Blocking IP ranges

OBXJeepGuy · Mar 30, 2022, 1:07 AM

I have searched, and searched and can't seem to get an answer to this. When using IPv4 Custom_List in pfBlockerNG, can I enter a range of IP addresses as:
103.79.140.0-103.79.143.255 in order to block the entire range?

johnpoz · Mar 30, 2022, 1:08 AM

@obxjeepguy said in Blocking IP ranges:

103.79.140.0-103.79.143.255 in order to block the entire range?

why would you not just use 103.79.140.0/22

Which is 103.79.140.0 - 103.79.143.255

If your just wanting to block IP ranges, you could just use the normal aliases. Pfblocker aliases are better at handling something that is dynamic and loaded. If you know for sure that is the range you want to block and its not going to change, just normal alias would be easier to setup

If you just want to block that cidr, there really is no need to create an alias even, you could just block that cidr in your rule.

OBXJeepGuy · Mar 30, 2022, 3:28 PM

@johnpoz I am somewhat new to this game. I only understand basics at this point. Plus, I am used to being able to block IP ranges in this fashion on SEP. pfSense is leaps, and bounds above anything I have ever dealt with. However, I am learning every day to be sure!

stephenw10 · Mar 30, 2022, 5:17 PM

Yes you can enter a range like that in a pfBlocker and it will create it from CIDRs. For example:

Resulting in an alias table:

Steve