Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    ASK Create Access Rule LAN with Range IP

    Scheduled Pinned Locked Moved Firewalling
    5 Posts 4 Posters 899 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A Offline
      Aa.Fikry28
      last edited by

      Hi,

      I'm sorry if repost. I'm newbie
      I want to ask, how to create rule access for LAN by Range IP?
      Because, I don't found create LAN by Range IP, I just found by subnet.
      Example :
      192.168.1.20-192.168.1.50 = for Server
      192.168.1.60-192.168.1.100 = for Staff
      192.168.1.110-192.168.1.130 = for BOD

      Can I create Lan Network by Range IP like other firewall?

      Thanks,

      1 Reply Last reply Reply Quote 0
      • pttP Offline
        ptt Rebel Alliance
        last edited by

        Use  "Aliases" (Firewall –> Aliases --> Networks) ;)

        Networks are specified in CIDR format. Select the CIDR mask that pertains to each entry. /32 specifies a single IPv4 host, /128 specifies a single IPv6 host, /24 specifies 255.255.255.0, /64 specifies a normal IPv6 network, etc. Hostnames (FQDNs) may also be specified, using a /32 mask for IPv4 or /128 for IPv6. You may also enter an IP range such as 192.168.1.1-192.168.1.254 and a list of CIDR networks will be derived to fill the range.

        1 Reply Last reply Reply Quote 0
        • A Offline
          Aa.Fikry28
          last edited by

          Hi,

          Thank you for reply,
          but we can't create Network by Range IP, Right!
          We must input one by one, can't 192.168.1.40-192.168.1.120.
          I hope PFSense for the future can create that like other firewall.

          Thanks,

          1 Reply Last reply Reply Quote 0
          • P Offline
            P3R
            last edited by

            Aa.Fikry28, please read again the excellent advice that have already been given to you by ptt.

            If you add a network alias you can specify the range as 192.168.1.40-192.168.1.120 and the appropriate networks to cover your selected range will automatically be created:
            192.168.1.40/29, 192.168.1.48/28, 192.168.1.64/27, 192.168.1.96/28, 192.168.1.112/29, 192.168.1.120/32

            1 Reply Last reply Reply Quote 0
            • DerelictD Offline
              Derelict LAYER 8 Netgate
              last edited by

              An even better alternative is to group your hosts on netmask boundaries.  If you were to use a /27, for instance, you could refer to the group of hosts from 192.168.1.32-192.168.32.63 with the single mask 192.168.1.32/27, the hosts from 192.168.2.64-192.168.1.95 with 192.168.1.64/27, etc.

              Chattanooga, Tennessee, USA
              A comprehensive network diagram is worth 10,000 words and 15 conference calls.
              DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
              Do Not Chat For Help! NO_WAN_EGRESS(TM)

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.