Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Howto deny range of IP?

    Scheduled Pinned Locked Moved Firewalling
    6 Posts 4 Posters 2.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tohar
      last edited by

      Hi Ijust install pfsense,

      I wonder how to deny a range of IP address? let say I just want to allow 192.168.0.1-192.168.0.50?

      I know there is a function on the DHCP to limit the user access, but how if the user set the IP address manually, let say using 192.168.0.100 ?

      Thanks in advance,

      Tohar

      1 Reply Last reply Reply Quote 0
      • Cry HavokC
        Cry Havok
        last edited by

        Insert appropriate firewall rule in the appropriate interface, only allowing your chosen range access.

        1 Reply Last reply Reply Quote 0
        • T
          tohar
          last edited by

          @Cry:

          Insert appropriate firewall rule in the appropriate interface, only allowing your chosen range access.

          could you explain it more details, I couldn't find way to insert range of ip address

          1 Reply Last reply Reply Quote 0
          • ?
            Guest
            last edited by

            fw rules -> add rule -> source -> under type you select network then enter network and bitmask

            did that help?

            /f

            1 Reply Last reply Reply Quote 0
            • GruensFroeschliG
              GruensFroeschli
              last edited by

              If you dont want to allow/block a whole subnet you can also define Aliases under the "alias" entry in the menu and use these aliases in your rules.
              Aliases can contain multiple single IPs, Networks, or Ports.

              We do what we must, because we can.

              Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

              1 Reply Last reply Reply Quote 0
              • ?
                Guest
                last edited by

                you dont need to block/unblock a whole subnet just use a bitmask of say 26 to use first 64 of a net
                or just use a combo of bitmask and alias

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.