Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    easyrule command documentation should document permissible wildcards

    Documentation
    2
    3
    300
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • rcfaR
      rcfa
      last edited by

      At https://docs.netgate.com/pfsense/en/latest/firewall/easyrule.html#easyrule-in-the-shell the documentation is typically terse. But documentation should not be for those who already know things, but for those who know nothing.

      The entire page there does not make one mention of what wildcards are permissible.

      With trial and error (because I had the specific need) I ended up figuring out that

      easyrule pass wan any any any any

      works, but would

      easyrule pass any any any any any

      also work? Don't know, wasn't in a position to risk my setup playing aroud with it. And frankly, nobody should be having to do trial and error, one should be able to read the documentation, and know what, if any, wildcards are applicable for each parameter to the command.

      I 1 Reply Last reply Reply Quote 0
      • I
        itpp21 @rcfa
        last edited by

        Nothing complicated:

        Single IP
        easyrule block wan 123.111.222.123

        Subnet
        easyrule block wan 123.111.222.0/24

        Larger Subnet
        easyrule block wan 123.111.0.0/16

        Specific subnets also work, https://www.subnet-calculator.com/

        rcfaR 1 Reply Last reply Reply Quote 0
        • rcfaR
          rcfa @itpp21
          last edited by

          @itpp21 Of course it’s not complicated, but it’s not documented that wildcards „any“ can be used.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post