Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Firewalls and subnets

    Firewalling
    3
    5
    612
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      gordc last edited by

      I have a question regarding firewall rules and subnets.

      If I have a subnet defined using 172.30.16.0/21

      Can I create a rule for using 172.30.17.0/24

      I want to be able to take a range of IPs and reserve them for Administration.

      I would test this but I don't have a test environment yet.  I will have one soon though.

      1 Reply Last reply Reply Quote 0
      • Derelict
        Derelict LAYER 8 Netgate last edited by

        Yes, but anyone outside that range can just manually set an IP address in that range and there's nothing you can do about it.

        1 Reply Last reply Reply Quote 0
        • 2
          2chemlud Banned last edited by

          How about having a much smaller subnet and all IPs in that subnet assigned to static hosts (with static ARP entries) in the pfsense?

          Better to have a different interface with own network though, i guess?

          1 Reply Last reply Reply Quote 0
          • G
            gordc last edited by

            I am not worried about someone getting on the network.  I have the deny unknown clients option checked.  So they would have to spoof a mac-address as well.  Not impossible but definitely more difficult.

            1 Reply Last reply Reply Quote 0
            • Derelict
              Derelict LAYER 8 Netgate last edited by

              @gordc:

              I am not worried about someone getting on the network.  I have the deny unknown clients option checked.  So they would have to spoof a mac-address as well.  Not impossible but definitely more difficult.

              That only prevents them from getting a DHCP address. They can still set a static address inside your management range easily.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post

              Products

              • Platform Overview
              • TNSR
              • pfSense
              • Appliances

              Services

              • Training
              • Professional Services

              Support

              • Subscription Plans
              • Contact Support
              • Product Lifecycle
              • Documentation

              News

              • Media Coverage
              • Press
              • Events

              Resources

              • Blog
              • FAQ
              • Find a Partner
              • Resource Library
              • Security Information

              Company

              • About Us
              • Careers
              • Partners
              • Contact Us
              • Legal
              Our Mission

              We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

              Subscribe to our Newsletter

              Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

              © 2021 Rubicon Communications, LLC | Privacy Policy