Blocking Networks Via Alias not working



  • Hey guys. I apologize in advance for my pfsense newbery. I think I'm doing this right, but I'm not sure.

    I am trying to block all outbound connections to the known Netflix network ranges listed here;

    
    108.175.32.0/20
    108.175.32.0/24
    108.175.33.0/24
    108.175.34.0/24
    108.175.35.0/24
    108.175.38.0/24
    108.175.39.0/24
    108.175.40.0/24
    108.175.41.0/24
    108.175.42.0/24
    
    

    To do this, I assumed that I could create a network alias in PFsense like shown in this screenshot;

    Then I created a firewall rule on the LAN interface in which destination = ALIAS like in this screenshot.

    Unfortunately I got the errors "The Field Destination bit count is required" and "Alias entries must be single host or alias"

    Clearly, I am doing something wrong here. Hopefully someone can point me in the right direction here. Thanks in advance.






  • At destination you have to select "single host or alias" from the dropdown if you want to enter an alias.


  • Netgate

    And your /20 entry covers all of those /24 networks already.

    108.175.32.0/20 = 108.175.32.0 - 108.175.47.255



  • @Derelict:

    And your /20 entry covers all of those /24 networks already.

    108.175.32.0/20 = 108.175.32.0 - 108.175.47.255

    Wow, really? Shows how much I know about subnetting. So if I just add 108.175.32.0/20 it will block all outbound connections to all of those networks?



  • Yes, as Derelict mentioned.

    If you're unsure with subnets use this: http://www.subnet-calculator.com/cidr.php