Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Blocking Networks Via Alias not working

    Scheduled Pinned Locked Moved Firewalling
    5 Posts 3 Posters 928 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      Middge
      last edited by

      Hey guys. I apologize in advance for my pfsense newbery. I think I'm doing this right, but I'm not sure.

      I am trying to block all outbound connections to the known Netflix network ranges listed here;

      
      108.175.32.0/20
      108.175.32.0/24
      108.175.33.0/24
      108.175.34.0/24
      108.175.35.0/24
      108.175.38.0/24
      108.175.39.0/24
      108.175.40.0/24
      108.175.41.0/24
      108.175.42.0/24
      
      

      To do this, I assumed that I could create a network alias in PFsense like shown in this screenshot;

      Then I created a firewall rule on the LAN interface in which destination = ALIAS like in this screenshot.

      Unfortunately I got the errors "The Field Destination bit count is required" and "Alias entries must be single host or alias"

      Clearly, I am doing something wrong here. Hopefully someone can point me in the right direction here. Thanks in advance.

      alias_capture.PNG
      alias_capture.PNG_thumb
      rule_capture.PNG
      rule_capture.PNG_thumb

      1 Reply Last reply Reply Quote 0
      • V
        viragomann
        last edited by

        At destination you have to select "single host or alias" from the dropdown if you want to enter an alias.

        1 Reply Last reply Reply Quote 0
        • DerelictD
          Derelict LAYER 8 Netgate
          last edited by

          And your /20 entry covers all of those /24 networks already.

          108.175.32.0/20 = 108.175.32.0 - 108.175.47.255

          Chattanooga, Tennessee, USA
          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          1 Reply Last reply Reply Quote 0
          • M
            Middge
            last edited by

            @Derelict:

            And your /20 entry covers all of those /24 networks already.

            108.175.32.0/20 = 108.175.32.0 - 108.175.47.255

            Wow, really? Shows how much I know about subnetting. So if I just add 108.175.32.0/20 it will block all outbound connections to all of those networks?

            1 Reply Last reply Reply Quote 0
            • V
              viragomann
              last edited by

              Yes, as Derelict mentioned.

              If you're unsure with subnets use this: http://www.subnet-calculator.com/cidr.php

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.