ASK Create Access Rule LAN with Range IP



  • Hi,

    I'm sorry if repost. I'm newbie
    I want to ask, how to create rule access for LAN by Range IP?
    Because, I don't found create LAN by Range IP, I just found by subnet.
    Example :
    192.168.1.20-192.168.1.50 = for Server
    192.168.1.60-192.168.1.100 = for Staff
    192.168.1.110-192.168.1.130 = for BOD

    Can I create Lan Network by Range IP like other firewall?

    Thanks,


  • Rebel Alliance

    Use  "Aliases" (Firewall –> Aliases --> Networks) ;)

    Networks are specified in CIDR format. Select the CIDR mask that pertains to each entry. /32 specifies a single IPv4 host, /128 specifies a single IPv6 host, /24 specifies 255.255.255.0, /64 specifies a normal IPv6 network, etc. Hostnames (FQDNs) may also be specified, using a /32 mask for IPv4 or /128 for IPv6. You may also enter an IP range such as 192.168.1.1-192.168.1.254 and a list of CIDR networks will be derived to fill the range.



  • Hi,

    Thank you for reply,
    but we can't create Network by Range IP, Right!
    We must input one by one, can't 192.168.1.40-192.168.1.120.
    I hope PFSense for the future can create that like other firewall.

    Thanks,



  • Aa.Fikry28, please read again the excellent advice that have already been given to you by ptt.

    If you add a network alias you can specify the range as 192.168.1.40-192.168.1.120 and the appropriate networks to cover your selected range will automatically be created:
    192.168.1.40/29, 192.168.1.48/28, 192.168.1.64/27, 192.168.1.96/28, 192.168.1.112/29, 192.168.1.120/32


  • Netgate

    An even better alternative is to group your hosts on netmask boundaries.  If you were to use a /27, for instance, you could refer to the group of hosts from 192.168.1.32-192.168.32.63 with the single mask 192.168.1.32/27, the hosts from 192.168.2.64-192.168.1.95 with 192.168.1.64/27, etc.