Howto deny range of IP?



  • Hi Ijust install pfsense,

    I wonder how to deny a range of IP address? let say I just want to allow 192.168.0.1-192.168.0.50?

    I know there is a function on the DHCP to limit the user access, but how if the user set the IP address manually, let say using 192.168.0.100 ?

    Thanks in advance,

    Tohar



  • Insert appropriate firewall rule in the appropriate interface, only allowing your chosen range access.



  • @Cry:

    Insert appropriate firewall rule in the appropriate interface, only allowing your chosen range access.

    could you explain it more details, I couldn't find way to insert range of ip address



  • fw rules -> add rule -> source -> under type you select network then enter network and bitmask

    did that help?

    /f



  • If you dont want to allow/block a whole subnet you can also define Aliases under the "alias" entry in the menu and use these aliases in your rules.
    Aliases can contain multiple single IPs, Networks, or Ports.



  • you dont need to block/unblock a whole subnet just use a bitmask of say 26 to use first 64 of a net
    or just use a combo of bitmask and alias


Locked