How to create alias with *large* number of hosts?
-
(X-post from Reddit - https://www.reddit.com/r/PFSENSE/comments/81egao/alias_for_large_number_of_hosts/).
Hi,
I'm trying to setup some firewall/traffic shaping rules for a large number of hosts (e.g. IP ranges associated with a cloud provider).
The IP ranges are unlikely to change frequently.
What's the recommended way of creating an alias for these?
I did try creating a normal alias in pfSense, with the ranges added as CIDR ranges. For example, one of the CIDR addresses is a /14, and so around 200,000+ IP addresses. However, once I hit submit it seems to cause the webUI to simply hang (I waited for over 10 minutes).
Is there some trick to it?
Thanks,
Victor -
Why would you not just make a network alias for the /14? That would be one CIDR entry, not 200K different addresses.
See URL Table Type aliases for truly large lists.
-
^Exactly… I have rfc1918 alias that has all of them in it, which include 10/8 and 172.16/12
My plex alias which allows in the netblocks that plex uses to check if you have remote access and my son's and friends IPs has multiple /12s some /15s and even a new /10 they started using.
-
When you say Network Alias - do you mean going in via Firewalls, Aliases, IP, then clicking on the green "Add" button?
This is exactly where I went in before, and tried to enter in a few large CIDR ranges - which is when the pfSense WebUI hung on me, as soon as I clicked Save.
Hence, why I didn't know if there was perhaps another place that I should be entering in large ranges?
-
You have several choices for the TYPE of alias to create there. One of them is Network. One of them is URL Table.
-
Hit the type dropdown and change to networks..
