Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Firewall rules with multiple IPs (ACL)

    Scheduled Pinned Locked Moved Firewalling
    4 Posts 3 Posters 660 Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C Offline
      CyberMinion
      last edited by CyberMinion

      Is there a way for me to add multiple address (in CIDR notation) to a firewall rule? For example, if I want to block incoming traffic from all addresses native to Iran, I would need an ACL consisting of about 2,725 CIDR blocks, starting with 2.144.0.0/16 and ending with 217.218.0.0/15. Rather than making 2,725 rules in this example, can I dump the entire list into a block rule, or use some separate ACL function to accomplish this task?

      Thank you!

      P.S. I am using a NG-1100 running PFsense 2.4.x

      1 Reply Last reply Reply Quote 0
      • V Offline
        viragomann
        last edited by

        Use the pfBlockerNG package for something like that.

        Otherwise, for individual IP addresses or networks, you can add all them to an alias (Firewall > Aliases > IP) and use this one in the firewall rule.

        1 Reply Last reply Reply Quote 0
        • C Offline
          CyberMinion
          last edited by

          Ok, I see what you mean about the alias option. That could work, but I was hoping for a text box, not a list of blanks; that method could cost me what little sanity I have left.
          I am installing that package, and will give it a try. Thank you!

          ? 1 Reply Last reply Reply Quote 0
          • ? Offline
            A Former User @CyberMinion
            last edited by A Former User

            Hi @cyberminion,

            At Firewall > Aliases, there is an Import button on the bottom.

            Paste in the aliases to import separated by a carriage return. Common examples are lists of IPs, networks, blacklists, etc. The list may contain IP addresses, with or without CIDR prefix, IP ranges, blank lines (ignored) and an optional description after each IP. e.g.:

            172.16.1.2
172.16.0.0/24
10.11.12.100-10.11.12.200
192.168.1.254 Home router
10.20.0.0/16 Office network
10.40.1.10-10.40.1.19 Managed switches

            Thank you,

            -James

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.