
-					if (ani >= row.block_start && ani <= row.block_start + row.block_length) {
-						res.status(200).send('local');
-					} else {
-						res.status(200).send(`IAX2/${row.auth}:${row.secret}@${row.server}:${row.port}/${number}`);
-					}
-				} else {
+
+				// Check blocklist. Type 1 is exact match, Type 2 is prefix match NNNXXXX where NNN is the prefix value.
+				// Check if the ANI is blocked from calling this route
+				const routeId = row ? row.id : null;
+				if (!routeId) {
 					res.status(404).send(`${process.env.MSG_ROUTE_ADDRESS}/404`);
+					return;
 				}
+				
+				conn.query('SELECT * FROM blocklist WHERE (blockType = 1 AND blockValue = ?) OR (blockType = 2 AND ? BETWEEN blockValue AND blockValue + ?);', [ani, ani, row.block_length]).then((blockRows) => {
+					if (blockRows.length > 0) {
+						// ANI is blocked from calling this route
+						console.log(`Blocked Call Attempt: ${ani} -> ${number}`);
+						res.status(403).send(`${process.env.MSG_ROUTE_ADDRESS}/403`);
+						return;
+					}
+
+					if (row) {
+						// Check if the ANI is within the block range
+						// If it is, return `local`
+						console.log(`New Call: ${ani} -> ${number}`);
+						logCall(ani, number);
+						// incriment estCallsMade analytics
+						addAnalytic("estCallsMade");
+						dailyAnalytic("dailyCallsMade");
+						if (ani >= row.block_start && ani <= row.block_start + row.block_length) {
+							res.status(200).send('local');
+						} else {
+							res.status(200).send(`IAX2/${row.auth}:${row.secret}@${row.server}:${row.port}/${number}`);
+						}
+					} else {
+						res.status(404).send(`${process.env.MSG_ROUTE_ADDRESS}/404`);
+					}
+				}).catch(err => {
+					console.error('Error checking blocklist:', err);
+					res.status(500).send(`${process.env.MSG_ROUTE_ADDRESS}/500`);
+					return;
+				});
 			}).catch(err => {
 				console.error('Error getting route:', err);
 				res.status(500).send(`${process.env.MSG_ROUTE_ADDRESS}/500`)
diff --git a/migrations.js b/migrations.js
index 19ba8b0..706c4f3 100644
--- a/migrations.js
+++ b/migrations.js
@@ -59,7 +59,7 @@ function runMigrations(pool) {
 				resolve();
 			})
 			.catch(err => {
-				console.errorr('Error running migrations:', err);
+				console.error('Error running migrations:', err);
 				reject(err);
 			})
 			.finally(() => {
diff --git a/migrations/010_add_blocklist_table.sql b/migrations/010_add_blocklist_table.sql
new file mode 100644
index 0000000..7e4332a
--- /dev/null
+++ b/migrations/010_add_blocklist_table.sql
@@ -0,0 +1,8 @@
+CREATE TABLE IF NOT EXISTS blocklist (
+	id INT AUTO_INCREMENT PRIMARY KEY,
+	ownerId INT NOT NULL,
+	blockType INT NOT NULL,
+	blockValue VARCHAR(255) NOT NULL,
+	createdAt TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+	FOREIGN KEY (ownerId) REFERENCES routes(id) ON DELETE CASCADE
+);
\ No newline at end of file