Blocking Networks Via Alias not working

Middge

Hey guys. I apologize in advance for my pfsense newbery. I think I'm doing this right, but I'm not sure.

I am trying to block all outbound connections to the known Netflix network ranges listed here;


108.175.32.0/20
108.175.32.0/24
108.175.33.0/24
108.175.34.0/24
108.175.35.0/24
108.175.38.0/24
108.175.39.0/24
108.175.40.0/24
108.175.41.0/24
108.175.42.0/24

To do this, I assumed that I could create a network alias in PFsense like shown in this screenshot;

Then I created a firewall rule on the LAN interface in which destination = ALIAS like in this screenshot.

Unfortunately I got the errors "The Field Destination bit count is required" and "Alias entries must be single host or alias"

Clearly, I am doing something wrong here. Hopefully someone can point me in the right direction here. Thanks in advance.

alias_capture.PNG_thumb

rule_capture.PNG_thumb

viragomann

At destination you have to select "single host or alias" from the dropdown if you want to enter an alias.

Derelict

And your /20 entry covers all of those /24 networks already.

108.175.32.0/20 = 108.175.32.0 - 108.175.47.255

Middge

@Derelict:

And your /20 entry covers all of those /24 networks already.

108.175.32.0/20 = 108.175.32.0 - 108.175.47.255

Wow, really? Shows how much I know about subnetting. So if I just add 108.175.32.0/20 it will block all outbound connections to all of those networks?

viragomann

Yes, as Derelict mentioned.

If you're unsure with subnets use this: http://www.subnet-calculator.com/cidr.php