Grouping hosts



  • Hey. I am pulling out the Sonicwall firewall in my network and replacing it. I have experience with Smoothwall Express and pfSense at home so initially I looked at Smoothwall corporate but I sadly really disappointed with it. It seems they have tried to make it to simple and I am just not able to configure it how I want it. Then with a bit of googling I realised that pfSense offers paid for support (which I have been told I must have…) so that was my mind made up and decided to run with it.

    Anyway, I seem to have come across one of the same problems which drove me made with Smoothwall when I was testing it but yet the Sonicwall (as much as it pains me to say it because I hate it!) allows me to do.

    When setting up incoming or outgoing firewall and NAT rules I have situations where I want to allow multiple IP's (random, not in a range) access to hosts internally. But I am limited by entering each external host as a separate rule. The way I have it setup with my Sonicwall is that I can specify 'Address Objects' for each host and then 'Address Groups' consisting of the different hosts. I can then apply firewall and NAT rules to the group.

    Is there anyway to do this with pfSense? I am currently using 2.0 RC1 as I figured it is easier to do that, make use of all the new features and upgrade when the full version is released than to upgrade from 1.x. I am going to take the commercial support if I go down the pfSense route and I am sure the dev's would be the best person to ask on this matter but I dont want to pay for the support before I know that I like pfSense for my use and that it fully meets my needs.

    Hopefully someone on here can help me with this, it is a real deal breaker for me because otherwise I will end up with so many separate firewall and NAT entries! Lol. I thought and was hoping it may have just been a limitation with IPtables on Smoothwall...



  • Yes, ist can be done under "Firewall -> Alias".

    You can create an Alias for different Hosts, IPs or Ports. I think, this is what you are looking for :-)



  • That was it. And it works brilliantly! :)

    Thanks


Log in to reply