Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Too many IPs for an alias

    Scheduled Pinned Locked Moved Firewalling
    googlealiasrules
    3 Posts 3 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      flamegate
      last edited by

      We have an initiative working with one of our servers and connecting to google. We only want to allow our server to connect to google IP addresses, so our initial thought was to just create an alias and a rule. Come to find out, there are so many google IP addresses that it completely overwhelms an alias and they are not able to store all the IPs. We found the list of google IP addresses here https://www.gstatic.com/ipranges/goog.json and I want to see if there is any way we can use that URL as an alias somehow or some other possibility to dynamically process that json file into an allow list for a given server firewall rule.

      S 1 Reply Last reply Reply Quote 0
      • S
        SteveITS Galactic Empire @flamegate
        last edited by

        @flamegate pfSense has some URL alias types but I don't think they can process JSON?
        https://docs.netgate.com/pfsense/en/latest/firewall/aliases.html#url-aliases

        The pfBlockerNG-devel package has support for ASN lookups I believe, though I've not used that myself. I've just seen other posts here about it.

        System/Advanced/Firewall & NAT -> Firewall Maximum Table Entries has to be large enough to hold the table. (note: where it says "On this system the default size is..." that has a bug and is always the number you've entered)

        Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
        Upvote 👍 helpful posts!

        NogBadTheBadN 1 Reply Last reply Reply Quote 2
        • NogBadTheBadN
          NogBadTheBad @SteveITS
          last edited by NogBadTheBad

          pfBlockerNG and the ASN numbers, PfblockerNG will also import JSON but you can't create create a single alias with IPv4 & IPv6.

          Screenshot 2022-09-14 at 08.41.28.png

          https://db-ip.com/as15169-google-llc

          Andy

          1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.