4. Firewalls and subnets

Firewalls and subnets

  • G

    I have a question regarding firewall rules and subnets.

    If I have a subnet defined using 172.30.16.0/21

    Can I create a rule for using 172.30.17.0/24

    I want to be able to take a range of IPs and reserve them for Administration.

    I would test this but I don't have a test environment yet.  I will have one soon though.

    0
  • LAYER 8 Netgate

    Yes, but anyone outside that range can just manually set an IP address in that range and there's nothing you can do about it.

    0
  • 2
    Banned

    How about having a much smaller subnet and all IPs in that subnet assigned to static hosts (with static ARP entries) in the pfsense?

    Better to have a different interface with own network though, i guess?

    0
  • G

    I am not worried about someone getting on the network.  I have the deny unknown clients option checked.  So they would have to spoof a mac-address as well.  Not impossible but definitely more difficult.

    0
  • LAYER 8 Netgate

    @gordc:

    I am not worried about someone getting on the network.  I have the deny unknown clients option checked.  So they would have to spoof a mac-address as well.  Not impossible but definitely more difficult.

    That only prevents them from getting a DHCP address. They can still set a static address inside your management range easily.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy