Bundle multiple LAN IP addresses in to group
Nice forum, great firewall :p (for starters)
I'm kinda new to this forum, but my search ended in a non-result (probably my fault :P )
What i'm trying to accomplish is the following:
I like to set up a firewall rule in pfsense, that only applies to certain hosts on my network, and not a subnet-range, because i do not want the rule applied to the host also bundled by a subnet.
allow tcp source (any) to destination (specific hosts) eq http
This rule needs to be applied for the hosts:
192.168.1.11, 192.168.1.14 and 192.168.1.18
and I dont want the rule applied to these hosts
Yes I know that i can just create 3 rules, but I was wondering if i can add multiple host-addreses to the same single rule, to keep the rule-base clean and simple.
I cannot find the functionallity in the user-interface, and was wandering if i could script this to the firewall, and if yes can anyone tell me how to? :P
Any help would be much appreciated…
dreamslacker last edited by
Go to Firewall -> Aliases -> Add a new Alias
For Alias type, choose Host Alias.
Set a name for this Alias, in this example, I've chosen 'AllowHttpClients' as an Alias name.
Save the alias.
Under your firewall rule, instead of entering a range of IPs, you can then use the alias name instead. Like so:
ty dreamslacker :P This helps a lot
Can i also use this alias-feature with an IPVPN? cause i can't choose it from the pulldown menu…
Or can this be done via a script?
GruensFroeschli last edited by
What is an IPVPN?
Do you mean IP address reachable or receiving via/from a VPN?
These are still just normal IP addresses and can be used with a normal "hosts" or "networks" alias.
Sorry, my fault, should be more specific :P
I mean ipsec tunnel
As you can see in the pic i send, i cannot specify an alias there, can that be done otherwise?
using an alias as the value of the localsubnet-field?
No, that can't be used with IPsec.
On 2.0 you could add multiple phase 2 entries, one for each IP, but it's probably better to just use the whole subnet and control access to the tunnel by using firewall rules (e.g. on the LAN tab, pass from <vpn ips="">to <remote vpn="" subnet="">, followed by block from * to <remote vpn="" subnet="">)</remote></remote></vpn>
I was affraid for getting that answer, but ty anyway :P
At least it stops me spending time in researching how to accomplish it